[go: up one dir, main page]
Scribd
Upload
286 views741 pages

S5 - Gpon 10142013 PDF

Uploaded by

Diego Ocaña
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
286 views741 pages

S5 - Gpon 10142013 PDF

Uploaded by

Diego Ocaña
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 741

Edition: 0006

Distribution: 12/2012

Corecess Scalable Broadband Service Platform

Corecess S5 System With GPON


V

S511

S506
 User's Guide
| Copyright |
Copyright © 2004 by Corecess Inc. All rights reserved.

No Part of this book shall be reproduced, stored in a retrieval system, or


transmitted by any means, electronic, mechanical, photocopying,
recording, or otherwise, without written permission from the publisher.

The specifications and information regarding the products in this manual


are subject to change without notice.

| Trademark Credit |
Corecess S5 System is registered trademark of Corecess Inc.

Other product names or company names mentioned in this manual are


registered trademarks of the appropriate company.

Corecess Inc.
-Sales and R&D: 2-3/F #674-4 Bokjung-Dong, Sujung-Gu,
Sungnam City, Kyunggi-Do, 461-831, Korea
Tel: +82-31-739-6815(Sales)

-Administration: #146-7, Sangdaewon-dong, Jungwon-Gu,


Sungnam City, Kyunggi-Do, 462-120, Korea
Tel: +82-31-739-6614(RMA)
*support@corecess.com (Tech. support)
*customer@corecess.com (RMA)

www.corecess.com
Manual Contents

Manual Contents
This instruction consists of following materials about Corecess S5 System which is multi-
functional broadband platform from Corecess Inc.
 Introduction to functions and features
 Name and function of each part
 How to install on a rack and connect cable to each port
 How to configure the Corecess S5 System

The user should read the chapters 1~3 with being included the functions of the product, name and function
of each part, and the precautions before installation. Understanding chapters 1~3 will help a great deal for
safety in installing and using the product.

Note: You can flexibly configure S5 system with using chassises,SCMs and LIMs.

 If you have any problems or questions during installation or while using the product, contact
your equipment provider or visit our website at www.corecess.com and leave a message in Q&A.

Audience
This manual is designed for the users with basic knowledge in Ethernet and FTTx. Thus, this manual
assumes that the reader is knowledgeable of basic concepts and terminology about Ethernet and FTTx and
does not provide separate explanations for these topics. If you feel that the contents of this manual are
difficult and require more detailed explanations, refer to other network related books.

Revision History
Edition Date Description
0003 2012. 12 ss5g-base-osapp-REL1.0.1.RC42.img
0002 2010.7 ss5g-base-osapp-REL1.0.1.RC35.img
0001 2010.4 First Draft

III
Notations

Notations
This manual uses the notations explained below for assisting readers in understanding the
contents of this manual.

Notations in Console Screen


When indicating text displayed on the console screen, the following indications are used:

 Text displayed on console screen is shown in Courier New.

 Values entered by user are displayed in bold Courier New.

Notations in Command Syntax


In this manual, the following indications are used to explain the syntax of console commands:

 Console commands are indicated in bold Courier New.

 Parameters that need to be entered are indicated in Courier New.

 Parameters in [ ] are parameters that can be ignored.

 { A | B | C } means that one entry among A, B, and C must be selected and entered.

 [A | B | C] means that one entry among A, B, and C may or may not be selected and
entered.

Acronyms & Terminology


GigabitEhternet : GbE
GE-PON, EPON : E-PON
Gigabit PON : G-PON

IV Corecess S5 System With GPON User's Guide


Notations

Conventions
This manual uses the following conventions:

Recommendation: Introduces recommendatory item for the use of product.

Note: Introduces useful item for the use of product, reference, and its related materials.

Caution: Explains possible situations or conditions of improper operation and possibility of


losing data and provides suggestions how to deal with those cases.

Warning: Explains situtations in which product can be damaged or danger can be imposed
to users physically, and informs you how to respond to those situations.

Command Type Summary


Command Description
no Negate a command or set its defaults.
show Show running (system) information.
port Port configuration.
clear To reset functions.
default Back to hardware default.
reset To reset hardware settings.
copy Copy from one file to another.
update Upgrading.

Caution:
After set commands in the global configuration mode, you must execute ‘write’ commands for
saving.
To show running information, you execute “show” commands in the priviledged mode.

Caution:
The value of slot/port may differ according to the each equipment.
The showing of system information may differ according to the software version of the
equipment.

V
Organization

Organization
The chapters of this manual are organized as follows:

Chapter 1 Overview
This chapter introduces the Corecess S5 System functions and features.
This chapter introduces the structures of the front and rear side of the Corecess S5
System and describes the function and appearance of the modules provided for the
Corecess S5 System. This chapter also briefs the devices connected to the Corecess S5
System.

Chapter 2 Before Installation


This chapter describes the precautions for the Corecess S5 system installation and
installation environment for the normal operation. It also describes the way to unpack
the Corecess S5 system box and verify the contents.

Chapter 3 Installation
This chapter describes how mount the Corecess S5 System on a rack, install the
SCM/LIM module and connect the cables to the ports.

Chapter 4 Configuring Basic Features


This chapter briefs general configuration method of the Corecess S5. The Corecess S5
has already configured with default upon the shipment and can immediately be used
without additional configuration explained in this chapter. If the default configuration
should be changed according to user’s network environment, refer to the contents in
this chapter.

Chapter 5 Configuring Ports and Links


This chapter describes how to configure the Gigabit Ethernet port, the Gigabit PON
port and ONU.

Chapter 6 Configuring VLAN


This Chapter describes how to create/clear VLAN and add/clear port to VLAN. This
chapter also describes how to configure VLAN interface.

VI Corecess S5 System With GPON User's Guide


Organization

Chapter 7 Configuring SNMP and RMON


This chapter describes how to configure SNMP and RMON on the Corecess S5 System.

Chapter 8 Configuring QoS


This chapter describes how to configure QoS (Quality of Service) on the Corecess S5
System.

Chapter 9 Configuring DHCP


This chapter describes how to configure DHCP server or DHCP relay agent.

Chapter 10 Configuring Netsnoop


In this chapter, the method to use the Netsnoop functions of Corecess S5 System is
described.

Chapter 11 Configuring Security


This chapter describes how to configure security features on the Corecess S5 System.

Chapter 12 Configuring Multicast


This chapter describes how to configure the Corecess S5 System for multicast routing
protocols.

Chapter 13 Configuring Routing Protocol


This chapter describes how to configure the following routing protocols supported by
the Corecess S5 System:

Chapter 14 Configuring LACP


This chapter describes how to configure a trunking group by using LACP (Link
Aggregation Control Protocol).

Chapter 15 Configuring STP/RSTP/MSTP


This chapter describes how to configure STP (Spanning Tree Protocol)/RSTP (Rapid
Spanning Tree Protocol)/ MSTP(Multi STP) on the System.

Chapter 16 Configuring VRRP


This Chapter describes how to configure VRRP (Virtual Router Redundancy Protocol)

VII
Organization

on the Corecess S5 System.

Chapter 17 Configuring AAA


This chapter describes how to configure AAA(Authentication Authorization
Accounting).

Chapter 18 Redundancy Configuration


This chapter explains how to Redundancy in Corecess S5 system

Appendix A Product Specifications


Appendix A describes the specifications of the Corecess S5 System.

Appendix B Connector and Cable Specifications


Appendix B describes the specifications of the ports on the Corecess S5 System. In
addition, the kinds and specifications of cables needed for the connection of each port.

Appendix C Maintaining
This chapter describes how to maintain the Corecess S5 System.

VIII Corecess S5 System With GPON User's Guide


Table of Contents

Table of Contents

Manual Contents ....................................................................................................... III


Audience ........................................................................................................................................ III
Revision History ........................................................................................................................... III
Notations................................................................................................................... IV
Notations in Console Screen ...................................................................................................... IV
Notations in Command Syntax ................................................................................................. IV
Acronyms & Terminology ......................................................................................................... IV
Conventions ....................................................................................................................................V
Command Type Summary........................................................................................................... V
Organization ............................................................................................................. VI
Table of Contents ..................................................................................................... IX
List of Tables .......................................................................................................... XIX

Chapter 1 Overview 1-1


Introduction ............................................................................................................. 1-2
Hardware Features ................................................................................................ 1-4
SCM(Switching & Control Module) ....................................................................................... 1-4
LIM(Line Interface Module) ..................................................................................................... 1-4
Chassis ........................................................................................................................................... 1-4
Slot Configuration ....................................................................................................................... 1-4
Software Features .................................................................................................. 1-7
Applications ............................................. 오류! 책갈피가 정의되어 있지 않습니다.
NG PON2 Solution ............................................... 오류! 책갈피가 정의되어 있지 않습니다.
Hybrid WDM GPON Solution ........................... 오류! 책갈피가 정의되어 있지 않습니다.

Chapter 2 Hardware Description 1-11


System Chassis.................................................................................................... 1-12
S511 Chassis ............................................................................................................................... 1-12
S506 Chassis ............................................................................................................................... 1-14
S506 .............................................................................................................................................. 1-14
Chassis Items ....................................................................................................... 1-16
SCM Module ......................................................................................................... 1-19
SCM-B208G ................................................................................................................................ 1-19
SCM-B68G .................................................................................................................................. 1-19
SCM Slot Capacity .................................................................................................................... 1-20
Performance of Switching and Routing ............................................................................... 1-20
Memory ....................................................................................................................................... 1-21

IX
Table of Contents

System Status LED (Run, Master) ......................................................................................... 1-21


Reset Switch (Reset) .................................................................................................................. 1-21
Port Type ..................................................................................................................................... 1-22
LIM Module ........................................................................................................... 1-24
G-PON Line Card(LIM-GP8P,LIM-GP4P)........................................................................... 1-24
Redundancy ......................................................................................................... 1-26
System Redundancy ............................................. 오류! 책갈피가 정의되어 있지 않습니다.

Chapter 3 Before Installation 2-26


Precautions ........................................................................................................... 2-27
General Precautions.................................................................................................................. 2-27
Power Considerations .............................................................................................................. 2-27
Preventing ESD.......................................................................................................................... 2-29
Installing and Servicing the System ...................................................................................... 2-29
Rack-Mounting the System ..................................................................................................... 2-32
Lifting the System ..................................................................................................................... 2-33
Disposing of the System .......................................................................................................... 2-33
Installation Place .................................................................................................. 2-34
Environmental Requirements ................................................................................................ 2-34
Power Supply............................................................................................................................. 2-34
Unpacking ............................................................................................................. 2-35

Chapter 4 Installation 3-1


Installation Procedure ............................................................................................ 3-2
Rack-Mounting ....................................................................................................... 3-3
Checking the Rack-Mount Space ............................................................................................. 3-3
Mounting the System on a Rack .............................................................................................. 3-4
Installing Modules .................................................................................................. 3-6
Switching & Control Module ................................................................................................... 3-6
Line Interface Module ................................................................................................................ 3-6
Installing module in slot ............................................................................................................ 3-6
Installing / Removing SFP module ........................................................................................ 3-8
Connecting Network Devices .............................................................................. 3-11
Connecting Gigabit Ethernet Uplink Port ........................................................................... 3-12
Connecting 10G Ethernet Uplink Port.................................................................................. 3-13
Connecting G-PON Line Port ................................................................................................. 3-14
Connecting the System Management Device .................................................... 3-15
Connecting the Console Port .................................................................................................. 3-16
Connecting Ethernet Management Port............................................................................... 3-17
Connecting Power ................................................................................................ 3-18
Connecting DC Power ............................................................................................................. 3-18
Connecting AC Power ............................................................................................................. 3-21

X Corecess S5 System With GPON User's Guide


Table of Contents

Starting the System .............................................................................................. 3-22

Chapter 5 Configuring Basic Features 4-1


Before Configuration .............................................................................................. 4-2
Accessing the CLI........................................................................................................................ 4-2
Command Modes........................................................................................................................ 4-4
Prompt ........................................................................................................................................... 4-8
Getting Help ................................................................................................................................. 4-9
CLI Command Usage Basics .................................................................................................. 4-11
Configuring Basic System Parameters ............................................................... 4-13
Setting an IP Address for management ............................................................................... 4-13
User Management ..................................................................................................................... 4-15
Specifying System Name and System Time ........................................................................ 4-18
Configuration File Management .......................................................................... 4-23
Displaying the Current Running Configuration ................................................................ 4-24
Saving the Current Running Configuration........................................................................ 4-26
Restoring Default Configuration ........................................................................................... 4-27
Restoring Startup-config File .................................................................................................. 4-27
Monitoring and Maintaining the System .............................................................. 4-28
Monitoring Network Connectivity ....................................................................................... 4-28
Displaying CPU Utilization .................................................................................................... 4-32
Displaying Memory Usage ..................................................................................................... 4-33
Displaying System Module Information ............................................................................. 4-35
Displaying System Module Status ........................................................................................ 4-37
Managing System Log ......................................................................................... 4-39
Specifying Event Level............................................................................................................. 4-39
Specifying Screen to Display Log .......................................................................................... 4-42
Saving Log Message in Log File ............................................................................................ 4-44
Displaying Contents of Log File ............................................................................................ 4-45
Clearing System Log ................................................................................................................ 4-46
Upgrading Software ............................................................................................. 4-47
Copy ftp(tftp) ............................................................................................................................. 4-47
Copy Flash .................................................................................................................................. 4-48

Chapter 6 Configuring Ports and Links 5-1


Configuring Gigabit Ethernet port .......................................................................... 5-2
Basic Configuration of Gigabit Ethernet Port ....................................................................... 5-2
Configuring Gigabit Ethernet port .......................................................................................... 5-3
Display the Gigabit Ethernet Port Information .................................................................... 5-8
Configuring WRR .................................... 오류! 책갈피가 정의되어 있지 않습니다.
About the Gigabit PON Port ................................................................................ 5-11
About the Gigabit PON Interface .......................................................................................... 5-11

XI
Table of Contents

Basic Configuration of the Gigabit PON Port ..................................................................... 5-11


Configuring GPON Port and ONU ....................................................................... 5-12
Configuring OLT LIM GPON Port ....................................................................................... 5-13
Showing OLT LIM Port Information ..................................................................... 5-22
Configuring GPON ONU........................................................................................................ 5-25
GPON ONU Profile .................................................................................................................. 5-34
Configuring ONU Port with Profile ..................................................................................... 5-38
Configuring ONU Bridge with Profile ................................................................................. 5-56
Configuring Multicast with Profile ....................................................................................... 5-81
Configuring VoIP with Profile ............................................................................................... 5-84
Showing GPON ONU Information ....................................................................................... 5-95

Chapter 7 Configuring VLAN 6-1


VLAN Configuration ............................................................................................... 6-2
Default Configuration ................................................................................................................ 6-2
Basic VLAN Configuration ....................................................................................................... 6-3
Configuring 802.1Q Trunk ........................................................................................................ 6-9
Configuring Q in Q ............................................................................................... 6-11
Q-in-Q Features ......................................................................................................................... 6-11
Q-in-Q Setup .............................................................................................................................. 6-12
Transparent Switching Setup ................................................................................................. 6-12
Priority Copy Setup .................................................................................................................. 6-13
Configuring VLAN Interface ................................................................................. 6-14
Entering Interface Configuration Mode ............................................................................... 6-14
Configuring OSPF on the VLAN Interface .......................................................................... 6-15
Configuring IS-IS on the VLAN Interface ........................................................................... 6-22
Configuring RIP on the VLAN Interface ............................................................................. 6-30
Enabling Multicasting on the VLAN Interface ................................................................... 6-35
Shutting Down the VLAN Interface ..................................................................................... 6-36
Configuring IP Parameters ..................................................................................................... 6-37
Private VLAN ........................................................................................................ 6-38

Chapter 8 Configuring SNMP and RMON 7-1


Configuring SNMP ................................................................................................. 7-2
SNMP(Simple Network Management Protocol) Overview .............................................. 7-2
Configuring SNMP ..................................................................................................................... 7-7
SNMP for Security ................................................................................................ 7-10
SNMP com2sec(Community to security) ............................................................................. 7-10
Configuring SNMP Community Group .............................................................................. 7-11
Configuring OID View ............................................................................................................ 7-12
OID View Access....................................................................................................................... 7-13
Configuring User of SNMP v3 ............................................................................................... 7-14

XII Corecess S5 System With GPON User's Guide


Table of Contents

Displaying SNMP Information .............................................................................................. 7-23


Configuring RMON ............................................................................................... 7-28
RMON (Remote MONitoring) Overview ............................................................................ 7-28
Configuring RMON.................................................................................................................. 7-29
Displaying RMON Information ............................................................................................. 7-36
SNMP and RMON Configuration Commands .................................................................. 7-38

Chapter 9 Configuring QoS 8-1


QoS Overview ........................................................................................................ 8-2
QoS (Quality of Service) ............................................................................................................ 8-2
Classifier........................................................................................................................................ 8-3
Packet Marker .............................................................................................................................. 8-6
Policer ............................................................................................................................................ 8-6
Queue Scheduler ......................................................................................................................... 8-9
Buffer Manager .......................................................................................................................... 8-15
QoS of the Corecess S5 System............................................................................................... 8-16
Configuring QoS Service Policy Map .................................................................. 8-18
Configuring QoS Service Policy ............................................................................................. 8-18
Configuring a Class Map......................................................................................................... 8-19
Configuring a Policy Map ....................................................................................................... 8-21
Configuring Service Policy ..................................................................................................... 8-28
Configuring Non-Class-map QoS Features ........................................................ 8-30
Specifying Priority for VLAN or Port ............... 오류! 책갈피가 정의되어 있지 않습니다.
Applying Policing to a Port ................................ 오류! 책갈피가 정의되어 있지 않습니다.
Configuring Shaping ............................................ 오류! 책갈피가 정의되어 있지 않습니다.
Controlling Broadcast Storm .................................................................................................. 8-30
Configuring Packet Filtering .................................................................................................. 8-32
QoS Configuration Commands ........................................................................... 8-38

Chapter 10 Configuring DHCP 9-1


DHCP (Dynamic Host Configuration Protocol) Overview .................................... 9-2
Configuring DHCP Server ..................................................................................... 9-4
Sequence to configure DHCP Server ...................................................................................... 9-4
Values to be identified ............................................................................................................... 9-4
Activating DHCP Server ........................................................................................................... 9-5
Creating IP Pool........................................................................................................................... 9-9
Setting IP Pool Parameters ...................................................................................................... 9-13
Configuring Pool Chaining ..................................................................................................... 9-16
IP allocation by DHCP option ................................................................................................ 9-17
Configuring DHCP Relay Agent .......................................................................... 9-19
Activating DHCP Relay ........................................................................................................... 9-19
Designating DHCP Server ...................................................................................................... 9-20

XIII
Table of Contents

Designating DHCP Secondary weight ................................................................................. 9-21


Configuring DHCP Proxy Server ......................................................................... 9-22
Designating DHCP Server ...................................................................................................... 9-23
Displaying DHCP Configuration Information ...................................................... 9-24
Displaying DHCP Activation Information .......................................................................... 9-24
Displaying IP Pool Configuration information .................................................................. 9-25
Displaying allocated lease information ................................................................................ 9-27
Displaying DHCP Packet statistics information ................................................................ 9-30

Chapter 11 Configuring Netsnoop 10-1


Understanding NetSnoop .................................................................................... 10-2
Understanding NetSnoop ....................................................................................................... 10-2
Configuring DHCP Snoop ...................................................................................................... 10-4
L2DhcpRelay ............................................................................................................................ 10-16
Configuring ARP Snoop ..................................................................................... 10-17
PPPoE Snooping ............................................................................................... 10-23
Configuring PPPoE Snooping .............................................................................................. 10-25
PPPoE Snooping Client Session confirming ..................................................................... 10-25
Setting Up the Compatibility between PPPoE Snooping and Cisco Equipment ...... 10-26
Setting up node-id, circuit-id, remote-id with PPPoE Snooping .................................. 10-27

Chapter 12 Configuring Security 11-1


Managing Password and Session ....................................................................... 11-2
Configuring Password ............................................................................................................. 11-2
Configuring Telnet Session Timeouts .................................................................................. 11-5
Configuring Access Lists ..................................................................................... 11-6
Access Lists ................................................................................................................................. 11-6
Bridge Block ....................................................................................................... 11-11
Security Configuration Commands ................................................................... 11-12

Chapter 13 Configuring Multicast 12-1


Multicast Routing Overview ................................................................................. 12-2
IGMP (Internet Group Management Protocol) .................................................................. 12-4
IGMP Proxy ................................................................................................................................ 12-4
DVMRP (Distance-Vector Multicast Routing Protocol) ................................................... 12-5
PIM (Protocol Independent Multicast) ................................................................................. 12-6
Configuring IP Multicast Routing ....................................................................... 12-10
Enabling Multicast Routing .................................................................................................. 12-10
Configuring a Static Multicast Route.................................................................................. 12-18
Configuring PIM ..................................................................................................................... 12-19
Configuring PIM-SM.............................................................................................................. 12-21

XIV Corecess S5 System With GPON User's Guide


Table of Contents

Configuring PIM-DM............................................................................................................. 12-31


Configuring DVMRP.............................................................................................................. 12-32
Configuring IGMP-Proxy .................................................................................... 12-33
Set the bootstrap to the forwarder interface...................................................................... 12-33
Set the unsolicited-report to forwarder interface. ............................................................ 12-34
Set the forwarder-sticky to the forwarder interface ........................................................ 12-34
Set the multi-forwarder interfaces....................................................................................... 12-35
Set the multi multicast group forwarder ........................................................................... 12-36
Configuring IGMP .................................................................................................................. 12-37
Configuring IGMP Snooping .............................................................................. 12-43
Monitoring IP Multicast Routing......................................................................... 12-49
Displaying the Contents of IP Multicast Routing Table ................................................. 12-49
Displaying PIM Information ................................................................................................ 12-52
Displaying DVMRP Information ......................................................................................... 12-59
Display IGMP-Proxy Information ....................................................................................... 12-63
Displaying IGMP Information ............................................................................................. 12-67

Chapter 14 Configuring Routing Protocol 13-1


Configuring Static Route ...................................................................................... 13-2
Type of Static Route .................................................................................................................. 13-2
Configuring the Standard Route ........................................................................................... 13-3
Configuring the VLAN Interface Route ............................................................................... 13-4
Configure the Loopback Route .............................................................................................. 13-5
Configuring the Null Route .................................................................................................... 13-6
Configuring the Default Gateway ......................................................................................... 13-7
Configuring BGP .................................................................................................. 13-8
BGP(Border Gateway Protocol) Overview .......................................................................... 13-8
Basic BGP Configuration ....................................................................................................... 13-11
Displaying BGP Configuration Information ..................................................................... 13-38
BGP Commands ...................................................................................................................... 13-53
Configuring OSPF .............................................................................................. 13-56
OSPF (Open Shortest Path First) Overview ...................................................................... 13-56
Configuring OSPF ................................................................................................................... 13-59
Displaying OSPF Configuration Information ................................................................... 13-73
Configuring IS-IS ................................................................................................ 13-81
IS-IS Overview ......................................................................................................................... 13-81
Configuring IS-IS .................................................................................................................... 13-85
Displaying IS-IS Configuration Information..................................................................... 13-97
IS-IS Commands .................................................................................................................... 13-102
Configuration RIP ............................................................................................. 13-104
RIP (Routing Information Protocol) Overview .............................................................. 13-104
Configuring RIP .................................................................................................................... 13-109
Displaying RIP Configuration Information .................................................................... 13-117

XV
Table of Contents

Chapter 15 Configuring LACP 14-1


Port Trunking Overview ....................................................................................... 14-2
Notes for LACP Trunk Configuration .................................................................................. 14-3
QoS of Trunk Group ................................................................................................................. 14-3
Configuring LACP Trunk ...................................................................................... 14-4
Setting LACP Key and Operation Mode.............................................................................. 14-4
LACP Configuration Example ............................................................................................... 14-7
LACP System Distribution ................................................................................... 14-8

Chapter 16 Configuring STP/RSTP/MSTP 15-1


Understanding STP and RSTP ........................................................................... 15-2
STP Overview ............................................................................................................................ 15-2
RSTP (Rapid Spanning Tree Protocol) ................................................................................. 15-8
Default STP Configuration...................................................................................................... 15-9
Configuring STP ................................................................................................. 15-10
Procedures for STP Configuration ...................................................................................... 15-10
Enabling STP on a Port VLAN ............................................................................................. 15-10
Enabling or Disabling STP on a Port .................................................................................. 15-12
Configuring the Bridge Priority ........................................................................................... 15-13
Configuring the Path Cost .................................................................................................... 15-14
Configuring STP Encoding ................................................................................................... 15-16
Configuring the Port Priority ............................................................................................... 15-17
Setting Spanning Tree Timers .............................................................................................. 15-18
Configure RSTP ................................................................................................. 15-21
Configuration Procedure of RSTP ....................................................................................... 15-21
Configuring Spanning Tree Protocol Type ....................................................................... 15-22
Configuring the Path Cost .................................................................................................... 15-23
Configuring RSTP Encoding ................................................................................................ 15-25
Configuring an Edge Port ..................................................................................................... 15-25
Configuring Self-loop-detection .......................................................................................... 15-27
STP and RSTP Configuration Commands ......................................................................... 15-28
Configure MSTP(Multiple Spanning Tree Protocol) ......................................... 15-29
Configuration the Procedure of MSTP ............................................................................... 15-30

Chapter 17 Configuring VRRP 16-1


Configuring VRRP ................................................................................................ 16-2
VRRP (Virtual Router Redundancy Protocol) Overview ................................................. 16-2
Configuring VRRP .................................................................................................................... 16-4
VRRP Configuration Example ............................................................................................. 16-12
Displaying VRRP Configuration Information .................................................... 16-14
Displaying VRRP Configuration Information .................................................................. 16-14

XVI Corecess S5 System With GPON User's Guide


Table of Contents

VRRP Commands ................................................................................................................... 16-15

Chapter 18 Configuring AAA 17-1


RADIUS Management ......................................................................................... 17-2
RADIUS Server Registration .................................................................................................. 17-2
RADIUS Client Configuration ............................................................................................... 17-3
RADIUS Accounting Configuration ..................................................................................... 17-3
RADIUS Proxy Server Registration ...................................................................................... 17-5
TACACS Management ........................................................................................ 17-7
Configuring TACACS Management..................................................................................... 17-7
802.1X(dot1x) ....................................................................................................... 17-9
Setting Port trust-mode............................................................................................................ 17-9
Configuring AAA about 802.1X........................................................................................... 17-10
Status.......................................................................................................................................... 17-13

Chapter 19 Redundancy Configuration 18-1


Redundancy Configurating .................................................................................. 18-2
System Resources(cont.) .......................................................................................................... 18-2
Power Features - DC................................................................................................................. 18-3
Power Features – AC ................................................................................................................ 18-4
WDM Simple Link Redundancy........................ 오류! 책갈피가 정의되어 있지 않습니다.
WDM Link Line Redundancy ............................ 오류! 책갈피가 정의되어 있지 않습니다.
WDM Link RSTP Redundancy .......................... 오류! 책갈피가 정의되어 있지 않습니다.
WDM Link LACP Redundancy ......................... 오류! 책갈피가 정의되어 있지 않습니다.
Epon Redundancy................................................................................................ 18-5
Redundancy of Routing Protocol ........................................................................... 18-8
Redundant Configuration Information Outputting ............................................. 18-14
Redundant Configuration Information Outputting ........................................................ 18-14
Instructions of Redundancy ............................................................................... 18-16

Appendix A Product Specifications A-1


Hardware Specifications ........................................................................................ A-2
Software Specifications ......................................................................................... A-4
Optical Splitter Specifications ................................................................................ A-7

Appendix B Connector and Cable Specifications B-1


Connector Specifications ....................................................................................... B-2
RJ-45 Connector ........................................................................................................................... B-2
Console Port for SCM-B208G ...................................................................................................B-3
LC Connector ............................................................................................................................... B-3

XVII
Table of Contents

SC Connector ............................................................................................................................... B-4


Cable Specifications .............................................................................................. B-5
Twisted Pair Cable ...................................................................................................................... B-5
Fiber Optic Cable ........................................................................................................................ B-6
Console Cable SCM-B208G .......................................................................................................B-8

Appendix C Maintaining 18-1


Replacing Module ................................................................................................ 18-2
Location of Module Installation ............................................................................................. 18-2
Required Tool ............................................................................................................................ 18-3
Replacing Modules ................................................................................................................... 18-3
Replacing Fan Tray .............................................................................................. 18-4
Cleaning Fan Filter ............................................................................................... 18-5

XVIII Corecess S5 System With GPON User's Guide


List of Tables

List of Tables

Table 1-1 Product list For G-PON Service ...............................................................................................1-3


Table 1-2 SCM ...........................................................................................................................................1-4
Table 1-3 LIM .............................................................................................................................................1-4
Table 1-4 Slot Configuration .....................................................................................................................1-4
Table 1-5 QoS ...........................................................................................................................................1-8
Table 2-1 Slot Description ...................................................................................................................... 1-16
Table 2-2 SCM Type .............................................................................................................................. 1-20
Table 2-3 SCM Slot Capacity ................................................................................................................ 1-20
Table 2-4 Switching and Routing ........................................................................................................... 1-20
Table 2-5 Memory .................................................................................................................................. 1-21
Table 2-6 System Status LED Functions on the SCM Module ............................................................ 1-21
Table 2-7 LED Functions of Ethernet Management Port on the SCM Module ................................... 1-22
Table 2-8 Gigabit Ethernet Port Specification for SCM Module........................................................... 1-23
Table 2-9 Gigabit Ethernet Port Specification for SCM Module........................................................... 1-23
Table 2-10 Port LED Function of SCM Module .................................................................................... 1-23
Table 2-11 LIM Type .............................................................................................................................. 1-24
Table 2-12 Specifications of 2.5G-PON Port ........................................................................................ 1-24
Table 2-13 Run LED ............................................................................................................................... 1-25
Table 2-14 Port LED ............................................................................................................................... 1-25
Table 3-1 Lifting the System .................................................................................................................. 2-33
Table 3-2 Temperature and humidity condition .................................................................................... 2-34
Table 3-3 Power condition ..................................................................................................................... 2-34
Table 4-1 Installation Procedure ...............................................................................................................3-2
Table 4-2 Corecess S5 System Slot ........................................................................................................3-6
Table 4-3 Corecess S5 System Slot ........................................................................................................3-6
Table 5-1 CLI modes .................................................................................................................................4-4
Table 5-2 Command mode access method .............................................................................................4-5
Table 5-3 Prompt of the main Command modes .....................................................................................4-8
Table 5-4 CLI Edititng Command. ......................................................................................................... 4-12
Table 5-5 Setting the IP address ........................................................................................................... 4-13
Table 5-6 Adding a new user ................................................................................................................. 4-15
Table 5-7 Changing a user password ................................................................................................... 4-16
Table 5-8 Deleting a user ....................................................................................................................... 4-17
Table 5-9 Changing system name......................................................................................................... 4-18
Table 5-10 Adjusting system time ......................................................................................................... 4-19
Table 5-11 Configuring NTP .................................................................................................................. 4-20
Table 5-12 Set the time zone ................................................................................................................. 4-21
Table 5-13 Show the current running configuration ............................................................................. 4-24
Table 5-14 Commands for saving the current running configuration .................................................. 4-26
Table 5-15 Restoring default configuration ........................................................................................... 4-27
Table 5-16 Checking network connectivity ........................................................................................... 4-28
Table 5-17 PING field Descriptions ....................................................................................................... 4-29
Table 5-18 traceroute field Descriptions ............................................................................................... 4-30

XIX
List of Tables

Table 5-19 show cpuinfo field Descriptions .......................................................................................... 4-32


Table 5-20 show meminfo field Descriptions ........................................................................................ 4-33
Table 5-21 show module field Descriptions .......................................................................................... 4-35
Table 5-22 show system field Descriptions ........................................................................................... 4-38
Table 5-23 Changing the event level ..................................................................................................... 4-40
Table 5-24 Configuring log messages to display on the console ........................................................ 4-42
Table 5-25 Configuring log messages to display on a remote host .................................................... 4-43
Table 5-26 Configuring log messages to display on a Telnet session ................................................ 4-44
Table 5-27 Downloading software from a remote TFTP server ........................................................... 4-47
Table 5-28 Uploading image or configuration to server or system. ..................................................... 4-48
Table 6-1 Type of the Gigabit Ethernet port.............................................................................................5-2
Table 6-2 Basic Configuration of the Gigabit Ethernet Port ....................................................................5-2
Table 6-3 Enabling or Disabling the Gigabit Ethernet Port .....................................................................5-3
Table 6-4 Link State and Auto Sensing Function ....................................................................................5-4
Table 6-5 Configuring auto sensing function ...........................................................................................5-4
Table 6-6 Changing the Port and the transfer mode ...............................................................................5-5
Table 6-7 Configuring Flow Control Function ..........................................................................................5-6
Table 6-8 Setting the Port Name ..............................................................................................................5-6
Table 6-9 Setting the port trap ..................................................................................................................5-7
Table 6-10 show port field Descriptions ...................................................................................................5-8
Table 6-11 show port with port argument field Descriptions ...................................................................5-9
Table 6-12 About the Gigabit PON Port Interface ................................................................................ 5-11
Table 6-13 Basic Configuration of the Gigabit PON Port ..................................................................... 5-11
Table 6-14 Argument of OLT LIM GPON .............................................................................................. 5-13
Table 6-15 Configuring OLT LIM GPON Port ....................................................................................... 5-14
Table 6-16 Configuring OLT LIM GPON Port Only .............................................................................. 5-18
Table 6-17 Showing OLT LIM Port Information .................................................................................... 5-22
Table 6-18 Showing OLT LIM Port Counter Information ...................................................................... 5-24
Table 6-19 Argument of GPON ONU .................................................................................................... 5-25
Table 6-20 Configuring GPON ONU ..................................................................................................... 5-25
Table 6-21 Configuring GPON Authentication ...................................................................................... 5-27
Table 6-22 Configuring GPON CC3942-GP ONU Only ....................................................................... 5-27
Table 6-23 Argument of GPON ONU Profile ........................................................................................ 5-34
Table 6-24 Creating GPON ONU Profile............................................................................................... 5-35
Table 6-25 Configuring GPON ONU Profile .......................................................................................... 5-35
Table 6-26 Configuring tcont SLA of GPON ONU Profile .................................................................... 5-35
Table 6-27 Configuring QoS of GPON ONU Profile ............................................................................. 5-37
Table 6-28 Configuring GEM Port ......................................................................................................... 5-38
Table 6-29 Configuring UNI(User Network Interface) Port .................................................................. 5-39
Table 6-30 Configuring Video Uni Port ................................................................................................. 5-56
Table 6-31 Configuring Bridge GEM Port ............................................................................................. 5-56
Table 6-32 Configuring Bridge Uni Port ................................................................................................ 5-65
Table 6-33 Configuring Bridge IP Hostt ................................................................................................ 5-71
Table 6-34 Configuring dot1x ................................................................................................................ 5-77
Table 6-35 Configuring Bridge dot1 ...................................................................................................... 5-79
Table 6-36 Configuring Bridge Misc ...................................................................................................... 5-80
Table 6-37 Configuring IGMP ................................................................................................................ 5-81
Table 6-38 Configuring VoIP ................................................................................................................. 5-84

XX Corecess S5 System With GPON User's Guide


List of Tables

Table 6-39 Applying GPON ONU Profile .............................................................................................. 5-93


Table 6-40 Deleting GPON ONU Profile ............................................................................................... 5-93
Table 6-41 Showing Profile .................................................................................................................... 5-94
Table 6-42 Show GPON ONU Information ........................................................................................... 5-95
Table 6-43 Show GPON CC3942-GP ONU Only ................................................................................. 5-98
Table 6-44 Show GPON ONU Database & OMCI Logging history ..................................................... 5-99
Table 6-45 Showing ONU Attached List ............................................................................................. 5-101
Table 6-46 Updating GPON-Module ................................................................................................... 5-102
Table 6-47 Clearing Information .......................................................................................................... 5-102
Table 6-48 Resetting GPON ONU....................................................................................................... 5-103
Table 7-1 Default VLAN configuration ......................................................................................................6-2
Table 7-2 Creating VLAN ..........................................................................................................................6-4
Table 7-3 Assigning ports to a VLAN .......................................................................................................6-5
Table 7-4 Assigning IP address to a VLAN ..............................................................................................6-6
Table 7-5 Assigning secondary IP address to a VLAN ...........................................................................6-7
Table 7-6 802.1 Configuring trunk port ....................................................................................................6-9
Table 7-7 Configuring OSPF on the VLAN Interface ............................................................................ 6-15
Table 7-8 Setting Simple Password Authentication Method ................................................................ 6-16
Table 7-9 IS-IS interface Parameters .................................................................................................... 6-22
Table 7-10 RIP interface Parameters .................................................................................................... 6-30
Table 7-11 Setting MD5 Authentication Mode ...................................................................................... 6-31
Table 7-12 Setting Simple Password Authentication Mode ................................................................. 6-32
Table 7-13 Specifying RIP Version ....................................................................................................... 6-33
Table 7-14 Enabling Split-Horizon ......................................................................................................... 6-34
Table 7-15 Enabling Multicasting on the VLAN Interface .................................................................... 6-35
Table 7-16 Shutting Down the VLAN Interface ..................................................................................... 6-36
Table 7-17 Type and Function of IP Parameter.................................................................................... 6-37
Table 7-18 Configuring IP Parameters .................................................................................................. 6-37
Table 7-19 configuring private vlan ....................................................................................................... 6-38
Table 8-1 Types of community .................................................................................................................7-6
Table 8-2 Default SNMP configuration .....................................................................................................7-7
Table 8-3 Setting the system contact and location information ..............................................................7-7
Table 8-4 Configuring SNMP community .................................................................................................7-8
Table 8-5 The procedure of configuring SNMP for security ................................................................. 7-10
Table 8-6 SNMP com2sec ..................................................................................................................... 7-10
Table 8-7 Configuring SNMP Community Group ................................................................................. 7-11
Table 8-8 Configuring OID View ............................................................................................................ 7-12
Table 8-9 OID View Access ................................................................................................................... 7-13
Table 8-10 Configuring User of SNMP v3 ............................................................................................. 7-14
Table 8-12 Enabling a trap type ............................................................................................................ 7-16
Table 8-13 Disabling the trap of specified module ............................................................................... 7-17
Table 8-14 Configuring a trap host ........................................................................................................ 7-17
Table 8-15 Configuring a SNMP v2 inform trap host ............................................................................ 7-18
Table 8-16 Configuring a SNMP v3 trap host as auth mode ............................................................... 7-18
Table 8-17 Configuring a SNMP v3 trap host as priv mode................................................................. 7-19
Table 8-18 Disabling a trap host ............................................................................................................ 7-19
Table 8-19 Showing the trap host Information ...................................................................................... 7-19
Table 8-20 Restrict Host Access ........................................................................................................... 7-22

XXI
List of Tables

Table 8-21 show snmp-server field Descriptions .................................................................................. 7-24


Table 8-22 show snmp-server community-list field Descriptions ......................................................... 7-25
Table 8-23 show snmp-server statistics field Descriptions .................................................................. 7-26
Table 8-24 Showing SNMP for Security Information ............................................................................ 7-26
Table 8-25 show snmp-server traphost field Descriptions ................................................................... 7-27
Table 8-26 Configuring Alarm Groups................................................................................................... 7-30
Table 8-27 Configuring RMON event group ......................................................................................... 7-33
Table 8-28 Collecting Bandwidth Information of Traffic ....................................................................... 7-35
Table 8-29 show rmon field Descriptions .............................................................................................. 7-37
Table 8-30 SNMP & RMON Configuration Commands ....................................................................... 7-38
Table 9-1 Criteria for packet classification ............................................................................................ 8-19
Table 9-2 Creating a class map ............................................................................................................. 8-20
Table 9-3 QoS action supported by the Corecess S5 System ............................................................ 8-22
Table 9-4 Creating a policy map ............................................................................................................ 8-23
Table 9-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map ............. 8-24
Table 9-6 Configuring packet filtering of a traffic class in a policy map .............................................. 8-25
Table 9-7 Specifying a priority of a traffic class in a policy map .......................................................... 8-26
Table 9-8 Configuring rate-limit of a traffic class in a policy map ........................................................ 8-27
Table 9-9 Applying QoS service policy ................................................................................................. 8-28
Table 9-10 Specifying User Priority ......................................... 오류! 책갈피가 정의되어 있지 않습니다.
Table 9-11 Applying Policing to a Port .................................... 오류! 책갈피가 정의되어 있지 않습니다.
Table 9-12 Configuring Shaping .............................................. 오류! 책갈피가 정의되어 있지 않습니다.
Table 9-13 Controlling Broadcast Storm ............................................................................................... 8-30
Table 9-14 Filtering DHCP Offer Packet ............................................................................................... 8-33
Table 9-15 Filtering File and Resource Sharing Protocol .................................................................... 8-35
Table 9-16 Filtering Default Traffic ........................................................................................................ 8-36
Table 9-17 Filtering Broadcast Packet .................................................................................................. 8-37
Table 9-18 QoS Configuration Commands ........................................................................................... 8-38
Table 10-1 DHCP configuration Commands ........................................................................................ 9-32
Table 11-1 Kinds of Global DHCP snoop Packet Control Parameters ............................................. 10-11
Table 12-1 Configuring Telnet Session Timeouts ................................................................................ 11-5
Table 12-2 Defining Access Lists .......................................................................................................... 11-7
Table 12-3 Applying the access list to terminal line ............................................................................. 11-9
Table 12-4 Applying the Access List to SNMP Access ...................................................................... 11-10
Table 12-5 Bridge Block Command .................................................................................................... 11-11
Table 12-6 Security configuration Commands .................................................................................... 11-12
Table 13-1 Enabling PIM-SM ............................................................................................................... 12-10
Table 13-2 Enabling PIM-DM .............................................................................................................. 12-12
Table 13-3 Enabling DVMRP ............................................................................................................... 12-14
Table 13-4 Configuring a Static Multicast Route ................................................................................ 12-18
Table 13-5 Enabling router compatibility with RFC 2362 ................................................................... 12-29
Table 13-6 show ip mroute Field Description ..................................................................................... 12-51
Table 13-7 show ip pim configuration field Descriptions .................................................................... 12-53
Table 13-8 show ip pim interface field Descriptions ........................................................................... 12-54
Table 13-9 show ip pim interface detail field Descriptions ................................................................. 12-55
Table 13-10 show ip pim neighbor field Descriptions ......................................................................... 12-56
Table 13-11 show ip pim bsr-router field Descriptions ....................................................................... 12-57
Table 13-12 show ip pim rp mapping Field Description ..................................................................... 12-58

XXII Corecess S5 System With GPON User's Guide


List of Tables

Table 13-13 show ip dvmrp configuration filed Descriptions.............................................................. 12-59


Table 13-14 show ip dvmrp interface field Descriptions ..................................................................... 12-60
Table 13-15 show ip dvmrp neighbor field Descriptions .................................................................... 12-61
Table 13-16 show ip dvmrp route field Descriptions .......................................................................... 12-62
Table 13-17 show ip dvmrp prune field Descriptions ......................................................................... 12-62
Table 13-18 show ip igmp-proxy forwarder field Descriptions .............................................................. 12-63
Table 13-19 show ip igmp-proxy interface field Descriptions ............................................................ 12-64
Table 13-20 show ip igmp-proxy local-members field Descriptions .................................................. 12-65
Table 13-21 show ip igmp-proxy local-members field Descriptions .................................................. 12-66
Table 13-22 show ip igmp-proxy reception-state field Descriptions .................................................. 12-66
Table 13-23 show ip igmp configuration field Descriptions ................................................................ 12-67
Table 13-24 show ip igmp group field Descriptions ............................................................................ 12-69
Table 13-27 IP multicast routing Commands ...................................................................................... 12-73
Table 14-1 Configuring the Standard Route ......................................................................................... 13-3
Table 14-2 Configuring the VLAN Interface Route ............................................................................... 13-4
Table 14-3 Configure the Loopback Route ........................................................................................... 13-5
Table 14-4 Configuring the Null Route .................................................................................................. 13-6
Table 14-5 Configuring the Default Gateway ........................................................................................ 13-7
Table 14-6 Enabling BGP .................................................................................................................... 13-11
Table 14-7 Specifying Router ID ......................................................................................................... 13-12
Table 14-8 BGP neighbor Parameters ................................................................................................ 13-17
Table 14-9 BGP neighbor Timer .......................................................................................................... 13-29
Table 14-10 BGP Parameters ............................................................................................................. 13-33
Table 14-11 show ip bgp field Description .......................................................................................... 13-38
Table 14-12 show ip bgp attribute-info Field Description ................................................................... 13-40
Table 14-13 show ip bgp cidr-only Field Description .......................................................................... 13-40
Table 14-14 show ip bgp community-info Field Description .............................................................. 13-42
Table 14-15 show ip bgp community Field Description ...................................................................... 13-43
Table 14-16 show ip bgp community-list Field Descriptions .............................................................. 13-44
Table 14-17 show ip bgp filter-list Field Descriptions ......................................................................... 13-45
Table 14-18 show ip bgp neighbors Field Description ....................................................................... 13-47
Table 14-19 show ip bgp neighbors path Filed Descriptions ............................................................. 13-49
Table 14-20 show ip bgp regexp Field Descriptions .......................................................................... 13-50
Table 14-21 show ip bgp scan Field Description ................................................................................ 13-51
Table 14-22 show ip bgp summary Field Descriptions ...................................................................... 13-52
Table 14-23 BGP Commands .............................................................................................................. 13-53
Table 14-24 OSPF Parameters ........................................................................................................... 13-66
Table 14-25 SPF Timer ........................................................................................................................ 13-70
Table 14-26 show ip ospf Command Field Description ...................................................................... 13-74
Table 14-27 show ip ospf border-routers Field Description ............................................................... 13-74
Table 14-28 show ip ospf database Command Option ...................................................................... 13-75
Table 14-29 show ip ospf interface Filed Description ......................................................................... 13-76
Table 14-30 show ip ospf neighbor Field Description ........................................................................ 13-77
Table 14-31 show ip ospf route Field Description .............................................................................. 13-78
Table 14-32 OSPF Commands ........................................................................................................... 13-79
Table 14-33 IS-IS NET Structure ......................................................................................................... 13-83
Table 14-34 Enabling IS-IS .................................................................................................................. 13-85
Table 14-35 IS-IS Parameters ............................................................................................................. 13-87

XXIII
List of Tables

Table 14-36 show isis counter Field Description ................................................................................ 13-98


Table 14-37 show isis database Field Description ............................................................................. 13-99
Table 14-38 show isis interface Field Description ............................................................................ 13-100
Table 14-39 show isis topology Field Description ............................................................................ 13-101
Table 14-40 IS-IS Commands ........................................................................................................... 13-102
Table 14-41 Differences of RIPv1 and RIPv2 ................................................................................... 13-105
Table 14-42 Fields of RIP Route Entry ............................................................................................. 13-105
Table 14-43 Timers for RIP ................................................................................................................ 13-107
Table 14-44 RIP Parameters ............................................................................................................. 13-110
Table 14-45 RIP Timers ..................................................................................................................... 13-115
Table 14-46 show ip rip Field Description ......................................................................................... 13-118
Table 14-47 show ip rip interface Field Description ......................................................................... 13-119
Table 14-48 RIP Commands ............................................................................................................. 13-120
Table 15-1 Setting LACP Operation Mode ........................................................................................... 14-5
Table 16-1 STP Timers .......................................................................................................................... 15-5
Table 16-2 Comparison of STP and RSTP port states ........................................................................ 15-8
Table 16-3 Default STP Configuration .................................................................................................. 15-9
Table 16-4 Enabling STP on a VLAN .................................................................................................. 15-10
Table 16-5 Enabling STP on a port ..................................................................................................... 15-12
Table 16-6 Setting the Bridge ID ......................................................................................................... 15-13
Table 16-7 Configuring the path cost .................................................................................................. 15-14
Table 16-8 Configuring STP encoding mode ...................................................................................... 15-16
Table 16-9 Configuring the port priority ............................................................................................... 15-17
Table 16-10 Setting spanning tree timers ........................................................................................... 15-18
Table 16-11 Configuring Spanning Tree Protocol Type ..................................................................... 15-22
Table 16-12 Configuring the path cost ................................................................................................ 15-23
Table 16-13 Configuring RSTP encoding mode ................................................................................. 15-25
Table 16-14 Configuring an Edge Port ................................................................................................ 15-26
Table 16-15 Configuring STP self-loop-detection ............................................................................... 15-27
Table 16-16 STP and RSTP Configuration Commands ..................................................................... 15-28
Table 16-17 MSTP Configuration Commands .................................................................................... 15-30
Table 16-18 Showing MSTP Information ............................................................................................ 15-31
Table 17-1 Configuring the IP interface ................................................................................................ 16-5
Table 17-2 Creating a virtual router ....................................................................................................... 16-6
Table 17-3 Enabling the virtual router ................................................................................................. 16-10
Table 17-4 show vrrp Field Description ............................................................................................... 16-14
Table 17-5 VRRP Commands ............................................................................................................. 16-15
Table 19-1 Epon LineCard Redundancy Setting .................................................................................. 18-5
Table 19-2 Epon Port Redundancy Setting .......................................................................................... 18-6
Table A-1 Corecess S5 System hardware specifications ...................................................................... A-2
Table A-2 Corecess S5 System software specifications ........................................................................ A-4
Table A-3 Corecess 4500 Optical Splitter Specification ......................................................................... A-7
Table B-1 Pin Configuration of 10/100/1000Base-T Port ....................................................................... B-2
Table B-2 Pin Configuration of Ethernet Management Port ................................................................... B-2
Table B-3 Pin Configuration of Console Port .......................................................................................... B-3
Table B-4 System Modules with Fiber Optic Ports Duplex LC Fiber Optic Cable ................................ B-6

XXIV Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Chapter 1 Overview

This chapter introduces the Corecess S5 System functions and features.


Introduction

Introduction

S5 Series
The Corecess S5 System is multi-functional platform used as AON switch, E-PON OLT, G-PON
OLT and WDM-PON OLT on Ethernet-based fiber optic network. The Corecess S5 System
provides TPS (Triple Play Service) solution that integrates broadband Internet, Broadcasting
and telephone service.

 WDM-PON OLT : GW-PON( Gigabit Ethernet WDM PON) OLT

 G-PON OLT: Gigabit Passive Optical Network OLT

 E-PON OLT : Ethernet Passive Optical Network OLT (Optical Line Terminal)

 AON Switch : Active Optical Network Switch

The S5 platform is high performance switch router that acts as PON OLT and Ethernet
Aggregation Switch. It provides various optical links while generating and controlling the
services. It offers the optical links of GEPON, G-PON, Gigabit Ethernet and also acts as OLT for
WDM PON if it combines with WDM multiplexer. The S5 platform makes access network
simple by integrating multiple functions into a single scalable platform. With its high
functionalities and scalability, it enables both of residential and commercial services with a
single platform.
The S5 consists of various Switching & Control Module(SCM) and Line Interface Module(LIM).
The capacity of back plane, SCM and LIM are scalable in terms of throughput and density. The
10 Gigabit Ethernet is ready for the service of today and future. SCM and LIM are compatible
between chassis to implement a system with mix and match. With this modular designs, it
provides the great flexibility for operators to have wide ranges of options depending on their
services and density while keeping simplicity with same function and performance.
The Corecess S5 System supports the high performance QoS. Thus, the user can control several

1-2 Corecess S5 System With GPON User's Guide


Introduction

kinds of traffic (voice, video and other important data) efficiently. The Corecess S5 System
provides reliable service that gives important packets high priority and processes the packet
faster than others. The Corecess S5 System is easy to use and can be easily installed as well. And
LEDs on the front panel of the Corecess S5 System make it easy to manage the product and
networks through notifying the operation status, port conditions and fault occurrence.

Table 1-1 Product list For G-PON Service

Module Model Description


4RU,
5 slots S506 chassis; requires additional S506CH-FAN,
S506CH
S5-PPA600 or S5-PPD600,
SCM-B68G and corresponding LIMs
Chassis
7RU,
10 slots S511 chassis ; requires additional S511CH-FAN-
S511CH
12V, S5-PPA600 or S5-PPD600
SCM-B208G and LIMs
S5-PPA600 600W AC power pack for S506CH or S511
Power
S5-PPD600 600W DC power pack for S506CH or S511
S506CH-FAN-12V FAN tray for S506CH (Included FAN Filter);
FAN
S511CH-FAN-12V FAN tray for S511 (Included FAN Filter);
1 RS-232 console
1 out band management Ethernet
S5-SCM-B68G 8 ports SFP 1000BaseFX uplink ,
2 ports XFP 10GBaseR uplink; requires additional
Gigabit SFP adapters and 10GbE XFP adapter
SCM
1 RS-232 console,
1 out band management Ethernet,
S5-SCM-B208G 8 ports SFP 1000BaseFX uplink ,
4 ports XFP 10GBaseR uplink; requires additional
Gigabit SFP adapters and 10GbE XFP adapter
4 ports SFP 1000BasePX G-PON OLT Module; requires
S5-LIM-GP4P
additional 2.5G SFP GPON adapter
LIM
8 ports G-PON OLT Module; requires additional 2.5G
S5-LIM-GP8P
SFP GPON adapter; only available for S511CH

Overview 1-3
Hardware Features

Hardware Features
SCM(Switching & Control Module)
Table 1-2 SCM

Item Module Description


 8 uplink ports for Gigabit Ethernet (SFP)
 4 uplink ports for 10G Ethernet (XFP)
SCM-B208G
 1 Console Ports (RJ-45)
 1 Ethernet Management Port (RJ-45)
SCM
 8 uplink ports for Gigabit Ethernet (SFP)
 4 uplink ports for 10G Ethernet (XFP)
SCM-68G
 1 Console Ports (RJ-45)
 1 Ethernet Management Port (RJ-45)

LIM(Line Interface Module)


Table 1-3 LIM

Item Module Description


 8 ports G-PON OLT Module; requires additional 2.5G SFP GPON
S5-LIM-GP8P
adapter; only available for S511CH
LIM
 4 ports SFP 1000BasePX G-PON OLT Module; requires
S5-LIM-GP4P
additional 2.5G SFP GPON adapter

Chassis
S511 - 2 SCM slots, 8 LIM slots, 7 RU, DC/AC
S506 - 1 SCM slot, 4 LIM slots, 4 RU, DC/AC

Slot Configuration
Slot composition according to Corecess S5 chassis is as follows;

Table 1-4 Slot Configuration

Item S511CH S506CH


Number of total slot 10 5
Number of SCM slot 2(1 redundancy) 1
Location of SCM slot Top Top

1-4 Corecess S5 System With GPON User's Guide


Hardware Features

High performance OLT platform

 Future proofed optical links : G-PON, GEPON, Gigabit Ethernet, WDM PON

 Multiple function including control of services and management of subscribers

 Common platform for both of residential and commercial service

 Common platform for both of all-fiber network and deep-fiber network

Scalable and flexible architecture

 Capacity of backplane and SCM, throughput speed of interface and port density are scalable

 SCM and LIM are common and compatible for 2 different types of chassis

 Supports multiple topology of network including star, ring and tree

Easy deployment and maintenance


 Full front access and compliance on ETSI standard form factor

 Hot swappable SCM and LIM

 Integrated management including ONU and ONT

Superior performance of GPON

 Hardware based high speed(Max 2.5G per Port) Dynamic Bandwidth Allocation
 GPON OLT based on the ITU-T G.984 standard
 Full ITU-T G.984 GPON OLT functionality.
 Wire speed processing
 On-chip embedded reassembly buffer per GPON channel
 Supports up to 128 ONTs per GPON channel
 Supports upto 4095 GEM port-id per GPON channel
 Supports up to 512 Alloc-IDs per GPON channel
 128-bit Advanced Encryption Standard (AES) encryption engine for PON security and privacy with
up to 128 unique keys.
 Flexible optical transceiver interface for multiple vendor support.
 ITU-T G.984-compliant
• Virtual Scope – GPON network digital diagnostics function
• Full management of the ONT through an ITU-T G.984 Operation Management Control
Interface (OMCI) protocol.

Overview 1-5
Hardware Features

• Programmable, Quality of Service (QoS) capable Dynamic Bandwidth Allocation (DBA)


subsystem.
 Status Reporting (SR) and Non Status Reporting (NSR) support
 DBA development platform provides users with the ability to adapt the programmable
 DBA engine to specific QoS requirements.
• Embedded policing and rate limiting per GEM Port-ID:

High reliability and availability


 System redundancy : power and SCM

 Network redundancy : uplink and line link including GEPON

 Graceful restart

 H/W upgrade without service discontinuity

1-6 Corecess S5 System With GPON User's Guide


Software Features

Software Features
Layer 2 Switching

The Corecess S5 System provides the Layer 2 Switching function as follows:

 Supports IEEE 802.3x Flow control

 Supports IEEE 802.1p Traffic Priority (eight priority queues)

 Supports Port based VLAN and IEEE 802.1q tagged VLAN (maximum: 4,096)

 VLAN processing including 802.1Q and Q-in-Q

 Supports Link aggregation using trunk and IEEE802.3ad

 Supports STP(Spanning Tree Protocol) and RSTP(Rapid STP)

Layer 3 Switching and Routing

The Corecess S5 System supports Layer 3 switching. Because Layer 2 switches don’t support the
Layer 3 communication between VLANs, a separate router is needed to link the VLANs. But the
Corecess S5 System supporting Layer 3 switching can process all incoming packets without a
separate router.

The Corecess S5 System supports the following IP routing protocols:

 RIPv1 and RIPv2

 OSPF

 IS-IS

 BGPv4

 VRRP

Packet processing functionalities

 multiple priority queue support, congestion control, traffic shaping & policing and modification

 ACL based filtering

 DHCP server and relay

Overview 1-7
Software Features

QoS (Quality of Service)

The Corecess S5 System supports the following QoS functions:

 Packet classification and marking

 Class - based packet scheduling

Table 1-5 QoS

Item SCM-68G SCM-208G


ACL table size 2,048 2,048
Yes (Based on Yes (Based on
MFC support L2/L3/L4~L7 fields) L2/L3/L4~L7 fields)
Yes Yes
Marking & remarking support (CoS, DSCP or IP (CoS, DSCP or IP
precedence, ToS) precedence, ToS)
Hierarchical No. (Only 1 stage queue No. (Only 1 stage queue
queuing support support) support)

No. of queues 8 per port 8 per port


Strict Priority
Yes Yes
(SP) support
Weight Fair Queue
Yes Yes
(WFQ) support
Weight Round Robin (WRR)
Yes Yes
support
M Deficit Weighted
u Round Robin Yes Yes
l (DWRR) support
t
icasting
The Corecess S5 System supports the following multicasting protocols for the high quality
broadcasting service:

 IGMPv2 and IGMP snooping

 PIM-SM and PIM-DM

 DVMRP

 MVR

1-8 Corecess S5 System With GPON User's Guide


Software Features

 IPTV Service

Security

S5 System provides the following security function:

 Supports system access control using access lists

 Supports DHCP filtering to prevent unauthorized operation of private DHCP Server

 Supports NetBIOS filtering to prevent file sharing among subscribers

 Supports CIFS filtering using MAC address, IP address and TCP/UDP port number

 Secured network from bad users’ threats

 Protection from IP/ARP spoofing, packet storming & TCP sync flooding

Network Management

The Corecess S5 System supports SNMP (Simple Network Management Protocol), RMON
(Remote MONitoring) and port mirroring for network management. You can monitor and
control the Corecess S5 System network via the console port, Telnet session, or the Corecess
NMS, ViewlinX.

 CLI (Command Line Interface) Command


CLI is system control command to operate the Corecess S5 System through Telnet or the terminal
connected to console port. You can monitor the system status and configure the system. By default, 10
Telnet sessions can be opened at the same time to connect the Corecess S5 System.

 ViewlinX Manager / EMS


The ViewlinX Manager and ViewlinX EMS (Element Management System) are Corecess NMS (Network
Management System). The ViewlinX Manager and Viewlinx EMS have easy user interface and intuitive
screen configuration, so that users can manage a network easily and conveniently. And, because the
real pictures of devices presented the operating status and configuration are displayed, users can find
out and set devices at a glance.

 Port Mirroring
The Corecess S5 System allows you to use the port mirroring function without affecting the switching
performance.

 RMON
The Corecess S5 System provides four RMON groups (history, statistics, alarms, and events) in each
port as traffic management, monitoring and analysis tools.

 Remote Software Update

Overview 1-9
Software Features

The Corecess S5 System provides easy-to-upgrade using FTP and TFTP in a remote place.

1-10 Corecess S5 System With GPON User's Guide


Hardware Description

Hardware Description

This chapter introduces the structures of the front and rear side of the Corecess S5 System and describes
the function and appearance of the modules provided for the Corecess S5 System. This chapter also briefs
the devices connected to the Corecess S5 System.

Overview 1-11
System Chassis

System Chassis
This section describes the external features of the Corecess S5 System chassises.
Corecess S5 consists of various chassises and SCM(Switching Control Module), LIM(Line
interface Module). Those help operator with flexible and economical configuration environment
enough to achieve the aimed network.

S511 Chassis

Front View
 11 Slots: 2 SCM + 8 LIM + 1 Power slot
 7 RU, ETSI compliant form factor  Switching and Control Module (SCM)
 Full front access  1:1 Protection
 MAX 160Gbps backplane capacity  SCM-B208G
 MAX 20Gbps slot capacity  208G Switching Fabric
 4x10GbE + 8xGbE SFP for uplink

 Line Interface Module(LIM)


 LIM-GP8P
 8 ports G-PON LIM(Max 64 GPON ports)
 LIM-D16GF
 16 ports GbE SFP LIM(Max 128 GbE
ports)

 2+1 of -48VDC or 100~220VAC Power supplier

 Packet processing functionalities for IP-based “Triple Play Service” delivery.


 Robust QoS capabilities through deep multi-packet classification, multiple priority queue,
congestion control, traffic shaping & policing and modification.
 Supporting extensive Layer 2 and 3 multicast capability; IGMP, DVMRP and PIM.
 IP routing and VLAN processing capabilities.
 Supporting DHCP server and relay.
 Supporting Link aggregation or redundancy.

There are ten slots, rack blanket, fan tray and fan filter in front of Corecess S511 system. The
SCM and LIM module are equipped in the slots, and a back-plane board inside the chassis
makes SCM and LIM module communicate each other. Three power modules supply the
Corecess S511 system with the ensured power. The default state of two of them is running and
that of the other is under earmark for stand-by. In the emergent event of a failure of source
power to one supply, or the failure of one power supply, the redundant power option
guarantees stable and uninterrupted operation. LIM module can be installed up to 8 from
bottom.

1-12 Corecess S5 System With GPON User's Guide


System Chassis

Back Plane

S511 Back Plane


1.S511 back plane can support
8ports line card per slot.
2. Available SCM
SCM-B72G, SCM-B208G
3. Available LIM

 8 ports GPON LIM(LIM-GP8P)


 8 ports GEPON
 8 ports 1000Base-FX
 8 ports 100/1000Base-TX

Slot
SCM Slot (10)
SCM Slot (9)
LIM Slot (8)
LIM Slot (7)
LIM Slot (6)
LIM Slot (5)
LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)

S511 Features

Power is supplied in the form of module with DC -48V. Three power modules supply the
Corecess S511 system with the ensured power. The default state of two of them is running and
that of the other is under earmark for stand-by. The function of hot swapping provided by
Corecess S511 system allows operator to add, replace or remove any modules without
interrupting or shutting down the system power or interfaces. The 9 and 10 number of SCM
modules are under control of redundancy.

Overview 1-13
System Chassis

S506 Chassis
There are five slots, rack bracket, fan tray and fan filter in front of Corecess S5 System. The SCM
and LIM module are equipped in the slots, and a back-plane board inside the chassis makes
SCM and LIM module communicate each other. The Corecess S506 provides maximum two AC
power modules.

S506

View

 6 Slots: 1 SCM + 4 LIM + 1 Power slot


 4 RU, ETSI compliant form factor
 Full front access  Switching and Control Module (SCM)
 MAX 40Gbps backplane capacity  SCM-B68G
 MAX 10Gbps slot capacity  68G Switching Fabric(for 2.5G platform)
 2x10GbE + 8xGbE SFP for uplink

 Line Interface Module(LIM)


 LIM-GP4P
 4 ports G-PON LIM

 1+1 of -48VDC or 100~220VAC Power supplier

 2.5G Backplane Interface


 (4 x 2.5G) / Slot
 (4x4x2.5) / System
 MAX 28G(2x20G+8x1G) uplink capacity
 2 x 10GbE XFP
 8 x 1GbE SFP
 MAX 64 G-PON ports
 20km @ 64spliter / G-PON link

1-14 Corecess S5 System With GPON User's Guide


System Chassis

Back Plane

1.S506 back plane can support


S506 Back Plane(16G) 4ports line card per slot.
2. Available SCM
SCM-B20G, SCM-B24G, SCM-B68G
3. Available SCM

Slot

The Corecess S506 has five slots in which one SCM module and four LIM modules can be
installed. The SCM module takes charge of switching and system control, and the LIM modules
provide G-PON interface. When you execute CLI commands for system configuration or
monitoring, use the slot number. Each slot’s type and number is as follows:

SCM Slot (5)


LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)

S506 Feature

The AC power modules supplies AC power (100V~220V) to the Corecess S5 System. The
Corecess S506 supports redundant AC-input power supplies. In the event of a failure of source
power to one supply, or the failure of one power supply, the redundant power option ensures
uninterrupted operation.

Overview 1-15
Chassis Items

Chassis Items
Table 1-6 Slot Description

Slot Description

SCM Slot Installation of SCM modules that control overall performance of system and provide
switching functions

LIM Slot Installation of LIM modules that provides G-PON interface

The Corecess S5 System’s slots support hot-swap function, and you can install a module into the
slot without turning the system off.

Note : For more information of modules, ports and LEDs, refer to System Modules in this
chapter.

S511 Front View

Rack Fan Rack


Braket Tray Braket

AC Power <Corecess S511> AC Power


Module Module

1-16 Corecess S5 System With GPON User's Guide


Chassis Items

S506 Front View

Rack Fan Rack


Braket Tray Braket

<Corecess S506>
AC Power AC Power
Module Module

Rack Bracket

The rack bracket is used when equipping the Corecess S5 System to install it on a 19-inch rack.
Chapter 4 Installation describes how to mount the Corecess S5 System with a rack bracket on a
19-inch rack.

Fan Tray

The system fan comes with cooling fan that maintain proper temperatures inside the chassis.
The LED on the fan tray denotes power supply and operating status. During the fan module
operates normally, the LED is lit on green. When a user stops operating the cooling fan, the LED
is lit on orange. When the cooling fan has a problem, the LED is lit on red.

Fan Filter

The fan filter filters dust which comes into the system through the ventilation holes. The fan
filter should be checked depend on cleanliness of the location, and replaced or cleaned if
necessary.

Overview 1-17
SCM Module

Ground Terminal

The ground terminal is a terminal for the system ground. Connect the ground terminal to the
external ground using ground for preventing an electric shock or the system damage .
A ground terminal is on the rear of chassises.

<Corecess S511> Ground terminal <Corecess S506>

Ventilation Holes

The ventilation holes are where heat, which is generated while the Corecess S5 System is
operating, comes out and external cold air is taken in. If the ventilation holes are blocked when
using the Corecess S5 System, the product may overheat because the internal hot air and
external cold air cannot circulate properly.

<Corecess S511> Ventilation holes <Corecess S506>

1-18 Corecess S5 System With GPON User's Guide


SCM Module

SCM Module
The Corecess S5 system provides the following SCM module:

SCM-B208G
SCM-B208G is switching control module that provide system control function and Layer 3
switching. SCM-B208G module provides 8 Gigabit Ethernet uplink ports (SFP type), four 10G
Ethernet uplink ports(XFP type), console port and ethernet port.

10G port LED GbE port LED


Console port 10G XFP port GbE SFP port
Reset Switch

Ethernet Management Port


System Status LED

SCM-B68G
SCM-B68G is switching control module that provide system control function and Layer 3
switching . SCM-B68G module provides 8 Gigabit Ethernet uplink ports (SFP type), two 10G
Ethernet uplink ports(XFP type), console port, and ethernet port.

10G Port LED GbE Port LED


Reset Switch Console port 10G XFP port GbE SFP port

System Status LED Ethernet Management Port

Overview 1-19
SCM Module

Table 1-7 SCM Type

Item Module Description


 8 uplink ports for Gigabit Ethernet (SFP)
 4 uplink ports for 10G Ethernet (XFP)
SCM-B208G
 1 Console Ports (RJ-45)
 1 Ethernet Management Port (RJ-45)
SCM
 8 uplink ports for Gigabit Ethernet (SFP)
 2 uplink ports for 10G Ethernet (XFP)
SCM-68G
 1 Console Ports (RJ-45)
 1 Ethernet Management Port (RJ-45)

SCM Slot Capacity


Table 1-8 SCM Slot Capacity

Slot capacity SCM-B68G SCM-B208G

S511 - 20G per slot

S506 10G per slot -

Performance of Switching and Routing


Table 1-9 Switching and Routing

Item SCM-B68G SCM-B208G

Switching fabric capacity 68G full duplex (68G aggregate) 208G full duplex (208G aggregate)

MAC address table size 32K entry 32K entry

VLAN table size 4K entry 4K entry

IPv4 routing table size 12288 12288


IP Multicast Group size 4096 4096
Priority queue per port 8 8

1-20 Corecess S5 System With GPON User's Guide


SCM Module

Memory
Table 1-10 Memory

Item SCM-B68G SCM-B208G

Main Memory size 1Gbytes


Boot ROM size 512Kbytes
Packet buffer size
(per switching chip) 3Mbytes 3Mbytes

System Status LED (Run, Master)


System Status LED displays the status of the Corecess S5 System and SCM module.

Table 1-11 System Status LED Functions on the SCM Module

LED Color State Description

On The system is being initialized.

Green Flashing The processor is operating normally after system initialization.


Run
Off Power is not being supplied to the system.

Red On The system is not operating normally.

On The module is operating as master mode.


Master Green
Off The module is operating as slave mode.

Note: Master LED is only operated when two SCM modules are installed in the system for
redundancy.

Reset Switch (Reset)


The reset switch is used to reboot the Corecess S5 System. When the reset switch is pressed, all
configuration information that has not been saved is deleted, and the connections between each
port and other devices are disconnected. Use pointed objects like a ball-point pen when
pressing the reset switch.

Overview 1-21
SCM Module

Port Type

Console Port (Console)

The console port is used to connect a console terminal for monitoring and configuring the
Corecess S5 System. To connect the console port to a console terminal, use the included console
cable. A PC or a workstation installed with a terminal emulation program or VT-100 terminal
can be used as a console terminal.

Ethernet Management Port (Ethernet)

The Ethernet Management port is used for connecting the Corecess S5 System to the network to
manage the system by the NMS (Network Management System) or Telnet. The Ethernet
Management port is a 10/100Base-TX port. In connection with 10/100Base-TX port, the speed
(10Mbps or 100Mbps) and the transmission mode (full-duplex or half-duplex) are automatically
configured in accordance with the speed and transmission mode of the connected device. The
cables for connecting to the Ethernet Management port are twisted-pair category 3, 4 and 5 with
RJ-45 connectors at both ends.

The following table describes the information indicated by the Ethernet Management port LEDs:

Table 1-12 LED Functions of Ethernet Management Port on the SCM Module

LED Color State Description


On The Port is operating and being connected to the device.
Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.
On The port is operating at 100Mbps.
10/100 Yellow
Off The port is operating at 10Mbps.

1-22 Corecess S5 System With GPON User's Guide


SCM Module

10G Ethernet Port

The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.
XFP 10GBaseR uplink port requires additional 10GbE XFP transceiver.

 10 Gigabit Ethernet uplink interface (10GBase-R XFP)

The following table lists the specifications of the Gigabit Ethernet port on the SCM module:

Table 1-13 Gigabit Ethernet Port Specification for SCM Module

Feature 10GBase-R XFP Port


Transfer Mode Full-duplex mode, wire speed
Transfer Speed 10Gbps
Connector Type XFP

GbE(Gigabit Ethernet) Port


The Gigabit Ethernet port is an uplink port connected the Corecess S5 System to core network.

 GbE Port(SFP)

The following table is the specifications of the Gigabit Ethernet port:

Table 1-14 Gigabit Ethernet Port Specification for SCM Module

Feature SFP GbE Port


Transfer Mode Full-duplex mode
Transfer Speed 1000Mbps, Wire-speed packet forwarding
Connector Type Optional
Maximum Transfer Distance Optional
Transfer Media Fiber(Optic)

The following table describes the information indicated by the port LEDs:

Table 1-15 Port LED Function of SCM Module

LED Color State Description

On The Port is operating and being connected to the device.


Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.

Overview 1-23
LIM Module

LIM Module
The Corecess S5 system provides the following LIM module:

G-PON Line Card(LIM-GP8P,LIM-GP4P)


GPON SFP port
GPON Port LED

Table 1-16 LIM Type

Item Module Description


 8 ports G-PON OLT Module; requires additional 2.5G SFP GPON
S5-LIM-GP8P
adapter; only available for S511CH
LIM
 4 ports SFP G-PON OLT Module; requires additional 2.5G SFP
S5-LIM-GP4P
GPON adapter

2.5G-PON SFP Port

The 2.5G-PON SFP Port is connected to the maximum number of 64 ONT(Optical Network
Terminal) through a splitter.
The following table lists the specifications of the 2.5G-PON SFP Port.

Table 1-17 Specifications of 2.5G-PON Port

Feature Specification
Transfer Mode Full-duplex mode
Transfer Speed Downstream :2.5 G bps, Upstream : 1.25Gbps
Connector Type SC Receptacle SFP
Optic Specification Class B+, Class C, Class C+
Compliance G.984.1, G.984.2, G.984.3, G.984.4, G.984.5
Branch Number per Port 128
Alloc-IDs per port 512
Port-IDs per port 4095
MAC addresses per port 4095
 Rx : 1310nm Single mode fiber optic cable
Transfer Media
 Tx : 1490nm Single mode fiber optic cable

1-24 Corecess S5 System With GPON User's Guide


LIM Module

Priority queue per port 8

Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be
emitted from the aperture of the port when no fiber cable is connected. Thus, if you don’t
use the fiber optic port for a long time during the system operation, Close the port with a cap
or Connect the port with a fiber optic cable.

Run LED

Run LED displays the status of the LIM module.

Table 1-18 Run LED

LED Color State Description


On The module is being initialized.
Green Flashing The processor is operating normally after system initialization.
Run
Off Power is not being supplied to the system.
Red On The system is not operating normally.

Port LED

The following table describes the information indicated by port LEDs:

Table 1-19 Port LED

LED Color State Description


On The Port is operating and being connected to the device.
Link/
Green Flashing Data is being transmitted/received through the port.
Act
Off The port is not operating or not connected to the device.

Overview 1-25
LIM Module

Redundancy

Chapter 2 Before Installation


This chapter describes the precautions for the Corecess S5 system installation and installation environment
for the normal operation. It also describes the way to unpack the Corecess S5 system box and verify the
contents.

2-26 Corecess S5 System With GPON User's Guide


Precautions

Precautions

Warning: Before you install the Corecess S5 system, read this section. This section
contains important safety information you should know before working with the system.

General Precautions
 While or after installing the equipment, keep the equipment clean and free from dust all the
time.

 After removing the cover of the equipment, keep the cover in safe place.

 Any tool or cable should not be left on the way of passage for better safety.

 When installing the equipment, the installer should not wear baggy clothing so that tie, scarf,
and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack,
and roll up the sleeves.

 Avoid any harmful action that damages the people or the equipment.

 In case that opening the case for repairing or test is required, contact the sales agency where
you purchased this equipment, or directly contact Corecess Inc. for professional help.

Power Considerations
 Be careful when connecting the system to the supply circuit so that wiring is not overloaded.

 When plugging in a power socket or handling any power source, avoid ring, necklace, metal
watch for better safety. If these materials touch the power socket or ground of the product,
the parts can be burnt out.

 Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded
extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.

Before Installation 2-27


Precautions

DC Power

 Connect DC-input power supplies only to a DC power source that complies with the safety
extra-low voltage (SELV) requirements in the UL 1950, CSA 950, EN 60950, and IEC 60950
standards.

 Incorporate a readily accessible two-poled disconnect device in the fixed wiring.

 Ensure that power is removed from the DC circuit before installing or removing power
supplies. Tape the switch handle of the DC circuit breaker in the off position.

 Use approved wiring terminations, such as closed-loop or spade-type with upturned lugs,
when stranded wiring is required. These terminations should be the appropriate size for the
wires and should clamp both the insulation and the conductor.

 Ensure that no exposed portion of the DC-input power source wire extends from the
terminal block plug. An exposed wire can conduct a harmful level of electricity.

AC Power

 The system is designed for connection to TN power systems. A TN power system is a power
distribution system with one point connected directly to earth (ground). The exposed
conductive parts of the installation are connected to that point by protective earth conductors.

 Ensure that the plug-socket combination is accessible at all times, because it serves as the
main disconnecting device.

Spare Power

If you purchase the product whose a spare power supply is installed, two power supplies are
connected to each input power. Then, if one of the power supplies is not working, the system
can be operating continuously.

2-28 Corecess S5 System With GPON User's Guide


Precautions

Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are
mishandled and can result in complete or intermittent failures. Note the following guidelines
before you install or service the system:

 Always wear an ESD-preventive wrist or ankle strap when handling electronic components.
Connect one end of the strap to an ESD jack or an unpainted metal component on the system
(such as a captive installation screw).

 Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.

 Handle cards by the faceplates and edges only; avoid touching the printed circuit board and
connector pins.

 Avoid contact between the cards and clothing. The wrist strap only protects the card from
ESD voltages on the body; ESD voltages on clothing can still cause damage.

 For safety, periodically check the resistance value of the antistatic strap. The measurement
should be between 1 and 10 Mohms.

Installing and Servicing the System


 Before installation, the power switch of the system should be turned OFF and disconnect all
power and external cables.

 Remove all jewelry (including rings and chains) or other items that could get caught in the
system or heat up and cause serious burns.

 Do not touch the backplane or midplane with your hand or metal tools.

 Do not work alone under potentially hazardous conditions.

 Do not perform any action that creates a potential hazard to people or makes the equipment
unsafe.

Before Installation 2-29


Precautions

Disconnecting Power

When disconnecting power, note the following guidelines.

 Locate the emergency power-off switch for the room before working with the system.

 Turn off the power and disconnect the power from the circuit when working with
components that are not hot-swappable or when working near the system backplane or
midplane. If the system does not have an on/off switch, unplug the power cord.

 To completely de-energize the system, disconnect the power connection to all power supplies.

 For DC power supplies, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit
breaker in the off position.

 Do not touch the power supply when the power cord is connected. Line voltages are present
within the power supply even when the power switch is off and the power cord is connected.

Grounding the System

 Connect AC-powered systems to grounded power outlets.

 Do not defeat the ground conductor on an AC plug.

 Connect the system to earth (ground).

Connecting Cables

When you connect cables, note the following guidelines.

 Use caution when installing or modifying telephone lines to prevent electric shock.

 Do not work on the system or connect or disconnect cables during periods of lightning activity.

 Do not touch uninsulated telephone wires or terminals unless the telephone line has been
disconnected at the network interface.

 Hazardous network voltages are present in WAN ports regardless of whether power to the
system is off or on. When you detach cables, detach the end away from the system first.

 Do not use a telephone to report a gas leak in the vicinity of the leak.

 Do not install telephone jacks in wet locations unless the jack is specifically designed for wet
locations.

2-30 Corecess S5 System With GPON User's Guide


Precautions

Working with Lasers

If your system includes a fiber-optic port, note the following guidelines.

 To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible
radiation might be emitted from the aperture of the port when no fiber cable is connected.

 Always keep unused fiber-optic ports capped with a clean dust cap.

Preventing EMI

When you run wires for any significant distance in an electromagnetic field, electromagnetic
interference (EMI) can occur between the field and the signals on the wires.

 Bad plant wiring can result in radio frequency interference (RFI).

 Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the
signal drivers and receivers in the system, and can even create an electrical hazard by
conducting power surges through lines and into the system.

 If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.

Covering Blank Slots

Ensure that all cards, faceplates, and covers are in place. Blank faceplates and cover panels are
used to:

 Prevent exposure to hazardous voltages and currents inside the chassis

 Help contain electromagnetic interference (EMI) that might disrupt other equipment

 Direct the flow of cooling air through the chassis

Before Installation 2-31


Precautions

Rack-Mounting the System


The following explanations should be noticed when installing the system into the 19-inch rack.

 Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.

 Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.

 Avoid placing the system in an overly congested rack or directly next to another equipment
rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over
temperature condition.

 Equipment near the bottom of a rack might generate excessive heat that is drawn upward
and into the intake ports of the equipment above. The warm air can cause an over
temperature condition in the equipment above.

 Ensure that cables from other equipment do not obstruct the airflow through the chassis or
impair access to the power supplies or cards.

 Bolt the rack to the floor for stability.

 Load the rack from the bottom to the top, with the heaviest system at the bottom.

 If there is equipment already installed in the rack, select the location for the system carefully
considering the size of the system:

2-32 Corecess S5 System With GPON User's Guide


Precautions

Lifting the System


When you lift the product to move or change the installation place, note the following
guidelines.
 Disconnect all power and external cables before lifting the system.

 Ensure that your footing is solid and the weight of the system is evenly distributed between
your feet.

 Lift the system slowly, keeping your back straight. Lift with your legs, not with your back.
Bend at the knees, not at the waist.

 Do not attempt to lift the system with the handles on the power supplies or on any of the
cards. These handles are not designed to support the weight of the system.

 To lift and move the system, following number of people or a crane should be needed
depends on weight of the system:

Table 2-1 Lifting the System

Weight of the system The Number of required persons

Below 18Kg 1

18~32Kg 2

32~55Kg 3

Above 55Kg Crane

Disposing of the System


Dispose of the system and its components (including batteries) as specified by all national laws
and regulations.

Before Installation 2-33


Installation Place

Installation Place
Environmental Requirements
For the safe installation and use of the Corecess S5, the place for installation should satisfy the
following requirements:

 While or after installing the product, keep the product clean all the time.

 The system should be installed in a cool place where has no direct ray of sunlight. Any tool
or equipment should not be place on the way of passage.

 The following ambience condition for temperature and humidity should always be kept.

Table 2-2 Temperature and humidity condition

Item Temperature

Operating temperature 0 ~ 50℃

Storage temperature -40 ~ 80℃

Operating humidity 10 ~ 95% (40℃, non-condensing)

Power Supply
 The Corecess S5 should be installed in the place where power supply satisfying the following
condition is provided.

Table 2-3 Power condition

Feature DC Power AC Power

Input Voltage Rating -48 VDC 100 ~ 240 VAC

Operating Range -36 ~ -72VDC 88 ~ 264 VAC

Frequency N/A 50/60Hz

 Power is supplied in the form of power line duplication with DC -48V

 Verify the power (source) be clean. If there is too much noise or spark, it is better to have the power
control equipment.

 Locate an electric outlet near the system for easy installation of power cable.

 Be careful with connecting power supply equipment and avoiding overload wiring.

2-34 Corecess S5 System With GPON User's Guide


Unpacking

Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the
shipping carton.

1. Open the shipping carton of the Corecess S5. There is this manual, desiccant, a power
cable(s), and a console cable on the cushion inserted- Corecess S5 system.

2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe
place.
3. And then, verify whether there is a plastic bag that contains rack brackets and
screws under the shipping carton.

Corecess S5 System

binder-head screws

User’s Guide Console cable (RJ45-DB9)

Recommendation: After unpacking, do not throw away the box including cushions and
keep them in a safe place in case the product is relocated, it is better to move the product
after packing with the box including cushions.

Note: If there are some missing contents or damaged components, contact the sales
agency where you purchased this product to replace them with new ones.

Before Installation 2-35


Edition: 0006
Distribution: 12/2012

Chapter 3 Installation

This chapter describes how mount the Corecess S5 System on a rack, install the SCM/LIM module and
connect the cables to the ports.
Installation Procedure

Installation Procedure

Caution: Before starting the installation


 Be sure that the installation place is satisfied the requirements referred to the Chapter 3
Before Installation.
 Be sure that the power switch is in the OFF (O) position and
disconnect all connected cables.

The following summarizes the installation procedure for the Corecess S5. The next section will
describe in detail the step-by-step procedures for each step.

Table 3-1 Installation Procedure

Rack-mount
The design allows the Corecess S5 System to be mounted on a 19-inch rack. The
1
screws needed for rack mounting are enclosed with the product.

Installing modules
2 Install SCM/LIM modules in the slots of the Corecess S5 system.
.
Connect network devices
Connect Gigabit Ethernet ports or PON ports on the SCM/LIM modules with
3
other network devices using appropriate network cables.

Connect a console terminal


Connect Gigabit Ethernet ports or PON ports on the SCM/LIM modules with
4
other network devices using appropriate network cables.

Connect power to the system


5 Connect adjacent power after installing the Corecess S5 System.

Start the system


Turn the Corecess S5 System on and verify that the system is correctly installed
6
by checking that certain LEDs are lit.

3-2 Corecess S5 System With GPON User's Guide


Rack-Mounting

Rack-Mounting
The design allows the Corecess S5 System to be mounted on any kind of standard 19-inch racks.
This section describes how to install the Corecess S5 System on a 19-inch rack.

Caution: Before installing the system in a rack, read the Rack-Mounting the System section
in the Chapter 3 Before Installation to familiarize yourself with the proper site and
environmental conditions.

Checking the Rack-Mount Space


Before installing the Corecess S5 System in a 19-inch rack, check the rack-mount space as
follows:

 Make sure that the 19-inch rack is placed on a convenient location for the Corecess S5 System
installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack.

 Check to see if there is a vertical space of around rack units in the rack because of the Corecess S5
System and air flow space (1U).

Air Flow Space (1U) Air Flow Space (1U)

Coreces S506(4U) Coreces L1-SLS16

Air Flow Space (1U)

Coreces S511(7U)

Air Flow Space (1U)


Air Flow Space (1U)

Installation 3-3
Rack-Mounting

Mounting the System on a Rack


To mount the Corecess S5 on a 19-inch rack, you need the following tools and equipment:

 A screwdriver

 Electrostatic discharge (ESD) grounding strap

 Four (4) binder-head screws (M5, 8mm) (provided along with the product)

Note: For more information about ESD, refer to the Chapter 3/ Before Installation.

Once all the tools and equipment are prepared, mount the Corecess S5 on a 19-inch rack
according to the following procedure:

1. Place the Corecess S5 on a spacious floor or a sturdy table near the rack. And check the
tools and materials.

2. Lift up the Corecess S5 as high as the available space in the 19-inch rack.

3. Place the rack brackets installed on the Corecess S5 to the holes of the 19-inch rack. And fix
the brackets using four (4) binder-head screws.

Caution: The following explanations should be noticed when installing the Corecess S5 into
the 19-inch rack:
 Locate the heavy things at the bottom of the rack. If there is another equipment already
installed in the rack, select the location for the Corecess S5 carefully considering the size
of the Corecess S5.
 If the rack is empty, you should install the Corecess S5 System at the bottom of the
rack.

3-4 Corecess S5 System With GPON User's Guide


Rack-Mounting

Installation 3-5
Installing Modules

Installing Modules
The Corecess S5 System has five slots, and the following types of module can be installed.

Switching & Control Module


Table 3-2 Corecess S5 System Slot

Slot Module Description


 8 uplink ports for Gigabit Ethernet (SFP)
 4 uplink ports for 10G Ethernet (XFP)
SCM-B208G
 1 Console Ports (RJ-45)
 1 Ethernet Management Port (RJ-45)
SCM
 8 uplink ports for Gigabit Ethernet (SFP)
 2 uplink ports for 10G Ethernet (XFP)
SCM-68G
 1 Console Ports (RJ-45)
 1 Ethernet Management Port (RJ-45)

Line Interface Module


Table 3-3 Corecess S5 System Slot

Slot Module Description


 8 ports G-PON OLT Module; requires additional 2.5G SFP G-PON
S5-LIM-GP8P
LIM adapter; only available for S511CH
 4 ports SFP G-PON OLT Module; requires additional 2.5G SFP GPON
S5-LIM-GP4P
adapter

This section describes how to install modules in the Corecess S5 System slots.

Installing module in slot


The installation procedure of SCM module and LIM module is the same. The following shows
the procedure of installing a module into the slot:

1. Select a slot compatible with the type of module.


2. If there is a module already installed in the slot where you want to install a module,
disconnect all the cables on the module. And loosen the screws on the module using a
Philips screwdriver.

3-6 Corecess S5 System With GPON User's Guide


Installing Modules

Note: Place the removed module where there is no static electricity or keep it in an anti -
static envelop.

3. When installing a module in an empty slot, loosen the screws on the blank bracket that
blocks the empty slot. And remove the blank bracket.

Note: When LIM module’s installation, it is convenient that installation proceed from the
number 1 slot in order.

4. Prepare a module that is to be installed. Check to see if there is any defect by examining the
exterior of the module.

5. Place module to the guide rail that is located in the both sides of the slot. Then, insert the
module carefully until it gets installed in the connector of the back plane. And push the
ejectors located in the both sides of the module.

6. Fasten the module firmly by tightening the two screws using a screwdriver.

7. If the module is installed successfully, the Run LED on the module is turned on with green,
and then it is flashing. Connect cables to ports of the module, and configure the ports using
CLI commands if necessary.

Note: Since the Corecess S5 System provides the hot-swap functions, the system power
doesn’t have to be turned off.

Installation 3-7
Installing Modules

Installing / Removing SFP module


The SCM/LIM module of the Corecess S5 System has SFP module slots to install SFP modules.
This section describes how to install and remove the SFP module.
The SFP module should support the following interface as follows:

Installing SFP Module

The procedure to install a SFP module in a slot is as follows:

1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on
the chassis.

2. Take the SFP modules out of the packing and check carefully to see if there is any
defect.

Dust plug

Actuator Button

Note: External form of SFP module can be different according to SFP module manufacturer.

3-8 Corecess S5 System With GPON User's Guide


Installing Modules

3. Align a SFP module in front of the SFP module slot facing the letter-printed side upward.

4. Insert the SFP module into the slot until you feel the connector on the module snap into
place in the rear of the slot.

Face letter-printed side


upward

5. If needed, configure the installed SFP module using CLI commands.

Caution: Do not remove the dust plugs from the fiber-optic SFP module port or the rubber
caps from the fiber-optic cable until you are ready to connect the cable. The plugs and caps
protect the SFP module portsand cables from contamination and ambient light.

Installation 3-9
Installing Modules

Removing SFP module

The procedure to install a SFP module in a slot is as follows:

1. Attach an ESD-preventive wrist strap to your wrist and to a bare metal surface on
the chassis.

2. Disconnect the fiber-optic cable from the SFP module.

3. Insert a dust plug into the optical ports of the SFP module to keep the optical interfaces
clean.

4. Press the actuator button to release the SFP module from the slot. Grasp the SFP module
between your thumb and index finger and carefully remove it from the module slot.

Actuator Button

Note: SFP module feature is different according to SFP module manufacturers.

5. Place the removed SFP module in an antistatic bag or other protective environment.

3-10 Corecess S5 System With GPON User's Guide


Connecting Network Devices

Connecting Network Devices


This chapter describes how to connect the ports on the SCM/LIM modules to other network
devices.

 Gigabit Ethernet Uplink Port (SFP)

 10G Ethernet Uplink Port(XFP)

 G-PON Line Port (SFP)

For the information of cables connected to each port, refer to Appendix B Connector and Cable
Specifications.

Caution: If the distance of two devices connected with a cable is farther than the distance
described in this manual, data can be lost during the transmission.

Installation 3-11
Connecting Network Devices

Connecting Gigabit Ethernet Uplink Port


The SCM provides Gigabit Ethernet uplink ports. Each Gigabit Ethernet uplink port is
connected to the core network using a LC connector with SFP module. This section describes
how to connect Gigabit Ethernet uplink ports.

Connecting LC Connector on SFP Module

The 1000Base-SX/LX SFP module can be installed in the SFP slot of the SCM module and the
Corecess S5 System can be connected to the core network using the 1000Base-SX/LX SFP
module. Depends on the type of SFP modules, connect cables as follows;

1000Base-SX SFP Module


When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-
mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the
Gigabit Ethernet network.

1000Base-LX SFP Module


When the 1000Base-LX SFP module is installed in the SFP module slot, use the single mode
fiber optic cable. Prepare the fiber optic cable of the duplex LC type, then connect to the Gigabit
Ethernet network.
1000Base-LX SFP Module
1000Base-SX SFP Module
SCM-B208G

 Single Mode Fiber Optic Cable  Multi-Mode Fiber Optic Cable


 Connector : Duplex LC  Connector : Duplex LC
 Wavelength : 1310nm (Rx, Tx)  Wavelength : 850nm (Rx, Tx)
 Max. cable length : 10Km  Max. cable length : 550m

Gigabit Ethernet Switch or Router

3-12 Corecess S5 System With GPON User's Guide


Connecting Network Devices

Connecting 10G Ethernet Uplink Port

Connecting LC Connector on XFP Module

10G XFP Module


When the 10G XFP module is installed in the SFP module slot, use the single mode fiber optic
cable. Prepare the fiber optic cable of the duplex LC type, then connect to the 10 Gigabit
Ethernet network.
10G XFP Module

SCM-B208G

 Single Mode Fiber Optic Cable


 Connector : Duplex LC
 Wavelength : 1310nm (Rx, Tx)
 Max. cable length :

Gigabit Ethernet Switch or Router

Installation 3-13
Connecting Network Devices

Connecting G-PON Line Port


When the LIM-GP4P module that supports G-PON interface is installed in the Corecess S5
System, the optical splitter can be connected to the 2.5G SFP port on the LIM-GP4P.

Prepare the single mode fiber optic cable, then connect the cable to the G-PON SFP port of the
LIM-GP4P module and the optical splitter. The optical splitter can be connected to the
maximum number of 64 ONT (Optical Network Terminal).

LIM-GP4P

 Single Mode Fiber Optic Cable


 Connector : Simplex SC/PC
 Wavelength : 1310nm, 1490nm

Corecess 4500 Optical Splitter

Single Mode Fiber Optic Cable


 Connector : Simplex SC/PC
 Wavelength : 1310nm,1490nm

ONT

3-14 Corecess S5 System With GPON User's Guide


Connecting the System Management Device

Connecting the System Management Device


The Corecess S5 System supports two kinds of system management method as follows:

Local Management (Console)


If you connect the console port on the SCM module to the console terminal such as a PC or VT-
100 terminal, you can use CLI commands to manage the Corecess S5 System through the
emulator terminal.

Remote Management (Ethernet)


The Ethernet Management port on the SCM module can be connected to the Ethernet LAN. You
can use CLI commands to manage the Corecess S5 System using PC installed ViewlinX or
Telnet session from a remote place. To use this remote management, IP address and subnet
mask are required.
To specify IP address and subnet mask, refer the chapter 5 Configuring Basic Features.

The Corecess S5 System can manage the following tasks through local or remote connection.

 Can browse various network statistics information and the status of the switch and ports.

 Can change the switch configuration for changing the topology, improving the switch
performance or controlling the network traffic.

 Can browse the logs of various events and traps occurring at the switch.

 Can download new software from ftp server.

 Can strengthen the system security through specifying hosts that can access switches.

This section describes how to connect the console port and the Ethernet management port to the
console terminal and the Ethernet LAN.

Installation 3-15
Connecting the System Management Device

Connecting the Console Port


Connect the console port on the SCM module to the console terminal such as a PC or VT-100
terminal using the included console cable.

SCM-B208G

Console Cable (RJ-45 - DB-9) Console Teminal Configuration


 included with the product  Bit/Sec : 9600bps
 Max. cable length : 15m  Data Bit : 8bit
 Parity Bit : None
 Stop Bit : 1bit
Console Terminal
 Flow Control : None

Note: Connecting the Console port on the SCM is the same, regardless of the Corecess
chassis type. This manual describes system installation based on the Corecess S5 chassis .

3-16 Corecess S5 System With GPON User's Guide


Connecting the System Management Device

Connecting Ethernet Management Port


Connect the Ethernet Management port on the SCM module to the local network (Ethernet LAN)
using the twisted pair cable which both sides of the connector are RJ-45.

SCM-B208G

Twisted pair Cable


 10Mbps : Category-3,4,5
 100Mbps : Category-5
 Max. cable length : 100m

Connect to the local network (Ethernet LAN)

Note: The Ethernet Management port in the SCM module support automatic MDIX feature,
which allows you to use either straight-through or crossover twisted-pair cables for
connecting to any network devices.

Note: Connecting the Ethernet Management port on the SCM is the same, regardless of the
Corecess chassis type. This manual describes system installation based on the Corecess
S5 chassis.

Installation 3-17
Connecting Power

Connecting Power
There two connecting power type of the Corecess S5 System. The Corecess S5 chassis can be
connected with DC power. The Corecess S5 chassis, on the other hand, can be connected with
AC power. This section describes how to connect power to the Corecess S5 System.

Connecting DC Power
There are two or three terminal blocks in the Corecess S5. If you want to use power redundancy
function, connect each terminal block to the different external power supply. If you connect
only one terminal block to the external power supply, the power redundancy function is
disabled.

Caution: Before connecting power,


 Be sure that the power to be connected to the system is satisfy the considerations
referred to the Chapter 3/ Before Installation.
 Be sure that the power switch is turned off.

1. For safety, a transparent plastic cover is attached on the terminal block. Loosen the two
screws using a screw driver, and remove the plastic cover.

Plastic Cover

Plastic Cover

3-18 Corecess S5 System With GPON User's Guide


Connecting Power

2. Connect the DC power cable to the terminal block A. Loosen the screws from the terminal
block A, and put the rounded rope of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block A again.

Plastic Cover

3. Connect the DC power cable, connected with the terminal block A, to the external power
supply or the rectifier.

Installation 3-19
Connecting Power

4. Connect the DC power cable to the terminal block B. Loosen the screws from the terminal
block B, and put the rounded rope of the power cable, then tighten the screws again. Be
aware of power polarity when connecting cables. Attach the transparent plastic cover on
the terminal block B again.

Plastic Cover

5. Connect the DC power cable, connected with the terminal block B, to the
external power supply or the rectifier. For the power redundancy, the DC power cable
should be connected to the different external power supply from what connected to the
terminal block A.

3-20 Corecess S5 System With GPON User's Guide


Connecting Power

Connecting AC Power
There are two power modules in front of the Corecess S5. If you want to use power redundancy
function, connect each terminal block to the different external power supply. If you connect
only one terminal block to the external power supply, the power redundancy function is
disabled.

Caution: Before connecting power,


 Be sure that the power to be connected to the system is satisfy the considerations
referred to the Chapter 3/ Before Installation.
 Be sure that the power switch is turned off.

1. Be sure that the power switch on the power module is turned off.

2. Connect the power cable, which is provided with the Corecess S5 System, to the power
input on the power module. Then, plug opposite side of the power cable into an outlet.

AC Power

Installation 3-21
Starting the System

Starting the System


Start the Corecess S5 System according to the following order after installation:

1. Check the followings once again before operating the Corecess S5 System:
 Make sure that modules are properly inserted in the slot of the Corecess S5 System.

 Make sure that cables are properly connected to each port.

 Make sure that the power cable is properly connected.

2. Turn on the power of the console terminal and execute the terminal emulator
program.

3. Supply power to the Corecess S5 System. In case of the Corecess S5, turn on the
switches of the external power supplies. In case of the Corecess S5, turn on the switches of
the power modules on the Corecess S5 System.

4. Check to see if the cooling fans are operating.

5. If the power is properly supplied to the Corecess S5 System without any problem, the RUN
LED turns on in green, and the following message is displayed on the console terminal.

U-Boot 1.2.1 (Tue Feb 1 19:34:09 KST 2005)


SCM208G u-Boot Temporary Version (jubarley@janu.corecess.com)

IBM PowerPC 440 GP Rev. C


Board: Corecess SCM208G
VCO: 800 MHz
CPU: 400 MHz
PLB: 133 MHz
OPB: 66 MHz
EPB: 66 MHz
I2C: ready
DRAM: 248 MB
FLASH: 512 kB
PCI: Bus Dev VenId DevId Class Int

3-22 Corecess S5 System With GPON User's Guide


Starting the System

3. 01 14e4 5695 0280 00


4. 02 14e4 5695 0280 00
In: serial
Out: serial
Err: serial
IDE: Bus 0: OK

Device 0: Model: SanDisk SDCFB-128 Firm: Rev 3.03 Ser#: X0318


20021223051815
Type: Removable Hard Disk

6. Once the initialization is properly completed in a short while, the RUN LED is
starting to flash green. And the following login message is displayed on the console screen.

Localhost login:

Now, the Corecess S5 System is properly installed. Log in the CLI of the Corecess system, then
configure the system depend on the environment of site.

Installation 3-23
Edition: 0006
Distribution: 12/2012

Chapter 4 Configuring Basic Features

This chapter briefs general configuration method of the Corecess S5. The Corecess S5 has already
configured with default upon the shipment and can immediately be used without additional configuration
explained in this chapter. If the default configuration should be changed according to user’s network
environment, refer to the contents in this chapter.
Before Configuration

Before Configuration
This section describes how to access the Corecess S5 System CLI (Command Line Interface) and
provides information that you should know before using the Corecess S5 System CLI.

Accessing the CLI


When the Corecess S5 starts up for the first time, the only CLI access is available through the
console port. The following steps describe how to access the Corecess S5 CLI on the console
terminal connected to the console port:

5. To access the Corecess CLI on the console screen, the console port on the Corecess S5
System should be connected to a serial port(DB-9) of the console using a console cable as
the following figure:

SCM-B208G

Console Terminal Configuration


 Bit/Second : 9600bps
Console cable (RJ-45 - DB-9)  Data Bit : 8bit
 Console cable included  Parity Bit : None
with the system  Stop Bit : 1bit
 Max. cable length : 15m  Flow Control : None
Console Terminal

6. Make sure that you have started the emulation software program such as HyperTerminal
from your console terminal.

7. Press [Enter], then the following login message is displayed on the console terminal:

4-2 Corecess S5 System With GPON User's Guide


Before Configuration

login:

8. Enter the login ID and the password, then press the [Enter]. The default login id is
‘corecess’. If you entered the login ID and the password correctly, localhost> prompt
appears.

Login: corecess
Password:
localhost>

9. To configure the Corecess S5, enter the ‘Privileged’ mode by enable command. If you
enter Privileged mode, the prompt is changed from localhost> to localhost#.

Localhost> enable
localhost#

Note: After specifying the IP address of the NMS port (Management interface), you can
access the Corecess S5 CLI through the Telnet session or NMS.

Configuring Basic Features 4-3


Before Configuration

Command Modes
The CLI of the Corecess S5 System supports various command modes. The CLI commands are
only executed in their command modes. The following table describes the type of command
modes and the tasks.

Table 4-1 CLI modes

Command Mode Description


In this mode, you can display information and perform basic tasks such as
User
Ping and Telnet.
In this mode, you can use the same commands as those at the User
Privileged mode plus configuration commands that do not require saving the
changes to the system-configure file.
The global mode allows you to globally configure access-lists, DHCP,
Global SNMP, and VLAN. You can also apply or modify parameters for ports
on the device.
In this mode, you can configure the BGP routing session which uses
Address-family
the standard IPv4/VPNv4 address prefix.
In this mode, you can configure the key groups used for RIP
Key-chain
authentication.
Key In this mode, you can configure the authentication key of the RIP.
The Route-map configuration mode allows you to define conditions
Route-map for redistributing the routes from a routing protocol to another routing
protocol.
The interface mode allows you to configure the features for the specific
Interface
VLAN interface.
Configuration
The QoS configuration mode allows you to configure QoS (Quality of
QoS
Service) on the system.
The Class-map configuration mode allows you to configure QoS class-
Class-map
map.
The Policy-map configuration mode allows you to configure QoS
Policy-map
policy-map.
Policy-map- The Policy-map class mode allows you to assign the class map to be
class applied to QoS policy-map.
RIP In this mode, you can configure RIP routing protocol.
OSPF In this mode, you can configure OSPF routing protocol.
BGP In this mode, you can configure BGP routing protocol.
IS-IS In this mode, you can configure IS-IS routing protocol.
VRRP In this mode, you can configure VRRP.

4-4 Corecess S5 System With GPON User's Guide


Before Configuration

You can enter the each command mode by entering the following command.

Table 4-2 Command mode access method

To From CLI Command


Privileged User mode enable

Global Privileged mode configure terminal


Address-
BGP configuration address-family
family
Key-chain Global configuration key chain

Key Key-chain key

Route-map Global configuration route-map

Interface Global configuration interface

QoS Global configuration qos

Configuration Class-map QoS configuration class-map

Policy-map QoS configuration policy-map


Policy-map-
Policy-map configuration class
class
RIP Global configuration router rip

OSPF Global configuration router ospf

BGP Global configuration router bgp

IS-IS Global configuration router isis

VRRP Global configuration router vrrp

Entering Privileged Mode

When you start a session on the Corecess S5, you begin in User mode. Only a limited subset of
the commands is available in User mode. To have access to all commands, you must enter
Privileged mode. To enter Privileged mode from User mode, enter the enable command. The
CLI prompt will be changed from > to # entering Privileged mode.

Localhost> enable
localhost#

Configuring Basic Features 4-5


Before Configuration

To exit from Privileged mode, enter disable command. The CLI prompt will be changed from #
to > returning to User mode from Privileged mode.

Localhost# disable
localhost>

If you enter the exit command in Privileged mode, you can exit from the CLI.

Localhost# exit

login:

Entering Global Configuration Mode

Global configuration mode allows you to change configuration for the Corecess S5 System. Also,
you can enter other configuration mode through Global configuration mode.

To enter Global configuration mode from Privileged mode, enter the configure terminal
command. The CLI prompt will be changed localhost(config)# entering Global configuration
mode.

Localhost# configure terminal


localhost(config)#

To exit from Global configuration mode, enter end command. The CLI prompt will be changed
to localhost# returning to Privileged mode.

Localhost(config)# end
localhost#

4-6 Corecess S5 System With GPON User's Guide


Before Configuration

Returning to Previous Command Mode


To log out from CLI, you should return to User mode or Privileged mode. Use the exit or end
command to return to User mode or Privileged mode from other command mode:

This example shows how to return to Privileged mode from Policy-map mode by using the
exit command:

localhost(config-pmap)# exit
localhost(config-qos)# exit
localhost(config)# exit
localhost#

To return to Privileged mode directly without what mode you are in, use the end command.
This example shows how to return to Privileged mode from Policy-map mode by using the end
command:

localhost(config-pmap)# end
localhost#

Logging out From CLI

To log out from the CLI, enter the exit command in User mode or Privileged mode.

This example shows how to log out from the CLI in Privileged mode. After logging out from
the CLI, login prompt will be displayed as follow.

Localhost# exit

login:

Configuring Basic Features 4-7


Before Configuration

Prompt
On the Corecess S5 CLI prompt, the node name and current command mode are indicated as
follows:

localhost(config-qos)#
Node name Command mode

Node Name

The default node name is ‘localhost’. This default node name is used for the prompt until you
change it. If the proper node name is specified, it is useful to classify the product purpose or the
location.

Note: You can change the node name of the Corecess S5 System by using hostname
command in global configuration mode.

Current Command Mode

The following table describes the prompt of the main command modes.

Table 4-3 Prompt of the main Command modes

Command Mode Prompt


User >
Privileged #
Global (config)#
Address-family (config-router-af)#
Key-chain (config-keychain)#
Key (config-keychain-key)#
Route-map (config-route-map)#
Configuration Interface (config-if)#
QoS (config-qos)#
Class-map (config-cmap)#
Policy-map (config-pmap)#
Policy-map-class (config-pmap-c)#
RIP, OSPF, BGP, IS-IS, VRRP (config-router)#

4-8 Corecess S5 System With GPON User's Guide


Before Configuration

Getting Help
The Corecess S5 CLI provides help system that shows the list of available commands or
parameters. You can also get information about their function and brief Description of usage.

 To obtain a list of commands that are available for each command mode, enter a question
mark (?) at the prompt:

# ?
calendar calendar
clear Reset functions
clock System clock
close Close the terminal
cls Clear a screen
configure Configuration from vty interface
copy Copy from one file to another
debug
delete Delete
diag Diagnosis mode
disable Turn off privileged mode command
enable enable
end End current mode and down to previous mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
ping send echo messages
quit Exit current mode and down to previous mode
reset reset
session Create Session
show Show
ssh Open a ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also ‘debug’)
update Update Images
write Write Information
#

Configuring Basic Features 4-9


Before Configuration

 To obtain the syntax for commands that are available for each command mode, enter the
list command at the prompt:

# list
calendar set WORD [WORD] [WORD] [WORD]
clear arp
clear arp A.B.C.D
clear arp-cache
clear dhcp statistics
clear dhcprelay lease all
clear dhcpserver lease all
clear dhcpserver lease ip A.B.C.D
clear dhcpserver lease mac A:B:C:D:E:F
.
.
update option image NAME slot <1-100>
update option image id <1-100> slot <1-100>
update port epon WORD onu mac WORD image NAME
update rootfs image NAME
update rootfs image id <1-100>
write dhcpserver leasefile
write file
write memory
write terminal
#

 To obtain a list of any command’s associated keywords and arguments, enter a question
mark (?) after a partial command followed by a space:

# clear ip ?
bgp BGP information
dhcp Dynamic Host Configuration Protocol
igmp Internet Group Management Protocol
mroute Delete multicast route table entries
ospf OSPF information
pim Protocol Independent Multicast (PIM)
prefix-list Build a prefix list
rip RIP routing table
route all routing table
static Static routing table & configuration
vrrp VRRP information
# clear ip

4-10 Corecess S5 System With GPON User's Guide


Before Configuration

CLI Command Usage Basics

Entering CLI Commands


To executing a CLI command, you should enter both the command and it’s parameter. You can
execute the commands in the command mode which the prompt is locating now.

The CLI commands of the Corecess S5 have the following characteristics:

 The CLI commands are case-sensitive.

 The CLI supports command completion, so you do not need to enter the entire name of a
command or parameter. As long as you enter enough characters of the command or
parameter to avoid ambiguity with other commands or parameters, the CLI understands
what you are typing. For example, you can enter only con t to execute the configure
terminal command at Privileged command mode.

Localhost# con t
localhost(config)#

But if you enter only co t, the following error message will be displayed. Because there are
copy and configure command and the system can’t distinguish the two commands.

Localhost# co t
% Unknown command.

 To complete a command, press Tab key. If you enter a few known characters, then press Tab
key, the CLI displays the rest characters of the command. For example, if you enter only con
in Privileged mode, then press Tab key, the CLI displays configure on the terminal.

Configuring Basic Features 4-11


Before Configuration

Specifying Ports

To specify ports as a parameter in the CLI, follow these rules.

 Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1
on the module installed in the slot 1.

 Use dash (-) to specify consecutive number of ports. For example, enter 1/1-4 instead of
entering 1/1, 1/2, 1/3 and 1/4.

 Use comma (,) to specify non-consecutive number of ports. For example, enter 1/1,1/3-4
instead of entering 1/1, 1/3 and 1/4.

 See the following figure to check the slot number:

SCM Slot (10)


SCM Slot (9)
LIM Slot (8)
LIM Slot (7)
LIM Slot (6)
LIM Slot (5)
LIM Slot (4)
LIM Slot (3)
LIM Slot (2)
LIM Slot (1)

Editing Commands

The CLI supports the following line editing commands. To enter a line-editing command, use
the CTRL-key combination for the command by pressing and holding the CTRL key, then
pressing the letter associated with the command.

Table 4-4 CLI Editing Command.

Ctrl-Key Combination Description


Ctrl+a Moves to the first character on the command line.
Ctrl+b Moves the cursor back one character.
Ctrl+d Deletes the character at the cursor.
Ctrl+e Moves to the end of the current command line.
Ctrl+f Moves the cursor forward one character.
Ctrl+n Enters the next command line in the history buffer.
Ctrl+p Enters the previous command line in the history buffer.
Ctrl+u Deletes all characters from the cursor to the beginning of the command line.

4-12 Corecess S5 System With GPON User's Guide


Configuring Basic System Parameters

Configuring Basic System Parameters


This section describes the procedure of configuring the following basic system parameters:
 IP address
 CLI users
 System name
 System time and date

Setting an IP Address for management


Before you use Telnet or SNMP to manage the Corecess S5 System from remote place, you must
assign an IP address to the Ethernet management port (Ethernet port on the SCM module). You
can specify the subnet mask (netmask) using the number of subnet bits or using the subnet
mask in dotted decimal format.

To set the IP address of the Ethernet management port, follow this procedure:

Table 4-5 Setting the IP address

Command Description
enable 1. Enter Privileged mode.
Configure terminal 2. Enter Global configuration mode.
Interface 3. Enter Interface configuration mode for configuring the Ethernet management
management port.
10. Assign an IP address and subnet mask to the Ethernet
Ip address management port.
<ip-address>/<M>  <ip-address>: IP address for the interface.
 <M>: Subnet mask.
5. Exit from Interface configuration mode and return to Global configuration
Exit
mode.
Ip route default 11. Specify the default gateway address.
<gateway-address>  <default-gateway>: Default gateway address.
End 7. Return to Privileged mode.
Show interface
8. Verify the IP address configuration.
management
12. Check the network connectivity.
Ping <host>
 <host>: The IP address of the host or the network number to ping.
Write memory 10. Save the IP address configuration.

The following is an example of assigning an IP address and subnet mask to the Ethernet
management port and verifying the configuration:

Configuring Basic Features 4-13


Configuring Basic System Parameters

> enable Enter the Privileged mode


들어갑니다.
# configure terminal Enter the Global Configuration mode

(config)# interface management Enter the interface mode of the Ethernet Manegement port
Specify the IP address and subnet mask of
(config-if)# ip address 172.27.68.100/16
the Ethernet Management port
(config-if)# exit Enter the Global Configuration Mode

(config)# ip route default 172.27.1.254 Specify the default gateway address

(config)# end Return to the Privileged mode


Display the configuration information of
# show interface management
the Ethernet Management port
Interface management
index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
Hwaddr: 00:90:a3:cd:0e:b0
inet 172.27.68.100/16 broadcast 172.27.255.255
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# ping 172.27.2.49 Verify communicating with other hosts on the same network

172.27.2.49 is alive!
# write memory Save the changed configuration to the backup configuration file

Building Configuration…
[OK]
#

4-14 Corecess S5 System With GPON User's Guide


Configuring Basic System Parameters

User Management
To access the CLI of the Corecess S5 System, you must login by entering the user name and the
password. By default, ‘corecess’ exists. This section describes how to add and delete user who
can login the CLI of the Corecess S5 System.

Adding a New User

The table below shows the commands to add a user:

Table 4-6 Adding a new user

Command Description
enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global configuration mode.

13. Add a user.


Username <name>
 <name> The user ID for entering the Corecess S5 System CLI.
password <password>
 <password> The password for the user.

End 4. Return to Privileged mode.

Show username 5. Verify the list of user configuration

write memory 6. Save the user configuration.

The following example shows how to adds a user whose id is ‘kka’ and password is ‘violet’ and
verifies the configuration:

# configure terminal
(config)# username kka passwd violet
(config)# end
# show username
corecess none none **Never logged in**
kka none none **Never logged in**
# write memory
Building Configuration…
[OK]

Configuring Basic Features 4-15


Configuring Basic System Parameters

Changing a User Password

To change a user password for a user, execute the following procedure:

Table 4-7 Changing a user password

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global configuration mode.

14. Specify a new password.


Username <name> passwd
 <name> The user ID to modify password
<password>
 <password> New password

end 4. Return to Privileged mode.

Write memory 5. Save the changed configuration.

The following example shows how to change a password of the user ‘kka’:

# configure terminal
(config)# user kka password corecess
(config)# end
# write memory
Building Configuration…
[OK]
#

4-16 Corecess S5 System With GPON User's Guide


Configuring Basic System Parameters

Deleting a User

To delete a user, execute the following procedure:

Table 4-8 Deleting a user

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global configuration mode.

15. Delete a user.


No username <user-name>
 <user-name>: The user name to delete

end 4. Return to Privileged mode.

Show username 5. Verify the list of users.

Write memory 6. Save the configuration change.

The following example shows how to delete the user ‘kka’ and verify the deletion:

# configure terminal
(config)# no username kka
(config)# end
# show username
corecess none none **Never logged in**
# write memory
Building Configuration…
[OK]
#

Configuring Basic Features 4-17


Configuring Basic System Parameters

Specifying System Name and System Time


This section describes the configuration of the following general system features:

 System name
 System date and time
 NTP (Network Time Protocol) mode and time zone
 Time zone

Changing System Name

The system name is used as the prompt on the console. Therefore, it is convenient for finding
out which device is connected to. To change the system name, use the following commands.

Table 4-9 Changing system name

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global configuration mode.

16. Specify the system name.


Hostname <system-name>
 <system-name> The string used for system name

end 4. Return to Privileged mode.

Write memory 5. Save the changed configuration.

The following example shows how to change the system name to ‘Corecess’:

localhost> enable
localhost# configure terminal
localhost(config)# hostname Corecess
Corecess(config)# end
Corecess# write memory
Building Configuration…
[OK]
Corecess#

4-18 Corecess S5 System With GPON User's Guide


Configuring Basic System Parameters

Adjusting System Date and Time

The system date and time is used in the log which is the record of the events occurred in the
system. When recording events or commands executed in the system into a log, the date and
time of the system is recorded with events or commands. Such logs can be used as an important
data in solving problems in the system, thus it is very important to accurately set the date and
time of the system.

The following describes how to set the system time and date.

Table 4-10 Adjusting system time

Command Description

enable 1. Enter Privileged mode.


17. Specify the current system time and date.
 <time>: Current time in hours, minutes, and seconds (in the format
Clock set <time>
hh:mm:ss, example : 16:24:00)
[<date>] [<month>]
 <day>: Current day (by date) in the month.
[<year>]
 <month>: Current month (1 ~ 12, or name).
 <year>: Current year (no abbreviation).

Show clock 3. Verify the configuration.

Write memory 4. Save the changed information.

The following example shows how to adjust the system calendar and change the system clock
into the system calendar:
# clock set 33:20:10 8 mar 2004
# show clock
Fri Oct 8 17:37:49 2004 -0.066680 seconds
# write memory
Building Configuration…
[OK]
To use the current software clock (calendar) as the system clock, use the clock read-
calendar command in Privileged mode.
# show calendar
Fri Oct 8 11:26:38 KST 2004
# clock read-calendar
# show clock
Fri Oct 8 11:26:38 2004 -0.440000 seconds

Note: The ‘calendar’ is a software clock that is erased when the system is powered off or
reboot. The other hand, the system clock run continuously, even if the system is powered off
or reboot.

Configuring Basic Features 4-19


Configuring Basic System Parameters

Setting NTP Mode

NTP (Network Time Protocol) synchronizes timekeeping among a set of distributed time
servers and clients. This synchronization allows events to be correlated when system logs are
created and other time-specific events occur.
The Corecess S5 supports the following NTP modes:
 Broadcast client mode
In broadcast client mode, local network equipment, such as a router, regularly broadcasts the
time information. The Corecess S5 System listens for the broadcast messages and set the
system clock.

 Multicast client mode


In multicast client mode, local network equipment, such as a router, regularly multicast the
time information to specific multicast group address.

 Server mode
In server mode, the Corecess S5 System regularly requests the time information to an NTP
server.
To configure NTP on the system, use the following commands:

Table 4-11 Configuring NTP

Command Description

configure terminal 1. Enter Global configuration mode.


18. Set the NTP mode.
 broadcast: Configure the system in NTP broadcast client mode.
 multicast <group-address>: Configure the system in NTP
multicast client mode.
Ntp config type - <group-address>: Multicast group address
{broadcast | multicast  server <poll> <ip-address>: Configure the system in NTP
<group-address> | server server mode.
<poll> <ip-address> - <poll>: The polling interval.
preset {on | off}} - <ip-address>: The IP address of the NTP server.
 preset: Whether to preset the system clock to the time received
from NTP server.
- on: Preset.
- off: Not preset.
Ntp enable 3. Enable NTP on the system

end 4. Return to Privileged mode.

Show ntp config 5. Verify the NTP configuration.

The following example shows how to configure the system in NTP server mode and verify the

4-20 Corecess S5 System With GPON User's Guide


Configuring Basic System Parameters

configuration:

(config)# ntp config type server 32 203.255.112.69 preset on


(config)# ntp enable
(config)# end
# show ntp config
ntp config type server 32 203.255.112.69 preset on
ntp enable
#

Setting the Time Zone

You can specify a time zone for the Corecess S5 System to display the time based on that time
zone. The Corecess S5 System learnt time from NTP sets its clock according to the specified time
zone and displays time. For example, when you set the time zone as ‘Seoul’ and ‘Los Angeles’,
the displayed date is different.
The default time zone is UTC. You must enable NTP before you set the time zone. If NTP is not
enabled, this command has no effect.

To set the time zone, use the following commands:

Table 4-12 Set the time zone

Command Description
configure terminal 1. Enter Global configuration mode.
19. Set the time zone.
 <region>: The region name. Select one of followings:
4-21thern Africa region
america America region
antarctica Antarctica region
arctic Arctic region
asia Asia region
atlantic Atlantic region
4-21thernet4-21 Australia region
4-21thern Europe region
Clock timezone
indian Indian region
<region> <area-code>
pacific Pacific region
cet CET(Central Europe time UTC+1)
eet EET(Eastern Europe Time UTC+2)
est EST(Estern Standard Time UTC-5)
gmt GMT(Greenwich Mean Time UTC)
pst PST(Pacific Standard Time UTC-8)
utc UTC(Universal Time Clock)
 <area-cded>: Area code(area code, 1 ~ 1000). You can see the
area code for the selected region by using the show clock
timezone <region> in Privileged mode.

Configuring Basic Features 4-21


Configuring Basic System Parameters

End 3. Return to Privileged mode.


Show ntp config 4. Verify the configuration.
Write memory 5. Save the configuration changes.
Reset system 6. Restart the system.

The following example shows how to set the time zone and the area code to Asia/Seoul:

(config)# clock timezone Asia 54


New NTP region/area is Asia/Seoul(Seoul)

system must be rebooted.


(config)# end
# show ntp config
ntp region Asia 54
ntp enable
# reset system
.
.

4-22 Corecess S5 System With GPON User's Guide


Configuration File Management

Configuration File Management


The system configuration file is a text file that has commands for system configuration when the
system is booting. It is convenient that you do not need to input commands manually for the
system configuration, whatever the system booting.

The Corecess S5 System contains two types of configuration files: the running (current
operating) configuration and the startup (last saved) configuration.
The feature of the files is as follows:

Running configuration
The running configuration is the current (unsaved) configuration that reflects the most recent
configuration changes. When a user changes the system configuration, the system configuration
is saved in the running configuration file of RAM and is applied immediately to the system.
You can upload or download the running configuration file via FTP or TFTP.

Startup configuration
The startup configuration is the saved configuration in NVRAM and is used when the system
initializes. The startup configuration is not removed when the system power is turned off. You
can upload or download the startup configuration file via FTP or TFTP.

Caution: Whenever you make changes to the Corecess S5 System configuration, you must
save the changes to memory so they will not be lost if the system is rebooted.

Configuring Basic Features 4-23


Configuration File Management

Displaying the Current Running Configuration


To display the current running configuration, enter the show running-config command in
Privilege mode:

To display the current running configuration, follow this procedure:

Table 4-13 Show the current running configuration

Command Description

enable 1. Enter Privileged mode.

Show running-config 2. Display the current running configuration.

The following example shows how to display the current running configuration file of the
Corecess S5 System.

# show running-config
Building configuration…

Current configuration:
!
! version 0.73
!
hostname Corecess
!
snmp-server community “public” ro
snmp-server community “private” rw
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan enable 33 25
system temperature enable 90 80
!
port gigabitethernet 1/1 flowctl off
port gigabitethernet 1/1 duplex full
port gigabitethernet 1/2 flowctl off
port gigabitethernet 1/2 duplex full
port gigabitethernet 1/3 flowctl off
port gigabitethernet 1/3 duplex full
port gigabitethernet 1/4 flowctl off
port gigabitethernet 1/4 duplex full

4-24 Corecess S5 System With GPON User's Guide


Configuration File Management

!
interface management
ip address 172.18.22.6/16
!
ip multipath count 32
!
line vty
!
dhcprelay enable
dhcprelay serverlist 100.1.1.1
!
no ntp
!
.
.
#

Configuring Basic Features 4-25


Configuration File Management

Saving the Current Running Configuration


If you apply the current running configuration file when the next system’s booting, save the
current running configuration file to the startup configuration file before the system is reset or
powered off.

There are three commands to save the current running configuration file to the startup
configuration file.

Table 4-14 Commands for saving the current running configuration

Command Mode

write memory

write file Privileged

copy running-config startup-config

The following example shows how to save the current running configuration to the startup
configuration using the write memory command:

# write memory
Building Configuration…
[OK]
#

The following example shows how to save the current running configuration to the startup
configuration using the write file command:

# write file
Building Configuration…
[OK]
#

The following example shows how to save the current running configuration file to the startup
configuration file using the copy running-config startup-config command.

# copy running-config startup-config


Building Configuration…
[OK]
#

4-26 Corecess S5 System With GPON User's Guide


Configuration File Management

Restoring Default Configuration


To restore the default configuration, use the following commands:

Table 4-15 Restoring default configuration

Command Description

enable 1. Enter Privileged mode.

Copy factory-default
2. Restore the default configuration.
start-up config

Reset system 3. Restart the Corecess S5 System.

The following example shows how to restore the default configuration.

# copy factory-default startup-config


done
# reset system

Restoring Startup-config File


Node Command Help

copy : Copy from one file to another


startup-config : Copy from startup configuration
copy startup-config flash
en flash : Copy to system flash
config NAME
config : Copy to system config flash
NAME : Name of the user backup configuration
file

copy : Copy from one file to another


startup-config-iptv : Copy from startup service-
copy startup-config-iptv flash iptv configuration
en
config NAME flash : Copy to system flash
config : Copy to system config flash
NAME : Name of the user backup configuration
file

Configuring Basic Features 4-27


Monitoring and Maintaining the System

Monitoring and Maintaining the System


This section describes the commands you use to monitor the network connectivity and the state
of the system modules and display the system configuration. It also describes how to display
and manage the system log and how to download the software from the remote server.

Monitoring Network Connectivity


After you assign an IP address and a subnet mask of the Corecess S5 System and connect the
Ethernet Management port to the network, you should be able to communicate with other
nodes on the network.

To check whether the Corecess S5 System is properly connected and configured, use the
following commands:

Table 4-16 Checking network connectivity

Commands Description
enable 1. Enter Privileged mode.
20. Ping another node on the network.
 <destination>: The IP address of the host or the network
Ping <destination>
number to ping.
[count <packet-count>]
 count: Sends the specified number of ICMP packets.
- <packet-count>: The number of packets to send (1 ~ 512).
21. Trace the route of packets through the network to another
Traceroute [<host-ip> node.
| <host-name>]  <host-ip>: Destination address.
 <host-name>: Host name.
show interface 4. If the host is unresponsive, check the IP address and the subnet mask
management in the configuration of the Ethernet Management port.
5. If the interface of the Ethernet Management port is properly
Show ip route
configured, check the IP routing table.

This example shows how to ping a host with IP address 172.27.2.49:

# ping 172.27.2.49
PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data.
64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec
64 bytes from 172.27.2.49: icmp_seq=1 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=2 ttl=128 time=816 usec
64 bytes from 172.27.2.49: icmp_seq=3 ttl=128 time=8.284 msec
64 bytes from 172.27.2.49: icmp_seq=4 ttl=128 time=820 usec

4-28 Corecess S5 System With GPON User's Guide


Monitoring and Maintaining the System

64 bytes from 172.27.2.49: icmp_seq=5 ttl=128 time=815 usec


64 bytes from 172.27.2.49: icmp_seq=6 ttl=128 time=821 usec
64 bytes from 172.27.2.49: icmp_seq=7 ttl=128 time=817 usec
64 bytes from 172.27.2.49: icmp_seq=8 ttl=128 time=826 usec
64 bytes from 172.27.2.49: icmp_seq=10 ttl=128 time=779 usec
64 bytes from 172.27.2.49: icmp_seq=11 ttl=128 time=765 usec
64 bytes from 172.27.2.49: icmp_seq=12 ttl=128 time=763 usec
64 bytes from 172.27.2.49: icmp_seq=13 ttl=128 time=761 usec
64 bytes from 172.27.2.49: icmp_seq=14 ttl=128 time=760 usec
64 bytes from 172.27.2.49: icmp_seq=15 ttl=128 time=762 usec

--- 172.27.2.49 ping statistics ---


16 packets transmitted, 15 packets received, 6% packet loss
round-trip min/avg/max/mdev = 0.760/1.304/8.284/1.866 ms
#

The following messages are displayed according to the status of host and network after
execution of the ping command:

Table 4-17 PING field Descriptions

Connection Status message

64 bytes from <host> : Host or network is connected. (When the ICMP echo response
icmp_seq=n ttl=n time=n ms messages have been received from the host or network)
Destination does not respond. (When any packets have not
no answer from <host>
been received from the host or network)
<host> is unreachable Host is unreachable.

Network is unreachable. : 2 Network is unreachable.

This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:

# traceroute 192.1.1.1
traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets
22. * 172.27.1.254 (172.27.1.254) 4.204 ms 9.754 ms
2 * 192.168.11.126 (192.168.11.126) 1.640 ms 1.317 ms
3 61.107.96.1 (61.107.96.1) 1.825 ms 1.778 ms 1.441 ms
4 61.96.195.249 (61.96.195.249) 1.723 ms 1.812 ms 1.838 ms
5 172.30.4.1 (172.30.4.1) 2.375 ms 1.838 ms 1.856 ms
6 172.30.100.33 (172.30.100.33) 2.212 ms 1.813 ms 1.838 ms
7 172.30.100.10 (172.30.100.10) 2.404 ms 1.888 ms 2.277 ms
8 211.61.251.1 (211.61.251.1) 2.305 ms 1.861 ms 1.802 ms
9 211.61.251.4 (211.61.251.4) 3.338 ms 2.812 ms 2.811 ms
.

Configuring Basic Features 4-29


Monitoring and Maintaining the System

.
.
19 4.0.2.250 (4.0.2.250) 218.205 ms 4.1.81.1 (4.1.81.1) 220.789 ms *
20 4.1.138.38 (4.1.138.38) 220.070 ms 227.188 ms 4.1.81.1 (4.1.81.1) 23.769
ms
21 4.1.138.38 (4.1.138.38) 219.686 ms 192.1.101.81 (192.1.101.81) 222.896 ms
4.1.138.38 (4.1.138.38) 220.625 ms
22 * 192.1.101.81 (192.1.101.81) 219.597 ms 218.852 ms
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

The following example displays sample traceroute output when a destination host IP
address is specified:

# traceroute 61.107.97.51
traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets 
1 172.26.1.254 (172.26.1.254) 14.812 ms 29.758 ms 22.752 ms
2 192.168.11.126 (192.168.11.126) 0.497 ms 0.454 ms 0.360 ms
3 61.107.97.51 (61.107.97.51) 14.812 ms 29.758 ms 22.752 ms
  
#

The table below describes the fields shown by the traceroute command:

Table 4-18 traceroute field Descriptions

Field Description
 Maximum TTL value and the size of the ICMP datagrams being sent
 Indicates the sequence number of the switch router in the path to the host
 IP address of the router
 Round-trip time for each of the three probes that are sent

4-30 Corecess S5 System With GPON User's Guide


Monitoring and Maintaining the System

If the host is irresponsible after execution of the PING or traceroute commands, check the
interface of the Ethernet Management port using the show interface management
command, and check the routing table using the show ip route command.

The following example shows how to display the interface of the Ethernet Management port
using the show interface management command.

# show interface management


Interface management
index 0 kernel index 2 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST>
Hwaddr: 00:11:a1:ca:00:01
inet 172.19.3.154/16 broadcast 172.19.255.255
input packets 1715511, bytes 159585565, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 436568, bytes 54251015, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

The following example shows how to display the IP routing table using the show ip route
command.

# show ip route
Codes: K – kernel route, C – connected, S – static, R – RIP, O – OSPF,
I – IS-IS, B – BGP, > - selected route, * - FIB route, p – stale info

S> * default [1/0] via 172.19.1.254, management


B> * 100.100.10.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
B> * 100.100.11.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
B> * 100.100.14.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
B> * 100.100.15.0/24 [20/0] via 172.19.3.153, management, 1d20h55m
C * 172.19.0.0/16 is directly connected, vlan1
C> * 172.19.0.0/16 is directly connected, management

Route Source Num of Entries


connected 2
static 1
bgp 4
Total 7

Configuring Basic Features 4-31


Monitoring and Maintaining the System

Displaying CPU Utilization


You can display the utilization of the CPU on the Corecess S5 System using the show cpuinfo
command in Privileged mode. The following is a sample output of the show cpuinfo
command:

# show cpuinfo
cpu : 440GP Rev. C
revision : 4.129 (pvr 4012 0481)
bogomips : 595.96
vendor : IBM
machine : Ebony
#

The following table describes the fields shown by show cpuinfo command:

Table 4-19 show cpuinfo field Descriptions

Field Description

cpu Model name of the CPU.

Revision Version information of the CPU.

Bogomips is the number of million times per second a CPU can do absolutely nothing
Bogomips
and is used for a measurement of speed for the non Intel CPUs.

Vendor Maker of the CPU.

4-32 Corecess S5 System With GPON User's Guide


Monitoring and Maintaining the System

Displaying Memory Usage


You can display the usage of the memories on the Corecess S5 System using the show meminfo
command in Privileged mode. The following is a sample output of the show meminfo
command:

The following example shows how to display the information of the memory.

# show meminfo
total: used: free: shared: buffers: cached:
Mem: 250851328 106090496 144760832 0 3883008 40488960
Swap: 0 0 0
MemTotal: 244972 kB
MemFree: 141368 kB
MemShared: 0 kB
Buffers: 3792 kB
Cached: 39540 kB
SwapCached: 0 kB
Active: 8684 kB
Inactive: 77488 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 244972 kB
LowFree: 141368 kB
SwapTotal: 0 kB
SwapFree: 0 kB
#

The table below describes the fields shown by the show meminfo command:

Table 4-20 show meminfo field Descriptions

Field Description

total Total amount of memory held in bytes.

Used Total amount of used memory in bytes.

Free Total amount of free memory in bytes.


Mem
Shared Total amount of shared memory in bytes.

Buffers Total amount of buffer memory in bytes.

Cached Total amount of cache memory in bytes.

total Total amount of swap in bytes.

Swap Used Total amount of used swap in bytes.

Free Total amount of free swap in bytes.

Configuring Basic Features 4-33


Monitoring and Maintaining the System

(Continued)
Field Description

MemTotal Total amount of memory in Kilobytes.

MemFree Total amount of free memory in Kilobytes.

MemShared Total amount of shared memory in Kilobytes.

Buffers Total amount of buffer memory in Kilobytes.

Cached Total amount of cache memory in Kilobytes.

SwapCached Total amount of swap cache in Kilobytes.

Active Amount of buffer or cache memory currently allocated in kilobytes.

Inactive Amount of free buffer or cache memory in Kilobytes.

Amount of memory which is not mapping to kernel directly. This is different


HighTotal
according to the type of the used kernel.

Amount of free memory which is not mapping to kernel directly. This is


HighFree
different according to the type of the used kernel.

Amount of memory which is not mapping to kernel directly. This is different


LowTotal
according to the type of the used kernel.

Amount of free memory which is not mapping to kernel directly. This is


LowFree
different according to the type of the used kernel.

SwapTotal Total amount of swap in Kilobytes.

SwapFree Total amount of free swap in Kilobytes.

4-34 Corecess S5 System With GPON User's Guide


Monitoring and Maintaining the System

Displaying System Module Information


You can display the information of the modules installed in the slots on the Corecess S5 System
using the show module command in Privileged mode. The following is a sample output of the
show module command:

# show module
Codes : * - Internal/Built-in Module, N – Network Attached Module
X – Switch Fabric Module, > - Current Management Module
Module Ports Description Status Serial No.
------- ----- ------------------------------- ---------------- -------------
> A(S1) N/A Control Module active N/A
B(S2) N/A Control Module not-exist N/A
1 16 S5-LIM-GW16 insert,up N/A
2 N/A N/A not-exist N/A
3 N/A N/A not-exist N/A
4 4 S5-EP8G-2.5 insert,up N/A
5 N/A N/A not-exist N/A
6 N/A N/A not-exist N/A
7 N/A N/A not-exist N/A
8 N/A N/A not-exist N/A
* 17 4 UIM-4GTX insert,up N/A
* 18 4 UIM-4G(SCM-B208G) insert,up N/A
X 19 64 FABRIC-B208G insert,up N/A
Module Version Hw Fw Sw
------- ------------------ ---------------- --------------- ---------------
1 release.rev(patch) N/A 1.0(18) N/A
4 release.rev(patch) 0.0(3) 1.0(177) REL0.6.6RC2
17 release.rev(patch) N/A N/A N/A
18 release.rev(patch) 0.0(1) N/A N/A
19 release.rev(patch) N/A N/A N/A

The table below describes the fields shown by the show module command:

Table 4-21 show module field Descriptions

Field Description

Mod Slot number which the module is installed on.

Ports Number of the ports on the module.

Type of the module.


- LIM-EP4G-GR : 4 ports, Gigabit PON module
Description
- LIM-D4GF: 4 ports, Gigabit Ethernet line module
- SCM-208G: 8 ports, Gigabit Ethernet uplink module, 4 port 10G

Configuring Basic Features 4-35


Monitoring and Maintaining the System

Status Equipment status and operating status of the module.

Serial No. Serial number of the module.

Hw Hardware version of the module.

Fw Firmware version of the module.

Sw Software version of the module.

4-36 Corecess S5 System With GPON User's Guide


Monitoring and Maintaining the System

Displaying System Module Status


You can display the equipment and running state of the system modules using the show system
command in Privileged mode.

The following is a sample output of the show system command:

# show system
System Information
CoreCMR(Control Module Redundancy)
side : A(M2)
local status : active
remote status : not-exist
mode : hot-startup

Subscriver/Service Interface Board(s)


SIB [ 1] Normal
SIB [ 2] Unequipped
SIB [ 3] Unequipped
SIB [ 4] Normal
SIB [ 5] Unequipped
SIB [ 6] Unequipped
SIB [ 7] Unequipped
SIB [ 8] Unequipped
SIB [ 17] Normal
SIB [ 18] Normal
SIB [ 19] Normal

PWR [ 1] Unequipped
PWR [ 2] Unequipped
PWR [ 3] Unequipped

FAN [ 1] Normal
FAN [ 2] Normal
Auxiliary Information
Fan (`C(`F)) –
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) –
Current Temperature : 53 (127 )
Max/Min Threshold : 90/ 80 (194/176)
MIB-II: System Group
Contact: support@corecess.com

Configuring Basic Features 4-37


Monitoring and Maintaining the System

Name: Corecess S5
Location: Corecess Inc.
Descr: Switched Router
ObjectID(36): 1,3,6,1,4,1,2971,50,45

Each field shown by the show system command describes the following information about
system state:

Table 4-22 show system field Descriptions

Field Description
CoreCMR The redundancy status of the SCM module (Not supported).
The status of the SCM module and the LIM module.
 SIB S [1] : The status of LIM module installed in the number 1 slot
 SIB S [2] : The status of LIM module installed in the number 2 slot
 SIB S [3] : The status of LIM module installed in the number 3 slot
System Subscriber/Service  SIB S [4] : The status of LIM module installed in the number 4 slot
Information Interface Board(s)


 SIB S [19] : The status of SCM module installed in the number 5 slot
FAN The status of the fan module
 Max Threshold : The temperature that the fan module operate
Fan
 Min Threshold : The temperature that the fan module stop
Auxiliary  Current Temperature : The current temperature of the Corecess S5
Information System
Temperature
 Max Threshold : The maximum temperature that the trap occurs
 Min Threshold : The minimum temperature that the trap occurs

Controling FAN
This CLI control automatic fan on/of based on temperature.

The following is a sample output of the system fan command:

(config)#
system fan disable
system fan enable <Max Threshold> <Min Threshold>

4-38 Corecess S5 System With GPON User's Guide


Managing System Log

Managing System Log


The Corecess S5 System maintains a log file of all error and status messages generated by each
module on the Corecess S5 System. Log file is stored in the Corecess S5 System. You can
transmit the system log file to a remote host to manage it separately. In this section, the
following issues will be described:

 Specifying level of the logs to be displayed on the console screen

 Specifying screens to display log messages

 Saving event messages in the log file

 Displaying system logs saved in the log file

 Clearing system logs in the log file

Specifying Event Level


The Corecess S5 System classify events into eight levels, based on criticality of the system. All
events occurred in the Corecess S5 System don’t need to be stored in the system log file. You
can specify the top level of events to be stored using the logging level command in Global
configuration mode. The events of the upper levels than the level designated by the login
level command will be ignored (These events will be neither saved nor displayed). The
Corecess S5 System supports the following eight event levels. ‘1. Emergency’ event is the most
critical level and ‘8. Debug’ is the least critical level event.

1. Emergency More critical


2. Alert
3. Critical
4. Errors
5. Warning
6. Notify
7. Inform
8. Debug Less critical

By default, all events of the Corecess S5 System are specified to the level 6. Thus, if the event
occurs from the level 1 to the level 6, the event message is displayed on the console screen or
the remote host screen.

Configuring Basic Features 4-39


Managing System Log

The event level can be changed. The following procedure describes how to change the event
level.

Table 4-23 Changing the event level

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global Configuration mode.

23. Specify the event level.


 <type> The type of the event
 <level> The event level (1 ~ 8, default: 6).

End 4. Return to Privileged mode.

Show logging 5. Verify the configuration.

Write memory 6. Save the changed configuration.

This example shows how to specify the sys event to the level 4 and verify the result.

# configure terminal
(config) # logging level sys 4
(config) # end
# show logging
console logging is disable
logging buffer is disable

Facility Default Severity Current Severity


----------- ------------------ ------------------
sys 6 4(*)
filesys 6 6
authorize 6 6
. . .

# write memory
Building Configuration…
[OK]
#

4-40 Corecess S5 System With GPON User's Guide


Managing System Log

Note : The Corecess S5 System supports the following types of events:

Event Description
sys Events related to system hardware
filesys Events related to file system
authorize Events related to security and authentication
port Events related to ports
interface Events related to interfaces
vlan Events related to VLAN (Virtual LAN)
spantree Events related to spanning tree and bridge
lacp Events related to LACP (Link aggregation Control Protocol)
gvrp Events related to GARP/GVRP
igmp Events related to IGMP and IGMP snoopping
pbnac Events related to PBNAC (Port Base Network Access Control)
mcast Events related to multicast
qos Events related to QoS (Quality Of Service)
acl Events related to access list
snmp Events related to SNMP
snmp_rmon Events related to SNMP RMON
dhcp Events related to DHCP
ntp Events related to NTP
route_main Events related to Main Routing Control
rip Events related to RIP
ospf Events related to OSPF
bgp Events related to BGP
dvmrp Events related to DVMRP
pim Events related to PIM

Configuring Basic Features 4-41


Managing System Log

Specifying Screen to Display Log


When an event is occurred, the information of the event can be appeared on the remote host
screen, a console screen, and telnet sessions.

Configuring to Display Log Messages on the Console Screen

To configure the log messages to display on the console screen, use the following commands:

Table 4-24 Configuring log messages to display on the console

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global Configuration mode.

24. Configure whether to display log messages on the console.


Logging console
 enable Displays log messages on the console.
{enable | disable}
 disable Doesn’t display log messages on the console.

End 4. Return to Privileged mode.

Show logging 5. Verify the result.

Write memory 6. Save the changed configuration

The following example configures the log messages to display on the console screen and check
the result:

# configure terminal
(config)# logging console enable
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
1.1.1.1
.
.
# write memory
Building Configuration…
[OK]
#

4-42 Corecess S5 System With GPON User's Guide


Managing System Log

Configuring to Display Log Messages to a Remote Host

To configure the log messages to display on a remote host, use the following command:

Table 4-25 Configuring log messages to display on a remote host

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global Configuration mode.

25. Specify a remote host to display the log messages.


Logging {<ip-address>
 <ip-address> IP address of a remote host
| <host-name>}
 <host-name> Name of a remote host

end 4. Return to Privileged mode.

Show logging 5. Verify the configuration.

Write memory 6. Save the changed configuration.

The following example configures the system log to display on the remote host whose IP
address is 172.10.1.0:

# configure terminal
(config)# logging 172.10.1.0
(config)# end
# show logging
console logging is enable
logging buffer is enable
logging servers
172.10.1.0
.
.
# write memory
Building Configuration…
[OK]
#

Configuring Basic Features 4-43


Managing System Log

Configuring to Display Log Messages to a Telnet Session

To configure the log messages to display on telnet sessions, use the following commands:

Table 4-26 Configuring log messages to display on a Telnet session

Command Description

enable 1. Enter Privileged mode.

Configure terminal 2. Enter Global Configuration mode.

26. Configure whether to display log messages on telnet sessions.


Logging session
 enable Displays log messages on telnet sessions.
{enable | disable}
 disable Doesn’t display log messages on telnet sessions.

End 4. Return to Privileged mode.

Write memory 5. Save the changed configuration.

The following example configures the system log to display on telnet sessions:

# configure terminal
(config)# logging session enable
(config)# end
# write memory
Building Configuration…
[OK]
#

Saving Log Message in Log File


By default, the Corecess S5 System does not save the log messages in a log file. After
configuring the log messages to save using the logging file enable command, the log
message generated will be saved in a log file. Since you can see the log messages in the log file
whenever you need, it useful to manage the system.
If you set the Corecess S5 System not to save the log messages, use the logging file
disable command.

The following example shows how to configure the log message to be save in a file:

# configure terminal
(config)# logging file enable
(config)#

4-44 Corecess S5 System With GPON User's Guide


Managing System Log

Displaying Contents of Log File


To display the contents of the log file, use the show logging buffer command in Privileged
mode. You can specify a number from 1 to 100 as a parameter value, and it displays the number
of the resent saved log messages in the log file.

The following is a sample output of the show logging buffer command:

# show logging buffer 10


Jun 30 10:15:02 localhost SNMP_RMON-6-RMONENABLED: RMON agent enabled
Jun 30 10:15:02 localhost SYS-6-START_CONFIG: apply hot configuration module(1)
hwid(00000101)
Jun 30 10:15:04 localhost SYS-6-SYS_MODULE: module [1] is inserted
Jun 30 10:15:04 localhost SYS-6-SYS_MODULE: module [5] is inserted
Jun 30 10:15:04 localhost SYS-6-ALARM_FAN: Fan (1) : WORKING GOOD
Jun 30 10:15:04 localhost SYS-6-GBIC: 1/1 gbic is inserted
Jun 30 10:15:04 localhost SNMP-5-COLDSTART: Cold Start
Jun 30 10:15:17 localhost PORT-6-LINK_CHANGE: 1/1: ifIndex 8 Link Up (Up)
Jun 30 10:22:34 localhost AUTHORIZE-6-LOGIN: login corecess authentication
servi
ce(login) tty(/cinitrd/dev/ttyp0) from (172.18.80.14)
Jun 30 10:22:35 localhost AUTHORIZE-6-USER_LOGIN: corecess login from 172.18.80.
14
#

The following table describes the fields shown by the show logging buffer command:

Jun 30 10:15:02 localhost SNMP_RMON-6-RMONENABLED: RMON agent enabled


  

No Description
 Date and time that the event occurred (month, date, hour:minute:second)
 System name
 The brief Description of the event

Configuring Basic Features 4-45


Managing System Log

Clearing System Log


To clear the system log file, the clear logging buffer command in Privileged mode. The
following example shows how to clear the logs in the log file and verifying the result:

# clear logging buffer


# show logging buffer 1

Node Command Help

clear : Reset functions


en clear logging buffer
logging : Logging information
buffer : The internal buffer for logging

clear : Reset functions


en clear logging config
logging : Logging information
config : The configuration message

clear logging clear : Reset functions


en
critical logging : Logging information
critical : The critical log message

clear : Reset functions


en clear logging file
logging : Logging information
file : The non-volatile file for logging

4-46 Corecess S5 System With GPON User's Guide


Upgrading Software

Upgrading Software
Copy ftp(tftp)
You can download the software for the modules on the Corecess S5 System from a remote TFTP
or FTP server. To download software from a remote TFTP or FTP server to the Corecess S5
System, perform this task:

Table 4-27 Downloading software from a remote TFTP server

Command Description
enable 1. Enter Privileged mode.
Copy {tftp <host-ip> | 27. Download specified file from the TFTP or FTP server.
ftp <host-ip> [id  <host-ip> IP address of the TFTP or FTP server
<login-id> passwd  <login-id> Login ID of FTP server
<password>]} flash image  <password> Login password of FTP server
<file-name>
 <file-name> file name to download
show flash image 3. Verify software download.
28. Apply the download file to the system.
Update flash image id
 <file-name> File name to apply
{<file-name> | <file-id>}
 <file-id> File ID to apply
reset system 5. Reboot the system.

The following example shows how to download the image file from TFTP server and apply the
download file to the system.
# copy tftp 172.27.2.17 flash image hamster-base-osapp-epon.img
tftp: data 10000 Kbytes
# show flash image
System flash directory:
File Length (bytes) Name/status
----- --------------- -----------------------------------
1 6875913 cS5-base-osapp-REL1.0.1.img (*)
2 6266476 hamster-base-osapp-REL1.0.0.img
3 6317126 hamster-base-osapp-REL1.0.1.img
4 6226882 hamster-base-osapp-epon.img
[31208 blocks used, 27960 available, 59168 total, 1K-blocks]
*/# : running/updated image
# update flash image id 3
# reset system
PPCBoot 2.0.0 (Apr 16 2003 – 14:29:15)
Corecess Boot Ver 1.0 (Apr 16 2003 14:29:15)

Configuring Basic Features 4-47


Upgrading Software

Copy Flash
You can upload the image or 4-48thernet4-484-48ion file to a remote FTP(TFTP) server or in
flash memory of the system.

Table 4-28 Uploading image or configuration to server or system.

Node Command Help

copy : Copy files


flash : From flash
en copy flash config NAME ftp A.B.C.D config : Config
NAME : File name. config
ftp : To ftp
A.B.C.D : Host IP address

copy : Copy files


flash : From flash
config : Config
NAME : File name. config
copy flash config NAME ftp A.B.C.D
en ftp : To ftp
id NAME passwd NAME
A.B.C.D : Host IP address
id : Id
NAME : Id
passwd : Password
NAME : Password

copy : Copy from one file to another


flash : Copy from system flash
copy flash config NAME startup-
en config : Copy from system config flash
config
NAME : from the Name of backup configuration
file
startup-config : to startup configuration
VSMS
copy : Copy from one file to another
flash : Copy from system flash
copy flash config NAME startup-
en config : Copy from system config flash
config-iptv
NAME : from the Name of backup configuration
file
startup-config-iptv : to startup service-iptv

4-48 Corecess S5 System With GPON User's Guide


Upgrading Software

configuration

copy : Copy files


flash : From flash
en copy flash config NAME tftp A.B.C.D config : Config
NAME : File name. config
tftp : To tftp
A.B.C.D : Host IP address

copy : Copy files


flash : From flash
config : Config
en copy flash config id ftp A.B.C.D
id : ID
: Id Number
ftp : To ftp
A.B.C.D : Host IP address

copy : Copy files


flash : From flash
config : Config
id : ID
copy flash config id ftp A.B.C.D id : Id Number
en
NAME passwd NAME ftp : To ftp
A.B.C.D : Host IP address
id : Id
NAME : Id
passwd : Password
NAME : Password

copy : Copy from one file to another


flash : Copy from system flash
en copy flash config id startup-config config : Copy from system config flash
id : from the id of backup configuration file
: id number
startup-config : to startup configuration
VSMS
copy flash config id startup-config-
en copy : Copy from one file to another
iptv
flash : Copy from system flash

Configuring Basic Features 4-49


Upgrading Software

config : Copy from system config flash


id : from the id of backup configuration file
: id number
startup-config-iptv : to startup service-iptv
configuration

copy : Copy files


flash : From flash
config : Config
en copy flash config id tftp A.B.C.D
id : Config ID
: Id Number
tftp : To tftp
A.B.C.D : Host IP address

copy : Copy files


flash : From flash
en copy flash image NAME ftp A.B.C.D image : Image
NAME : File name. coreos-base-osapp-1.0.0.img
ftp : To ftp
A.B.C.D : Host IP address

copy : Copy files


flash : From flash
image : Image
NAME : File name. coreos-base-osapp-1.0.0.img
copy flash image NAME ftp A.B.C.D id
en ftp : To ftp
NAME passwd NAME
A.B.C.D : Host IP address
id : Id
NAME : Id
passwd : Password
NAME : Password

copy : Copy files


flash : From flash
en copy flash image NAME tftp A.B.C.D image : Image
NAME : File name. coreos-base-osapp-1.0.0.img
tftp : To tftp
A.B.C.D : Host IP address

4-50 Corecess S5 System With GPON User's Guide


Upgrading Software

copy : Copy files


flash : From flash
image : Image
en copy flash image id ftp A.B.C.D
id : Image index
: File name. index
ftp : To ftp
A.B.C.D : Host IP address

copy : Copy files


flash : From flash
image : Image
id : Image index

copy flash image id ftp A.B.C.D id : File name. index


en
NAME passwd NAME ftp : To ftp
A.B.C.D : Host IP address
id : Id
NAME : Id
passwd : Password
NAME : Password

copy : Copy files


flash : From flash
image : Image
en copy flash image id tftp A.B.C.D
id : Image index
: File name. index
tftp : To tftp
A.B.C.D : Host IP address

Configuring Basic Features 4-51


Edition: 0006
Distribution: 12/2012

Chapter 5 Configuring Ports and Links

This chapter describes how to configure the Gigabit Ethernet port, the Gigabit PON port and ONU.
Configuring Gigabit Ethernet port

Configuring Gigabit Ethernet port


The Corecess S5 System provides Gigabit Ethernet port for each module as follows:

Table 5-1 Type of the Gigabit Ethernet port

Module Gigabit Ethernet port


LIM-D4GF
 1000Base-SX/LX port (Duplex LC connector)
D8GF
 1000Base-T port (RJ-45 connector)
LIM-D8GT
This section describes the basic configuration of the Gigabit Ethernet port, then how to
configure the Gigabit Ethernet port and monitor the ports.

Basic Configuration of Gigabit Ethernet Port


By default, the Gigabit Ethernet port of the Corecess S5 System is configured as follows:

Table 5-2 Basic Configuration of the Gigabit Ethernet Port

Item Basic Configuration

Port Status All port are enable to operate

Port Name DEFAULT

Port Speed Auto

Data Transfer Mode Auto

Data Flow Control Auto

STP Protocol Disabled (Used in default VLAN)

RSTP Protocol Disabled

Trap Disabled

Link aggregation Off

VLAN All ports are included in VLAN

Whenever the port configuration is changed, the changed configuration is applied immediately
to the system without the system rebooting or the command execution. Yet, if you want to keep
using the configuration after the system rebooting, the changed configuration should be saved
using the write memory command in Privileged mode.

5-2 Corecess S5 System With GPON User's Guide


Configuring Gigabit Ethernet port

Configuring Gigabit Ethernet port


This section describes following port configuration:

 Disabling or enabling the Gigabit Ethernet port

 Setting the auto sensing function

 Setting the port speed and the transfer mode

 Configure flow control

 Setting the port name

 Setting the port trap

Enabling or Disabling the Gigabit Ethernet Port

All ports of the Corecess S5 System are enabled by default. To change administrative status
(disabling a port or reenabling a port), use the following command in Global configuration
mode:

Table 5-3 Enabling or Disabling the Gigabit Ethernet Port

Command Description

port gigabitethernet  <slot>/<port> Slot/port number of the Gigabit Ethernet port


<slot>/<port>  enable Enable the port
admin {enable | disable}  disable Disable the port

The following example shows how to disable the Gigabit Ethernet port 17/1.

(config)# port gigabitethernet 17/1 admin disable


(config)#

The following example shows how to reenable the Gigabit Ethernet port 17/1.

(config)# port gigabitethernet 17/1 admin enable


(config)#

Configuring Ports and Links 5-3


Configuring Gigabit Ethernet port

Setting the auto sensing function

The auto sensing function of the Gigabit Ethernet port is used to exchange flow control
parameter, fault information of remote ports and transfer mode information. By default, the
auto sensing function is enabled on the Gigabit Ethernet port of the Corecess S5 System.

Ports that are located in both ends of the Gigabit Ethernet link must have the same
configuration. If the configurations are different each other, the link cannot be connected. The
following table shows connection state of link depending on state of the auto sensing function
on the Gigabit Ethernet port.

Table 5-4 Link State and Auto Sensing Function

Auto Sensing Link State


Local Port1 Remote Port2 Local Port Remote Port
Off Off Up Up
On On Up Up
Off On Up Down
On Off Down Up
1
Local port : Gigabit Ethernet port of the local system
2
Remote port : Gigabit Ethernet port that is connected to the local port

To enable the auto sensing function of the Gigabit Ethernet port, use the following command in
Global configuration mode.

Table 5-5 Configuring auto sensing function

Command Description
port gigabitethernet
<slot>/<port>  <slot>/<port> slot number/port number
link-status auto

The following example shows how to enable the auto sensing function on the Gigabit Ethernet
17/1:

(config)# port gigabitethernet 17/1 link-status auto


(config)#

5-4 Corecess S5 System With GPON User's Guide


Configuring Gigabit Ethernet port

Setting Port Speed and the Transfer Mode

By default, the Gigabit Ethernet port on the Corecess S5 System can automatically match
transmission speed of the connected port. This function is called the auto-negotiation. The
maximum speed of the 10/100/1000Base-T port can be set as 10/100/1000Mbps by users
instead of auto-negotiation.

If the port speed is set as 10/100Mbps, full-duplex or half-duplex mode is operated. If the port
speed is set as 1000Mbps, only full-duplex is operated.

Note: The 1000Base-SX/LX port is only operated in full-duplex mode.

To change port speed and the transfer mode of the 10/100/1000Base-T port, use the following
commands.

Table 5-6 Changing the Port and the transfer mode

Command Description
29. Set the port speed of the specified port.
 <slot>/<port> Slot/Port number
 <port-speed> Transfer speed of the specified port
port gigabitethernet
- 10 10Mbps
<slot>/<port> speed
- 100 100Mbps
<port-speed>
- 1000 1Gbps
- auto Auto-negotiation mode
- reset reset the auto-negotiation mode

30. Set the transfer mode of the specified port.


 <slot>/<port> Slot/Port number
port gigabitethernet
 <duplex-mode> Transfer mode of port
<slot>/<port> duplex
- auto Auto negotiation mode
<duplex-mode>
- full Full-duplex mode
- half Half-duplex mode

The following example shows how to change port speed and the transfer mode of the
10/100/1000Base-T port on the SCM module (17/1).

(config)# port gigabitethernet 17/1 speed 100


(config)# port gigabitethernet 17/1 duplex full

Configuring Ports and Links 5-5


Configuring Gigabit Ethernet port

Configuring Flow Control (IEEE 802.3x)

You can enable or disable flow control of a port, which manages traffic rates during congestion.
If a port experiences congestion and cannot receive any traffic, flow control notifies the other
port to stop transmitting until the condition clears.

By default, flow control is disabled on the ports of the Corecess S5 System. To change flow
control status, use the following command in Global configuration mode:

Table 5-7 Configuring Flow Control Function

Command Description
 <slot>/<port> Port/Slot number
port gigabitethernet  <status> Flow control status
<slot>/<port> - on Enables flow control
flowctl <status> - off Disable flow control
- auto Auto-negotiation

The following example enables flow control on the Gigabit Ethernet port 17/1:

(config)# port gigabitethernet 17/1 flowctl on


(config)#

Setting the Port Name

You can assign a name to each port. If you use connected device information as port names, you
can manage the devices easily.

To set a port name, use the following command in Global configuration mode:

Table 5-8 Setting the Port Name

Command Description
port gigabitethernet
 <slot>/<port> Slot/Port number
<slot>/<port>
 <port-name> Port name (Maximum: 32 character)
name <port-name>

The following example shows how to set the name of the Gigabit Ethernet port 17/1.

(config)# port gigabitethernet 17/1 name uplink-port


(config)#

5-6 Corecess S5 System With GPON User's Guide


Configuring Gigabit Ethernet port

Setting the Port Trap

When port status is changed (up, down), a SNMP link trap is occurred, then the SNMP agent
notifies SNMP host or NMS of the trap occurrence.
By default, the SNMP link trap of the ports on the Corecess S5 System is disabled.

To set trap for a port, use the following command in Global configuration mode:

Table 5-9 Setting the port trap

Command Description
31. Enable or disable the SNMP link trap for the specified port.
 <port-type>: The type of Ethernet port to configure.
port <port-type>
- fastethernet: Configures Fast Ethernet port.
<slot>/<port> trap
- gigabitethernet: Configures Gigabit Ethernet port.
link-status
 <slot>: Slot number (1 ~ 2)
 <port>: Port number (1 ~ 24)

The following example enables the SNMP link trap on the gigabitethernet port 17/1:

(config)# port gigabitethernet 1/3 trap link-status


(config)#

Configuring Ports and Links 5-7


Configuring Gigabit Ethernet port

Display the Gigabit Ethernet Port Information


You can see the port configuration, port status and received packet statistics using the show
port command in the Privileged mode.

The following example show information of all port on the Corecess S5 System using the show
port command.

# show port
Port Name Status Vlan FlwCtl Duplex Speed Type
----- --------------- ---------- ----- ------ ------ ------------- ----------
1/1 DEFAULT connected 1 off full 1000 1000BaseT
1/2 DEFAULT connected 1 off full 1000 1000BaseT
1/3 DEFAULT connected 1 off full 1000 1000BaseT
1/4 DEFAULT connected 1 off full 1000 1000BaseT
.
.
17/1 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
17/2 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
17/3 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
17/4 DEFAULT connected 1 a-on a-full a-1000 1000BaseT
#

The table below describes the fields shown by the show port command:

Table 5-10 show port field Descriptions

Field Description

Port Slot number/port number

Name Port name

Status Port admin status and network connection status

Vlan ID of the VLAN which the port belongs to

FlwCtl Status of the flow control

Duplex Duplex mode

Speed Port speed

Type Port type

5-8 Corecess S5 System With GPON User's Guide


Configuring Gigabit Ethernet port

The following example show information of the Gigabit Ethernet port 17/1 using the show
port command.

# show port gigabitethernet 7/1

Port Name Status Vlan FlwCtl Duplex Speed Type


---- ------- --------- ----- ------ ------ --------- -----------
1/1 DEFAULT connected 1 a-on a-full a-1000 1000BaseT

AdminStatus Media-type STP RSTP Edge Trap LinkAgg


----------- ---------- -------- --------- ------- ---------
enable none disable disable disable off

Port Admin Speed Limited Speed Active Speed


----- ------------ ------------- -----------------
7/1 Desired None 1000

If Index Logical ID
---------- ----------
4 257

access-type : transparent

Port 7/1 Statistics Counters


All Unicast Multicast Broadcast Discard Error
---------- ---------- ---------- --------- ---------- ----------
in 0 0 0 0 0 0
out 0 0 0 0 0 0

Port Error Counters


input runt(0)/shortCRC(0)/normalCRC(0)/normalAlign(0)/longCRC(0)
output 5-9thernet(0)/collision(single/multi/consecutive/late 0/0/0/0)

Extension status
#

The table below describes the fields shown by the show port command with a port number:

Table 5-11 show port with port argument field Descriptions

Field Description
AdminStatus Admin status of the port (enable, disable).
Media-type Media type(MDI/MDIX) of the port (none).
STP STP status of the port (enable, disable).
RSTP Edge RSTP status of the port (enable, disable).
(Continued)

Configuring Ports and Links 5-9


Configuring Gigabit Ethernet port

Field Description
Trap Whether to enable displaying trap messages of the port (enable, disable).
LinkAgg. LACP status of the port (on, off).
Admin Speed Maximum speed of the port.
Limited Speed Limited speed of the port.
Active Speed Current speed of the port.
If Index Interface number of the port.
Logical ID Logical ID of the port.
All Total number of the incoming/outgoing packets on the port.
Port Unicast Total number of the incoming/outgoing unicast packets on the port.
Statistics Multicast Total number of the incoming/outgoing multicast packets on the port.
Counters Broadcast Total number of the incoming/outgoing broadcast packets on the port.
(in/out) Discard Number of the incoming/outgoing packets discarded on the port.
Error Number of the incoming/outgoing packets with errors on the port.
input runt Number of packet less than 64 byte without CRC error.
shortCRC Number of packet less than 64 byte with CRC error.
normalCRC Number of packet with CRC error
Number of incomplete packet that is not divided by eight with CRC
normalAlign
error.
longCRC Number of packet less than 1518 byte with CRC error
Port Error
output
Counters Number of packet that was not transmitted in the specified time.
defered
- single : Number of packet whose collision occurred once
- multi : Number of packet whose several collision occurred
Collision - consecutive : Number of packet whose collision occurred continuously
- late : Number of packet whose collision is not checked in the specified
time

5-10 Corecess S5 System With GPON User's Guide


About the Gigabit PON Port

About the Gigabit PON Port


This section describes the configuration of the Gigabit PON port and how to configure and
monitor the Gigabit PON port with CLI.

About the Gigabit PON Interface


Table 5-12 About the Gigabit PON Port Interface

LIM
ONU port(ONU
Item (LINE Interface LIM 1 Port Index(ONU)
Profile)
Module)
Max 64 Index, Serial
Specification GPON 2.5G Uni port, GEM port
number
port gpon
port gpon gpon-onu-profile
CLI pattern port gpon slot/port onu
slot/port NAME
index WORD

Basic Configuration of the Gigabit PON Port


By default, the Gigabit PON port of the Corecess S5 System is configured as follows:

Table 5-13 Basic Configuration of the Gigabit PON Port

Item Basic Configuration


Port Status All port are enable to operate
Port Name DEFAULT
Port Speed 2.5G
Data Transfer Mode * PON
Bandwidth 2.5Gbps
*: Configuration is not changed

Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But, if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.

Configuring Ports and Links 5-11


Configuring GPON Port and ONU

Configuring GPON Port and ONU


This section describes GPON port and ONU configurations and showing information about
GPON as follows;

 Configuring OLT LIM GPON Port

 Showing OLT LIM GPON Port Information

 Configuring GPON ONU

 GPON ONU Profile


- Creating GPON ONU Profile
- Configuring ONU Port with Profile
- Applying Profile
- Deleting Profile
- Show Profile

 Showing GPON ONU Information

 Clearing GPON Information

 Reset GPON

Note: It is prevented that direct comunicationon bwtween ONTs on the same PON port.
To allow that, one of the follow things is needed:
- Enable l2-port bridge on the port
- Use L3 redirection feature using proxy arp.

5-12 Corecess S5 System With GPON User's Guide


Configuring GPON Port and ONU

Configuring OLT LIM GPON Port


This sub section describes the configuration of the OLT LIM port.

Whenever the port configuration is changed, the changed configuration is applied to the system
without the system rebooting or the command execution. But if you want to keep using the
configuration after the system rebooting, the changed configuration should be saved using the
write memory command in Privileged mode.

Table 5-14 Argument of OLT LIM GPON

Argument Description
mtu mtu size
access-type Set access-type
admin Admin Status
bwlimit bandwidth limit
dscp dscp function
l2-port-bridge Allow the port to transmit the packet received from the port
l2-protocol l2-protocol handling
mac-security-sticky block mac-move, if mac is router mac
name Set name
pass-through Transparent Switching
perf-monitor Performance Monitoring
promiscuous Promiscuous Mode: All other ports become isolated
trap Set Trap
trust-mode Set Trust-Mode
tx-queue transmit queue
wred weighted random early detection
bridge-edge-
Set Bridge Edge Assumption
assumption
mirror mirroring
pathcost Set bridge path-cost
priority Set bridge priority
self-loop-detection Self Loop Detection
stp Set STP
authentication Authentication
fec Setting FEC mode configuration
onu ONU/ONT
onu-index-mode onu index mode

Configuring Ports and Links 5-13


Configuring GPON Port and ONU

rg Residential Gateway
serial-number Serial number configuration
acs Auto Configuration Server
cir Maximum committed bandwidth allowed
cbs Maximum committed burst size allowed
pir Maximum excessive bandwidth allowed
pbs Maximum excessive burst size allowed

Table 5-15 Configuring OLT LIM GPON Port

[Node] Command Help


[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting mtu
engigabitethernet|gpon) WORD mtu <1522-
16000>
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting access-type
engigabitethernet|gpon|adsl|vdsl|shdsl)
(transparent|protected|host|router)
WORD access-type
(transparent|protected|host|router)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting admin (enable|disable)
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD admin (enable|disable)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting bwlimit queue
WORD bwlimit queue <0-7> <1-1000000> <1-
1000000>
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting bwlimit shaping
WORD bwlimit shaping rate <1-1000000>
bucketsize <1-100000000>
[config] port
(fastethernet|gigabitethernet|epon|gpon|t Setting dscp value
engigabitethernet|gpon|adsl|vdsl|shdsl)

5-14 Corecess S5 System With GPON User's Guide


Configuring GPON Port and ONU

[Node] Command Help


WORD dscp value WORD
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling l2-port-bridge
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD l2-port-bridge
[config] port
(fastethernet|gigabitethernet|epon|gpon|t Setting l2-protocol type (tunneling|pass-
engigabitethernet|gpon|adsl|vdsl|shdsl) through)
WORD l2-protocol (tunneling|pass-through)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting l2-protocol type
engigabitethernet|gpon|adsl|vdsl|shdsl)
(tunneling|pass-through) (bpdu|cisco)
WORD l2-protocol (tunneling|pass-through)
(bpdu|cisco)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting l2-protocol type and bpdu type
WORD l2-protocol (tunneling|pass-through)
bpdu (stp|lacp)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting l2-protocol type and cisco type
WORD l2-protocol (tunneling|pass-through)
cisco (cdp|vtp|pvst|pagp|udld)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting mac-security-sticky
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD mac-security-sticky
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting Port name
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD name WORD
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling pass-through q-in-q
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD pass-through q-in-q

Configuring Ports and Links 5-15


Configuring GPON Port and ONU

[Node] Command Help


[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling perf-monitor
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD perf-monitor
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling promiscuous port
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD promiscuous
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling trap link-status
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD trap link-status
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting trust mode
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD trust-mode (trusted|untrusted)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting tx queue mode drr
WORD tx-queue mode drr [w1] [w2] [w3]
[w4] [w5] [w6] [w7] [w8]
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting tx-queue mode spq
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD tx-queue mode spq
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting tx-queue mode wfq
WORD tx-queue mode wfq [w1] [w2] [w3]
[w4] [w5] [w6] [w7] [w8]
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl) Setting tx-queue mode wrr
WORD tx-queue mode wrr [w1] [w2] [w3]
[w4] [w5] [w6] [w7] [w8]
[config] port Setting wred queue

5-16 Corecess S5 System With GPON User's Guide


Configuring GPON Port and ONU

[Node] Command Help


(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|adsl|vdsl|shdsl)
WORD wred queue <0-7> <0-100> <0-90>
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling Bridge Edge Assumption
engigabitethernet|gpon|vdsl) WORD bridge-
edge-assumption
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|vdsl) WORD mirror
Setting mirror port
(fastethernet|gigabitethernet|epon|gpon|t
engigabitethernet|gpon|vdsl) WORD
direction (both|in|out)
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting pathcost
engigabitethernet|gpon|vdsl) WORD
pathcost <1-200000000>
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Setting priority
engigabitethernet|gpon|vdsl) WORD
priority <0-15>
[config] port
(fastethernet|gigabitethernet|epon|gpon|t
Enabling self-loop-detection
engigabitethernet|gpon|vdsl) WORD self-
loop-detection
[config] port
(fastethernet|gigabitethernet|epon|gpon|t Enabling stp
engigabitethernet|gpon|vdsl) WORD stp
[config] port control-plane mirror
(fastethernet|gigabitethernet|epon|gpon|t control-plane mirror
engigabitethernet|gpon|adsl|vdsl|shdsl) - direction (both|in|out)
WORD direction (both|in|out)

Configuring Ports and Links 5-17


Configuring GPON Port and ONU

Table 5-16 Configuring OLT LIM GPON Port Only

Node Command Help


Setting Direction to enable FEC(forward
Error Correction)
port : Port
port gpon WORD fec direction gpon : Gigabit-capable PON port type
config
downlink WORD : Port(s) ranges (ex. 1/1-2,2/4)
fec : Setting FEC mode configuration
direction : Direction to enable FEC
downlink : Enable downlink FEC mode
Setting service mode of onu
port gpon WORD onu-service- equipment-id : determined by onu
config mode (equipment-id|service- equipment-id
model) service-model : determined by service-
model
Setting acs config for Corecess ONU.
ACS server ip get by DHCP.
Port : Port
port gpon WORD 5-18thern gpon : Gigabit-capable PON port type
config
dhcp WORD : Port(s) ranges (ex. 1/1-2,2/4)
acs : ACS configure
ip : ACS ip address
dhcp : dhcp ip mode
Setting acs config for Corecess ONU.
ACS server assigned static ip address
port : Port
gpon : Gigabit-capable PON port type
port gpon WORD 5-18thern
config WORD : Port(s) ranges (ex. 1/1-2,2/4)
static A.B.C.D
acs : ACS configure
ip : ACS ip address
static : static ip mode
A.B.C.D : ip address
port gpon WORD broadcast- Setting ratelimit of broadcast GEM port.
config port ratelimit cir <0- Port : Port
2488320> cbs <2-1023> pir gpon : Gigabit-capable PON port type

5-18 Corecess S5 System With GPON User's Guide


Configuring GPON Port and ONU

Node Command Help


<0-2488320> pbs <2-1023> WORD : Port(s) ranges (ex. 1/1-2,2/4)
broadcast-port : Broadcast GEM Port
ratelimit : rate limit
cir : Maximum committed bandwidth
allowed (In Kbits/sec, with granularity of
64Kbits/sec)
<0-2488320> : Maximum bandwidth valid
values: 0 to 2488320 Kbits/sec
cbs : Maximum 5-19thernet5-19 burst
size allowed (In Kbits, Max value =
1Mbits)
<2-1023> : Maximum burst size valid
values: 2 to 1023 Kbits
pir : Maximum excessive bandwidth
allowed (In Kbits/sec, with granularity of
64Kbits/sec)
<0-2488320> : Maximum bandwidth valid
values: 0 to 2488320 Kbits/sec
pbs : Maximum excessive burst size
allowed (In Kbits, Max value = 1Mbits)
<2-1023> : Maximum burst size valid
values: 2 to 1023 Kbits
Setting GEM port for multicast of gpon
port.
Port : Port
port gpon WORD multicast-
config gpon : Ethernet PON port type
port PORT_INDEX
WORD : Port(s) ranges (ex. 1/1-2,2/4)
multicast-port : Multicast GEM Port
PORT_INDEX : Port index
Setting ratelimit of multicast GEM port.
Port : Port
port gpon WORD multicast-
gpon : Gigabit-capable PON port type
port ratelimit cir <0-
config WORD : Port(s) ranges (ex. 1/1-2,2/4)
2488320> cbs <2-1023> pir
multicast-port : Multicast GEM Port
<0-2488320> pbs <2-1023>
ratelimit : rate limit
cir : Maximum committed bandwidth

Configuring Ports and Links 5-19


Configuring GPON Port and ONU

Node Command Help


allowed (In Kbits/sec, with granularity of
64Kbits/sec)
<0-2488320> : Maximum bandwidth valid
values: 0 to 2488320 Kbits/sec
cbs : Maximum 5-20thernet5-20 burst
size allowed (In Kbits, Max value =
1Mbits)
<2-1023> : Maximum burst size valid
values: 2 to 1023 Kbits
pir : Maximum excessive bandwidth
allowed (In Kbits/sec, with granularity of
64Kbits/sec)
<0-2488320> : Maximum bandwidth valid
values: 0 to 2488320 Kbits/sec
pbs : Maximum excessive burst size
allowed (In Kbits, Max value = 1Mbits)
<2-1023> : Maximum burst size valid
values: 2 to 1023 Kbits
Setting profile to all onu of gpon port
port : Port
gpon : Gigabit-capable PON port type
config port gpon WORD profile NAME
WORD : Port(s) ranges (ex. 1/1-2,2/4)
profile : GPON Profile
NAME : Profile Name
Setting default profile to all onu of gpon
port
port : Port
port gpon WORD profile
config gpon : Gigabit-capable PON port type
default
WORD : Port(s) ranges (ex. 1/1-2,2/4)
profile : GPON Profile
default : default profile
Setting gpon port redundancy of gpon
port.
port gpon WORD redundancy
config Port : master gpon port
port gpon WORD
gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)

5-20 Corecess S5 System With GPON User's Guide


Configuring GPON Port and ONU

Node Command Help


redundancy : port protection
port : master gpon port
gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
Setting gpon port redundancy of gpon
port.
Port : master gpon port
gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
redundancy : port protection
port gpon WORD redundancy
port : master gpon port
config port gpon WORD rdn-config-
gpon : Gigabit-capable PON port type
delay-time <1-300>
WORD : Port(s) ranges (ex. 1/1-2,2/4)
Setting gpon port redundancy of gpon
port.
Rdn-config-delay-time : redundancy re-
configuration delay time after switchover.
<1-300> : seconds
port gpon WORD redundancy
config Setting switchover action
switchover

Configuring Ports and Links 5-21


Showing OLT LIM Port Information

Showing OLT LIM Port Information


You can show the information of LIM Port with following commands.

Table 5-17 Showing OLT LIM Port Information

[Node] Command Help


[en] show port
(fastethernet|gigabitethernet|epon|gpon| Showing mtu
tengigabitethernet|gpon) WORD mtu
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing bwlimit
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD bwlimit
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing bwlimit queue
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD bwlimit queue
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing cfg
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD cfg
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing counter
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD counter
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing counter extension
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD counter extension
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing dscp
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD dscp
[en] show port
Showing perf-monitor
(fastethernet|gigabitethernet|epon|gpon|

5-22 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD perf-monitor
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing port-queue
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD port-queue
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing wred
tengigabitethernet|gpon|adsl|vdsl|shdsl)
WORD wred
[en] show port
(fastethernet|gigabitethernet|epon|gpon| Showing port status
tengigabitethernet|gpon|adsl|vdsl|shdsl|
switchfabric|stacking) WORD
[en] show port
(fastethernet|gigabitethernet|epon|gpon|
Showing sfp module status
tengigabitethernet|gpon|adsl|vdsl|shdsl|
switchfabric|stacking) WORD sfp
[en] show port gpon WORD authentication Showing authentication status
[en] show port gpon WORD onu-service-
Showing onu service mode
mode
[en] show port gpon WORD gem-port Showing gpon port’s all gem port status
[en] show port gpon WORD gem-port vlan Showing gpon port’s all gem port vlan
uplink uplink config status
[en] show port gpon WORD gem-port- Showing ratelimit of GEM port
downstream-ratelimit downstream.
[en] show port gpon WORD broadcast-port
Showing ratelimit of broadcast GEM port.
ratelimit
[en] show port gpon WORD multicast-port Showing gpon port’s multicast gem port
[en] show port gpon WORD multicast-port
Showing ratelimit of multicast GEM port.
ratelimit

[en] show port gpon WORD gpon-mac-


Showing mac address table of GPON port.
address-table

Showing gpon port protection config of


[en] show port gpon WORD redundancy
GPON port.

Configuring Ports and Links 5-23


Showing OLT LIM Port Information

[en] show port gpon WORD redundancy Showing gpon port protection config of
port-configuration GPON port in PMC Chip.

Table 5-18 Showing OLT LIM Port Counter Information

[Node] Command Help


[en] show port gpon WORD counter Showing upstream counter of each GPON
upstream port.
[en] show port gpon WORD counter Showing downstream counter of each
downstream GPON port.
[en] show port gpon WORD counter onu
Showing upstream counter of each ONU.
index WORD upstream
[en] show port gpon WORD counter port-id Showing upstream counter of each GEM
<0-4095> upstream port.
[en] show port gpon WORD counter port-id Showing downstream counter of each
<0-4095> downstream GEM port.
[en] show port gpon WORD counter alloc- Showing upstream counter of each Alloc-
id <0-4095> upstream ID.

Table 5-19 Showing optical layer supervision information

[Node] Command Help


Showing OLT SFP and optic supervision
[en] show port gpon WORD sfp
information (Optic power, alarm)
[en] show port gpon WORD onu index WORD Showing ONT related optical supervision
information informaion

5-24 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Configuring GPON ONU


This sub section describes GPON ONU configuration.

Table 5-19 Argument of GPON ONU

Argument Description
profile GPON Profile
agingtime Mac aging time
allow Enabling onu access
igmp-snoop IGMP snoop
ip-host IP Host config data
port ONT user port
startup-config ONU switching device startup-config
static Setting ONU serial number to static
vlan Vlan Configuration
voip voip
aaa Authentication

Table 5-20 Configuring GPON ONU

Node Command Help


allow : Enabling onu access(Default)
port gpon WORD onu index
config # no port gpon 2/1 onu index 0 allow 
(all|WORD) allow
onu block
Setting profile to onu
port : Port
gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
port gpon WORD onu index WORD onu : ONU/ONT
config
profile (NAME|default) index : ONU/ONT index number
WORD : ONU/ONT index Value
profile : GPON Profile
NAME : Profile Name
default : default Profile
port gpon WORD onu index Setting ONU index to static
config
(all|WORD) static port : Port

Configuring Ports and Links 5-25


Showing OLT LIM Port Information

Node Command Help


gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
onu : ONU/ONT
index : ONU/ONT index number
all : all of ONU/ONT index
WORD : ONU/ONT index Value
static : Setting ONU serial number to static
Setting onu index mode(Default: Static)
port : Port
port gpon WORD onu-index-mode
config gpon : Gigabit-capable PON port type
(static|dynamic)
WORD : Port(s) ranges (ex. 1/1-2,2/4)
onu-index-mode : onu index mode
Allocating ONU-id to the serial number
port : Port
gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
serial-number : Serial number
configuration
port gpon WORD serial-number
config alloc : Allocate ONU-id to the serial
alloc SERIAL_NUMBER ONU_INDEX
number
SERIAL_NUMBER : Setting ONU serial
number (8 bytes, (4 ASCII string + 8 Hexa
String : PMCS0A0B0C0D, or 16 Hexa
string))
ONU_INDEX : ONU index

port : Port
gpon :Gigabit PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
port gpon WORD onus-range min-
onus-range : Setting channel onus range of
config distance <0-60000> max-distance
distance
<0-60000>
min-distance : Set minimal distance of
onus in meter<0~60000>
max-distance : Set maximal distance of
onus in meter<0~60000>

5-26 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


Disabling onus-range setting
#no port gpon WORD onus-range

Table 5-21 Configuring GPON Authentication

Node Command Help


AAA information; Authentication
aaa authentication gpon (permit-
config information; gpon; deny list; permit list;
list|deny-list|radius)
radius;
AAA information; gpon; deny list; serial;
config aaa gpon deny-list serial WORD
12byte : 4 ASCII string + 8 Hexa String;
AAA information; gpon permit list; serial;
config aaa gpon permit-list serial WORD
12byte : 4 ASCII string + 8 Hexa String;
En write aaa gpon deny-list write; AAA information; gpon; deny list;
en write aaa gpon permit-list write; AAA information; gpon permit list;

Table 6-22 Configuring GPON CC3942-GP ONU Only

Node Command Help


Setting aging time –RG only
port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index
config index : onu index
(all|WORD) agingtime (0|300)
all : onu index all
WORD : onu index number
agingtime : Mac aging time
0 : disable aging
300 : 300 sec(only for RG394x)
Setting igmp-snoop
port : Port
port gpon WORD onu index gpon : GPON port type
config
(all|WORD) igmp-snoop WORD : Port identifier
onu : onu
index : onu index

Configuring Ports and Links 5-27


Showing OLT LIM Port Information

Node Command Help


all : onu index all
WORD : onu index number
igmp-snoop : IGMP snoop
enabling or disabling port to onu
port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index index : onu index
config (all|WORD) port WORD admin all : onu index all
(enable|disable) WORD : onu index number
port : ONT user port
WORD : port number
admin : Administration
disable : nDisable port
enable : nEnable port
Setting auto negotiation
port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index
config index : onu index
(all|WORD) port WORD autonego
all : onu index all
WORD : onu index number
port : ONT user port
WORD : port number
autonego : Auto negotiation
Setting duplex
port : Port
gpon : GPON port type
port gpon WORD onu index
WORD : Port identifier
config (all|WORD) port WORD duplex
onu : onu
(full|half)
index : onu index
all : onu index all
WORD : onu index number

5-28 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


port : ONT user port
WORD : port number
duplex : port duplex
full : full duplex
half : half duplex
Setting flow control.
Port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index index : onu index
config (all|WORD) port WORD flwctl all : onu index all
(on|off) WORD : onu index number
port : ONT user port
WORD : port number
flwctl : flow Control
off : off
on : on
Setting maclimit parameter.
Port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index
index : onu index
config (all|WORD) port WORD maclimit
all : onu index all
<1-32>
WORD : onu index number
port : ONT user port
WORD : port number
maclimit : Mac address limitation
<1-32> : Allowed count
Setting ratelimit parameters.
port gpon WORD onu index
Port : Port
(all|WORD) port WORD ratelimit
config gpon : GPON port type
(ingress|egress) <1-1000000>
WORD : Port identifier
<1-1000000>
onu : onu

Configuring Ports and Links 5-29


Showing OLT LIM Port Information

Node Command Help


index : onu index
all : onu index all
WORD : onu index number
port : ONT user port
WORD : port number
ratelimit : nRate limit
ingress : Ingress(CC3804T
criterion:64bytes)
egress : Egress(CC3804T criterion:64bytes)
<1-1000000> : Rate(kbps)
<1-1000000> : Burst rate(kbyte)
Setting port speed.
Port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index index : onu index
config (all|WORD) port WORD speed all : onu index all
(10|100) WORD : onu index number
port : ONT user port
WORD : port number
speed : port speed
10 : 100 Mbps
100 : 10Mbps
Setting Broadcast Storm Control.
Port : Port
gpon : GPON port type
WORD : Port identifier
port gpon WORD onu index onu : onu
config (all|WORD) port WORD stormctl index : onu index
WORD all : onu index all
WORD : onu index number
port : ONT user port
WORD : port number
stormctl : Broadcast Storm Control

5-30 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


WORD : rate (RG3940 unit : 270Kbps)
User priority for Untagged packet of
ONU.
Port : Port
gpon : GPON port type
WORD : Port identifier
port gpon WORD onu index onu : onu
config (all|WORD) port WORD userpri index : onu index
<0-7> all : onu index all
WORD : onu index number
port : ONT user port
WORD : port number
userpri : User priority for Untagged packet
<0-7> : 802.1p value
Setting startup config to onu.
Port : Port
gpon : GPON port type
WORD : Port identifier
onu : onu
port gpon WORD onu index
config index : onu index
(all|WORD) startup-config NAME
all : onu index all
WORD : onu index number
startup-config : ONU switching device
startup-config
NAME : Config name
Setting tag of onu
port : Port
gpon : GPON port type
WORD : Port identifier
port gpon WORD onu index
onu : onu
config (all|WORD) vlan WORD port WORD
index : onu index
(tagged|untagged)
all : onu index all
WORD : onu index number
vlan : Vlan Configuration
WORD : Vlan id

Configuring Ports and Links 5-31


Showing OLT LIM Port Information

Node Command Help


port : ONT user port
WORD : port number
tagged : As tagged member
untagged : As untagged member
Setting dhcp interface of rg acs
port : Port
gpon : GPON port type
WORD : Port identifier
rg : Residential Gateway
port gpon WORD rg acs interface acs : Auto Configuration Server
config
(wan|voip|lan) ip dhcp interface : Service Interface
wan : Wide Area Networks
voip : Voice over IP
lan : Local Area Network
ip : ACS Server IP
dhcp : IP from DHCP server
Setting Static ip for rg ac interface
port : Port
gpon : GPON port type
WORD : Port identifier
rg : Residential Gateway
acs : Auto Configuration Server
port gpon WORD rg acs interface
config interface : Service Interface
(wan|voip|lan) ip static A.B.C.D
wan : Wide Area Networks
voip : Voice over IP
lan : Local Area Network
ip : ACS Server IP
static : Static ACS IP address
A.B.C.D : IP address
Setting mode of RG interface
port : Port
port gpon WORD rg interface
gpon : GPON port type
config (wan|voip) mode
WORD : Port identifier
(static|dhcp1|dhcp2|dhcp3|pppoe)
rg : Residential Gateway
interface : Interface

5-32 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


wan : WAN
voip : VoIP
mode : Mode
dhcp1 : Get 1 IP address by DHCP
dhcp2 : Get 2 IP address by DHCP
dhcp3 : Get 3 IP address by DHCP
pppoe : PPP over Ethernet
static : Static
Setting vid of RG interface
port : Port
gpon : GPON port type
WORD : Port identifier
port gpon WORD rg interface rg : Residential Gateway
config
(wan|voip) vid <1-4094> interface : Service Interface
wan : Wide Area Networks
voip : Voice over IP
vid : VLAN Id
<1-4094> : Vid
Setting tag of RG port
port : Port
gpon : GPON port type
WORD : Port identifier
port gpon WORD rg port WORD tag
config rg : Residential Gateway
WORD
port : Uplink Port
WORD : Port number
tag : VLAN Tag
WORD : Vid(ex 1,3,5-10)

Configuring Ports and Links 5-33


Showing OLT LIM Port Information

GPON ONU Profile


You can configure GPON ONU parameter with Profile.

Table 5-23 Argument of GPON ONU Profile

Argument Description
aes-encryption AES encryption
bridge MAC Bridge
broadcast-gem-port Broadcast GEM port
clear clear
default default ONU/ONT profile
down-queue Downstream Queue
end End current mode and down to previous mode
equipment-id equipment-id of ONU/ONT
exit Exit current mode and down to previous mode
fec forward error correction
gem-port GEM port
igmp igmp
ip-host IP Host config data (134)
list Print command list
multicast-gem-port Multicast GEM port
no Negate a command or set its defaults
service-model service-model
service-model-file ONU configuration pre-profile for ONU Service Model
tcont T-CONT
uni-port uni port
up-queue Downstream Queue
voip voip

5-34 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Creating GPON ONU Profile


Table 5-24 Creating GPON ONU Profile

Node Command Help


Entering profile node command
gpon-onu-profile gpon-onu-profile : GPON ONU Profile
config
WORD Configurations
WORD : Profile Name

Table 5-25 Configuring GPON ONU Profile

Node Command Help


gpon-onu-
default (enable|disable) default : default ONU/ONT profile
profile
gpon-onu- equipment-id : equipment-id of
equipment-id WORD
profile ONU/ONT
gpon-onu- broadcast-gem-port : Broadcast GEM
broadcast-gem-port
profile port
gpon-onu- multicast-gem-port : Multicast GEM
multicast-gem-port
profile port
gpon-onu-
fec direction uplink fec : Forward Error Correction
profile
gpon-onu-
aes-encryption aes-encryption : AES encryption
profile
Set mac address table aging time of
gpon-onu- GPON ONU.
mac-aging-time <10-65535>
profile <10-65535> : aging timeout value
(secs)

Table 5-26 Configuring tcont SLA of GPON ONU Profile

Node Command Help


tcont WORD service Set tcont for Up bandwidth SLA
gpon-onu-
(cbr|voip|data) type parameters
profile
(nsr|type-0) cir <0-1244> tcont : T-CONT

Configuring Ports and Links 5-35


Showing OLT LIM Port Information

cir-fine <0-15> pir <0-1244> WORD : ranged t-cont id((ex: 1 or 1,2


pir-fine <0-15> or 1,2,3-4)
service : Type of service
cbr : TDM Constant Bit Rate
voip : Voice Over IP
data : Any other kind of data
type : status-reporting type
nsr : Non-status-reporting
type-0 : status-reporting type
cir : Maximum 5-36 thernet 5-36
bandwidth allowed (In Mbits/sec)
<0-1244> : Maximum bandwidth valid
values: 0 to 1244 Mbits/sec
cir-fine : Maximum 5-36 thernet 5-36
bandwidth allowed (In 64 Kbits/sec)
added to cir
<0-15> : Maximum bandwidth valid
values: 0 to 15 (In 64Kbits/sec)
pir : Maximum best-effort bandwidth
allowed (In Mbits/sec)
<0-1244> : Maximum bandwidth valid
values: 0 to 1244 Mbits/sec
pir-fine : Maximum best-effort
bandwidth allowed (In 64Kbits/sec)
added to pir
<0-15> : Maximum bandwidth valid
values: 0 to 15 (In 64Kbits/sec)values:
0 to 1244 Mbits/sec

5-36 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Table 5-27 Configuring QoS of GPON ONU Profile

Node Command Help


Setting size of upstream priority
queue.
Up-queue : Upstream Queue
gpon-onu- up-queue <0-32767> queue-size <32768-65535> : Queue Index (OMCI
profile <0-3145680> Priority queue-G Instance-ID)
queue-size : Queue Size
<0-3145680> : size (In bytes: with
granularity of 48 bytes)
Setting size of downstream priority
queue.
Down-queue : Downstream Queue
gpon-onu- down-queue <0-32767> queue- <0-32767> : Queue Index (OMCI
profile size <0-3145680> Priority queue-G Instance-ID)
queue-size : Queue Size
<0-3145680> : size (In bytes: with
granularity of 48 bytes)
Set priority queue mapping between
tcont and upstream queue.
Up-queue : Upstream Queue
gpon-onu- up-queue tcont WORD queue- tcont : T-CONT
profile mapping WORD : ranged t-cont id 0 to 7(ex: 0
or 1,2 or 1,2,3-4)
queue-mapping : set priority queue to
OMCI Priority queue-G Instance-ID
Set priority queue mapping between
uni port and downstream queue.
Down-queue : Downstream Queue
gpon-onu- down-queue uni-port PORT_NUM uni-port : ONU user port
profile queue-mapping PORT_NUM : port number(ex: 1 or 1,2
or 1,2,3-4)
queue-mapping : set priority queue to
OMCI Priority queue-G Instance-ID

Configuring Ports and Links 5-37


Showing OLT LIM Port Information

Configuring ONU Port with Profile

Configuring GEM(GPON Encapsulation Method) Port


Table 5-28 Configuring GEM Port

Node Command Help


Setting gem port down ratelimit
gem-port : GEM port
PORT_NUM : port number((ex : 1 or
1,2 or 1,2,3-4)
ratelimit : rate limit
down : Downstream direction
cir : Maximum guaranteed bandwidth
allowed (In Kbits/sec, with granularity
of 64Kbits/sec)
<0-2488320> : Maximum bandwidth
valid values: 0 to 2488320 Kbits/sec,
with granularity of 64Kbits/sec
gem-port PORT_NUM ratelimit
cbs : Maximum 5-38thernet5-38 burst
gpon-onu- down cir <0-2488320> cbs <2-
size allowed (In Kbits, Max value =
profile 1023> pir <0-2488320> pbs <2-
1Mbits)
1023>
<2-1023> : Maximum burst size valid
values: 2 to 1023 Kbits
pir : Maximum excessive bandwidth
allowed (In Kbits/sec, with granularity
of 64Kbits/sec)
<0-2488320> : Maximum bandwidth
valid values: 0 to 2488320 Kbits/sec,
with granularity of 64Kbits/sec
pbs : Maximum excessive burst size
allowed (In Kbits, Max value = 1Mbits)
<2-1023> : Maximum burst size valid
values: 2 to 1023 Kbits
Setting gem port up ratelimit
gpon-onu- gem-port PORT_NUM ratelimit up gem-port : GEM port
profile cir <0-1244160> pir <0-1244160> PORT_NUM : port number((ex : 1 or
1,2 or 1,2,3-4)

5-38 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


ratelimit : rate limit
up : Upstream direction
cir : Maximum committed bandwidth
allowed (In Kbits/sec)
<0-1244160> : Maximum bandwidth
valid values: 0 to 1244160 Kbits/sec
pir : Maximum excessive bandwidth
allowed (In Kbits/sec)
<0-1244160> : Maximum bandwidth
valid values: 0 to 1244160 Kbits/sec

Configuring UNI(User Network Interface) Port


Table 5-29 Configuring UNI(User Network Interface) Port

Node Command Help


Setting ratelimit of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
ratelimit : rate limit
up : Upstream
uni-port PORT_NUM ratelimit down : Downstream
gpon-onu-
(up|down) cir <0-1048512> pir cir : Maximum committed bandwidth
profile
<0-1048512> allowed (In Kbps)
<0-1048512> : bandwidth values: 0 to
1048512 Kbps
pir : Maximum excessive bandwidth
allowed (In Kbps)
<0-1048512> : bandwidth values: 0 to
1048512 Kbps
uni-port PORT_NUM Setting uni-port’s vlan tagging
gpon-onu- tag operation config data
profile upstream add-tag <1-4094> uni-port : UNI port
downstream (as-is|strip-tag) PORT_NUM : port index

Configuring Ports and Links 5-39


Showing OLT LIM Port Information

tag : 802.1q Vlan using VTOCD


upstream :
Upstream frame is sent with
add-tag :
Add(change) tag, making
untagged(tagged) into tagged
<1-4094> : Vlan tag id value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan tagging
operation config data
uni-port : UNI port
PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
tag : 802.1q Vlan using VTOCD
upstream : Upstream frame is sent
uni-port PORT_NUM with
tag add-tag :
gpon-onu-
upstream add-tag <1-4094> Add(change) tag, making
profile
priority <0-7> untagged(tagged) into tagged
downstream (as-is|strip-tag) <1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan tagging
uni-port PORT_NUM operation config data
gpon-onu- tag uni-port : UNI port
profile upstream as-is PORT_NUM : port number
downstream (as-is|strip-tag) (ex: 1 or 1,2 or 1,2,3-4)
tag : 802.1q Vlan using VTOCD

5-40 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

upstream :
Upstream frame is sent with
as-is : As is
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan tagging
operation config data
uni-port : UNI port
PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
tag : 802.1q Vlan using VTOCD
upstream :
uni-port PORT_NUM tag upstream Upstream frame is sent with
gpon-onu-
prepend-tag <1-4094> prepend-tag : Prepend tag, making
profile
downstream (as-is|strip-tag) untagged(tagged) into
tagged(double-tagged)
<1-4094> : Vlan tag id value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan tagging
operation config data
uni-port : UNI port
PORT_NUM : port number
uni-port PORT_NUM tag upstream (ex: 1 or 1,2 or 1,2,3-4)
gpon-onu- prepend-tag <1-4094> priority tag : 802.1q Vlan using VTOCD
profile <0-7> downstream (as-is|strip- upstream :
tag) Upstream frame is sent with
prepend-tag : Prepend tag, making
untagged(tagged) into
tagged(double-tagged)
<1-4094> : Vlan tag id value

Configuring Ports and Links 5-41


Showing OLT LIM Port Information

priority : Vlan tag priority


<0-7> : Vlan tag priority value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting downstream mac filtering of
ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM mac-filter-
gpon-onu- or 1,2,3-4)
table <1-255> (permit|deny)
profile mac-filter-table :
A:B:C:D:E:F
<1-255> > :
permit :
deny :
A:B:C:D:E:F :
Setting mtu of ONU user port.
Uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- uni-port PORT_NUM mtu <1518-
or 1,2,3-4)
profile 16000>
mtu : MTU (Maximum Ethernet Frame
Size)
<1518-16000> : Frame Size
Setting dot1x of ONU user port
uni-port : ONU user port
gpon-onu-
uni-port PORT_NUM dot1x PORT_NUM : port number((ex : 1 or 1,2
profile
or 1,2,3-4)
dot1x : Dot1X
Setting dot1x of ONU user port
uni-port : ONU user port
uni-port PORT_NUM
PORT_NUM : port number((ex : 1 or 1,2
dot1x action
gpon-onu- or 1,2,3-4)
(reauthenticate|
profile action :
unauthenticated|
Port authentication action
authenticated)
reauthenticate :
Force authenticated

5-42 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

unauthenticated :
Force reauthentication
authenticated :
Force unauthenticated
Setting extended vlan tagging operation
of ONU user port
gpon-onu- uni-port : ONU user port
uni-port PORT_NUM extag
profile PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- extag (input-tpid| or 1,2,3-4)
profile output-tpid) extag : 802.1q Vlan using EX-VTOCD
<0-65535> input-tpid : Input TPID
output-tpid : Output TPID
<0-65535> : TPID value, Typical values
include 0x88a8 and 0x9100
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
uni-port PORT_NUM
double-tag : Double tagged frame
extag double-tag
<1-4094> : Outer tagged vid value
gpon-onu- <1-4094> <1-4094>
<1-4094> : Inner tagged vid value
profile add-tag <1-4094>
add-tag : Insert tag
(priority (<0-7>|9)
<1-4094> : 3rd Vlan tag vid value
(tp-id (0|1|2|3|4|6|7)))
priority : 3rd Vlan tag priority
tp-id : Treatment 3rd TPID/DE
0 : Copy TPID (and DE, if present) from
inner tag of received frame
1 : Copy TPID (and DE, if present) from
outer tag of received frame

Configuring Ports and Links 5-43


Showing OLT LIM Port Information

2 : Set TPID = output TPID attribute


value, copy DE bit from inner tag of
received frame
3 : Set TPID = output TPID, copy DE
from outer tag of received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM
or 1,2,3-4)
extag double-tag
gpon-onu- extag : 802.1q Vlan using EX-VTOCD
<1-4094> <1-4094>
profile double-tag : Double tagged frame
change-double-tag
<1-4094> : Outer tagged vid value
<1-4094> <1-4094>
<1-4094> : Inner tagged vid value
change-double-tag : Change double tag
<1-4094> : Outer vlan vid value
<1-4094> : Inner vlan vid value
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM or 1,2,3-4)
extag double-tag extag : 802.1q Vlan using EX-VTOCD
<1-4094> <1-4094> double-tag : Double tagged frame
gpon-onu- change-double-tag <1-4094> : Outer tagged vid value
profile <1-4094> <1-4094> : Inner tagged vid value
priority (<0-7>|9) change-double-tag : Change double tag
<1-4094> <1-4094> : Outer vlan vid value
priority (<0-7>|8) priority : Outer vlan tag priority
<0-7> : Outer vlan tag priority value
9 : Outer vlan tag priority from the outer
priority of the received frame
<1-4094> : Inner vlan vid value

5-44 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

priority : Inner vlan tag priority


<0-7> : Inner vlan tag priority value
8 : Inner vlan tag priority from the inter
priority of the received frame
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
double-tag : Double tagged frame
<1-4094> : Outer tagged vid value
<1-4094> : Inner tagged vid value
change-double-tag : Change double tag
<1-4094> : Outer vlan vid value
priority : Outer vlan tag priority
uni-port PORT_NUM <0-7> : Outer vlan tag priority value
extag double-tag 9 : Outer vlan tag priority from the outer
<1-4094> <1-4094> priority of the received frame
change-double-tag <1-4094> tp-id : Treatment Outer TPID/DE
gpon-onu-
priority (<0-7>|9) 0 : Copy TPID (and DE, if present) from
profile
tp-id (0|1|2|3|4|6|7) inner tag of received frame
<1-4094> 1 : Copy TPID (and DE, if present) from
priority (<0-7>|8) outer tag of received frame
tp-id (0|1|2|3|4|6|7) 2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
3 : Set TPID = output TPID, copy DE
from outer tag of received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
<1-4094> : Inner vlan vid value
priority : Inner vlan tag priority
<0-7> : Inner vlan tag priority value
8 : Inner vlan tag priority from the inter
priority of the received frame

Configuring Ports and Links 5-45


Showing OLT LIM Port Information

tp-id : Treatment Inner TPID/DE


0 : Copy TPID (and DE, if present) from
inner tag of received frame
1 : Copy TPID (and DE, if present) from
outer tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
3 : Set TPID = output TPID, copy DE
from outer tag of received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- extag double-tag or 1,2,3-4)
profile <1-4094> <1-4094> extag : 802.1q Vlan using EX-VTOCD
strip-double-tag double-tag : Double tagged frame
<1-4094> : Outer tagged vid value
<1-4094> : Inner tagged vid value
strip-double-tag : Strip Double tag
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- extag double-tag or 1,2,3-4)
profile <1-4094> <1-4094> extag : 802.1q Vlan using EX-VTOCD
strip-tag double-tag : Double tagged frame
<1-4094> : Outer tagged vid value
<1-4094> : Inner tagged vid value
strip-tag : Strip tag
uni-port PORT_NUM Setting extended vlan tagging operation
gpon-onu- extag double-tag of ONU user port
profile <1-4094> <1-4094> uni-port : ONU user port
swap-tag PORT_NUM : port number((ex : 1 or 1,2

5-46 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
double-tag : Double tagged frame
<1-4094> : Outer tagged vid value
<1-4094> : Inner tagged vid value
swap-tag : Swap tag
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
uni-port PORT_NUM
gpon-onu- extag : 802.1q Vlan using EX-VTOCD
extag downstream-mode
profile downstream-mode : The downstream
(us-inverse|none)
mapping
none : No operation in downstream
us-inverse : The operation performed in
the DS is the inverse of that performed in
the US
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
single-tag : Single tagged frame
uni-port PORT_NUM <1-4094> : Tagged vid value
extag single-tag <1-4094> add-tag : Insert tag
gpon-onu-
add-tag <1-4094> <1-4094> : Vlan tag vid value
profile
(priority (<0-7>|8) priority : Vlan tag priority
(tp-id (0|2|4|6|7))) <0-7> : Vlan tag priority value
8 : Vlan tag priority from the inner
priority of the received frame
tp-id : Treatment TPID/DE
0 : Copy TPID (and DE, if present) from
inner tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of

Configuring Ports and Links 5-47


Showing OLT LIM Port Information

received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
single-tag : Single tagged frame
<1-4094> : Tagged vid value
change-tag : Change tag
uni-port PORT_NUM <1-4094> : Vlan tag vid value
extag single-tag <1-4094> priority : Vlan tag priority
gpon-onu-
change-tag <1-4094> <0-7> : Vlan tag priority value
profile
((priority (<0-7>|8) 8 : Vlan tag priority from the inner
(tp-id (0|2|4|6|7))) priority of the received frame
tp-id : Treatment TPID/DE
0 : Copy TPID (and DE, if present) from
inner tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM
PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- extag single-tag <1-4094>
or 1,2,3-4)
profile change-tag <1-4094>
extag : 802.1q Vlan using EX-VTOCD
add-tag <1-4094>
single-tag : Single tagged frame
<1-4094> : Tagged vid value
change-tag : Change tag

5-48 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

<1-4094> : Vlan tag vid value


add-tag : Add tag
<1-4094> : Vlan tag vid value
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
single-tag : Single tagged frame
uni-port PORT_NUM
<1-4094> : Tagged vid value
extag
change-tag : Change tag
single-tag <1-4094>
gpon-onu- <1-4094> : Vlan tag vid value
change-tag <1-4094>
profile priority : Vlan tag priority
priority (<0-7>|8)
<0-7> : Vlan tag priority value
add-tag <1-4094>
8 : Vlan tag priority from the inner
priority (<0-7>|8)
priority of the received frame
add-tag : Add tag
<1-4094> : Vlan tag vid value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
8 : Vlan tag priority from the inner
priority of the received frame
Setting extended vlan tagging operation
of ONU user port
uni-port PORT_NUM uni-port : ONU user port
extag PORT_NUM : port number((ex : 1 or 1,2
single-tag <1-4094> or 1,2,3-4)
change-tag <1-4094> extag : 802.1q Vlan using EX-VTOCD
gpon-onu-
priority (<0-7>|8) single-tag : Single tagged frame
profile
tp-id (0|2|4|6|7) <1-4094> : Tagged vid value
add-tag <1-4094> change-tag : Change tag
priority (<0-7>|8) <1-4094> : Vlan tag vid value
tp-id (0|2|4|6|7) priority : Vlan tag priority
<0-7> : Vlan tag priority value
8 : Vlan tag priority from the inner

Configuring Ports and Links 5-49


Showing OLT LIM Port Information

priority of the received frame


tp-id : Treatment TPID/DE
0 : Copy TPID (and DE, if present) from
inner tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
add-tag : Add tag
<1-4094> : Vlan tag vid value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
8 : Vlan tag priority from the inner
priority of the received frame
tp-id : Treatment TPID/DE
0 : Copy TPID (and DE, if present) from
inner tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM
or 1,2,3-4)
gpon-onu- extag
extag : 802.1q Vlan using EX-VTOCD
profile single-tag <1-4094>
single-tag : Single tagged frame
double-tag <1-4094> <1-4094>
<1-4094> : Tagged vid value
double-tag : Insert double tag
<1-4094> : Outer vlan tag vid value
<1-4094> : Inner vlan tag vid value
gpon-onu- uni-port PORT_NUM Setting extended vlan tagging operation

5-50 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

profile extag of ONU user port


single-tag <1-4094> uni-port : ONU user port
double-tag <1-4094> PORT_NUM : port number((ex : 1 or 1,2
priority (<0-7>|8) or 1,2,3-4)
<1-4094> extag : 802.1q Vlan using EX-VTOCD
priority (<0-7>|8) single-tag : Single tagged frame
<1-4094> : Tagged vid value
double-tag : Insert double tag
priority : Outer vlan tag priority
<0-7> : Outer vlan tag priority value
8 : Outer vlan tag priority from the inner
priority of the received frame
<1-4094> : Inner vlan tag vid value
priority : Inner vlan tag priority
<0-7> : Inner vlan tag priority value
8 : Inner vlan tag priority from the inner
priority of the received frame
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
or 1,2,3-4)
extag : 802.1q Vlan using EX-VTOCD
uni-port PORT_NUM
single-tag : Single tagged frame
extag
<1-4094> : Tagged vid value
single-tag <1-4094>
double-tag : Insert double tag
double-tag <1-4094>
gpon-onu- priority : Outer vlan tag priority
priority (<0-7>|8)
profile <0-7> : Outer vlan tag priority value
tp-id (0|2|4|6|7)
8 : Outer vlan tag priority from the inner
<1-4094>
priority of the received frame
priority (<0-7>|8)
tp-id : Treatment outer TPID/DE
tp-id (0|2|4|6|7)
0 : Copy TPID (and DE, if present) from
inner tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
4 : Set TPID = 0x8100

Configuring Ports and Links 5-51


Showing OLT LIM Port Information

6 : Set TPID = output TPID, DE=0


7 : Set TPID = output TPID, DE=1
<1-4094> : Inner vlan tag vid value
priority : Inner vlan tag priority
<0-7> : Inner vlan tag priority value
8 : Inner vlan tag priority from the inner
priority of the received frame
tp-id : Treatment inner TPID/DE
0 : Copy TPID (and DE, if present) from
inner tag of received frame
2 : Set TPID = output TPID attribute
value, copy DE bit from inner tag of
received frame
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM
PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- extag
or 1,2,3-4)
profile single-tag <1-4094>
extag : 802.1q Vlan using EX-VTOCD
strip-tag
single-tag : Single tagged frame
<1-4094> : Tagged vid value
strip-tag : Single tagged frame
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM PORT_NUM : port number((ex : 1 or 1,2
extag untag or 1,2,3-4)
gpon-onu-
add-tag <1-4094> extag : 802.1q Vlan using EX-VTOCD
profile
((priority <0-7>) untag : Untagged frame
(tp-id (4|6|7))) add-tag : Insert tag
<1-4094> : Vlan tag vid value
priority : Vlan tag priority
<0-7> : Vlan tag priority value

5-52 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

tp-id : Treatment TPID/DE


4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
uni-port PORT_NUM PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- extag untag or 1,2,3-4)
profile double-tag extag : 802.1q Vlan using EX-VTOCD
<1-4094> <1-4094> untag : Untagged frame
double-tag : Insert double-tag
<1-4094> : Outer vlan tag vid value
<1-4094> : Inner vlan tag vid value
Setting extended vlan tagging operation
of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM or 1,2,3-4)
extag untag extag : 802.1q Vlan using EX-VTOCD
gpon-onu- double-tag <1-4094> untag : Untagged frame
profile priority <0-7> double-tag : Insert double-tag
<1-4094> <1-4094> : Outer vlan tag vid value
priority <0-7> priority : Outer vlan tag priority
<0-7> : Outer vlan tag priority value
<1-4094> : Inner vlan tag vid value
priority : Inner vlan tag priority
<0-7> : Inner vlan tag priority value
uni-port PORT_NUM Setting extended vlan tagging operation
extag untag of ONU user port
double-tag <1-4094> uni-port : ONU user port
gpon-onu- priority <0-7> PORT_NUM : port number((ex : 1 or 1,2
profile tp-id (4|6|7) or 1,2,3-4)
<1-4094> extag : 802.1q Vlan using EX-VTOCD
priority <0-7> untag : Untagged frame
tp-id (4|6|7) double-tag : Insert double-tag

Configuring Ports and Links 5-53


Showing OLT LIM Port Information

<1-4094> : Outer vlan tag vid value


priority : Outer vlan tag priority
<0-7> : Outer vlan tag priority value
tp-id : Treatment outer TPID/DE
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
<0-7> : Outer vlan tag priority value
<1-4094> : Inner vlan tag vid value
priority : Inner vlan tag priority
<0-7> : Inner vlan tag priority value
tp-id : Treatment inner TPID/DE
4 : Set TPID = 0x8100
6 : Set TPID = output TPID, DE=0
7 : Set TPID = output TPID, DE=1
Setting protocol based vlan tagging
operation of ONU user port
uni-port : ONU user port
gpon-onu- uni-port PORT_NUM
PORT_NUM : port number((ex : 1 or 1,2
profile proto-vlan
or 1,2,3-4)
proto-vlan :
Protocol based VLAN Tagging OCD
Setting protocol based vlan tagging
operation of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM or 1,2,3-4)
proto-vlan proto-vlan :
gpon-onu-
ip-address A.B.C.D Protocol based VLAN Tagging OCD
profile
add-tag <1-4094> ip-address : IP address
priority <0-7> A.B.C.D: IP address value
add-tag : Insert tag
<1-4094> : Vlan tag vid value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
gpon-onu- uni-port PORT_NUM Setting protocol based vlan tagging

5-54 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

profile proto-vlan operation of ONU user port


ip-tos <0-255> uni-port : ONU user port
add-tag <1-4094> PORT_NUM : port number((ex : 1 or 1,2
priority <0-7> or 1,2,3-4)
proto-vlan :
Protocol based VLAN Tagging OCD
ip-tos : IP TOS(Type of service) field
<0-255> : IP TOS(Type of service) field
value
add-tag : Insert tag
<1-4094> : Vlan tag vid value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
Setting protocol based vlan tagging
operation of ONU user port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
uni-port PORT_NUM or 1,2,3-4)
proto-vlan proto-vlan :
gpon-onu-
mac A:B:C:D:E:F Protocol based VLAN Tagging OCD
profile
add-tag <1-4094> mac : mac address
priority <0-7> A:B:C:D:E:F : mac address value
add-tag : Insert tag
<1-4094> : Vlan tag vid value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
Setting upstream source ip filtering
configuration of ONU uni port
uni-port : ONU user port
PORT_NUM : port number((ex : 1 or 1,2
gpon-onu- uni-port PORT_NUM ip-filter-
or 1,2,3-4)
profile table <1-8> A.B.C.D
ip-filter-table : Upstream source ip filter
table
<1-8> : filtering index value range
A.B.C.D : filtering IP address

Configuring Ports and Links 5-55


Showing OLT LIM Port Information

Configuring Video Uni Port


Table 5-30 Configuring Video Uni Port

Node Command Help


Setting Video Overlay control of ONU
video uni port
video-uni : PPTP video UNI
gpon-onu- video-uni PORT_NUM
PORT_NUM : port number((ex : 1 or 1,2
profile (enable|disable)
or 1,2,3-4)
enable : Administrative enable
disable : Administratively disable
Setting Video Overlay control of ONU
video uni port
video-uni : PPTP video UNI
gpon-onu- video-uni PORT_NUM PORT_NUM : port number((ex : 1 or 1,2
profile power (on|off) or 1,2,3-4)
power : Power control over coaxial cable
on : Enable Power feed
off : Disable Power feed

Configuring ONU Bridge with Profile

Configuring Bridge GEM Port


Table 5-31 Configuring Bridge GEM Port

Node Command Help


Setting bridge’s priority decision
based on 802.1p COS field
bridge WORD bridge : Bridge
gpon-onu-profile 8021p-map WORD : bridge index number range
cos-pbit-mapping <0-7>(ex: 1 or 1,2 or 1,2,3-4)
8021p-map : 802.1p Priority to
gem-port mapping

5-56 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


cos-pbit-mapping : CoS to pbit
mapping(default)
Setting bridge’s priority decision
based on IP DSCP field
bridge : Bridge
WORD : bridge index number range
bridge WORD <0-7>(ex: 1 or 1,2 or 1,2,3-4)
8021p-map 8021p-map : 802.1p Priority to
gpon-onu-profile
dscp-pbit-mapping gem-port mapping
DSCP_PBIT_MAPPING dscp-pbit-mapping : DSCP to pbit
mapping
DSCP_PBIT_MAPPING : 24 bytes
string represent 64 3-bits
groupings
Setting broadcast gem port on the
bridge
bridge : Bridge
bridge WORD
gpon-onu-profile WORD : bridge index number range
broadcast-gem-port
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
broadcast-gem-port : Broadcast GEM
port
Setting broadcast gem port’s
up/down queue mapping
bridge : Bridge

bridge WORD WORD : bridge index number range

broadcast-gem-port <0-7>(ex: 1 or 1,2 or 1,2,3-4)

up-queue-config broadcast-gem-port : Broadcast GEM


tcont <0-7> port
gpon-onu-profile
priority <0-7> up-queue-config : upstream queue
down-queue-config config (Queue mapping & Queue
uni_port <1-8> size)
priority <0-7> tcont : T-CONT

<0-7> : T-CONT index


priority : queue priority
<0-7> : queue priority value

Configuring Ports and Links 5-57


Showing OLT LIM Port Information

Node Command Help


down-queue-config : downstream
queue config (Queue mapping &
Queue size)
uni_port : PPTP Ethernet UNI Port
<1-8> : PPTP Ethernet UNI Port
index
priority : queue priority
<0-7> : queue priority value
Setting gem-port on the bridge
bridge : Bridge
WORD : bridge index number range
bridge WORD
gpon-onu-profile <0-7>(ex: 1 or 1,2 or 1,2,3-4)
gem-port PORT_NUM
gem-port : GEM port
PORT_NUM : port number(ex: 1 or
1,2 or 1,2,3-4)
Setting gem port on the bridge
with 802.1p mapper config
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
gem-port : GEM port
PORT_NUM : port number
bridge WORD (ex: 1 or 1,2 or 1,2,3-4)
gem-port PORT_NUM 8021p-map : 802.1p Priority to
8021p-map gem-port mapping
gpon-onu-profile <0-1> <0-1> <0-1> : gem-port to P-Bit 0
<0-1> <0-1> (1: map, 0: no map)
<0-1> <0-1> <0-1> : gem-port to P-Bit 1
<0-1> <0-1> (1: map, 0: no map)
<0-1> : gem-port to P-Bit 2
(1: map, 0: no map)
<0-1> : gem-port to P-Bit 3
(1: map, 0: no map)
<0-1> : gem-port to P-Bit 4
(1: map, 0: no map)
<0-1> : gem-port to P-Bit 5

5-58 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


(1: map, 0: no map)
<0-1> : gem-port to P-Bit 6
(1: map, 0: no map)
<0-1> : gem-port to P-Bit 7
(1: map, 0: no map)
Setting gem port on the bridge
with 802.1p mapper config and
up/down queue mapping
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
gem-port : GEM port
PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
bridge WORD 8021p-map : 802.1p Priority to
gem-port PORT_NUM gem-port mapping
8021p-map <0-1> : gem-port to P-Bit 0
<0-1> <0-1> (1: map, 0: no map)
<0-1> <0-1> <0-1> : gem-port to P-Bit 1
<0-1> <0-1> (1: map, 0: no map)
gpon-onu-profile <0-1> <0-1> <0-1> : gem-port to P-Bit 2
up-queue-config (1: map, 0: no map)
tcont <0-7> <0-1> : gem-port to P-Bit 3
priority <0-7> (1: map, 0: no map)
down-queue-config <0-1> : gem-port to P-Bit 4
uni_port <1-8> (1: map, 0: no map)
priority <0-7> <0-1> : gem-port to P-Bit 5
(1: map, 0: no map)
<0-1> : gem-port to P-Bit 6
(1: map, 0: no map)
<0-1> : gem-port to P-Bit 7
(1: map, 0: no map)
up-queue-config :
upstream queue config
(Queue mapping & Queue size)
tcont : T-CONT

Configuring Ports and Links 5-59


Showing OLT LIM Port Information

Node Command Help


<0-7> : T-CONT index
priority : queue priority
<0-7> : queue priority value
down-queue-config :
downstream queue config
(Queue mapping & Queue size)
uni_port : PPTP Ethernet UNI Port
<1-8> : PPTP Ethernet UNI Port
index
priority : queue priority
<0-7> : queue priority value
Setting gem port on the bridge
with up/down queue mapping
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
gem-port : GEM port
PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
bridge WORD
up-queue-config :
gem-port PORT_NUM
upstream queue config
up-queue-config
(Queue mapping & Queue size)
tcont <0-7>
gpon-onu-profile tcont : T-CONT
priority <0-7>
<0-7> : T-CONT index
down-queue-config
priority : queue priority
uni_port <1-8>
<0-7> : queue priority value
priority <0-7>
down-queue-config :
downstream queue config
(Queue mapping & Queue size)
uni_port : PPTP Ethernet UNI Port
<1-8> : PPTP Ethernet UNI Port
index
priority : queue priority
<0-7> : queue priority value
bridge WORD Setting multicast gem port on the
gpon-onu-profile
multicast-gem-port bridge

5-60 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
multicast-gem-port : Multicast GEM
port
Setting multicast gem port on the
bridge with up/down queue mapping
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
multicast-gem-port :
Multicast GEM port
bridge WORD up-queue-config :
multicast-gem-port upstream queue config
up-queue-config (Queue mapping & Queue size)
tcont <0-7> tcont : T-CONT
gpon-onu-profile
priority <0-7> <0-7> : T-CONT index
down-queue-config priority : queue priority
uni_port <1-8> <0-7> : queue priority value
priority <0-7> down-queue-config :
downstream queue config
(Queue mapping & Queue size)
uni_port : PPTP Ethernet UNI Port
<1-8> :
PPTP Ethernet UNI Port index
priority : queue priority
<0-7> : queue priority value
Setting gem-port’s vlan filtering
operation config
bridge : Bridge
bridge WORD WORD : bridge index number range
gpon-onu-profile gem-port PORT_NUM <0-7>(ex: 1 or 1,2 or 1,2,3-4)
tag-filter <1-4094> gem-port : UNI port
PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
tag-filter :

Configuring Ports and Links 5-61


Showing OLT LIM Port Information

Node Command Help


802.1q filter using VTF
<1-4094> : Vlan tag id value
Setting gem-port’s vlan filtering
operation config
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
bridge WORD
gem-port : GEM port
gem-port PORT_NUM
gpon-onu-profile PORT_NUM : port number
tag-filter <1-4094>
(ex: 1 or 1,2 or 1,2,3-4)
priority <0-7>
tag-filter :
802.1q filter using VTF
<1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
Setting gem-port’s vlan filtering
operation config
bridge : Bridge
WORD : bridge index number range
bridge WORD
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
gem-port PORT_NUM
gem-port : GEM port
tag-filter mode
PORT_NUM : port number
(a-a|c-a|a-e|
(ex: 1 or 1,2 or 1,2,3-4)
f-vid-a|f-vid-e|
tag-filter :
g-vid-a|g-vid-e|
802.1q filter using VTF
f-prio-a|f-prio-e|
gpon-onu-profile mode : filtering mode:
g-prio-a|g-prio-e|
Uncondition-action OR
f-tci-a|f-tci-e|
Match-action/Miss-Match-action
g-tci-a|g-tci-e|
a-a :
h-vid-a|h-vid-e|
Basic Bridge tagged frame (a),
h-prio-a|h-prio-e|
Basic Bridge untagged frame (a)
h-tci-a|h-tci-e|
a-e :
b-e)
Basic Bridge tagged frame (a),
Discard untagged frame (e)
c-a :
Discard tagged frame (c), Basic

5-62 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


Bridge untagged frame (a)
f-prio-a :
Permit/Basic Bridge tagged frame
(f) (prio lookup),
Basic Bridge untagged frame (a)
f-prio-e :
Permit/Basic Bridge tagged frame
(f) (prio lookup),
Discard untagged frame (e)
f-vid-a :
Permit/Basic Bridge tagged frame
(f) (vid lookup),
Basic Bridge untagged frame (a)
f-vid-e :
Permit/Basic Bridge tagged frame
(f) (vid lookup),
Discard untagged frame (e)
g-prio-a :
Deny/Basic Bridge tagged frame (g)
(prio lookup),
Basic Bridge untagged frame (a)
g-prio-e :
Deny/Basic Bridge tagged frame (g)
(prio lookup),
Discard untagged frame (e)
g-vid-a :
Deny/Basic Bridge tagged frame (g)
(vid lookup),
Basic Bridge untagged frame (a)
g-vid-e :
Deny/Basic Bridge tagged frame (g)
(vid lookup),
Discard untagged frame (e)

Configuring Ports and Links 5-63


Showing OLT LIM Port Information

Node Command Help


f-tci-a :
Permit/Basic Bridge tagged frame
(f) (tci lookup),
Basic Bridge untagged frame (a)
f-tci-e :
Permit/Basic Bridge tagged frame
(f) (tci lookup),
Discard untagged frame (e)
g-tci-a :
Deny/Basic Bridge tagged frame (g)
(tci lookup),
Basic Bridge untagged frame (a)
g-tci-e :
Deny/Basic Bridge tagged frame (g)
(tci lookup),
Discard untagged frame (e)
h-prio-a :
Permit/Discard tagged frame (h)
(prio lookup),
Basic Bridge untagged frame (a)
h-prio-e :
Permit/Discard tagged frame (h)
(prio lookup),
Discard untagged frame (e)
h-tci-a :
Permit/Discard tagged frame (h)
(tci lookup),
Basic Bridge untagged frame (a)
h-tci-e :
Permit/Discard tagged frame (h)
(tci lookup),
Discard untagged frame (e)
h-vid-a :
Permit/Discard tagged frame (h)
(vid lookup),
Basic Bridge untagged frame (a)

5-64 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


h-vid-e :
Permit/Discard tagged frame (h)
(vid lookup),
Discard untagged frame (e)
b-e :
Forward tagged frame (b),
Discard untagged frame (e)

Configuring Bridge UNI Port


Table 5-32 Configuring Bridge Uni Port

Node Command Help


Setting uni-port’s vlan tagging
operation config data
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
uni-port : UNI port
PORT_NUM : port number
bridge WORD
(ex: 1 or 1,2 or 1,2,3-4)
uni-port PORT_NUM tag
tag : 802.1q Vlan using VTOCD
upstream add-tag
gpon-onu-profile upstream :
<1-4094>
Upstream frame is sent with
downstream
add-tag : Add(change) tag, making
(as-is|strip-tag)
untagged(tagged) into tagged
<1-4094> : Vlan tag id value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
bridge WORD Setting uni-port’s vlan tagging
gpon-onu-profile
uni-port PORT_NUM tag operation config data

Configuring Ports and Links 5-65


Showing OLT LIM Port Information

Node Command Help


upstream add-tag bridge : Bridge
<1-4094> WORD : bridge index number range
priority <0-7> <0-7>(ex: 1 or 1,2 or 1,2,3-4)
downstream uni-port : UNI port
(as-is|strip-tag) PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
tag : 802.1q Vlan using VTOCD
upstream :
Upstream frame is sent with
add-tag : Add(change) tag, making
untagged(tagged) into tagged
<1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan tagging
operation config data
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
uni-port : UNI port
bridge WORD PORT_NUM : port number
uni-port PORT_NUM tag (ex: 1 or 1,2 or 1,2,3-4)
gpon-onu-profile upstream as-is tag : 802.1q Vlan using VTOCD
downstream upstream :
(as-is|strip-tag) Upstream frame is sent with
as-is : As is
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents

5-66 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


Setting uni-port’s vlan tagging
operation config data
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
uni-port : UNI port
PORT_NUM : port number
bridge WORD (ex: 1 or 1,2 or 1,2,3-4)
uni-port PORT_NUM tag tag : 802.1q Vlan using VTOCD
upstream upstream :
gpon-onu-profile
prepend-tag <1-4094> Upstream frame is sent with
downstream prepend-tag : Prepend tag, making
(as-is|strip-tag) untagged(tagged) into
tagged(double-tagged)
<1-4094> : Vlan tag id value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan tagging
operation config data
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
bridge WORD
uni-port : UNI port
uni-port PORT_NUM tag
PORT_NUM : port number
upstream
(ex: 1 or 1,2 or 1,2,3-4)
gpon-onu-profile prepend-tag <1-4094>
tag : 802.1q Vlan using VTOCD
priority <0-7>
upstream :
downstream
Upstream frame is sent with
(as-is|strip-tag)
prepend-tag : Prepend tag, making
untagged(tagged) into
tagged(double-tagged)
<1-4094> : Vlan tag id value
priority : Vlan tag priority

Configuring Ports and Links 5-67


Showing OLT LIM Port Information

Node Command Help


<0-7> : Vlan tag priority value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting uni-port’s vlan filtering
operation config
bridge : Bridge
WORD : bridge index number range
bridge WORD <0-7>(ex: 1 or 1,2 or 1,2,3-4)
gpon-onu-profile uni-port PORT_NUM uni-port : UNI port
tag-filter <1-4094> PORT_NUM : port number
(ex: 1 or 1,2 or 1,2,3-4)
tag-filter :
802.1q filter using VTF
<1-4094> : Vlan tag id value
Setting uni-port’s vlan filtering
operation config
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
bridge WORD
uni-port : UNI port
uni-port PORT_NUM
gpon-onu-profile PORT_NUM : port number
tag-filter <1-4094>
(ex: 1 or 1,2 or 1,2,3-4)
priority <0-7>
tag-filter :
802.1q filter using VTF
<1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
bridge WORD Setting uni-port’s vlan filtering
uni-port PORT_NUM operation config
tag-filter mode bridge : Bridge
gpon-onu-profile
(a-a|c-a|a-e| WORD : bridge index number range
f-vid-a|f-vid-e| <0-7>(ex: 1 or 1,2 or 1,2,3-4)
g-vid-a|g-vid-e| uni-port : UNI port

5-68 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


f-prio-a|f-prio-e| PORT_NUM : port number
g-prio-a|g-prio-e| (ex: 1 or 1,2 or 1,2,3-4)
f-tci-a|f-tci-e| tag-filter :
g-tci-a|g-tci-e| 802.1q filter using VTF
h-vid-a|h-vid-e| mode : filtering mode:
h-prio-a|h-prio-e| Uncondition-action OR
h-tci-a|h-tci-e| Match-action/Miss-Match-action
b-e) a-a :
Basic Bridge tagged frame (a),
Basic Bridge untagged frame (a)
a-e :
Basic Bridge tagged frame (a),
Discard untagged frame (e)
c-a :
Discard tagged frame (c), Basic
Bridge untagged frame (a)
f-prio-a :
Permit/Basic Bridge tagged frame
(f) (prio lookup),
Basic Bridge untagged frame (a)
f-prio-e :
Permit/Basic Bridge tagged frame
(f) (prio lookup),
Discard untagged frame (e)
f-vid-a :
Permit/Basic Bridge tagged frame
(f) (vid lookup),
Basic Bridge untagged frame (a)
f-vid-e :
Permit/Basic Bridge tagged frame
(f) (vid lookup),
Discard untagged frame (e)
g-prio-a :
Deny/Basic Bridge tagged frame (g)
(prio lookup),
Basic Bridge untagged frame (a)

Configuring Ports and Links 5-69


Showing OLT LIM Port Information

Node Command Help


g-prio-e :
Deny/Basic Bridge tagged frame (g)
(prio lookup),
Discard untagged frame (e)
g-vid-a :
Deny/Basic Bridge tagged frame (g)
(vid lookup),
Basic Bridge untagged frame (a)
g-vid-e :
Deny/Basic Bridge tagged frame (g)
(vid lookup),
Discard untagged frame (e)
f-tci-a :
Permit/Basic Bridge tagged frame
(f) (tci lookup),
Basic Bridge untagged frame (a)
f-tci-e :
Permit/Basic Bridge tagged frame
(f) (tci lookup),
Discard untagged frame (e)
g-tci-a :
Deny/Basic Bridge tagged frame (g)
(tci lookup),
Basic Bridge untagged frame (a)
g-tci-e :
Deny/Basic Bridge tagged frame (g)
(tci lookup),
Discard untagged frame (e)
h-prio-a :
Permit/Discard tagged frame (h)
(prio lookup),
Basic Bridge untagged frame (a)
h-prio-e :
Permit/Discard tagged frame (h)
(prio lookup),
Discard untagged frame (e)

5-70 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


h-tci-a :
Permit/Discard tagged frame (h)
(tci lookup),
Basic Bridge untagged frame (a)
h-tci-e :
Permit/Discard tagged frame (h)
(tci lookup),
Discard untagged frame (e)
h-vid-a :
Permit/Discard tagged frame (h)
(vid lookup),
Basic Bridge untagged frame (a)
h-vid-e :
Permit/Discard tagged frame (h)
(vid lookup),
Discard untagged frame (e)
b-e :
Forward tagged frame (b),
Discard untagged frame (e)

Configuring Bridge IP Host


Table 5-33 Configuring Bridge IP Host

Node Command Help


Setting ip-host’s vlan tagging
operation config
bridge : Bridge
bridge WORD WORD : bridge index number range
ip-host WORD tag <0-7>(ex: 1 or 1,2 or 1,2,3-4)
upstream add-tag ip-host : IP Host config data
gpon-onu-profile
<1-4094> WORD : IP Host config data index
downstream (ex: 1 or 1,2 or 1,2,3-4)
(as-is|strip-tag) tag : 802.1q Vlan using VTOCD
upstream :
Upstream frame is sent with
add-tag : Add(change) tag, making

Configuring Ports and Links 5-71


Showing OLT LIM Port Information

Node Command Help


untagged(tagged) into tagged
<1-4094> : Vlan tag id value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting ip-host’s vlan tagging
operation config
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
ip-host : IP Host config data
WORD : IP Host config data index
bridge WORD (ex: 1 or 1,2 or 1,2,3-4)
ip-host WORD tag tag : 802.1q Vlan using VTOCD
upstream add-tag upstream :
gpon-onu-profile <1-4094> Upstream frame is sent with
priority <0-7> add-tag : Add(change) tag, making
downstream untagged(tagged) into tagged
(as-is|strip-tag) <1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting ip-host’s vlan tagging
operation config
bridge WORD
bridge : Bridge
ip-host WORD tag
WORD : bridge index number range
gpon-onu-profile upstream as-is
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
downstream
ip-host : IP Host config data
(as-is|strip-tag)
WORD : IP Host config data index
(ex: 1 or 1,2 or 1,2,3-4)

5-72 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


tag : 802.1q Vlan using VTOCD
upstream :
Upstream frame is sent with
as-is : As is
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting ip-host’s vlan tagging
operation config
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
ip-host : IP Host config data
WORD : IP Host config data index
bridge WORD (ex: 1 or 1,2 or 1,2,3-4)
ip-host WORD tag tag : 802.1q Vlan using VTOCD
upstream upstream :
gpon-onu-profile
prepend-tag <1-4094> Upstream frame is sent with
downstream prepend-tag : Prepend tag, making
(as-is|strip-tag) untagged(tagged) into
tagged(double-tagged)
<1-4094> : Vlan tag id value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
bridge WORD Setting ip-host’s vlan tagging
ip-host WORD tag operation config
upstream bridge : Bridge
gpon-onu-profile prepend-tag <1-4094> WORD : bridge index number range
priority <0-7> <0-7>(ex: 1 or 1,2 or 1,2,3-4)
downstream ip-host : IP Host config data
(as-is|strip-tag) WORD : IP Host config data index

Configuring Ports and Links 5-73


Showing OLT LIM Port Information

Node Command Help


(ex: 1 or 1,2 or 1,2,3-4)
tag : 802.1q Vlan using VTOCD
upstream :
Upstream frame is sent with
prepend-tag : Prepend tag, making
untagged(tagged) into
tagged(double-tagged)
<1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
downstream :
Downstream frame is sent with
as-is : As is
strip-tag :
Strip tag, if tag presents
Setting ip-host’s vlan filtering
operation config
bridge : Bridge
WORD : bridge index number range
bridge WORD <0-7>(ex: 1 or 1,2 or 1,2,3-4)
gpon-onu-profile ip-host WORD ip-host : IP Host config data
tag-filter <1-4094> WORD : IP Host config data index
(ex: 1 or 1,2 or 1,2,3-4)
tag-filter :
802.1q filter using VTF
<1-4094> : Vlan tag id value
Setting ip-host’s vlan filtering
operation config
bridge : Bridge
bridge WORD WORD : bridge index number range
ip-host WORD <0-7>(ex: 1 or 1,2 or 1,2,3-4)
gpon-onu-profile
tag-filter <1-4094> ip-host : IP Host config data
priority <0-7> WORD : IP Host config data index
(ex: 1 or 1,2 or 1,2,3-4)
tag-filter :
802.1q filter using VTF

5-74 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


<1-4094> : Vlan tag id value
priority : Vlan tag priority
<0-7> : Vlan tag priority value
Setting ip-host’s vlan filtering
operation config
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
ip-host : IP Host config data
WORD : IP Host config data index
(ex: 1 or 1,2 or 1,2,3-4)
tag-filter :
802.1q filter using VTF
bridge WORD
mode : filtering mode:
ip-host WORD
Uncondition-action OR
tag-filter mode
Match-action/Miss-Match-action
(a-a|c-a|a-e|
a-a :
f-vid-a|f-vid-e|
Basic Bridge tagged frame (a),
g-vid-a|g-vid-e|
Basic Bridge untagged frame (a)
f-prio-a|f-prio-e|
gpon-onu-profile a-e :
g-prio-a|g-prio-e|
Basic Bridge tagged frame (a),
f-tci-a|f-tci-e|
Discard untagged frame (e)
g-tci-a|g-tci-e|
c-a :
h-vid-a|h-vid-e|
Discard tagged frame (c), Basic
h-prio-a|h-prio-e|
Bridge untagged frame (a)
h-tci-a|h-tci-e|
f-prio-a :
b-e)
Permit/Basic Bridge tagged frame
(f) (prio lookup),
Basic Bridge untagged frame (a)
f-prio-e :
Permit/Basic Bridge tagged frame
(f) (prio lookup),
Discard untagged frame (e)
f-vid-a :
Permit/Basic Bridge tagged frame
(f) (vid lookup),

Configuring Ports and Links 5-75


Showing OLT LIM Port Information

Node Command Help


Basic Bridge untagged frame (a)
f-vid-e :
Permit/Basic Bridge tagged frame
(f) (vid lookup),
Discard untagged frame (e)
g-prio-a :
Deny/Basic Bridge tagged frame (g)
(prio lookup),
Basic Bridge untagged frame (a)
g-prio-e :
Deny/Basic Bridge tagged frame (g)
(prio lookup),
Discard untagged frame (e)
g-vid-a :
Deny/Basic Bridge tagged frame (g)
(vid lookup),
Basic Bridge untagged frame (a)
g-vid-e :
Deny/Basic Bridge tagged frame (g)
(vid lookup),
Discard untagged frame (e)
f-tci-a :
Permit/Basic Bridge tagged frame
(f) (tci lookup),
Basic Bridge untagged frame (a)
f-tci-e :
Permit/Basic Bridge tagged frame
(f) (tci lookup),
Discard untagged frame (e)
g-tci-a :
Deny/Basic Bridge tagged frame (g)
(tci lookup),
Basic Bridge untagged frame (a)

5-76 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


g-tci-e :
Deny/Basic Bridge tagged frame (g)
(tci lookup),
Discard untagged frame (e)
h-prio-a :
Permit/Discard tagged frame (h)
(prio lookup),
Basic Bridge untagged frame (a)
h-prio-e :
Permit/Discard tagged frame (h)
(prio lookup),
Discard untagged frame (e)
h-tci-a :
Permit/Discard tagged frame (h)
(tci lookup),
Basic Bridge untagged frame (a)
h-tci-e :
Permit/Discard tagged frame (h)
(tci lookup),
Discard untagged frame (e)
h-vid-a :
Permit/Discard tagged frame (h)
(vid lookup),
Basic Bridge untagged frame (a)
h-vid-e :
Permit/Discard tagged frame (h)
(vid lookup),
Discard untagged frame (e)
b-e :
Forward tagged frame (b),
Discard untagged frame (e)

Configuring dot1x
Table 5-34 Configuring dot1x

Node Command Help

Configuring Ports and Links 5-77


Showing OLT LIM Port Information

Node Command Help


Setting ONU’s dot1x config
gpon-onu-profile dot1x
dot1x : Dot1X
Setting ONU’s dot1x circuit-id
config
dot1x dot1x : Dot1X
gpon-onu-profile
circuit-id STRING circuit-id : Circuit-id-prefix
STRING : Circuit-id-prefix string
(max length 375 bytes)
Setting ONU’s dot1x fallback
config
gpon-onu-profile dot1x fallback deny dot1x : Dot1X
fallback : Fallback policy
deny : Deny
Setting ONU’s dot1x olt-proxy
config
dot1x dot1x : Dot1X
gpon-onu-profile
olt-proxy A.B.C.D olt-proxy : Radius authentication
server OLT proxy
A.B.C.D : IP address
Setting ONU’s dot1x radius-server
config
dot1x : Dot1X
dot1x
radius-server-1 : Radius
gpon-onu-profile radius-server-1
authentication server – first
STRING key STRING
choice
STRING : URI string of server
address (max length 375 bytes)
Setting ONU’s dot1x radius-server
config
dot1x : Dot1X
dot1x
radius-server-1 : Radius
gpon-onu-profile radius-server-2
authentication server – second
STRING key STRING
choice
STRING : URI string of server
address (max length 375 bytes)
gpon-onu-profile dot1x Setting ONU’s dot1x radius-server

5-78 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


radius-server-3 config
STRING key STRING dot1x : Dot1X
radius-server-1 : Radius
authentication server – third
choice
STRING : URI string of server
address (max length 375 bytes)

Configuring Bridge dot1


Table 5-35 Configuring Bridge dot1

Node Command Help


Enable dot1 functionality on
bridge
bridge WORD bridge : Bridge
gpon-onu-profile
dot1-ratelimit WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
dot1-ratelimit : dot1 ratelimiter
Setting dot1 ratelimit on bridge
bridge : Bridge
WORD : bridge index number range
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
bridge WORD dot1-ratelimit : dot1 ratelimiter
dot1-ratelimit upstream-unicast-flood :
(upstream-unicast- Upstream unicast flood rate limit
flood| upstream-broadcast :
gpon-onu-profile
upstream-broadcast| Upstream broadcast flood rate
upstream-multicast) limit
cir <0-1244160> upstream-multicast :
pir <0-1244160> Upstream multicast flood rate
limit
cir : Maximum committed bandwidth
allowed (In Kbps)
<0-1244160> : bandwidth values: 0

Configuring Ports and Links 5-79


Showing OLT LIM Port Information

Node Command Help


to 1244160 Kbps
pir : Maximum excessive bandwidth
allowed (In Kbps)
<0-1244160> : bandwidth values: 0
to 1244160 Kbps

Configuring Bridge Misc


Table 5-36 Configuring Bridge Misc

Node Command Help


Setting mac address to filter on
the bridge
bridge : Bridge
WORD : bridge index number range
bridge WORD
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
mac-filter-table
gpon-onu-profile mac-filter-table : upstream mac
<1-255> (permit|deny)
bridge port filter table
A:B:C:D:E:F
<1-255> : MAC filter list number
permit : permit mac
deny : deny mac
A:B:C:D:E:F : mac address
Setting mac address learning mode
on the bridge
bridge : Bridge
bridge WORD
gpon-onu-profile WORD : bridge index number range
mac-learning-disable
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
mac-learning-disable :
MAC learning disable
Setting max number of mac
addresses on the bridge
bridge : Bridge
bridge WORD
gpon-onu-profile WORD : bridge index number range
mac-limit <1-255>
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
mac-limit : MAC limit
<1-255> : limit number

5-80 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


Setting unknown mac address
decision rule
bridge : Bridge
bridge WORD unknown-
gpon-onu-profile WORD : bridge index number range
mac-discard
<0-7>(ex: 1 or 1,2 or 1,2,3-4)
unknown-mac-discard :
unknown mac packet discard

Configuring Multicast with Profile

Configuring IGMP Snoop of GPON ONU Profile


Table 5-37 Configuring IGMP

Node Command Help


igmp IGMP enable
IGMP enable to bridge
igmp bridge WORD
WORD : bridge index
IGMP function set
igmp function Snoop : IGMP Snoop function (default)
(snoop|spr|proxy) Proxy : IGMP Proxy function
Spr : IGMP Snoop Proxy Report function
igmp bandwidth Multicast bandwidth set
<0-4294967295> <0-4294967295> : bandwidth value
bridge WORD WORD : bridge index
Gpon-onu-profile
Enable : exceed max multicast
igmp
bandwidth be counted and
bandwidth-enforcement
denied(default)
(enable|disable) bridge
Disable
WORD
WORD : bridge index
Max group number set (0 : not limit)
igmp group-limit
<1-256> : limit group number
<0-256> bridge WORD
WORD : bridge index
igmp immediate-leave IGMP fast-leave
(enable|disable) Enable : (default)

Configuring Ports and Links 5-81


Showing OLT LIM Port Information

Node Command Help


IGMP last member query interval value
Igmp last-mem-query-
set
interval <0-100000>
<0-10000> : query interval (default : 10)
Query message source IP address set
igmp querier-ip-address
A.B.C.D : querier IP address (Only Proxy
A.B.C.D
mode)
General query interval value set
igmp query-interval
<1-0000> : general query interval
<1-10000>
(default :125)
IGMP general query max response time
igmp
value set
query-max-response-time
<0-100000> : max response time (default :
<0-100000>
10)
IGMP robustness value set
igmp robustness <0-7>
<0-7> : default value 0
IGMP upstream rate value set
igmp upstream-rate <0-4294967295> : limits the
<0-4294967295> maximum rate of upstream IGMP
traffic (0:no limit)
IGMP tag control set
Transparent : Pass upstream IGMP traffic
transparently (default)
igmp
Add-vlan : Add a VLAN tag to upstream
upstream-tag-control
IGMP traffic
(transparent|add-
Replace-tci : Replace the entire TCI on
vlan|replace-
upstream IGMP traffic
tci|replace-vid)
Replace-vid : Replace only the VLAN ID
on upstream IGMP traffic, retaining the
original CFI and P-bit
igmp upstream-tci IGMP upstream IGMP tag control value
<0-65535> <0-65535> : tci value (default : 0)
IGMP version set
igmp version <1-3>
<1-3> : IGMP version (default : 2)
uni-port PORT_NUM IGMP access list set
igmp permit-group-list PORT_NUM : uni port index
<1-99> vlan-id <0-4095> <1-99> : permit list index

5-82 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


source-ip A.B.C.D <0-4095> : vlan id (zero means untagged
start-ip A.B.C.D vlan, and default value)
end-ip A.B.C.D Source ip : traffic source ip address (0 :
group-bw <0-4294967295> ignore)
Start ip : Destination IP address of the
start of the multicast range
End ip : Destination IP address of the end
of the multicast range
<0-4294967295> : bandwidth value (0 :
ignore)
IGMP static list set
PORT_NUM : uni port index
<1-99> : permit list index
uni-port PORT_NUM
<0-4095> : vlan id (zero means untagged
igmp static-group-list
vlan, and default value)
<1-99> vlan-id <0-4095>
Source ip : traffic source ip address (0 :
source-ip A.B.C.D
ignore)
start-ip A.B.C.D
Start ip : Destination IP address of the
end-ip A.B.C.D
start of the multicast range
End ip : Destination IP address of the end
of the multicast range

Configuring Ports and Links 5-83


Showing OLT LIM Port Information

Configuring VoIP with Profile

Configuring VoIP
Table 5-38 Configuring VoIP

Node Command Help


Config VoIP application service
profile
voip : voip

cid-features : VoIP application


service profile (146), Call ID features

: Cid features : 1 calling number, 4


gpon-onu- voip cid-features call-waiting- CID blocking(both number and
profile features call-presentation-features name)
call-waiting-features : Call waiting
features
: Range 0 to 255
call-presentation-features : Call
presentation features
: Range 0 to 65535

Config VoIP Media Profile

voip : voip

voip codec1 (pcmu|gsm|g723|dvi4- codec1 : VoIP Media Profile (142)


8000|dvi4-16000|lpc|pcma|g722|l16-2- Codec
channels|l16-1- pcmu : PCMU
channel|qcelp|cn|mpa|g728|dvi4-
11025|dvi4-22050|g729) codec2 gsm : GSM
(pcmu|gsm|g723|dvi4-8000|dvi4-
16000|lpc|pcma|g722|l16-2- g723 : G723
channels|l16-1-
channel|qcelp|cn|mpa|g728|dvi4- dvi4-8000 : DVI4 8000
gpon-onu- 11025|dvi4-22050|g729) codec3
profile (pcmu|gsm|g723|dvi4-8000|dvi4- dvi4-16000 : DVI4 16000
16000|lpc|pcma|g722|l16-2-
channels|l16-1- lpc : LPC
channel|qcelp|cn|mpa|g728|dvi4-
pcma : PCMA
11025|dvi4-22050|g729) codec4
(pcmu|gsm|g723|dvi4-8000|dvi4- g722 : G722
16000|lpc|pcma|g722|l16-2-
channels|l16-1- l16-2-channels : L16 2 channels
channel|qcelp|cn|mpa|g728|dvi4-
11025|dvi4-22050|g729) l16-1-channel : L16 1 channel

qcelp : QCELP

cn : CN

5-84 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


mpa : MPA

g728 : G728

dvi4-11025 : DVI4 11025

dvi4-22050 : DVI4 22050

g729 : G729
codec2 : VoIP Media Profile (142)
Codec
pcmu : PCMU

gsm : GSM

g723 : G723

dvi4-8000 : DVI4 8000

dvi4-16000 : DVI4 16000

lpc : LPC

pcma : PCMA

g722 : G722

l16-2-channels : L16 2 channels

l16-1-channel : L16 1 channel

qcelp : QCELP

cn : CN

mpa : MPA

g728 : G728

dvi4-11025 : DVI4 11025

dvi4-22050 : DVI4 22050

g729 : G729
codec3 : VoIP Media Profile (142)
Codec
pcmu : PCMU

gsm : GSM

g723 : G723

dvi4-8000 : DVI4 8000

dvi4-16000 : DVI4 16000

lpc : LPC

Configuring Ports and Links 5-85


Showing OLT LIM Port Information

Node Command Help


pcma : PCMA

g722 : G722

l16-2-channels : L16 2 channels

l16-1-channel : L16 1 channel

qcelp : QCELP

cn : CN

mpa : MPA

g728 : G728

dvi4-11025 : DVI4 11025

dvi4-22050 : DVI4 22050

g729 : G729
codec4 : VoIP Media Profile (142)
Codec
cn : CN

dvi4-11025 : DVI4 11025

dvi4-16000 : DVI4 16000

dvi4-22050 : DVI4 22050

dvi4-8000 : DVI4 8000

g722 : G722

g723 : G723

g728 : G728

g729 : G729

gsm : GSM

l16-1-channel : L16 1 channel

l16-2-channels : L16 2 channels

lpc : LPC

mpa : MPA

pcma : PCMA

pcmu : PCMU

qcelp : QCELP

gpon-onu- voip echo-cancel-ind (on|off) Config Voice service profile

5-86 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


profile
voip : voip
echo-cancel-ind : Voice service
profile (58) Echo cancel ind
off : off

on : on

Config VoIP Media Profile

voip : voip
gpon-onu- fax-mode : VoIP Media Profile (142)
voip fax-mode (passthru|t38)
profile Fax mode
passthru : Passthru

t38 : T.38

Config : Voice service profile

voip : voip
gpon-onu- jitter-buffer-max : Voice service
voip jitter-buffer-max
profile profile (58) Jitter buffer max
: The maximum depth of the jitter
buffer associated with this service in
milliseconds.
Config Voice service profile

voip : voip
Gpon-onu-
voip jitter-target jitter-target : Voice service profile
profile
(58) Jitter target
: The target value of the jitter buffer
in milliseconds,
Config VoIP Media Profile

voip : voip
gpon-onu- oob-dtmf : VoIP Media Profile (142)
voip oob-dtmf (on|off)
profile Out-of-band DTMF
off : Turn off silence suppression

on : Turn on silence suppression

Config VoIP Media Profile

voip : voip
packet-period1 : VoIP Media Profile
gpon-onu- voip packet-period1 packet-period2 (142) packet period
profile packet-period3 packet-period4
: This attribute specifies the packet
period selection interval in
milliseconds
packet-period2 : VoIP Media Profile

Configuring Ports and Links 5-87


Showing OLT LIM Port Information

Node Command Help


(142) packet period

: This attribute specifies the packet


period selection interval in
milliseconds
packet-period3 : VoIP Media Profile
(142) packet period
: This attribute specifies the packet
period selection interval in
milliseconds
packet-period4 : VoIP Media Profile
(142) packet period
: This attribute specifies the packet
period selection interval in
milliseconds
Config PPTP POTS UNI (53),
Administrative state
voip : voip

port : port

1 : port 1
gpon-onu- voip port (1|2) admin-state
profile (unlock|lock) 2 : port 2
admin-state : PPTP POTS UNI (53),
Administrative state
lock : all user functions of this
managed entity are blocked
unlock : managed entity is working
Config PPTP POTS UNI (53),
impedance
voip : voip

port : port

1 : port 1

2 : port 2
impedance : PPTP POTS UNI (53),
gpon-onu- voip port (1|2) impedance impedance
profile (600|900|complex1|complex2|complex3)
600 : 600 Ohms (omci value 0)

900 : 900 Ohms (omci value 1)

complex1 : C1=150 nF, R1=750 Ohm,


R2=270 Ohm.(omci value 2)

complex2 : C1=115 nF, R1=820 Ohm,


R2=220 Ohm.(omci value 3)

5-88 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


complex3 : C1=230 nF, R1=1050
Ohm, R2=320 Ohm.(omci value 4)

Config PPTP POTS UNI (53),


rxgain
voip : voip

port : port

gpon-onu- 1 : port 1
voip port (1|2) rxgain WORD
profile
2 : port 2

rxgain : PPTP POTS UNI (53), rxgain


WORD : Gain value for the received
signal : Valid values are -120 (-12.0
dB) to 60 (+6.0 dB)
Config VoIP voice CTP

voip : voip

port : port

1 : port 1

2 : port 2
5-89thernet5-89-code : VoIP voice
voip port (1|2) 5-89thernet5-89-code CTP (139): Signalling code: the
(loop-start|ground-start|loop- POTS-side signalling
gpon-onu-
reverse-battery|coin-first|multi- loop-start : Loop start
profile
party) 5-89thernet5-89-protocol-used
sip ground-start : Ground start
loop-reverse-battery : Loop reverse
battery
coin-first : Coin first

multi-party : Dial tone first


5-89thernet5-89-protocol-used :
Multi-party
sip : specifies the VoIP
5-89thernet5-89 protocol to use
Config PPTP POTS UNI (53),
txgain
voip : voip
gpon-onu-
voip port (1|2) txgain WORD port : port
profile
1 : port 1

2 : port 2

Configuring Ports and Links 5-89


Showing OLT LIM Port Information

Node Command Help


txgain : PPTP POTS UNI (53), txgain
WORD : Gain value for the transmit
signal : Valid values are -120 (-12.0
dB) to 60 (+6.0 dB)
Config Authentication security
method codes
voip : voip

port : port

1 : port 1

2 : port 2
gpon-onu- voip port (1|2) validation-scheme
profile (disabled|rfc-2069|rfc-2617) validation-scheme : Authentication
security method codes (148) :
Validation scheme
disabled : Disabled
rfc-2069 : MD5 digest authentication
in RFC 2069
rfc-2617 : Basic authentication in RFC
2617
Config SIP user data codes

voip : voip

port : port

1 : port 1

2 : port 2
voip port (1|2) voicemail-server-sip-
gpon-onu- voicemail-server-sip-uri : SIP user
uri A.B.C.D voicemail-subscription-
profile
expiration-time data codes (153), Voicemail server
sip uri
A.B.C.D : IP address
voicemail-subscription-expiration-
time : Voicemail subscription
expiration time
: Range 0 to 4294967295

Config SIP agent config data codes

voip : voip

gpon-onu- registrar : SIP agent config data


voip registrar A.B.C.D exp-time
profile codes (150), Proxy server address

A.B.C.D : IP address

exp-time : SIP registration expiration

5-90 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Node Command Help


time

: Range 0 to 4294967295(default
3600sec)
Config RTP profile data

voip : voip

rtp : RTP profile data (143)

portrange : port range


gpon-onu-
voip rtp portrange dscp-mark : Local port min(Range 0 to 65535),
profile
The default is 50000
: Local port max(Range 0 to 65535)

dscp-mark : DSCP mark


: Range 0 to 255(The default value is
expedited forwarding : 46)
Config VoIP config data

voip : voip
5-91thernet5-91-protocol-used : VoIP
config data (138), specifies the VoIP
5-91thernet5-91 protocol to use
none : None protocol

sip : SIP protocol

h-248 : H.248 protocol


voip 5-91thernet5-91-protocol-used mgcp : MGCP protocol
gpon-onu- (none|sip|h-248|mgcp|non-omci) voip-
profile cfg-method-used (default|omci|cfg- non-omci : Selected by non-OMCI
file|dsl-forum|ietf-sipping) management interface

voip-cfg-method-used : method used


to configure the ONT’s VoIP service

cfg-file : Configuration file retrieval

default : ONT default

dsl-forum : DSL Forum TR-69


ietf-sipping : IETF sipping config
framework
omci : OMCI
voip silence-suppression1 (on|off) Config VoIP Media Profile
gpon-onu-
silence-suppression2 (on|off)
profile
silence-suppression3 (on|off) voip : voip

Configuring Ports and Links 5-91


Showing OLT LIM Port Information

Node Command Help


silence-suppression4 (on|off)
silence-suppression1 : VoIP Media
Profile (142) Silence suppression

on : Turn on silence suppression

off : Turn off silence suppression

silence-suppression2 : VoIP Media


Profile (142) Silence suppression

on : Turn on silence suppression

off : Turn off silence suppression

silence-suppression3 : VoIP Media


Profile (142) Silence suppression

on : Turn on silence suppression

off : Turn off silence suppression

silence-suppression4 : VoIP Media


Profile (142) Silence suppression

off : Turn off silence suppression

on : Turn on silence suppression

Config TCP/UDP Config Data

voip : voip
tcp-udp-config-data : TCP/UDP
Config Data (136)
port-id : Port id
PORT_ID : The port number that
offers the TCP/UDP service
voip tcp-udp-config-data port-id protocol : Protocol, the protocol type
gpon-onu- PORT_ID protocol (tcp|udp) tos- as defined by IANA
profile diffserv-field TOS_DIFFSERV_FIELD ip-
tcp : TCP protocol
host <1-4>
udp : UDP protocol

tos-diffserv-field : TOS/diffserv field


TOS_DIFFSERV_FIELD : The value
of the TOS/diffserv field of the IPv4
header.
IP host pointer; Points to the IP host
config data ME associated with this
TCP/UDP data;

5-92 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Applying GPON ONU Profile


Table 5-39 Applying GPON ONU Profile

Node Command Help


Applying profile
port : Port
gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
port gpon WORD onu index WORD
config onu : ONU/ONT
profile NAME
index : ONU/ONT index number
WORD : ONU/ONT index Value
profile : GPON Profile
NAME : Profile Name
Applying profile to all onu of gpon port
port : Port
gpon : Gigabit-capable PON port type
config port gpon WORD profile NAME
WORD : Port(s) ranges (ex. 1/1-2,2/4)
profile : GPON Profile
NAME : Profile Name
Applying default profile to all onu of
gpon port
port : Port
config port gpon WORD profile default gpon : Gigabit-capable PON port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
profile : GPON Profile
default : default profile

Deleting GPON ONU Profile


Table 5-40 Deleting GPON ONU Profile

Node Command Help


Deleting profile
no : Negate a command or set its defaults
config no gpon-onu-profile WORD
gpon-onu-profile : gpon profile for onu
WORD : profile name

Configuring Ports and Links 5-93


Showing OLT LIM Port Information

Deleting profile all


no : Negate a command or set its defaults
config no gpon-onu-profile all
gpon-onu-profile : gpon profile for onu
all : profile all

Showing Profile
Table 5-41 Showing Profile

Node Command Help


Showing profile
en show gpon-onu-profile show : Show
gpon-onu-profile : epon profile for onu

show : Show running system information


port : Port
gpon : Gigabit-capable PON port type
show port gpon WORD onu WORD : Port(s) ranges (ex. 1/1-2,2/4)
en
index (all|WORD) profile onu : ONU/ONT
index : ONU/ONT index number
all : onu index all
WORD : ONU/ONT index Value
profile : profile applied state
en show lim-gpon-onu-profile Showing profile of each GPOM LIM.

5-94 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Showing GPON ONU Information


Table 5-42 Show GPON ONU Information

[Node] Command Help


Showing ONU status and management
ID (This identifier will remain the same
[en] show port gpon WORD onu
across re-initialization, software and
firmware update, move etc..)
[en] show port gpon WORD onu all
Showing Initstating ONU
initstate
[en] show port gpon WORD onu index WORD
Showing ONU GPON Firmware image
image
[en] show port gpon WORD onu index WORD Showing Onu general information and
information optical layer supervision
[en] show port gpon WORD onu WORD mac-
Showing Mac-address-table
address-table
[en] show port gpon WORD onu index WORD Showing Onu 5-95 thernet port
port 5-95thernet-uni information
[en] show port gpon WORD onu index WORD
Showing Onu VoIP port information
port pots-uni
[en] show port gpon WORD onu index WORD
Showing Counter
counter
[en] show port gpon WORD onu index WORD
Showing Counter of ONU GEM ports.
counter gem-port
[en] show port gpon WORD onu index WORD
Showing Ratelimit of ONU GEM ports.
ratelimit gem-port
[en] show port gpon WORD onu index WORD Showing Ratelimit of ONU Ethernet UNI
ratelimit uni-port ports.
[en] show port gpon WORD onu index WORD Showing Priority Queue Information of
(up-queue|down-queue) ONU.
[en] show port gpon WORD onu index WORD Showing Priority Queue configuration of
(up-queue-config|down-queue-config) ONU.
[en] show port gpon WORD onu index WORD Showing Traffic Scheduler Information of
traffic-scheduler-g ONU.
[en] show port gpon WORD onu index
Show ONU IP Host config
(all|WORD) ip-host
[en] show port gpon WORD onu index WORD Show ONU VoIP Authentication info

Configuring Ports and Links 5-95


Showing OLT LIM Port Information

[Node] Command Help


voip authentication
[en] show port gpon WORD onu index WORD Show VoIP registrar Server Information
voip registrar for ONU
[en] show port gpon WORD onu index WORD
Show ONU VoIP user information
voip user
[en] show port gpon WORD onu index Showing onu mac-filter-table
(all|WORD)mac-filter-table information
Showing onu rssi information
[en] show port gpon WORD onu index
rssi : Received Signal Strength Indication
(all|WORD)rssi
RSSI measurement(dbm)
[en] show port gpon WORD onu index
Showing multicast bridge configuration.
(all|WORD) igmp bridge WORD
[en] show port gpon WORD onu index Showing learning multicast group
(all|WORD) igmp group bridge WORD information.
[em] show port gpon WORD onu index Showing onu multicast profile
(all|WORD) igmp profile information
[en] show port gpon WORD onu index Showing 802.1p mapping information of
(all|WORD) 8021p-map specific onu
[en] show port gpon WORD onu index Showing bridge information of specific
(all|WORD) bridge onu
[en] show port gpon WORD onu index Showing bridge’s dot1 ratelimit
(all|WORD) bridge <0-7> dot1-ratelimit information of specific onu
[en] show port gpon WORD onu index Showing dot1x information of specific
(all|WORD) dot1x onu
[en] show port gpon WORD onu index
Showing dot1x counters of specific onu
(all|WORD) dot1x counter
[en] show port gpon WORD onu index Showing gem port interworking TP
(all|WORD) gem-port iwtp information of specific onu
Showing relationships between gem port
[en] show port gpon WORD onu index
network ctp and iwtp, 802.1p mapper, etc
(all|WORD) gem-port linkage
of specific onu
[en] show port gpon WORD onu index Showing gem port network CTP
(all|WORD) gem-port network-ctp information of specific onu
[en] show port gpon WORD onu index Showing ip host config data information
(all|WORD) ip-host of specific onu

5-96 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

[Node] Command Help


[en] show port gpon WORD onu index Showing t-cont information of specific
(all|WORD) tcont onu
[en] show port gpon WORD onu index Showing uni port’s dot1x information of
(all|WORD) uni-port <1-8> dot1x specific onu
[en] show port gpon WORD onu index Showing uni port’s dot1x counters of
(all|WORD) uni-port <1-8> dot1x counter specific onu
[en] show port gpon WORD onu index
Showing uni port’s dot1x detailed
(all|WORD) uni-port <1-8> dot1x counter
counters of specific onu
detail
[en] show port gpon WORD onu index Showing uni port’s extended vlan
(all|WORD) uni-port <1-8> extag tagging operation config of specific onu
Showing uni port’s extended vlan
[en] show port gpon WORD onu index
tagging operation table config of specific
(all|WORD) uni-port <1-8> extag-table
onu
[en] show port gpon WORD onu index Showing uni port’s extended vlan
(all|WORD) uni-port <1-8> extag-table- tagging operation table entries of specific
config onu
[en] show port gpon WORD onu index Showing uni port’s protocol based vlan
(all|WORD) uni-port <1-8> proto-vlan tagging operation config of specific onu
[en] show port gpon WORD onu index Showing uni port’s protocol based vlan
(all|WORD) uni-port <1-8> proto-vlan- tagging operation table config of specific
table onu
[en] show port gpon WORD onu index Showing uni port’s protocol based vlan
(all|WORD) uni-port <1-8> proto-vlan- tagging operation table entries of specific
table-config onu
[en] show port gpon WORD onu index WORD Showing general information of GPON
onu-information ONU.
[en] show port gpon WORD onu index WORD
Showing slot information of GPON ONU.
slot-information

[en] show port gpon WORD onu index WORD Showing ACS information of GPON
acs-information ONU.

Showing AAA information of GPON


[en] show aaa gpon
ONU
[en] show port gpon WORD onu index Showing unknown mac action of GPON
(all|WORD) unknown-mac ONU. (discard or forward)

Configuring Ports and Links 5-97


Showing OLT LIM Port Information

[Node] Command Help


[en] show port gpon WORD onu index Showing mac learning mode of GPON
(all|WORD) mac-learning-mode ONU. (mac learning enable or disable)
[en] show port gpon WORD onu index Showing mac maximum limit number of
(all|WORD) mac-limit GPON ONU.
[en] show port gpon WORD onu index Showing MAC aging timeout value of
(all|WORD) mac-aging-time GPON ONU.
[en] show port gpon WORD onu index Showing IP filtering table entries of
(all|WORD) ip-filter-table GPON ONU.
Showing traffic management information
[en] show port gpon WORD onu index WORD
of GPON ONU. (total queue & scheduler
traffic-management
number)

Table 5-43 Show GPON CC3942-GP ONU Only

[Node] Command Help


[en] show port gpon WORD onu index WORD Show firmware upgrade status
image-update-status (for only CC3942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Onu interface
interface (lan|wan|voip) (for only CC33942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Vlan id of onu interface
interface vlan id (for only CC33942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Onu port information
port (for only CC33942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Ratelimit
ratelimit (for only CC33942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Self-loop-detect
self-loop-detect (for only CC3942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Startup config
startup-config (for only CC3942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Stormcontrol
stormctl (for only CC3942-GP CLI)
[en] show port gpon WORD onu index WORD Showing Vlan
vlan (for only CC3942-GP CLI)
Showing RG acs
[en] show port gpon WORD rg acs interface
(for only CC3942-GP CLI)

5-98 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

[Node] Command Help


[en] show port gpon WORD rg global- Showing rg global configuration
configuration (for only CC3942-GP CLI)
[en] show port gpon WORD rg interface Showing Vid of RG interface
(wan|voip) vid (for only CC3942-GP CLI)
[en] show port gpon WORD rg interface Showing RG interface mode
mode (for only CC3942-GP CLI)
Showing RG port tag
[en] show port gpon WORD rg port WORD tag
(for only CC3942-GP CLI)
[en] show port gpon WORD onu index Showing RG product information
(all|WORD) rg-product-info (for only CC3942-GP CLI)
[en] show port gpon WORD onu index Showing onu interface information
(all|WORD)interface (for only CC3942-GP CLI)
[en] show port gpon WORD onu index Showing rg-ipaddress information
(all|WORD)rg-ipaddress (for only CC3942-GP CLI)

Table 5-44 Show GPON ONU Database & OMCI Logging history

[Node] Command Help


[en] show port gpon WORD onu index Showing detail OMCI database of each
(all|WORD) onu-database ONU.
[en] show port gpon WORD onu index Showing summary OMCI database of
(all|WORD) onu-database summary each ONU.
[en] show port gpon WORD onu index Showing OMCI database by ME id of
(all|WORD) onu-database me-id <1-65535> each ONU.
[en] show port gpon WORD onu index Showing OMCI database of each ONU
(all|WORD) onu-database voip VoIP.
Show port gpon WORD onu index (all|WORD) Showing OMCI packet history of each
onu-omci-history ONU.
Show port gpon WORD onu index (all|WORD) Showing OMCI packet history count of
onu-omci-history count each ONU.
Show port gpon WORD onu index (all|WORD) Showing detail OMCI packet history of
onu-omci-history detail each ONU.
Show port gpon WORD onu index (all|WORD) Showing errored OMCI packet history of
onu-omci-history error each ONU.
Show port gpon WORD onu index (all|WORD) Showing OMCI packet history by ME id
onu-omci-history me-id <1-65535> of each ONU.

Configuring Ports and Links 5-99


Showing OLT LIM Port Information

[Node] Command Help


Show port gpon WORD onu index (all|WORD) Showing detail OMCI packet history by
onu-omci-history me-id <1-65535> detail ME id of each ONU.
Show port gpon WORD onu index (all|WORD)
Showing OMCI raw packet history by
onu-omci-history me-id <1-65535> raw-
ME id of each ONU.
packet
Show port gpon WORD onu index (all|WORD) Showing OMCI raw packet history of
onu-omci-history raw-packet each ONU.
Show port gpon WORD onu index (all|WORD) Showing reverse OMCI packet history of
onu-omci-history reverse each ONU.
Show port gpon WORD onu index (all|WORD) Showing OMCI packet history by
onu-omci-history trans-id <0-65535> transaction id of each ONU.
Show port gpon WORD onu index (all|WORD)
Showing detail OMCI packet history by
onu-omci-history trans-id <0-65535>
transaction id of each ONU.
detail
Show port gpon WORD onu index (all|WORD)
Showing OMCI packet history by
onu-omci-history trans-id <0-65535>
transaction id of each ONU.
getnext
Show port gpon WORD onu index (all|WORD)
Showing detail OMCI packet history by
onu-omci-history trans-id <0-65535>
transaction id of each ONU.
getnext detail
Show port gpon WORD onu index (all|WORD)
Showing OMCI raw packet history by
onu-omci-history trans-id <0-65535>
transaction id of each ONU.
getnext raw-packet
Show port gpon WORD onu index (all|WORD)
Showing OMCI raw packet history by
onu-omci-history trans-id <0-65535> raw-
transaction id of each ONU.
packet

5-100 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

Showing ONU Attached List

You can show onu attached list with following commands.

Table 5-45 Showing ONU Attached List

Node Command Help


show status onu of all gpon port.
Show : Show running system information
en show onu-attached-list
onu-attached-list : attached ONU entries
of GPON
show status onu of each gpon port.
Show : Show running system information
show onu-attached-list port gpon onu-attached-list : attached ONU entries
en WORD of GPON
port : Port
gpon : GPON port type
WORD : Port identifier
show status onu of each gpon onu.
Show : Show running system information
onu-attached-list : attached ONU entries
of GPON
show onu-attached-list port gpon port : Port
en
WORD index (all|WORD) gpon : GPON port type
WORD : Port identifier
index : onu index
WORD : onu index number
all : onu index all
show status of onu with specific
serial-number
show : Show running system information
onu-attached-list : attached ONU entries
show onu-attached-list serial- of GPON
en
number WORD port : Port
gpon : GPON port type
WORD : Port identifier
serial-number: GPON serial number
WORD : Serial Number

Configuring Ports and Links 5-101


Showing OLT LIM Port Information

(CCCCXXXXXXXX)
show counter of attached all onu
show : Show running system information
onu-attached-list : attached ONU entries
of GPON
en show onu-attached-list counter
port : Port
gpon : GPON port type
WORD : Port identifier
counter : count of attached-onu

Updating GPON-Module
Table 5-46 Updating GPON-Module

[Node] Command Help


[en] update gpon-module WORD image WORD Updating GPON module image
[en]update gpon-olt-firmware olt-device
Updating gpon firmware
OLT_DEVICE_INDEX image FILE_NAME
[en] update port gpon WORD onu index
Updating onu Image
(all|WORD) image NAME
[en] update port gpon WORD onu index WORD
Updating onu firmware
firmware NAME

Clearing Information
Table 5-47 Clearing Information

[Node] Command Help


[en] clear port gpon WORD index ONU_ID Clearing ONU index set with static
[en] clear port gpon WORD onu index
Clearing onu mac-address-table of Index #
WORD mac-address-table
[en] clear port gpon WORD onu index
Clearing port counters
WORD counters
[en] clear port gpon WORD gpon-mac- Clearing gpon-mac-address-table of gpon olt
address-table port
clear port gpon WORD onu index
Clearing onu-omci-history log of Index #
(all|WORD) onu-omci-history
clear port gpon WORD onu index Clearing onu-omci-history log by ME ID of
(all|WORD) onu-omci-history me-id <1- Index #

5-102 Corecess S5 System With GPON User's Guide


Showing OLT LIM Port Information

65535>
clear port gpon WORD onu index
Clearing onu-omci-history log by Transaction
(all|WORD) onu-omci-history trans-id
ID of Index #
<1-65535>

Resetting GPON ONU


Table 5-48 Resetting GPON ONU

[Node] Command Help


[en] reset port gpon WORD onu index WORD Resetting gpon onu
[en] reset gpon-olt-device WORD WORD Resetting gpon olt device

Configuring Ports and Links 5-103


Edition: 0006
Distribution: 12/2012

Chapter 6 Configuring VLAN

This Chapter describes how to create/clear VLAN and add/clear port to VLAN. This chapter also describes
how to configure VLAN interface.
VLAN Configuration

VLAN Configuration
Default Configuration
The table below shows the default VLAN configuration for the Corecess S5 System:

Table 6-1 Default VLAN configuration

Parameter Default

VLAN name DEFAULT

VLAN ID 1

Ports All ports belong to default VLAN.

STP state Off

IP address 0.0.0.0

Subnet mask 0.0.0.0

Tag Untagged

VLAN state active

After modifying the default VLAN configuration, modified configuration will be applied
immediately without rebooting system or using additional command. To maintain the modified
configuration after rebooting the system, save the configuration using write memory
command in Privileged mode.

6-2 Corecess S5 System With GPON User's Guide


VLAN Configuration

Basic VLAN Configuration


You can configure VLAN on the Corecess S5 System when it is starting or running. If you
change VLAN configuration on running, all MAC address that have been learned by the ports
in VLAN will be deleted.

You can configure VLAN on the Corecess S5 System using the following procedures:

1. Design network topology to configure with VLAN.

2. Create VLAN

3. Assign ports to the defined VLAN (or clear ports from VLAN).

4. Save the VLAN configuration and apply the configuration to the system.

Creating VLANs

In the factory default configuration, VLAN support is enabled and all the ports are only in the
Corecess S5 System physical broadcast domain, which is given the name DEFAULT. You can
partition the Corecess S5 System into multiple virtual broadcast domains by adding one or
more additional VLANs and moving ports from the default VLAN to the new VLANs. Because
the default VLAN permanently exists in the Corecess S5 System, adding new VLANs results in
multiple VLANs existing in the Corecess S5 System.

VLAN is distinguished ID from other VLANs. VLAN ID and name can be specified by user.
The range of VLAN ID can be properly selected from 2 to 4094. Defining VLAN does not mean
that broadcast domain is created. When defined VLANs are added in ports, broadcast domain
is created with defined VLANs. Default VLANs in the system cannot be removed, and
ID/VLAN name cannot be changed.

Configuring VLAN 6-3


VLAN Configuration

The following describes how to create VLAN.

Table 6-2 Creating VLAN

Command Description
configure terminal 1. Enter Global configuration mode.

32. Define VLAN.


Vlan id <vlan-id>
 <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>
 <vlan-name> VLAN name

end 3. Return to Privileged mode.

Show vlan 4. Verify VLAN configuration.

The following example creates a VLAN whose id is 2 and name is ‘test’.

# configure terminal
(config)# vlan id 2 name test
(config)# end
# show vlan

VLAN Name Status Slot/Ports


---- ---------------- -------- ------------------------------------
1 DEFAULT active 1/1-4
2/1-4
3/1-4
4/1-4
17/1-4
2 test active

VLAN Interface IGMPs STP Private Promisc Port(s)


---- ---------- -------- -------- -------- ------------------------
1 disable disable enable Disable None
2 disable disable enable Disable None
#

To delete a VLAN, use the no vlan command in Global configuration mode. The following
example deletes the VLAN whose id is 2:

(config)# no vlan id 2
(config)#

6-4 Corecess S5 System With GPON User's Guide


VLAN Configuration

Assigning Ports to a VLAN

You should add ports that belong to the same broadcast domain to a VLAN after defining a
VLAN. When ports are assigned to a VLAN, a broadcast domain with assigned ports is created.
If you add ports belonging to the default VLAN to other VLAN, the ports are deleted from the
default VLAN and are added to other VLAN.
To add ports to a VLAN, use the following commands.

Table 6-3 Assigning ports to a VLAN

Commands Description
configure terminal 1. Enter Global configuration mode.
33. Assign the specified ports to the VLAN.
Vlan {id <vlan-id> |
 <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>}
 <vlan-name> VLAN name
port gigabitethernet
 <slot>/<port> slot number / port number to be added to
<slot>/<port>
the VLAN
end 3. Return to Privileged mode.

Show vlan [id <vlan- 34. Verify the VLAN configuration.


id> | name <vlan-  <vlan-id> ID of the VLAN to verify (2 ~ 4094)
name>]  <vlan-name> Name of the VLAN to verify

The following example shows how to add the Gigabit Ethernet port 5/4 to the VLAN that the
ID is 2:

# configure terminal
(config)# vlan id 2 port gigabitethernet 5/4
(config)# end
# show vlan id 2
VLAN Name Status Slot/Ports
---- ---------------- -------- ------------------------------------
2 test active 5/4

VLAN Interface IGMPs STP Private Promisc Port(s)


---- ---------- -------- -------- -------- ------------------------
2 disable disable enable Disable None
#
To remove ports from a VLAN, use no vlan command in Global configuration mode. The
following example shows how to remove the Gigabit Ethernet port 5/4 from the VLAN that
name is ‘test’.

(config)# no vlan name test port gigabitethernet 5/4


(config)#

Configuring VLAN 6-5


VLAN Configuration

Assigning IP Address to a VLAN

To assign the IP address of a VLAN, use the following command.

Table 6-4 Assigning IP address to a VLAN

Commands Description
configure terminal 1. Enter Global configuration mode.

Interface vlan 35. Enter Interface configuration mode.


{id <vlan-id> |  <vlan-id> VLAN ID (2 ~ 4094)
name <vlan-name>}  <vlan-name> VLAN name

36. Assign the IP address of the VLAN


ip address
 <network-num> IP address
<network-num>/<M>
 <M>: subnet mask

end 4. Return to Privileged mode.

37. Verify the VLAN configuration.


Show vlan [id <vlan-id>
 <vlan-id> VLAN ID to display (2 ~ 4094)
| name <vlan-name>]
 <vlan-name> VLAN name to display

show interface vlan 38. Verify the interface configuration.


[id <vlan-id> |  <vlan-id> VLAN ID to retrieve (2 ~ 4094)
name <vlan-name>]  <vlan-name> VLAN name to retrieve

This example shows how to specify the IP address of the VLAN whose id is ‘1’:

(config)# interface vlan id 1


(config-if)# ip address 172.27.2.100/16
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 14463, bytes 871754, dropped 0, multicast packets 6281
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 474, bytes 414, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

To remove the IP address of a VLAN, use the no ip address command in interface


configuration mode. The following example shows how to remove the IP address of the VLAN
whose id is ‘2’.

6-6 Corecess S5 System With GPON User's Guide


VLAN Configuration

(config)# interface vlan id 2


(config-if)# no ip address 10.1.1.1/24

Assigning Secondary IP address to a VLAN

You can specify another IP address to a VLAN. This is called ‘secondary’ IP address. Secondary
IP address is useful that the number of hosts is more than the number of IP addresses.

To specify the secondary IP address to the VLAN, use the following command in Global
configuration mode:

Table 6-5 Assigning secondary IP address to a VLAN

Command Description
configure terminal 1. Enter Global configuration mode.

Interface vlan 39. Enter Interface configuration mode.


{id <vlan-id> |  <vlan-id> ID of the VLAN to configure (2 ~ 4094)
name <vlan-name>}  <vlan-name> Name of the VLAN to configure

ip address 40. Specify the secondary IP address of the VLAN.


<network-num>/<M>  <network-num> IP address
secondary  <M> subnet mask (Number of ‘1’)

end 3. Return to Privileged mode.

Show interface 4. Verify the VLAN configuration.

This example shows how to specify the secondary IP address of the VLAN whose id is ‘1’:

# configure terminal
(config)# interface vlan id 1
(config-if)# ip address 172.25.1.100/16 secondary
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
inet 172.25.1.100/16 broadcast 172.25.255.255 secondary
input packets 14926, bytes 899535, dropped 0, multicast packets 6491
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 474, bytes 414, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0

Configuring VLAN 6-7


VLAN Configuration

To remove the secondary IP address of a VLAN, use the no ip address secondary


command in interface configuration mode. The following example shows how to remove the
secondary IP address of the VLAN whose id is ‘1’.

(config)# interface vlan id 1


(config-if)# no ip address 172.25.1.100/16 secondary
(config-if)# end

# show interface vlan id 1


Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 15547, bytes 936795, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 474, bytes 414, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

6-8 Corecess S5 System With GPON User's Guide


VLAN Configuration

Configuring 802.1Q Trunk


The VLAN can transmit and receive data with other devices when the VLAN has its proper ID
using 802.1Q trunk. To maintain VLAN information (tag), 802.1Q trunk ports should be defined
on each device that transmits data, then the devices forms tunnels to transmit traffic safely.

If 802.1Q trunk is applied, the devices can share their VLANs. Because a switch generally does
not know VALN information of other switch, the switch cannot share VALN. Thus, nodes that
connected to several devices cannot be configured to be included in the same VLAN. In this
occasion, if traffic that has VLAN information is transmitted by 802.1Q trunk, because the
switch that receives traffic recognizes VLAN information and can forward traffic to the
corresponding VLAN, VLANs can be shared between switches.
802.1Q truck is generally used for VPN (Virtual Private Network).

To configure trunk ports for 802.1Q tunneling, use the following commands.

Table 6-6 802.1 Configuring trunk port

Command Description
configure terminal 1. Enter Global configuration mode.
Dot1q port gigabitethernet 41. Specify 802.1Q trunk port.
<slot>/<port> tag <tag-id>  <slot>/<port> Slot/Port number of trunk port
[<tag-id> … ] <tag-id> VLAN ID
end 3. Return to the Privileged mode.
Show dot1q port 4. Verify the 802.1Q trunk port configuration.

If 802.1Q trunk port is configured on the Corecess S5 System as above, traffic is transmitted
through the tunnel between 802.1Q trunk port of the connected neighbor device and the
Corecess S5 System. Traffic is also received from 802.1Q trunk port that is defined on the
Corecess S5 System. The trunk port that received traffic does not remove 802.1Q tag of the
traffic header but forward all received 802.1Q traffic to the VLAN that has the trunk port
instead.

The VLAN that has the trunk port transmits the subscriber traffic to other neighbor device that
is included in the VLAN of the trunk port. When the traffic reaches to the final destination,
802.1Q tag is removed, traffic is removed from the tunnel.

Configuring VLAN 6-9


VLAN Configuration

The following example shows how to specify 802.1Q trunk port and verify the result.

# configure terminal
(config)# vlan id 2 port gigabitethernet 17/1,17/2
(config)# dot1q port gigabitethernet 17/1 tag 1-2
(config)# end
# show dot1q
Port allowed 802.1q VLAN TAGs
-------- -----------------------------------------------------------------
17/1 1-2
# show dot1q port gigabitethernet 17/1
Port PVID Acceptable frame types Ingress filter
---------- ---- ---------------------- --------------
17/1 2 all off
Port allowed 802.1q Vlans
-------- -----------------------------------------------------------------
17/1 1-2
#

6-10 Corecess S5 System With GPON User's Guide


Configuring Q in Q

Configuring Q in Q
The ‘802.1Q-in-802.1Q’ technology which is commonly called Q-in-Q is able to raise
extensibility as the number of VLAN’s managed as a whole is reduced by dividing the 802.1Q
grouping VLAN into many 802.1Q’s once again.

Q-in-Q Features
The Q-in-Q function provided in this equipment is operated by having the following features.

1. The value of 802.1Q VLAN Tag brought from subscriber is irrelevant.


2. The PVID value of subscriber port is used as VLAN value of Outer VLAN Tag.
3. The PVID value of subscriber must be set as VLAN Tag at the Uplink Port connected to ISP network.

Configuring VLAN 6-11


Configuring Q in Q

Q-in-Q Setup
The Q-in-Q setup assigns subscriber port and assigns the PVID of corresponding subscriber
port as a tag at the ISP Uplink port.

Command Description
configure terminal Enter Privileged mode.

Vlan id <1-4095> port type


Assigns the PVID of subscriber port.
<Port Number>

Dot1q-tunnel port type <Port


The Q-in-Q is activated at the subscriber port.
Number>
Dot1q port <Port Type> <Port The PVID of subscriber port is assigned as a tag at the ISP Uplink
Number> tag <1-4095> port.

The following is an example of setup to provide the Q-in-Q service by adding the VLAN Tag
1000 times for VLAN Tag attached packets that are coming up from the subscriber port.

# configure terminal
(config)# vlan id 1000 port gigabitethernet 3/3
(config)# dot1q-tunnel port gigabitethernet 3/3
(config)# dot1q port gigabitethernet 1/1 tag 1000
(config)# dot1q port gigabitethernet 1/2 tag 1000
(config)#

Transparent Switching Setup


Even for the BPDU packets such as STP and LACP that must be processed at Control Plane, the
Transparent Switching must be activated on BPDU and Q-in-Q packets for specific VLAN’s and
specific port using following commands for the Q-in-Q processing.

Command Description
configure terminal Enter Global configuration mode.

Vlan id <1-4095> pass-thru Enable Transparent Switching on BPDU or Q-in-Q packet at a


(bpdu|q-in-q) specific VLAN

6-12 Corecess S5 System With GPON User's Guide


Configuring Q in Q

port <Port Type> <Port


Enable Transparent Switching on BPDU or Q-in-Q packet at a
Number> pass-thru (bpdu|q-
specific port.
in-q)

The above is an example of activating the BPDU Transparent Switching function for subscribers
of gigabitethernet 3/1 port among the example above.

(config)#
(config)# vlan id 1000 pass-thru bpdu
(config)# port gigabitethernet 3/1 pass-thru bpdu
(config)# port gigabitethernet 1/1-2 pass-thru bpdu
(config)# vlan id 1000 pass-thru q-in-q
(config)# port gigabitethernet 3/1 pass-thru q-in-q
(config)# port gigabitethernet 1/1-2 pass-thru q-in-q
(config)#

Priority Copy Setup


The command is necessary if the priority value set at the VLAN Tag of packets that came in
from the subscriber port has to be used as a priority value of outer VLAN Tag added through
Q-in-Q.

Command Description
configure terminal Enter Global configuration mode.

Port <Port Type> <Port


Enable priority copy function at a specific port.
Number> priority-copy

The following example shows how to set Priority Copy on the gigabitethernet 3/2 port.

(config)#
(config)# port gigabitethernet 3/2 priority-copy
(config)#

Configuring VLAN 6-13


Configuring VLAN Interface

Configuring VLAN Interface


Many features are enabled on a per-interface basis. The Corecess S5 System supports VLAN
interface type. This section describes the VLAN interface configuration tasks in interface
configuration mode.

Entering Interface Configuration Mode


You can enter Interface configuration mode using the interface command in Global
configuration mode. Follow each interface command with Interface configuration
commands your particular VLAN interface requires. When you enter the interface
command, you must specify the VLAN interface. After specifying the VLAN interface, all
command in Interface configuration is only applied to the specified VLAN interface.

The following example shows how to enter Interface configuration mode to configure VLAN
interface that ID is 1.

(config)# interface vlan id 1


(config-if)#

You have entered interface configuration mode when the prompt changes to (config-if)#.
You can configure the followings of the VLAN interface on Interface configuration mode:

 Configuring the OSPF on the VLAN interface


 Configuring the IS-IS on the VLAN interface

 Configuring the RIP on the VLAN interface


 Enabling split-horizon on the VLAN interface
 Enabling multicasting on the VLAN interface

 Configuring IP parameters of the VLAN interface


 Shutting down the VLAN interface

Note: To specify the IP address of the VLAN interface, refer to Assigning the IP address
of a VLAN section in this chapter.

6-14 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Configuring OSPF on the VLAN Interface


You can configure the following OSPF parameters of each VLAN interface:

Table 6-7 Configuring OSPF on the VLAN Interface

Parameter Description
OSPF supports three methods of authentication for each interface—none, simple
password, and MD5.
 None : Send/Receive OSPF routing packet without any authentication mode.
 Simple Password : The simple password method of authentication requires you
to configure an alphanumeric password on an interface. The simple password
setting takes effect immediately. All OSPF packets transmitted on the interface
Authentication contain this password. Any OSPF packet received on the interface is checked
Mode for this password. If the password is not present, then the packet is dropped.
 MD5 : The MD5 method of authentication requires you to configure a key ID
and an MD5 Key. The key ID is a number from 1 – 255 and identifies the MD5
key that is being used. The MD5 key can be up to sixteen alphanumeric
characters long.
Only one method of authentication can be active on an interface at a time. The
default authentication value is none, meaning no authentication is performed.
In Simple Password authentication method, the key can be up to eight characters
Authentication long. In MD5(Message Digest) authentication method, the key ID is a number from
Key 1 – 255 and identifies the MD5 key that is being used. The MD5 key can be up to
sixteen alphanumeric characters long.
The overhead required to send a packet across an interface. You can modify the cost
to differentiate between 100 Mbps and 1000 Mbps (1 Gbps) links. The default cost is
Cost calculated by dividing 100 million by the bandwidth. For 10 Mbps links, the cost is
10. The cost for both 100 Mbps and 1000 Mbps links is 1, because the speed of 1000
Mbps was not in use at the time the OSPF cost formula was devised.
The number of seconds that a neighbor router waits for a hello packet from the
Dead-interval current router before declaring the router down. The value can be from 1 – 65535
seconds. The default is 40 seconds.
The length of time between the transmissions of hello packets. The value can be
Hello-interval
from 1 – 65535 seconds. The default is 10 seconds.
The time between retransmissions of link-state advertisements (LSAs) to adjacent
Retransmit-
routers for this interface. The value can be from 0 – 3600 seconds. The default is 5
interval
seconds.
The time it takes to transmit Link State Update packets on this interface. The value
Transmit-delay
can be from 0 – 3600 seconds. The default is 1 second.
Network The OSPF network type. The default network type is broadcast.
The priority allows you to modify the priority of an OSPF router. The priority is
used when selecting the designated router (DR) and backup designated routers
Priority
(BDRs). The value can be from 0 – 255. The default is 1. If you set the priority to 0,
the Corecess S5 System does not participate in DR and BDR election.

Configuring VLAN 6-15


Configuring VLAN Interface

Setting Simple Password Authentication Method

In simple Password authentication method, a particular key is specified for each area. Routers
in the same area should use the same key. This method has a disadvantage that the key can be
disclosed because the key is not encrypted.

To set simple authentication key and password authentication method, use the following
commands.

Table 6-8 Setting Simple Password Authentication Method

Command Description
configure terminal 1. Enter Global configuration mode.
Interface vlan id 42. Enter Interface configuration mode.
<vlan-id>  <vlan-id> VLAN interface ID (1 ~ 4094)
ip ospf authentication- 43. Specify password for authentication.
key <key>  <key> password (8 character, 16byte)
exit 4. Return Global configuration mode.
Router ospf 5. Enter OSPF configuration mode.
Area <area-id>
6. Set simple password authentication method in the specified area.
authentication

The following example shows how to set simple password authentication method.

(config)# interface vlan id 1


(config-if)# ip ospf authentication-key mypasswd
(config-if)# exit
(config)# router ospf
(config-router)# network 210.120.1.0/26 area 23
(config-router)# area 23 authentication
(config-router)#

To remove the key of the specified simple password authentication method, use no ip ospf
authentication-key command.

6-16 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Setting MD5 Authentication Method

MD5 (Message Digest) authentication assign a key and key identifier to each router. The router
makes authentication information(Message digest) using OSPF packets, key, and key identifier.
This authentication information will be appended to OSPF packets and sent.

In general, one key is used per interface to generate authentication information when sending
packets and to authenticate incoming packets. The same key identifier on the neighbor router
must have the same key value.

The following example shows that the new MD5 password is added over the existing MD5
password.

(config)# interface vlan id 1


(config-if)# ip ospf message-digest-key 100 md5 OLD

You can add a new key to the following:

(config)# interface vlan id 1


(config-if)# ip ospf message-digest-key 101 md5 NEW

The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It
sends multiple copies of the same packet, each authenticated by different keys. In this example,
the system sends out two copies of the same packet—the first one authenticated by key 100 and
the second one authenticated by key 101.

Rollover allows neighboring routers to continue communication while the network


administrator is updating them with the new key. Rollover stops once the local system finds
that all its neighbors know the new key. The system detects that a neighbor has the new key
when it receives packets from the neighbor authenticated by the new key. After all neighbors
have been updated with the new key, the old key should be removed.

To remove the old key, enter the following:

(config)# interface vlan id 1


(config-if)# no ip ospf message-digest-key 100

Then, new password is only used for VLAN interface.

Configuring VLAN 6-17


Configuring VLAN Interface

Then, only key 101 is used for authentication on the interface eth1. We recommend that you not
keep more than one key per interface. Every time you add a new key, you should remove the
old key to prevent the local system from continuing to communicate with a hostile system that
knows the old key. Removing the old key also reduces overhead during rollover.

The following example sets a new key 100 with the password mypasswd on interface vlan1:

(config)# interface vlan id 1


(config-if)# ip ospf message-digest-key 100 md5 mypasswd
(config-if)# exit
(config)# router ospf
(config-router)# network 210.100.1.0/26 area 0.0.0.0
(config-router)# area 0.0.0.0 authentication message-digest

Configuring Cost of OSPF interface

Each interface can have only one cost in the Corecess S5 System. The cost of OSPF interface is
calculated by the following formula depending on interface bandwidth.

Cost = 100000000 /bandwidth (bps)

If interface cost using above formula is not preferable to be used to user network, use ip ospf
cost command to specify cost to each interface in Interface configuration mode.

Command Description

ip ospf cost <cost>  <cost> Interface cost (1 ~ 65535)

The following example sets the cost value of a VLAN interface to 10:

(config)# interface vlan id 1


(config-if)# ip ospf cost 10
(config-if)#

6-18 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Specifying Dead-Interval

Dead-interval indicates the number of seconds that a neighbor router waits for a hello packet
from the current router before declaring the router down. The value can be from 1 – 65535
seconds. The default is 40 seconds.

To specify dead-interval, use the following commands in Interface configuration mode:

Command Description

ip ospf dead-interval  <seconds> Unsigned integer that specifies the interval in seconds;
<seconds> the value must be the same for all nodes on the network (1 ~ 65535)

The following example sets the OSPF dead interval to 60 seconds:

(config)# interface vlan id 1


(config-if)# ip ospf dead-interval 60
(config-if)#

Specifying Hello-Interval

Hello-interval represents the length of time between the transmissions of hello packets. The
value can be from 1 – 65535 seconds. The default is 10 seconds. To specify the hello-interval, use
the following commands in Interface configuration mode:

Command Description

 <seconds> Unsigned integer that specifies the interval in seconds.


ip ospf hello-interval
The value must be the same for all nodes on a specific network (1 ~
<seconds>
65535).

The following example sets the interval between hello packets to 15 seconds:

(config)# interface vlan id 1


(config-if)# ip ospf hello-interval 15
(config-if)#

Configuring VLAN 6-19


Configuring VLAN Interface

Specifying Retransmit interval

Retransmit-interval is the time between retransmissions of link-state advertisements (LSAs) to


adjacent routers for the interface. The value can be from 3 – 65535 seconds. The default is 5
seconds. To specify the retransmit-interval, use the following commands in Interface
configuration mode:

Command Description

 <seconds> Time in seconds between retransmissions. It must be


ip ospf retransmit-
greater than the expected round-trip delay between any two routers
interval <seconds>
on the attached network (3 ~ 65535)

The following example sets the retransmit-interval value of the interface vlan1 to 8 seconds:

(config)# interface vlan id 1


(config-if)# ip ospf retransmit-interval 8
(config-if)#

Specifying Transmit Delay

Transmit delay is the time it takes to transmit Link State Update packets on the interface. The
value can be from 1 – 65535 seconds. The default is 1 second. To specify the transmit delay, use
the following commands in Interface configuration mode:

Command Description

ip ospf ospf transmit-  <seconds>: Time in seconds that it takes to transmit a link state
delay <seconds> update (1 ~ 65535).

The following example sets the retransmit-delay value of the interface vlan 1 to 3 seconds:

(config)# interface vlan id 1


(config)# ip ospf transmit-delay 3
(config)#

6-20 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Specifying Priority

Priority allows you to modify the priority of an OSPF router. The priority is used when
selecting the designated router (DR) and backup designated routers (BDRs). The value can be
from 0 – 255. The default is 1. If you set the priority to 0, the system does not participate in DR
and BDR election.

To set the router priority, use the following commands in Interface configuration mode:

Command Description

ip ospf priority <number>  <number>: Router priority (0 ~ 255)

The following example sets the router priority value to 4 of the interface vlan1:

(config)# interface vlan id 1


(config-if)# ip ospf priority 4
(config-if)#

Configuring VLAN 6-21


Configuring VLAN Interface

Configuring IS-IS on the VLAN Interface


You can configure the following IS-IS parameters of each VLAN interface:

Table 6-9 IS-IS interface Parameters

Parameter Description

Circuit-type Specifies adjacency levels on a specified interface.


CSNP interval Configures the IS-IS CSNP interval for a specified interface.
Hello interval Specifies the length of time between hello packets for a specified interface.

Hello Padding Enables or disables hello padding for IS-IS hello packets.

Hello Multiplier Specifies the hello multiplier for calculating the hold time.
LSP interval Configures the delay between successive IS-IS link state packet transmissions
Configures the number of seconds between retransmission of IS-IS LSPs for
Retransmit Interval
point-to-point links.
Mesh Group Creates a mesh group and designate that an interface is part of the group.
Metric Configure a cost for a specified interface.
Password Configures a password for a specified interface.
Priority Configures the priority of designated router (DR).

Note: Most interface configuration commands can be configured independently from other
attached routers. But the isis password command should configure the same password
on all routers on a network.

This section describes how to configure IS-IS parameters on a VLAN interface.

6-22 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Configuring IS-IS Levels

You specify the IS-IS level on a per-interface basis, and the Corecess S5 System becomes
adjacent with other routers on the same level on that link only. The Corecess S5 System
supports the following IS-IS levels:

 Level-1
Establish a Level 1 adjacency if there is at least one area address in common between this
system and its neighboring systems. If Level 1 is set, this interface cannot support Level 2
adjacencies.

 Level-1-2
Establish a Level 1 and Level 2 adjacency if a neighboring system is also configured as a Level
-1-2 and there is at least one area address in common. If there is no area address in common, a
Level 2 adjacency is established.

 Level-2-only
Establish a Level 2 adjacency if the neighboring system is configured as a Level 2-only router.

To configure the type of IS-IS adjacency for an interface, enter the isis circuit-type
command in Interface configuration mode:

Command Description

level-1: Configures the interface to support only intra-area traffic.


level-1-2: Configures the interface to support both intra-area
isis circuit-type
traffic and inter-area traffic.
{level-1 | level-1-2 |
level-2-only: Configures the interface to support only Level-2
level-2-only}
adjacencies. This option is used on routers that are between areas to
prevent transmission of unnecessary Level 1 hellos.

The following example shows how to configure the VLAN interface to support a Level-2
adjacency:

(config)# interface vlan id 1


(config-if)# isis circuit-type level-2-only
(config-if)#

Note: Normally, this command does not need to be configured. Only on routers that are
between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only
to prevent wasting bandwidth by sending out unused Level 1 hellos. Note that on point -to-
point interfaces, the Level 1 and Level 2 hellos are in the same packet.

Configuring VLAN 6-23


Configuring VLAN Interface

Modify the IS-IS Metric

All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. The cost is an arbitrary, dimensionless integer that can be from 1 through 63. The
default metric value is 10.

To modify the default value, enter the isis metric command in Interface configuration
mode:

Command Description
 <metric-value> The default metric is used as a value for the IS-IS
isis metric
metric. Valid values are 0 – 63.
<metric-value>
 level-1 Configures the metric only for level-1 routing.
[level-1 | level-2]
 level-2 Configures the metric only for level-2 routing.

The following example shows how to configure the default metric for the VLAN interface:

(config)# interface vlan id 1


(config-if)# isis metric 15

Note: If no level is specified, the isis metric command configures the metric for level-1
routing only.

Configuring the CSNP Interval

On broadcast networks, designated routers send complete sequence number PDU (CSNP)
packets to maintain database synchronization. The CSNP interval timer is the number of
seconds between transmissions of CNSP packets from this interface.

The CSNP interval is configured independently for Level 1 and Level 2. This feature does not
apply to point-to-point interfaces. To modify the CSNP interval, enter the csnp-interval
command in Interface configuration mode.

Command Description
 <seconds> The interval of time between transmissions of CSNPs on
broadcast networks. This interval only applies to the designated
isis csnp-interval router. This can be a number between 0 and 65535 seconds.
<seconds> [level-1|  level-1 Configures the amount of time between transmissions of
level-2] CSNPs for Level 1 independently.
 level-2 Configures the interval of time between transmission of
CSNPs for Level 2 independently.

6-24 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

The following example shows how to configure the transmission interval for CSNP packets:

(config)# interface vlan id 1


(config-if)# isis csnp-interval 30

Configuring the Hello Interval

To modify how often the system sends hello packets out of an interface, enter the isis
hello-interval command in Interface configuration mode.

Command Description
 <seconds>: Number of seconds between transmissions of hello
packets. Valid values are between 1 and 65535 seconds.
isis hello-interval
 minimal:. Causes the system to compute the hello interval based on
{<seconds>|minimal}
the hello multiplier so that the resulting hold time is 1 second.
[level-1|level-2]
 level-1: Configures the hello interval for Level 1 independently
 level-2: Configures the hello interval for Level 2 independently
The following example shows how to configure the VLAN interface to advertise hello packets
every 5 seconds:

(config)# interface vlan id 1


(config-if)# isis hello-interval 5
(config-if)#

If the minimal keyword is specified, the hold time is 1 second and the system computes the
hello interval based on the hello multiplier as follow:

Hello interval = 1000 / (hello-multiplier) ms

Configuring VLAN 6-25


Configuring VLAN Interface

Setting the Hello Multiplier

The hello multiplier determines the total holding time transmitted in the IS-IS hello packet.
Holding time is the time a neighbor waits for another hello packet before declaring the neighbor
is down.

The hello interval times multiplied by the hello multiplier equals the hold time. If the hello
interval is 10 seconds and the hello multiplier is 3, the hold time is 30 seconds.

Hold time = hello interval x hello multiplier

To modify the hello multiplier, enter the isis hello-multiplier command in Interface
configuration mode.

Command Description
 <multiplier>: The multiplier used to determine how long to
hold an IS-IS hello packet before declaring an adjacency down.
isis hello-multiplier Valid values are 3 – 1000.
<multiplier>  level-1: Configures the hello multiplier independently for Level
[level-1|level-2] 1 adjacencies.
 level-2: Configures the hello multiplier independently for Level
2 adjacencies.
The following example configures the hello interval and hello multiplier to 6 and 10. As the
result, an adjacency will go down only when many (10) hellos are missed and the total time to
detect link failure is 60 seconds.

(config)# interface vlan id 1


(config-if)# isis hello-interval 6
(config-if)# isis hello-multiplier 6
(config-if)# isis hello-interval multiplier
(config-if)#

6-26 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Configuring Hello Padding

Padding adds extra characters to the hello packets so that all packets sent out by Is-IS have the
maximum sized data payload.

To enable hello padding for IS-IS hello packets, enter the isis hello padding command in
Interface configuration mode as follows:

(config)# interface vlan id 1


(config-if)# isis hello padding
(config-if)#

Setting the LSP Interval

To configure the time delay between successive IS-IS link state packet transmissions, enter the
isis lsp-interval command in Interface configuration mode.

Command Description

isis lsp-interval  <milliseconds>: Time delay between successive link state packets.
<milliseconds> Valid values are 1 ~ 4294967295.

The default LSP interval is 33 milliseconds. The following example configures the LSP interval
to 100 milliseconds (10 packets per second) on the VLAN interface:

(config)# interface vlan id 1


(config-if)# isis lsp-interval 100
(config-if)#

Configuring VLAN 6-27


Configuring VLAN Interface

Configuring the LSP Retransmit Interval

To configure the amount of time between retransmission of each IS-IS LSP on a point-to-point
link, enter the isis retransmit-interval command in Interface configuration mode.

Command Description

isis retransmit-  <seconds>: Time in seconds between retransmission of each LSP.


interval <seconds> Valid values are 1 ~ 65535.

The following example shows how to configure the LSP retransmit interval to 60 seconds:
(config)# interface vlan id 1
(config-if)# isis retransmit-interval 60
(config-if)#

Configuring Mesh Groups

A mesh group is a set of routers that are fully connected; that is, they have a fully meshed
topology. When LSP packets are being flooded throughout an area, each router within a mesh
group receives only a single copy of an LSP packet instead of receiving one copy from each
neighbor, thus minimizing the overhead associated with the flooding of LSP packets.

To create a mesh group and designate that an interface is part of the group, enter the isis
mesh-group command in Interface configuration mode.
Command Description

 <group-number>: A number identifying the mesh group of which


isis mesh-group
this interface is a member. Valid values are1 ~ 4294967295.
{<group-number> |
 blocked: Specifies that no LSP flooding will take place on this
blocked}
interface.

In the following example show how to configure the VLAN interfaces to be a member of the
mesh group 3:

(config)# interface vlan id 1


(config-if)# isis mesh-group 3

6-28 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Configuring the Authentication Password

You can prevent unauthorized routers from forming adjacencies with the Corecess S5 System,
and thus protects the network from intruders.
To configure the authentication password for an interface, enter the isis password
command in Interface configuration mode.
Command Description
 <string>: Authentication password you assign for an interface.
isis password  level-1: Configures the authentication password for Level 1
<string> [level-1 | independently.
level-2]  level-2: Configures the authentication password for Level 2
independently.
The following example configures a password for the VLAN interface:
(config)# interface vlan id 1
(config-if)# isis password corecess

Configure the Priority of DR

The priority is used to determine which router on a LAN will be the designated router (DR) or
Designated Intermediate System (DIS). The priorities are advertised in the hellos. The router
with the highest priority will become the DIS. In the case of equal priorities, the highest MAC
address breaks the tie.
To configure the priority of DR, enter the isis priority command in Interface configuration
mode.
Command Description
isis priority  <priority> The priority of a router and is a number from 0 to 127.
<priority>  level-1 Sets the priority for Level 1 independently.
[level-1 | level-2]  level-2 Sets the priority for Level 2 independently.

The following example shows how to set the priority level to 80:

(config)# interface vlan id 1


(config-if)# isis priority 80

Configuring VLAN 6-29


Configuring VLAN Interface

Configuring RIP on the VLAN Interface


You can configure the following RIP parameters of each interface:

Table 6-10 RIP interface Parameters

Parameters Description
RIP supports two methods of authentication for each interface— simple
password and MD5. Only one method of authentication can be active on an
interface at a time.
• The simple password method of authentication requires you to configure an
alphanumeric password on an interface. The simple password setting takes
effect immediately. All OSPF packets transmitted on the interface contain this
authentication mode password. Any OSPF packet received on the interface is checked for this
password. If the password is not present, then the packet is dropped. The
password can be up to eight characters long.
• The MD5 method of authentication requires you to configure a key ID and an
MD5 Key. The key ID is a number from 1 – 255 and identifies the MD5 key
that is being used. The MD5 key can be up to sixteen alphanumeric
characters long.
In Simple Password authentication method, the key can be up to eight
characters long. In MD5(Message Digest) authentication method, the key ID is a
Authentication Key
number from 1 – 255 and identifies the MD5 key that is being used. The MD5
key can be up to sixteen alphanumeric characters long.
RIP version RIP version can be specified to each interface.
Split Horizon function is that the same route information cannot be transmitted
Split Horizon
to the interface if route information is received form a particular interface.
This section describes how to configure RIP parameter in VLAN interface.

Configuring RIP Authentication

RIP version 2 provides authentication function to check receiving routing information is secure.
RIP does not add a new field to packets for authentication, but uses the first entry of message as
authentication key. RIP specifies key chain as the key to be used for authentication. Key chain is
a group of keys. If key chain is specified for each interface, the key of key chain is used when
authentication proceeds.
There are two authentication mode-Simple password and MD5. By default, simple password
mode is used. In Simple password mode, the key is transmitted without any encryption. Thus,
if authentication is used for security, the mode is inappropriate. In MD5 authentication mode,
the key is encrypted to “message digest” using MD5 algorithm, then the message digest is
transmitted instead of the key.

6-30 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Setting MD5 Authentication Mode


To set MD5 authentication mode for RIP authentication, use the following command.

Table 6-11 Setting MD5 Authentication Mode

Command Description
configure terminal 1. Enter Global configuration mode.
Interface vlan id 44. Enter Interface configuration mode.
<vlan-id>  <vlan-id> VLAN interface ID (1 ~ 4094)
ip rip authentication
45. Specify the type of key for authentication
key-chain
<name-of-chain>  <name-of-chain> Name of key group (key chain).
Ip rip authentication
4. Specify MD5 authentication mode.
mode md5

To authenticate RIP packets with MD5 authentication mode, specify the type of key to use for
authentication using ip rip authentication key-chain command. Then, specify which
authentication mode will used between simple password and MD5. By default, simple
password authentication mode is specified.

The following example shows how to set MD5 authentication mode.

# configure terminal
(config)# key chain corecess
(config-keychain)# key 1
(config-keychain-key)# key-string 234
(config-keychain-key)# exit
(config-keychain)# exit
(config)# interface vlan id 1
(config-if)# ip rip authentication key-chain corecess
(config-if)# ip rip authentication mode md5

If you cancel the specified authentication mode and back to the default, use no ip rip
authentication mode command. And, if you cancel the key chain that is used for
authentication, use no ip rip authentication key-chain command.

Configuring VLAN 6-31


Configuring VLAN Interface

Setting Simple Password Authentication Mode


To set simple password authentication mode for RIP authentication, use the following
command.

Table 6-12 Setting Simple Password Authentication Mode

Command Description
configure terminal 1. Enter Global configuration mode.
Interface vlan id 46. Enter Interface configuration mode.
<vlan-id>  <vlan-id> VLAN interface ID (1 ~ 4094)
ip rip authentication 47. Specify the type of key
string <auth-string>  <auth-string> Authentication string (less than 16 character)
ip rip authentication
4. Specify simple password authentication mode.
mode text

The following example shows how to set simple password authentication method.

(config)# interface vlan id 1


(config-if)# ip rip authentication string corecess
(config-if)# ip rip authentication mode text

To remove the key of the specified simple password authentication method, use no ip rip
authentication-key command.

6-32 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Specifying RIP Version

To specify a Routing Information Protocol (RIP) version on an interface basis, use the following
commands in Interface configuration mode:

Table 6-13 Specifying RIP Version

Command Description
configure terminal 1. Enter Global configuration mode.
Interface vlan id 48. Enter Interface configuration mode.
<vlan-id>  <vlan-id> VLAN interface ID (1 ~ 4094)
49. Specify RIP version to receive.
ip rip receive  <version> RIP version (1, 2)
version <version> -1 :Accepts only RIP Version 1 packets on the interface.
-2 :Accept only RIP Version 2 packets on the interface.
- 1 2 : Accepts both RIP Version 1 and 2 packets on the interface.
50. Specify RIP version to send.
Ip rip send version  <version> RIP version (1, 2)
<version> -1 :Sends only RIP Version 1 packets out the interface.
-2 :Sends only RIP Version 2 packets out the interface.
- 1 2 : Sends both RIP Version 1 and 2 packets out the interface.

The following example configures the interface to receive both RIP Version 1 and Version 2
packets:

# configure terminal
(config)# interface vlan id 1
(config-if)# ip rip receive version 1 2

The following example configures the interface to send both RIP Version 1 and Version 2
packets out the interface:

# configure terminal
(config)# interface vlan id 2
(config-if)# ip rip send version 2

Configuring VLAN 6-33


Configuring VLAN Interface

Enabling Split-Horizon

RIP can use the “split-horizon” to prevent routing loops. The split horizon is the function that
the router does not advertise a route on the same interface as the one on which the router
learned the route.

To enable the split horizon on an interface, use the following commands.

Table 6-14 Enabling Split-Horizon

Command Description
configure terminal 1. Enter Global configuration mode.

Interface vlan id 51. Enter Interface configuration mode.


<vlan-id>  <vlan-id> VLAN interface ID (1 ~ 4094)

ip split-horizon 3. Enable split horizon on the specified interface.

The following example shows how to enable split horizon function.

# configure terminal
(config)# interface vlan id 1
(config)# ip split-horizon
(config)#

To disable the split horizon mechanism, use the no ip split-horizon command in Interface
configuration mode.

6-34 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Enabling Multicasting on the VLAN Interface


To enable the interface to forward the multicast packets, use the following commands in Global
configuration mode:

Table 6-15 Enabling Multicasting on the VLAN Interface

Command Description
configure terminal 1. Enter Global configuration mode.

Interface vlan id 52. Enter Interface configuration mode.


<vlan-id>  <vlan-id> ID of the VLAN to configure (1 ~ 4094)

multicast 3. Enable multicast forwarding.

The multicast packet forward on the interface is enabled by default. To disable the multicast
packet forward, use the no multicast command.

The following is an example of disabling the multicast packet forward of the interface vlan1:

# show interface vlan id 1


Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18061, bytes 1087635, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# configure terminal
(config)# interface vlan id 1
(config-if)# no multicast
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING>
Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18082, bytes 1088895, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
#

Configuring VLAN 6-35


Configuring VLAN Interface

Shutting Down the VLAN Interface


You can disable an interface. Doing so disables all functions on the specified interface and
marks the interface as unavailable on all monitoring command displays. This information is
communicated to other network servers through all dynamic routing protocols. The interface
will not be mentioned in any routing updates.

To shut down an interface, use the following commands

Table 6-16 Shutting Down the VLAN Interface

Command Description
configure terminal 1. Enter Global configuration mode.

Interface vlan id 53. Enter Interface configuration mode.


<vlan-id>  <vlan-id> VLAN interface ID (1 ~ 4094)

shutdown 3. Shut down the specified interface.

To reenable the interface, use the no shutdown command.

This example shows how to shut down the interface vlan1 and re-enable the interface:

(config)# interface vlan id 1


(config-if)# shutdown
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <BROADCAST>
Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18174, bytes 1094415, dropped 0, multicast packets 6752
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
# configure terminal
(config)# interface vlan id 1
(config-if)# no shutdown
(config-if)# end
# show interface vlan id 1
Interface vlan1
index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING>

6-36 Corecess S5 System With GPON User's Guide


Configuring VLAN Interface

Hwaddr: 00:01:02:00:00:db
inet 172.27.2.100/16 broadcast 172.27.255.255
input packets 18181, bytes 1094835, dropped 0, multicast packets 6759
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 1069, bytes 966, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0

Configuring IP Parameters
Table below lists the IP global parameters for the VLAN interface on the Corecess S5 System:

Table 6-17 Type and Function of IP Parameter

Parameter Description
MTU The maximum length an Ethernet packet can be without being
(Maximum Transmission Unit) fragmented
A standard IP mechanism that routers use to learn the Media Access
ARP Control (MAC) address of a device on the network. The router sends
(Address Resolution Protocol) the IP address of a device in the ARP request and receives the
device’s MAC address in an ARP reply.

To configure the parameters above for the VLAN interface, use the following commands in
interface configuration mode:

Table 6-18 Configuring IP Parameters

Command Description
configure terminal 1. Enter Global configuration mode.
Interface vlan id 54. Enter Interface configuration mode.
<vlan-id>  <vlan-id> ID of the VLAN to configure. (1 ~ 4094)
arp 3. Enables the ARP on the VLAN interface.
Arp <ip-address>
4. Adds a static ARP (Address Resolution Protocol) entry.
<hw-address>
55. Changes the size of the MTU (Maximum Transmission Unit)
Mtu <mtu-size> on the VLAN interface.
 <mtu-size> Size of the MTU (64 ~ 9000bytes, default : 1514)
메모 [zwyi1]: 변경

Configuring VLAN 6-37


Private VLAN

Private VLAN

The Private VLAN provides L2 isolation between subscriber’s ports. Ports belonging to a
private VLAN are associated with a common set of supporting VLANs that are used to create
the private VLAN structure. Here are two types of private VLAN ports: promiscuous and
isolated. A promiscuous port communicates with all other private VLAN ports and is the port
you use to communicate with routers. An isolated port has complete L2 separation from other
ports within the same private VLAN with the exception of the promiscuous port.

A typical application is at a hotel where each room has a port that can access the Internet. In this
situation it is undesirable to allow communication between rooms. Another application is to
simplify IP address assignment. Ports can be isolated from each other while belonging to the
same subnet.

To configure private VLAN, use the following commands.

Table 6-19 configuring private vlan

Command Description
configure terminal 1. Enter Global configuration mode.
Vlan id 1 private-vlan
56. Setting default vlan id 1
promisc-port port type
 <slot>/<port> Slot/Port number of promisc-port.
<slot>/<port>
End 3. Return to the Privileged mode.
Show vlan 4. Verify the vlan promiscuous port configuration.
No vlan id 1 private-vlan 5. Disable private vlan.

The following example shows how to enable promiscuous port.

# configure terminal
(config)# vlan id 1 private-vlan promisc-port gigabitethernet 18/1
(config)# end
(config)#

6-38 Corecess S5 System With GPON User's Guide


Private VLAN

localhost# show vlan


VLAN Name Status Slot/Port(s)
---- ---------------- -------- ---------------------------------------------
1 DEFAULT active 6/1-8
17/1-2,17/4
18/1-4
19/1-5,19/7,19/8-13,19/15,19/16-21,19/23,
19/24-29,19/31,19/32-37,19/39,19/40-45,19/47,
19/48-53,19/55,19/56-61,19/63,19/64

100 DATA active


200 IPTV active
300 VOIP active 17/3

VLAN Mode: T-Trusted, U-Untrusted, X-DOT1X, H-DHCP, W-WebAuth


VLAN Mode Interface IGMPs STP Private Promisc Port(s)
---- ---- ---------- -------- -------- -------- ----------------------------
1 T… enable disable enable enable 18/1
100 T… enable disable enable Disable None
200 T… enable enable enable Disable None
300 T… enable disable enable enable none

Port allowed 802.1q Vlans


-------- -----------------------------------------------------------------
6/5 100,200,300
6/6 100,200,300
6/7 100,200,300
6/8 100,200,300
18/1 100,200

Configuring VLAN 6-39


Edition: 0006
Distribution: 12/2012

Chapter 7 Configuring SNMP and RMON

This chapter describes how to configure SNMP and RMON on the Corecess S5 System.
Configuring SNMP

Configuring SNMP
SNMP(Simple Network Management Protocol)
Overview
The Simple Network Management Protocol (SNMP) is an application layer protocol that
facilitates the exchange of management information between network devices. It is part of the
Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables
network administrators to manage network performance, find and solve network problems,
and plan for network growth.

SNMP Basic Components

SNMP consists of the following three key components:

 Managed Device

 SNMP Agent and Management Information Base (MIB)

 SNMP Manager

SNMP
Manager

Managed Managed Managed


Device Device Device

SNMP Agent SNMP Agent SNMP Agent


MIB MIB MIB

Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a
managed network. Managed devices collect and store management information and make this
information available to NMSs using SNMP. Managed devices, sometimes called network
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or

7-2 Corecess S5 System With GPON User's Guide


Configuring SNMP

printers.

Configuring SNMP and RMON 7-3


Configuring SNMP

SNMP Agent and MIB


The SNMP agent is a network management module running in the managed device. The SNMP
agent responds to SNMP manager requests as follows:

 Get a MIB variable: The SNMP agent initiates this function in response to a request from
the NMS. The agent retrieves the value of the requested MIB variable and responds to the
NMS with that value.

 Set a MIB variable: The SNMP agent initiates this function in response to a message from
the NMS. The SNMP agent changes the value of the MIB variable to the value requested
by the NMS.

The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event
has occurred on the agent. Examples of traps conditions include, but are not limited to, when a
port or module goes up or down, when spanning-tree topology changes occur, and when
authentication failures occur.

The MIB is the information base, the SNMP agent must keep available for the managers. This
information base contains objects whose values provide information on the status of the
checked system or objects whose values can be modified by a manager to control the system.
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB
and enterprise-specific MIB.

SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP
agent and sometimes sends warning messages depending on the each SNMP agent relations. In
other words, the actual data is collected from SNMP agent and this data will be processed by
management module and saved. To request information or configuration changes, respond to
requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages
(Get, GetNext, Set, and trap). For more information on these messages, refer to the following
section.

7-4 Corecess S5 System With GPON User's Guide


Configuring SNMP

SNMP Messages

The SNMP manger and SNMP agent use the following SNMP messages to request information
or configuration changes, respond to requests, and send unsolicited alerts.

 Get-Request / Get-Response Message


 GetNext-Request / GetNext-Request Message
 Set-Request Message
 Trap Message

Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it
requests information about a single MIB entry on an SNMP agent. For example, the amount of
free drive space.

GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse
the entire tree of management objects. When processing a Get-next request for a particular
object, the agent returns the identity and value of the object which logically follows the object
from the request. The Get-next request is useful for dynamic tables, such as an internal IP route
table.

Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated
MIB value to the agent.

Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects
that a certain type of event has occurred locally on the managed device. For example, a trap
message might be sent on a system restart event.

Configuring SNMP and RMON 7-5


Configuring SNMP

SNMP Community

SNMP community authenticates access to MIB objects and function as embedded passwords. In
order for the NMS to access the system, the community definitions on the NMS must match at
least one of the two community definitions on the system.
A community can have one of the following attributes:

Table 7-1 Types of community

Types Access Authority


Gives read access to authorized management stations to all objects in the MIB except the
Read-only
community strings, but does not allow write access
Gives read and write access to authorized management stations to all objects in the MIB,
Read-write
but does not allow access to the community strings

Trap

Trap is a defined status of event or system. For example, event generated when port
configuration is changed or a host having not-allowed IP address accesses can be defined as a
trap. You can configure the level of trap according to the kind of events.
If a trap occurs on the system, the SNMP agent send SNMP trap message to the registered trap
host.

7-6 Corecess S5 System With GPON User's Guide


Configuring SNMP

Configuring SNMP
The default SNMP configuration of the Corecess S5 System is as follows:

Table 7-2 Default SNMP configuration

SNMP Configuration Element Default Setting

Agent contact information (MIB-II System Contact variable) None configured


Agent location information (MIB-II System Location variable) None configured
Community strings None configured

Trap None enabled

Trap Host None configured

RMON Enabled

Setting the System Contact and Location Information

In the system group of MIB-II (Public MIB) supported by the Corecess S5 System has System
Contact variable and System Location variable displaying the system contact information and
system location information.

The values of these variables can be browsed or modified via ViewlinX, NMS of the Corecess or
NMS of other companies.

To specify these values, use the following commands:

Table 7-3 Setting the system contact and location information

Command Description
configure terminal 1. Enter Global configuration mode.

Snmp-server contact 57. Set the system contact information.


<string>  <string>: String described for system contact information.
58. Set the system location information.
Snmp-server location
 <string>: String described for system location information.
<string>
Max 254 characters
메모 [zwyi2]: max 254
end 4. Return to Privileged mode.
character
Show snmp-server 5. Verify the system contact and location information.

Configuring SNMP and RMON 7-7


Configuring SNMP

The following is an example of setting the system contact information and system location
information:

# configure terminal
(config)# snmp-server contact Dial System Administrator at phone #2734
(config)# snmp-server location 1st_floor lab
(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

sysContact Dial System Administrator at phone #2734


sysLocation 1st_floor_lab
.
.
#

Configuring Community

You use the SNMP community to define the relationship between the SNMP manager and the
agent. The community acts like a password to permit access to the agent on the system. One
thing to be aware of is that in case of adding new community using the Corecess S5 System CLI
command, this community must be added in NMS in order to connect to the system using this
community. To define SNMP community, use the following commands in Privileged mode:

Table 7-4 Configuring SNMP community

Command Description
configure terminal 1. Enter Global configuration mode.
59. Define the SNMP community for each access type.
 <string> The SNMP community name for this system
Snmp-server community
<string> <auth>  <auth> Access authentication of the community
- ro This authority can only read a value.
- rw This authority can read and write a value.
End 3. Return to Privileged mode.
Show snmp-server 4. Verify new community string.

7-8 Corecess S5 System With GPON User's Guide


Configuring SNMP

The following example defines new community string:

# configure terminal
(config)# snmp-server community corecess rw
(config)# end

# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

sysContact Dial System Administrator at phone #2734


sysLocation 1st_floor_lab

Community-Access Community-String
---------------- ----------------
read-only public
read-write private
read-write corecess

.
.
#

Configuring SNMP and RMON 7-9


SNMP for Security

SNMP for Security


The procedure of configuring SNMP for security is as follows;

Table 7-5 The procedure of configuring SNMP for security

Procedure Description

Creating SNMP com2sec community Creating community to security(com2sec) as security


name.(v1,v2 default, v3 optional)

Creating SNMP community group.


Configuring SNMP community Group
Including security name to this group.

Configuring OID View Configuring the viewable OIDs of SNMP.


Create access group for controlling access to OID
Configuring OID View ACCESS
view.
Configuring SNMP V3 User Configuring User for SNMP V3

SNMP com2sec(Community to security)


You can creating community to security(com2sec) as security name.(v1,v2 default, v3 optional)

Table 7-6 SNMP com2sec

Node Command Help

snmp-server : SNMP information


com2sec : community to security-name
snmp-server com2sec WORD
config WORD : security-name
(A.B.C.D|A.B.C.D/M) WORD A.B.C.D : IP address (e.g. 10.0.0.1)
A.B.C.D/M : IP address (e.g. 10.0.0.1/8
WORD : SNMP community string

snmp-server : SNMP information


config snmp-server com2sec WORD WORD com2sec : community to security-name
WORD : security-name
WORD : SNMP community string

snmp-server : SNMP information


com2sec6 : community to security-name for
snmp-server com2sec6 WORD ipv6
config WORD : security-name
(X:X::X:X|X:X::X:X/M) WORD
X:X::X:X : IPv6 address
X:X::X:X/M : IPv6 address mask
WORD : SNMP community string

config snmp-server com2sec6 WORD WORD


snmp-server : SNMP information

7-10 Corecess S5 System With GPON User's Guide


SNMP for Security

com2sec6 : community to security-name for


ipv6
WORD : security-name
WORD : SNMP community string

The following example shows how to create community as security name.

localhost(config)# snmp-server com2sec corecess 100.1.1.1 public


localhost(config)# end
localhost# show snmp-server com2sec
snmp-server com2sec corecess 100.1.1.1 public

Configuring SNMP Community Group


You can create SNMP community group and it can include security name with the following
commands.

Table 7-7 Configuring SNMP Community Group

Node Command Help

snmp-server : SNMP information


group : group-name
snmp-server group WORD WORD : group-name
config
(v1|v2c|v3) WORD v1 : v1
v2c : v2c
v3 : v3
WORD : security-name

The following example shows how to create SNMP community group.

Localhost(config)# snmp-server group 7-11therne v2c corecess


localhost(config)# end
%unsaved some of configurations are exist(8 item(s))
localhost# show snmp-server group
snmp-server group 7-11therne v2c corecess

Configuring SNMP and RMON 7-11


SNMP for Security

Configuring OID View


You can set viewing range of SNMP MIB(OID view) specified with group. The following figure
shows the example of OID View named test, test2.

view
test

view
test2

You can create view name and MIB OID include or excluded with the following commands.

Table 7-8 Configuring OID View

Node Command Help

snmp-server : SNMP information


snmp-server view WORD
config view : define the view-name
(included|excluded) WORD WORD : view-name
included : include

7-12 Corecess S5 System With GPON User's Guide


SNMP for Security

excluded : exclude
WORD : MIB object ID(ex: .1.3.6)

snmp-server : SNMP information


view : define the view-name
snmp-server view WORD WORD : view-name
config
(included|excluded) WORD WORD included : include
excluded : exclude
WORD : MIB object ID(ex: .1.3.6)
WORD : MIB object ID Mask (ex: ff)
The following example shows how to create ‘view’ and confirm it.

Localhost(config)# snmp-server view test included 1.1


localhost(config)# end
localhost# show snmp-server view
snmp-server view test included .1.1 .ff.ff

OID View Access


You can create access group for controlling access to OID view.

Table 7-9 OID View Access

Node Command Help

snmp-server : SNMP information


access : view-based access control
WORD : group-name
snmp-server access WORD (v1|v2c) v1 : v1
v2c : v2c
config (WORD|none) (WORD|none)
WORD : read-view
(WORD|none) none : none
WORD : write-view
none : none
WORD : notify-view
none : none

snmp-server : SNMP information


access : view-based access control
WORD : group-name
snmp-server access WORD v3 v3 : v3
config (noauth|auth|priv) (WORD|none) noauth : no authentication
auth : authentication
(WORD|none) (WORD|none)
priv : privacy
WORD : read-view
none : write-view
WORD : notify-view
You should use view name created to previous OID View setting for read-name, write-name,

Configuring SNMP and RMON 7-13


SNMP for Security

notify-name.

Note: The part of {noauth ㅣ auth ㅣ priv} is security level setting.


Noauth is the way of using username for authentication, auth and priv is the way of using
MD5 or SHA for security.

The following example shows how to create OID View Access.

Localhost(config)# snmp-server access 7-14therne v2c test none none


localhost(config)# end
localhost# show snmp-server access
snmp-server access 7-14therne v2c test none none

Configuring User of SNMP v3


You can register user and authentication key to SNMP v3 agent with the following commands.

Table 7-10 Configuring User of SNMP v3

Node Command Help

snmp-server : SNMP information


user : user
snmp-server user WORD WORD : user name
config
(md5|sha) WORD md5 : MD5
sha : SHA
WORD : authentication passphrase
length : 8 – 64
SCM-208G Only
snmp-server : SNMP information
user : user
WORD : user name
md5 : MD5
snmp-server user WORD
config sha : SHA
(md5|sha) WORD des WORD WORD : authentication passphrase
length : 8 – 64
des : DES
WORD : private passphrase length : 8 –
64

The following example shows how to create User of SNMP v3.

Localhost(config)# snmp-server user corecessUser md5 testAuthmsg


localhost(config)# end
localhost# show snmp-server user
snmp-server user corecessUser md5 testAuthmsg

7-14 Corecess S5 System With GPON User's Guide


SNMP for Security

Configuring Trap

Traps are system alerts that the Corecess S5 System generates when certain events occur.

The Corecess S5 System supports the following trap types:

Table 7-11 Types of trap supported by Corecess S5 System

Trap Types Description


Sends a trap message when power supply is installed or uninstalled, temperature
chassis
limitations are exceeded, or fan errors occur.
Module Sends a trap message when a module goes up or down.
Port Sends a trap message when a port goes up or down.
Bridge Sends a trap message when there is spanning tree topology changes.
Sends a trap message when Ethernet hub repeater state is changed. This trap doesn’t
Repeater
happen in the Corecess S5 system.
Ip_permit Sends a trap message when there are access attempts with unauthorized IP address.
Sysconfig Sends a trap message when the system backup configuration is changed.
Sends a trap message when there is Entity Management Information Base (MIB)
Entity
change. This trap doesn’t happen in the Corecess S5 system.
Cpuload Sends a trap message when CPU load limitations are exceeded.
Auth Sends a trap message when there are access attempts with unauthorized community.
Sysauth Sends a trap message when user login or log-out to the system through Telnet or CLI.
Bgp Sends a trap message when Border Gateway Protocol (BGP) state is changed.
Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is
Dhcp
changed.

When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or
if problem occurs in the part defined by the trap, such error status (trap message) are
transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are
disabled. To send traps to the trap hosts, the trap types should be enabled.

Configuring SNMP and RMON 7-15


SNMP for Security

To enable a trap type, use the following commands in Privileged mode:

Table 7-12 Enabling a trap type

Command Description
configure terminal 1. Enter Global configuration mode.
2.. Enable the specified trap type
 <trap-type> Trap type to be enabled
Snmp-server enable
(all, auth, bgp, bridge, chassis, cpuload, dhcp,
traps <trap>
entity, ip_permit, module, port, repeater, sysauth,
sysconfig). If you choose all, all traps become enabled.
End 3. Return to Privileged mode.
Show snmp-server 4. Check the state of the trap.

The following example enables the port and auth traps:

# configure terminal
(config)# snmp-server enable traps port
(config)# snmp-server enable traps auth
(config)# end
# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

.
.

Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port enabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth enabled
sysauth disabled
bgp disabled
dhcp disabled

7-16 Corecess S5 System With GPON User's Guide


SNMP for Security

atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#
To disable the trap type, use the no snmp-server enable traps command as follows:

(config)# no snmp-server enable traps port

To disable the trap of specified module, use the following commands in Privileged mode:

Table 7-13 Disabling the trap of specified module

Command Description
configure terminal 1. Enter Global configuration mode.
No snmp-server enable
traps module <Module or 2. Disable the trap of specified module.
slot identifier>
End 3. Return to Privileged mode.
Show running-config 4. Check the state of the trap.

The following example shows how to disable the trap of specified module:

# configure terminal
(config)# no snmp-server enable traps module 1

Configuring Trap Host

Trap host is the host to receive traps from an SNMP agent. Trap is message sent by an SNMP
agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such
as a specifically defined condition or a threshold that was reached. By default, no trap host is
configured. To receive the trap generated on your managed device using NMS, you must add
the NMS as a trap host. You can specify up to twenty trap hosts on the Corecess S5 System.

To add or modify trap hosts, use the following commands in Privileged mode:

Table 7-14 Configuring a trap host

Command Description
configure terminal 1. Enter Global configuration mode.
Snmp-server host <ip-address> 60. Configure trap hosts.
<community> port {<udp-port>  <host-addr> The IP address of an SNMP host that been
| configured to receive traps.
default}version(v1|v2|infor  <community> The community name to use when

Configuring SNMP and RMON 7-17


SNMP for Security

m) sending traps to the specified SNMP host.


 port The UDP port number to use when sending traps to
the specified SNMP host
- <udp-port> UDP port number to use (1~ 65535)
 default Default UDP port number (162).
End 3. Return to Privileged mode.
Show snmp-server 4. Verify the trap host entries

When a trap host is added, the community of the host should be specified. The type of trap
message, which the host receives, is decided by the specified community.

The following example shows how to add a trap host:

# configure terminal
localhost(config)# snmp-server host 172.18.80.64 public port default version
inform
localhost(config)# end
localhost# show snmp-server traphost

Host Version Community


------------------------- -------- ----------
udp:172.18.80.64:162 inform public

Trap Source IP
-------------------------
Default : 172.18.150.2
localhost#

You can set SNMP v2 inform-trap-host with the following command.

Table 7-15 Configuring a SNMP v2 inform trap host

Node Command Help


snmp-server host host-address
config community port (default|<1-65535>) Set the host of SNMP v2c inform message.
version v2c inform

You can set SNMP v3 trap-host and inform-trap-host as authentication mode with the following
command.

Table 7-16 Configuring a SNMP v3 trap host as auth mode

Node Command Help


snmp-server host host-address port
(default|<1-65535>) version v3 Set the host of SNMP v3 trap|inform
config
(trap|inform) auth “username” “MD5 message.
authentication password” engineid

7-18 Corecess S5 System With GPON User's Guide


SNMP for Security

“host engineid”

You can set SNMP v3 trap-host and inform-trap-host as privacy mode. (Only for SCM-B208G)

Table 7-17 Configuring a SNMP v3 trap host as priv mode.

Node Command Help


snmp-server host host-address port
(default|<1-65535>) version v3
config (trap|inform) priv “username” “MD5 Set the host of SNMP v3 trap|inform
authentication password” “DES privacy message.
password” engineid “host engineid”

For disabling the SNMP trap host setting, Use the following command.

Table 7-18 Disabling a trap host

Node Command Help


no snmp-server host host-address port
config Disable the SNMP trap host setting.
(default|<1-65535>)

You can show the trap host information .

Table 7-19 Showing the trap host Information

Node Command Help


enable show snmp-server traphost Verify the trap host entries.

The following examples show how to add a trap host according to SNMP trap version and
configured information.

Localhost(config)# snmp-server host 172.18.35.35 “public” port 162 version v2c


localhost(config)# snmp-server host 172.18.70.104 “public” port 162 version v2c
inform
localhost(config)# snmp-server host 172.18.70.105 “public” port 162 version v1
localhost(config)# snmp-server host 172.18.80.62 port 162 version v3 trap auth
asdf qwerasdf engineid 80001f8880ec6dfe506b032b4c
localhost(config)# snmp-server host 172.18.80.64 port 162 version v3 inform
auth asdf qwerasdf engineid 536e6d70425f656e67696e65
localhost(config)#
localhost(config)# end
%unsaved some of configurations are exist(6 item(s))

Configuring SNMP and RMON 7-19


SNMP for Security

localhost# show snmp-server

RMON: Enabled
Extended RMON: Extended RMON module is not present

sysContact support@corecess.com
sysLocation Corecess Inc.

Community Access Source


-------------------- ---------- --------------------

trap host configs


snmp-server host 172.18.35.35 “public” port 162 version v2c
snmp-server host 172.18.70.104 “public” port 162 version v2c inform
snmp-server host 172.18.70.105 “public” port 162 version v1
snmp-server host 172.18.80.62 port 162 version v3 trap auth asdf qwerasdf
engineid 80001f8880ec6dfe506b032b4c
snmp-server host 172.18.80.64 port 162 version v3 inform auth asdf qwerasdf
engineid 536e6d70425f656e67696e65

Traps Enabled
------------------------- ------------------

local snmp engineID : 80000b9b03000000000000

com2sec,com2sec6,group,view,access,user configs

localhost# show snmp-server traphost

Trap host [1]


host : udp:172.18.35.35:162
version : v2c
type : trap
community : public

Trap host [2]


host : udp:172.18.70.104:162
version : v2c
type : inform
community : public

Trap host [3]

7-20 Corecess S5 System With GPON User's Guide


SNMP for Security

host : udp:172.18.70.105:162
version : v1
type : trap
community : public

Trap host [4]


host : udp:172.18.80.62:162
version : v3
type : trap
username : asdf
authtype : MD5
authpass : qwerasdf
engineID : 80001f8880ec6dfe506b032b4c

Trap host [5]


host : udp:172.18.80.64:162
version : v3
type : inform
username : asdf
authtype : MD5
authpass : qwerasdf
engineID : 536e6d70425f656e67696e65

Remote User : created from snmp session


remote user asdf engineID : 536e6d70425f656e67696e65
remote user asdf engineID : 80001f8880ec6dfe506b032b4c

Trap Source IP
-------------------------
Default : 172.18.150.2

Configuring SNMP and RMON 7-21


SNMP for Security

Restrict Host Access

The Corecess S5 System can restrict hosts that attempt to access to the Corecess S5 System with
SNMP using access list. Only hosts that are satisfied with the access list condition can be access
the system with SNMP.

To restrict host by using access lists, use the following commands in Global configuration mode:

Table 7-20 Restrict Host Access

Command Description

snmp-server group
Apply the defined access list.
access
 <list-number> number of access list (1 ~ 99, 100 ~ 199)
<list-number>

The following example shows how to define the access list to restrict host access and apply the
access list.

(config)# access-list 12 permit 192.89.55.0 0.0.0.255


(config)# snmp-server group access 12
(config)#

7-22 Corecess S5 System With GPON User's Guide


SNMP for Security

Displaying SNMP Information


The section describes how to display SNMP configuration information, SNMP community
strings, SNMP trap hosts, and SNMP statistics.

Displaying SNMP Configuration Information

To display SNMP configuration information, use the show snmp-server command in


Privileged mode.

The following example is a sample output of the show snmp-server command:

# show snmp-server

RMON: Disabled
Extended RMON: Extended RMON module is not present

sysContact support@corecess.com
sysLocation Unknown

Community-Access Community-String
---------------- ----------------
read-only public
read-write private

Trap-Rec-Address Trap-Rec-Community
------------------------- ------------------
udp:172.27.2.36:162

Traps Enabled
------------------------- ------------------
chassis disabled
module disabled
port disabled
bridge disabled
repeater disabled
ip_permit disabled
sysconfig disabled
entity disabled
cpuload disabled
auth disabled
sysauth disabled
bgp disabled

Configuring SNMP and RMON 7-23


SNMP for Security

dhcp disabled
atm disabled
adslAtuc disabled
adslAtur disabled
mac-flood disabled
#

The table below describes the fields shown by the show snmp-server command:

Table 7-21 show snmp-server field Descriptions

Field Description
RMON Status of whether RMON is enabled or disabled.
Extended RMON Status of whether extended RMON is enabled or disabled.
sysContact SNMP system operator information
sysLocation SNMP system location information string
SNMP access authority
Community-Access - read-only
community - read-write
SNMP community strings associated with each SNMP
Community-String
community
IP address of trap receiver hosts and UDP port number for
Trap-Rec-Address
sending trap messages.
TrapReceiver
SNMP community string used for trap messages to the trap
Trap-Rec-Community
receiver.
Traps Trap types
Configuration status of trap message
Trap
Enabled - enabled : Trap message is allowed to send.
- disabled : Trap message is not allowed to send.

Displaying SNMP Community Strings

To display SNMP community strings, use the show snmp-server community-list


command in Privileged mode.

The following example shows how to display SNMP community strings:

# show snmp-server community-list


community:7-24thern access: ro
community:private access: rw
community:corecess access: ro
#

7-24 Corecess S5 System With GPON User's Guide


SNMP for Security

The table below describes the fields shown by the show snmp-server community-list
command output:

Table 7-22 show snmp-server community-list field Descriptions

Field Description

community SNMP community strings

Access authority of the community strings


access - ro : Read-Only
- rw : Read-Write

Displaying SNMP Statistics

To display SNMP statistics, use the show snmp-server statistics command in


Privileged mode.

The following is sample output from the show snmp-server statistics command:

# show snmp-server statistics


10090 SNMP packets input
0 Bad SNMP version errors
96 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
28051 Number of requested variables
12 Number of altered variables
9854 Get-request PDUs
83 Get-next PDUs
12 Set-request PDUs
9994 SNMP packet output
0 Too big errors (Maximum packet size 1500)
3 No such name errors
0 Bad values errors
0 General errors
9994 Response PDUs
0 Trap PDUs
#

Configuring SNMP and RMON 7-25


SNMP for Security

The table below describes the fields shown by the show snmp-server statistics
command output:

Table 7-23 show snmp-server statistics field Descriptions

Field Description
SNMP packets input Total number of SNMP packets received.
Bad SNMP version errors Number of packets with an invalid SNMP version.
Unknown community name Number of SNMP packets with an unknown community name
Illegal operation for Number of packets requesting an operation not allowed for that
community name supplied community
Encoding errors Number of SNMP packets that were improperly encoded
Number of requested
Number of variables requested by SNMP managers
variables
Number of altered variables Number of variables changed by SNMP managers
Get-request PDUs Number of get requests received
Get-next PDUs Number of get-next requests received
Set-request PDUs Number of set requests received
SNMP packet output Total number of SNMP packets sent by the router
Number of SNMP packets which were larger than the maximum
Too big errors
packet size.
Number of SNMP requests that specified an MIB object which does
No such name errors
not exist.
Number of SNMP set requests that specified an invalid value for an
Bad values errors
MIB object.
General errors Number of SNMP set requests that failed due to some other error.
Response PDUs Number of responses sent in reply to requests.
Trap PDUs Number of SNMP traps sent.

Showing SNMP for Security Information


Table 7-24 Showing SNMP for Security Information

[Node] Command Description


[en] show snmp-server access Showing snmp-server access information.
Showing snmp-server community to security
[en] show snmp-server com2sec
information.
[en] show snmp-server Showing snmp-server community to security
com2sec6 information.(Ipv6)
[en] show snmp-server group Showing snmp-server group information.

[en] show snmp-server user Showing snmp-server user information(only for v3)

[en] show snmp-server v3 Showing snmp-server version 3 information

[en] show snmp-server view Showing snmp-server OID view information

7-26 Corecess S5 System With GPON User's Guide


SNMP for Security

Displaying SNMP Trap Hosts

To display the list of the trap receiver hosts, use the show snmp-server traphost
command in Privileged mode.

The following example shows how to display the list of the trap receiver hosts:

# show snmp-server traphost


host: udp:172.27.2.36:162 comm: public
host: udp:172.28.3.178:24 comm: corecess
#

The table below describes the fields shown by the show snmp-server traphost command
output:

Table 7-25 show snmp-server traphost field Descriptions

Field Description
host Protocol : IP address of a trap receiver host: port number.

Comm SNMP community of the trap receiver host

Configuring SNMP and RMON 7-27


Configuring RMON

Configuring RMON
RMON (Remote MONitoring) Overview
The RMON (Remote MONitoring) is an extend function of SNMP (Simple Network
Management Protocol) that designs to manage the devices from a remote place. The RMON
collects information that happens in a LAN segment such as the number of collision, packet size
distribution and amount of data in a distributed LAN environment, then the RMON delivers
information to managing device. The information can be used as resource to find out network
efficiency, collision, etc.

The RMON provides alarm function and event function that monitor the distributed LAN
environment and report changed status to users. Network problems can be easily solved by
network status report of RMON before network problem becomes worse.

RMON MIB groups consist of nine groups (1. Statistics 2. History 3. Alarm 4. Host 5. Host Top
N 6. Matrix 7. Filter 8. Packet Capture 9. Event), and the Corecess S5 System supports four
groups as follows:

61. Statistics (Statistics, RMON group 1)


Collects the number of packets/bytes, the number of broadcast/multicast packets, the
number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length,
long-length) on an interface.

2) History (History, RMON group 2)


Collects a history group of statistics on Ethernet for a specified polling interval.

3) Alarm (Alarm, RMON group 3)


Monitors a specific management information base (MIB) object for a specified interval,
triggers an alarm at a specified value (rising threshold), and resets the alarm at another
value (falling threshold). Alarms can be used with events; the alarm triggers an event, which
can generate a log entry or an SNMP trap.

4) Event (Event, RMON group 9)


Determines the action to take when an event is triggered by an alarm. The action can be to
generate a log entry or an SNMP trap.

7-28 Corecess S5 System With GPON User's Guide


Configuring RMON

Configuring RMON
The configuration procedure of RMON is as follows:

 Configuring Alarm Groups

 Configuring Event Groups

Configuring Alarm Groups

The RMON Alarm group allows you to set an alarm threshold and a sampling interval to
enable the RMON agent to generate alarms on any network segment it monitors. Alarm
thresholds can be based on ‘absolute’ or ‘delta’ values so that you can be notified of rapid spikes
or drops in a monitored value.

The alarm group periodically takes statistical samples from variables and compares them to
previously configured thresholds. The Alarm Table stores configuration entries that define a
variable, a polling period, and threshold parameters.

Each alarm is linked to an event in the event group. An event defines an action that will be
triggered when the alarm threshold is exceeded. The event generated when a RMON alarm
occurs should specify one of the RMON event entry and be configured. To configure the RMON
event, use rmon event command.

The alarm group retrieves variables periodically and compares variables to threshold. The
variable type, retrieval interval and threshold are consisted of an entry, and the entry is stored
in the alarm table.

Configuring SNMP and RMON 7-29


Configuring RMON

To configure the RMON Alarm group, use the following message in Global configuration group.

Table 7-26 Configuring Alarm Groups

Command Description
 <index> Number to identify alarm group (1~ 65535)
 <interval> MIB object monitoring interval (1-2147483647 seconds)
 <type> Value to monitor. Select one of the following values:
- multicastPkts: The number of incoming multicast packets
- cRCAlignErrors: The number of incoming packets with CRC errors
- collisions : The number of times a collision occurs while the packet is
received
- octets: The total number of incoming octets
- pkts: The total number of incoming packets
- broadcastPkts: The number of incoming broadcast packets
- pkts256to511 : The number of incoming packets 256 to 511 bytes in
length
- pkts512to1023: The number of incoming packets 512 to 1023 bytes in
length
rmon alarm <index> - pktS54to1518 : The number of incoming packets 1024 to 1518 bytes in
<interval> {<type> length
<StatisticsIndex> - pkts64: The number of incoming packets 64 bytes in length
|<variable>} - pkts65to127: The number of incoming packets 65 to 127 bytes in
length
{delta | absolute}
- pkts128to255 : The number of incoming packets 128 to 255 bytes in
{rising | falling | length
both} threshold  <StatisticsIndex> The number of statistics group to get the
<rising-threshold> selected value from <type>option (0 ~ 65535)
<falling-threshold>  <variable> OID number of the MIB object to monitor
event-index <rising-  absolute Option for testing each MIB variable directly
event-number>  delta Option for testing the change between MIB variables
<falling-event-number>  rising Option for triggering alarm when the monitored value
owner <alarm-owner> exceeds the rising threshold
 falling Option for triggering alarm when the monitored value
exceeds the falling threshold
 both Option for triggering alarm when the monitored value exceeds
the rising or falling threshold
 <rising-threshold> Value at which the alarm is triggered (0 ~
2147483647)
 <falling-threshold> Value at which the alarm is reset (0 ~
2147483647)
 <rising-event-number> Event number to trigger when the rising
threshold exceeds its limit (0 ~ 65535)
 <falling-event-number> Event number to trigger when the
falling threshold exceeds its limit (0 ~ 65535)
 <alarm-owner> Option for specifying an owner for the alarm

7-30 Corecess S5 System With GPON User's Guide


Configuring RMON

The following example shows how to configure RMON alarm group and check the result:

# configure terminal
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1
1 owner aaa
(config)#

Before configure RMON alarm group, you should verify that the statistics group
(<StatisticsIndex>) is defined.

(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 event-


index 1 1 owner kimka
Can’t fetch the MIB values

If you specify undefined statistics group, the ‘Can’t fetch the MIB values’
message will be displayed:

To display the information on an alarm group, enter the show rmon command with the alarm
number:

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.

[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.

[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1

Configuring SNMP and RMON 7-31


Configuring RMON

[event]
index status type
----- -------------- ---------------
#

To display the detail information on an alarm group, enter the show rmon alarm command
with the alarm number:

# show rmon alarm 1


Alarm 1 is valid, owned by aaa
Monitors etherStatsEntry.etherStatsPkts.1 every 10 seconds
Taking absolute samples, last value was 0
Rising threshold is 1000, assigned to event 1
Falling threshold is 100, assigned to event 1
On startup enable rising or falling alarm

To delete a RMON alarm group, enter the no rmon alarm command in Global configuration
mode:

(config)# no rmon alarm 1


(config)#

7-32 Corecess S5 System With GPON User's Guide


Configuring RMON

Configuring Event Groups

The RMON Event group defines an action that is able to do when an alarm occurs. The action is
usually generating SNMP trap or storing the log entry to the log table to record the alarm. If
you configure SNMP trap generated, you should specify community to transmit the generated
trap to the managed system.

To configure the RMON Event group, use the following command in Global configuration
mode.

Table 7-27 Configuring RMON event group

Command Description
 <index> Number to identify events (1 ~ 65535)
 description <string> Add a Description of the event.
- <string> A Description of the event.
rmon event <index>
 trap <community> Option for generating SNMP trap with the
description <string>
<community> community string when the event occurs
{trap <community> |
- <community> Community String
log } owner <owner>
 log Option for storing log for alarm when the alarm occurs
 owner <owner> Option for specifying an owner for the event
- <owner> IP address, host name or user name

This example shows how to configure an event group on the Corecess S5 System and how to
verify that they are configured:

Parameter Value

Event index 10
Event Description Event to create log entry and SNMP notification
Event type log, trap
Community public
Owner help_desk

# configure terminal
(config)# rmon event 10 Description “Event to create log entry and SNMP
notification” log trap public owner help_desk

Configuring SNMP and RMON 7-33


Configuring RMON

To display the information on an event group, enter the show rmon command:

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.

[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.

[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1

[event]
index status type
----- -------------- ---------------
10 valid logandtrap
.
.
#

To display the detail information on an event group, enter the show rmon events command
with the event number:

# show rmon events 10


Event 10 is valid, owned by help_desk
Description is Event to create log entry and SNMP notification
Event firing causes log and trap to community public
last fired 0days 0h:1m:14s:25 th(7425)
#

To delete an event group, enter the no rmon event command in Global configuration mode:

(config)# no rmon event 10


(config)#

7-34 Corecess S5 System With GPON User's Guide


Configuring RMON

Collecting Bandwidth Information of Traffic

In the Corecess S5 System, bandwidth information of traffic can be collected by RMON through
a particular port with a certain cycle (five seconds, one minute and ten minutes). To collect
bandwidth information communicated through the specified port, use the following commands.

Table 7-28 Collecting Bandwidth Information of Traffic

Command Description
configure terminal 1. Enter Global configuration mode.

2. Collect bandwidth information communicated through the


Rmon utilization
specified port.

End 3. Return to Privileged mode.

Show rmon port <port-type>


4. Verity the bandwidth information of traffic.
<slot>/<port> utilization

The following example shows how to collect the bandwidth information of traffic and verify it.

# configure terminal
(config)# rmon utilization
(config)# end
# show rmon utilization port gigabitethernet 1/3
Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 1/3
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#

Configuring SNMP and RMON 7-35


Configuring RMON

Displaying RMON Information


To display the current RMON configuration, enter the show rmon command in Privileged
mode. You can execute the show rmon command with the following options:
 alarm Displays the RMON alarm table.
 events Displays the RMON event table.
 history Displays the RMON history table.
 statistics Displays the RMON statistics table.

If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command:

# show rmon

RMON: Enabled
Extended RMON: Extended RMON module is not present

[statistics]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2)
.
.

[history]
index status dataSource
----- -------------- -----------------------------
1 valid ifIndex.8 (Gi 1/1)
2 valid ifIndex.7 (Gi 1/2).
.
.

[alarm]
index status sample
----- -------------- -----------------------------
1 valid etherStatsPkts.1
[event]
index status type
----- -------------- ---------------
10 valid logandtrap

7-36 Corecess S5 System With GPON User's Guide


Configuring RMON

The table below describes the fields in the show rmon command output:

Table 7-29 show rmon field Descriptions

Field Description

RMON Running status of the RMON

Index Proper number of statistics group

statistics Status Status of statistics group

dataSource Object to collect data

Index Proper number of the statistics group

history Status Status of the statistics group

dataSource Object to collect data

Index Proper number of alarm group

alarm Status Status of alarm entry

Sample Object to refer data

Index Proper number of event group

event Status Status of event group

Type Type of event group

The following example shows how to display the bandwidth information of traffic.

# show rmon utilization port gigabitethernet 1/3


Rx-avg: bits/s bytes/s pkts/s utilization
Tx-avg: bits/s bytes/s pkts/s
------------ ------------ ------------ -------------
Port 1/1
5 sec: 0 0 0 0
0 0 0
1 min: 0 0 0 0
0 0 0
10 min: 0 0 0 0
0 0 0
#
To verify the average bandwidth of traffic for five seconds, one minute and ten minutes, execute
show rmon port command.

Configuring SNMP and RMON 7-37


Configuring RMON

SNMP and RMON Configuration Commands


The table below shows the list of SNMP and RMON configuration commands and their
functions.

Table 7-30 SNMP & RMON Configuration Commands

Command Description
show snmp-server Display SNMP configuration information of the system.
Show snmp-server
Display SNMP community list defined the system.
community-list
Show snmp-server statistics Display statistics information of SNMP operation.
Show snmp-server traphost Display list of trap host received trap.
Show rmon Display entry information of RMON table.
Snmp-server community Configure the SNMP community strings.
Snmp-server contact Specify the system operator information.
Snmp-server enable rmon Enable the RMON.
Snmp-server enable traps Enable a SNMP trap.
Limit hosts which can access to the system through SNMP based
Snmp-server group access
on the access list.
Snmp-server host Specify hosts to receive SNMP notifications.
Snmp-server location Specify the system location information..
rmon alarm Configure an RMON alarm group.
Rmon event Configures an RMON event group.
Rmon port Collects the average bandwidth information of traffic.

7-38 Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Chapter 8 Configuring QoS

This chapter describes how to configure QoS (Quality of Service) on the Corecess S5 System.
QoS Overview

QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess S5
System.

QoS (Quality of Service)


QoS can classify traffic into several levels and provide graded quality of service. QoS function
can give high priority to traffic that should transmit important information or be processed in
real-time, so high priority traffic is transmitted first, then low priority traffic is transmitted. It
makes the limited network resource such as bandwidth use efficiently.

QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the
Traffic Manager processes the classified traffic as follows:

Packet Buffer Queue Packet


Classifier Marker Policer
In Manager Scheduler Out

Traffic Manager

The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic
manager marks the QoS level to the packet header or processes a packet that is in permitted
bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or
prefers which packet transmits first.

The following section describes parameters to classify packets and how to classify packet.

8-2 Corecess S5 System With GPON User's Guide


QoS Overview

Classifier

Classification Standard

The classifier uses the following values to decide the packet level.

 Layer 1 : Number of Input/output port


The input/output ports in Layer 1 packet is a port that a packet is received and transmitted.
It is also called as ingress/egress port.

 Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number
from zero to seven is stuffed in the three bit field.

 Layer 3 : Source/Destination IP Address, Protocol ID, TOS/DSCP Field


Protocol ID in the header of Layer 3 packet is a field that marks which packet of protocol is.
The field is set by values that have been defined (TCP: 6, UDP: 17, ICMP:1, IGMP:2).

The following values are set in the eight bit of TOS field – also called DSCP field – in the
header of Layer 3 packet.
6 7
IP Type of Service (RFC 1349) IP DiffServ Code Point (RFC 2474)

bits bits 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
DSCP C
IP-Prec TOS MRZ U
Class Selector
D T R C

- MRZ : Must Be Zero -D : Minimum Delay


- T : Maximum Throughput -R : Maximum Reliability
- C : Minimize Cost - CU : Currently Unused

 Layer 4 : Source/Destination Port Number, TCP Flag


The port number in TCP/UDP header of Layer 4 packet notifies what the packet of
application is.

The classifier can classify the following types of category with the classification standard.

Configuring QoS 8-3


M
QoS Overview

 Subscriber (packet sender) Classification: Who send the packet?


- Packet Classification using Input Port Number, Source MAC Address and Source IP
Address

 Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address
and TCP/UDP Port Number

 Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address

 Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet? And, what
kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address,
Output Port Number, Destination MAC Address and Destination IP Address and
TCP/UDP Port Number

 Class based Classification: QoS level is marked in the packet?


- Packet Classification using the value of the 802.1p field and IP TOS/DSCP/IP-Prec field

Classification Table

The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a
packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate)
classifier that recognizes the packet decided QoS level.

MF classifier uses the following table to decide QoS level and to recognize a QoS profile.

level Classification standard Service Contents

Source Destination
Input Output Source Destination VLAN Source Destination Protocol TCP QoS
Rule# 802.1P TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID IP IP ID Flag Profile
Port # Port #
1
2
3
4
5
6
7
.
.
.

8-4 Corecess S5 System With GPON User's Guide


QoS Overview

A QoS profile has information what actions (marking, policing and assigning queue) should be
done to the packet decided QoS level through classification standard. The traffic manager
actually applies the actions to the packet.

For example, the classification table is defined as follows.


There is a packet that source IP address is 1.1.1.0/24, and
destination IP address id 20.1.1.0/24. When the classifier
receives the packet, the classifier recognizes that the packet
matches rule number four, and applies the packet to be
processed by the QoS profile.

Source Destination
Input Output Source Destination VLAN Protocol TCP QoS
Rule# 802.1P Source IP Destination IP TOS TCP/UDP TCP/UDP
Port # Port # MAC MAC ID ID Flag Profile
Port # Port #
1
2
3
4 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
5
6

The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of
802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following
field values are defined. One of the profiles is applied to the packet by the field values.

TOS/DSCP/IP-Prec
802.1p Table
Table
802.1p Field Value QoS Profile ToS Field Value QoS Profile
0 0
1 1
2 2
3 3
4 4
5 5
6 …
7 255

The following section describes the traffic manager.

Configuring QoS 8-5


QoS Overview

Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the
value decided by the classifier or be changed by QoS profiles. It is called “remarking” that the
first decided level is changed and marked by QoS profiles.

Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic
flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged
bandwidth.

Policer consists of metering and action block. Metering measures traffic flow rate and compares
the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action
block. Action block decide how to process traffic depending on the result.

There are three methods to process the result as follows:

 Pass: transmits packets without the result.

 Drop: Discard packets which exceed bandwidth.

 Mark: Remark packets which exceed bandwidth.

Policer Variables

To use Policer function, you should understand the following variables.

 CIR (Committed Information Rate)


Engaged Bandwidth. It is also called Average rate or Guaranteed rate.

 PIR (Peak Information Rate)


Maximum bandwidth

 CBS (Committed Burst Size)


Packet size that can be received for one time. It is also called Average burst size.

 PBS (Peak Burst Size)


Maximum packet size that can be received for one time

 EBS (Excessive Burst Size)


Gap between received packet size and CBS

8-6 Corecess S5 System With GPON User's Guide


QoS Overview

The following graph shows the variables.

Information Burst Size (Bytes)


Rate(bps)

EBS

CI PIR PBS CBS


R

time

Token Bucket

There are several implementation of policer function, and the typical implementation is the
token bucket. The token bucket contains tokens, each of which can represent a unit of bytes.
Token is filled up in the token bucket for a certain rate. When packets are arrived, the same
amount of tokens is removed from the token bucket.

The same amount of tokens is


removed from the bucket.

The variables of policer can be substituted for the element of token bucket as follows:

 CIR : Token Rate

 CBS : Bucket Size

Configuring QoS 8-7


QoS Overview

If tokens are full in the token bucket, no token is provided. When packets are received, the same
amount of token are removed. If the number of tokens is less than size of a packet, the packet is
specified as non-conforming packet. And, if the number of tokens is more than size of a packet
or is the same as the size of packet, the packet is specified as conforming packet. The packet
specified as non-conforming packet is processed by QoS profile of the packet.

There are two method of token bucket – single token bucket, dual token bucket. Single token
method uses only one bucket, and dual token method uses two bucket.
In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR
rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the
second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally
becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket
becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming
packet.

Dual token bucket method can control the packet with detailed classification above.
The following graph shows the dual token bucket method.

8-8 Corecess S5 System With GPON User's Guide


QoS Overview

Queue Scheduler
The output port is generally slower than the input port because the output port transmits
packets that are received from the several input ports. In the output port, at least one queue is
assigned, and packets that have to be processed by the output port are saved. When saved
packets in a queue are more than bandwidth that can transmit packets – it means congestion,
what packets are transmitted first should be defined in the output port. This is called queue
scheduling.

There are various queues scheduling method, and the following methods are generally used.

 Strict Priority Queuing

 WRR (Weight Round Robin)

 WFQ (Weight Fair Queuing)

 DWRR (Deficit Weight Round Robin)

SPQ (Strict Priority Queuing)

In this method, each queue has assigned priorities (high, medium, low), and packets in the high
priority queue are transmitted first. After packets in the high priority are transmitted
completely, packets in the next priority queue are transmitted.

[Q1] Priority: High


200B 300B 400B 100B 300B

[Q2] Priority: Medium Output Port

400B 500B 500B 400B 300B 600B 400B 500B 500B 200B 300B 400B 100B 300B

[Q3] Priority: Low SPQ Scheduler


400B 300B 600B

This method is easy to implement, but if there are plenty of packets that flows into the high
priority queue, packets in the low priority queue cannot be transmitted at all. This is called
starvation.

Configuring QoS 8-9


QoS Overview

WRR (Weight Round Robin)

WRR method processed every queue in sequence to remove starvation that happens in SPQ
(Strict Priority Queuing). The packet size that process packets each time can be set for each
queue instead. A value, called weight, is used to set the packet size. The weight represents the
ratio of packets that is serviced through the queues.

[Q1] Weight: 2
200B 300B 400B 100B 300B

[Q2] Weight: 1 Output Port


400B 500B 500B

[Q3] Weight: 1 WRR Scheduler


400B 300B 600B

If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It
means that two packets are transmitted through the first queue (Q1), and a packet is
transmitted through the second queue (Q2), then a packet is transmitted through the third
queue (Q3).

WRR method can specify priority to each queue and prohibit starvation as above. The
disadvantage of WRR is not useful in IP network that packet size is variable because weight is
ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is
1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even
though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but
the 1500byte data packet can be sent through the low weight queue.

8-10 Corecess S5 System With GPON User's Guide


QoS Overview

WFQ (Weight Fair Queuing)

WFQ method divides whole packet in queue into bit unit to solve the problem of WRR and
transmits the bits at weight ratio of queues, then reassembles the bits.

[Q1] Weight: 2 1 bit


Last bit of Last bit of Last bit of
200B 300B 400B 100B 300B 400B Pkt 500B Pkt 600B Pkt
Packet Segmentation

Last bit of Last bit of Last bit of


400B Pkt 300B Pkt 500B Pkt
[Q2] Weight: 1
Packet
400B 500B 500B
Reassembler
Bit-by-Bit WRR
[Q3] Weight: 1 Scheduler Last bit of Last bit of Last bit of
300B Pkt 400B Pkt 300B Pkt
Bit-by-Bit Service Ratio Last bit of
400B 300B 600B
= Q1:Q2:Q3 = 2:1:1 200B Pkt Last bit of
100B Pkt

400B 400B 500B 300B 200B 600B 300B 500B 400B 100B 300B

Output Port

This method can transmit packets without the packet size at the ratio that is specified in the
queue, but it is complicated to implement.

DWRR (Deficit Weight Round Robin)

DWRR method enhances disadvantage of WRR and WFQ. DWRR defines weight, quantum and
deficit counter to each queue. Quantum is the maximum packet size that is processed by weight
ratio. Deficit counter is set to ‘0’ by default. Deficit counter is merged with quantum when data
of a queue is serviced. The packet of queue can be serviced up to deficit counter. After the
packet is serviced, deficit counter is decreased to the packet size.

For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte
packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be
processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200.
After other queues process their packet, the queue become in the order. The deficit counter
value becomes 1200, and the queue can process up to 1200byte.

Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and
transmits the packet next time.
Let’s look at the operation principal of DWRR. There are three queues in an output port as
below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as
1000byte, 500byte and 500byte. The deficit counter values are set as ‘0’ (Picture 1).

Configuring QoS 8-11


QoS Overview

[Q1] Weight: 2 [Q1] Weight: 2


1000B - 300B - 100B - 400B
Quantum=1000, DeficiCounter=0B Quantum=1000, DeficiCounter=200B

200B 300B 400B 100B 300B 200B 300B

[Q2] Weight: 1 [Q2] Weight: 1


Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B

400B 500B 500B 400B 500B 500B 400B 100B 300B

[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR


Quantum=500, DeficitCounter=0B Scheduler Quantum=500, DeficitCounter=0B Scheduler
400B 300B 600B 400B 300B 600B

8-12 Corecess S5 System With GPON User's Guide


QoS Overview

[Picture 1] [Picture 2]

The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes
1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the
transmission, the deficit counter value becomes 200 (Picture 2).

The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the
value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter
value becomes 0. The next time the number 3 of queue should be processed, but the first packet
in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case,
deficit counter is not changed, and no packet is transmitted.
The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to
the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and
the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be
transmitted, then deficit counter becomes 700 (Picture 3).

[Q1] Weight: 2
1200B - 300B - 200B [Q1] Weight: 2
Quantum=1000, DeficiCounter=700B Quantum=1000, DeficiCounter=0B

[Q2] Weight: 1 [Q2] Weight: 1


Output Port Output Port
Quantum=500, DeficitCounter=0B Quantum=500, DeficitCounter=0B

400B 500B 200B 300B 400B 300B 600B

[Q3] Weight: 1 DWRR [Q3] Weight: 1 DWRR


Quantum=500, DeficitCounter=500B Scheduler Quantum=500, DeficitCounter=100B Scheduler
400B 300B 600B 400B
1000B - 600B - 300B

[Picture 3] [Picture 4]

There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of
queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2
of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets
previous time, the deficit count becomes 1000byte, and 600byte and 300byte packet are

Configuring QoS 8-13


QoS Overview

transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of
packets are processed as above.

Shaping

Shaping is a function that limits bandwidth with buffering when traffic that is bigger than
target traffic rate flows into a queue.

The traffic that is more than target traffic rate is stored into the buffer. If there is enough
bandwidth to transmit, the stored traffic is transmitted.

This method is more flexible than policing, but is not useful in real-time traffic such as voice
traffic because transfer delay occurs.

WC (Work Conserving) Scheduler and NWC (Non Work Conserving)


Scheduler

WC scheduler can use whole bandwidth of output port until congestion occurs. SPQ, WRR,
DWRR and WFQ are WC method. On the other hand, even if there is no congestion, NWC
scheduler does not service more than bandwidth that is assigned queue. Shaping is this method.

8-14 Corecess S5 System With GPON User's Guide


QoS Overview

Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow
into the queue, the packets are discarded as a particular rule. Buffer manager is the function
that discards received packets selectively to solve the congestion of the queue.
This section introduces that buffer manager methods.

Tail Drop

In Tail drop method, if there is no space to store Drop Probability

packets, packets that arrived after full of the queue


are discarded. The ratio that packets are discarded 1

is ‘1’ when the amount of packet in the queue


becomes the size of the queue (Max Size) as the
right graph.

Retransmission requests are sent to senders 0 Queue Size


Max Size
continuously because packets are discarded after
the queue is full. The host that received retransmission requests considers that the link is not
stable and makes transmission speed slow. If this situation occurs repetitively, the speed of
whole network is slower. This problem is called TCP global synchronization.

Configuring QoS 8-15


QoS Overview

QoS of the Corecess S5 System

This section describes QoS features supported by the Corecess S5 System. The following figure
shows QoS structure on the Corecess S5 System:

Output
Q0 port #1 TC #1
Q1 TC #1
.
.
TC #1

Q6
Classifier
Input port #1 Q7
match

match
. .
. match .
. . .
.
.
.. .
.
Input port #n . .
.
.
Output
Q0 port #n
Q1
.
. TC #216
Q6 TC #217
Q7 TC #218

The Corecess S5 System classifies the packets from ingress (incoming) port according to the
criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and
transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.

Packet Classification

The Corecess S5 System uses the values in the following fields of the layer 1 ~ layer 4 IP packet
header as a criterion to classify packets:

 Layer 1: Input/output port number

 Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID

 Layer 3: Source/destination IP address, protocol ID, TOS/IP Precedence/DSCP filed

 Layer 4: Input/output port number, TCP flag

8-16 Corecess S5 System With GPON User's Guide


QoS Overview

Marking & Remarking

The Corecess S5 System supports marking based on the following bits in the CoS (Class of
Service) filed for the packet:

 DSCP

 CoS

 VLAN priority

The Corecess S5 System can recognize packets from a particular VLAN or port and configure
packets to set the specified values to the CoS field of packets.

Policing

The Corecess 5242 supports Policing. Policing is the process by which the system limits the
bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic flow
by using a policy map or limit the full bandwidth of a port.

Transmit Queue

The Corecess S5 System provides eight transmit queues for each egress port. These transmit
queues are scheduled by the Strict Priority Queuing (SPQ) mechanism. The priority of queues
decides which queue transmits packets. The following values can be used as the priority, and
the user can specify which value uses as the priority.

 User defined priority

 ToS Field Value

 VLAN Priority

 Class Priority

When the transmit queue is full, frames at the end of the queue are dropped (tail drop)

Shaping

The Corecess S5 System supports shaping function.

Configuring QoS 8-17


Configuring QoS Service Policy Map

Configuring QoS Service Policy Map


The Corecess S5 System can configure QoS using class map (Classifier) and policy map (QoS
action). This section describes how to configure QoS on the Corecess S5 System.

Configuring QoS Service Policy


The following diagram shows steps for configuring QoS service policy:

The first task for configuring QoS service policy is defining class
 Defining Class Map maps.Class map defines a standard to classfy a particular traffic and
executethe role of QoS classifier.

The second step for configuring QoS service policy is defining policy
 Defining Policy Map maps. Policy map defines QoS action that is applied to classified
traffic and execute the role of traffoc manager.

The last step of configuring the QoS Service policy is defining service
 Applying
policies. A service policy consists of a policy-map and ingress/egress
Service Policy
ports which the policy map will be applied to.

The sections which describe how to configure each step follow.

8-18 Corecess S5 System With GPON User's Guide


Configuring QoS Service Policy Map

Configuring a Class Map


A class-map is a mechanism that you use to name and to isolate a specific traffic flow (or class)
from all other traffic. The class-map defines the criteria used to match against a specific traffic
flow to further classify it. If you have more than one type of traffic that you want to classify, you
can create another class-map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy-map.

You can classify packets and assign them to specific queues based on the following criteria:

Table 8-1 Criteria for packet classification

Criterion Description Value


any Any traffic
cos The CoS (Class of Service) value 0~7
dsap The DSAP(Destination Service Access Point) value
dscp The DSCP (DiffServe Code Point) value 0 ~ 63
ether-type The Ethernet Type filed value 0 ~ 65535
Fragment-bit The fragment-bit value
input-port The input port number
ip-da The destination IP address
ip-prec The IP precedence value 0~7
ip-sa The source IP address
mac-sa The source MAC address
mac-da The destination MAC address
output-port The output port number
protocol The L4 Protocol field value 0 ~ 255
ssap The SSAP Hex value
tcp-dpn The destination TCP port number 0 ~ 65535
tcp-flag The TCP flag value 0~63
tcp-spn The source TCP port number 0 ~ 65535
ttl The Time To Live value Hex value
udp-spn The source UDP port number 0 ~ 65535
udp-dpn The destination UDP port number 0 ~ 65535
vlan-sid The VLAN ID that the input port belongs to. 1 ~ 4094
vlan-did The VLAN ID that the output port belongs to. 1 ~ 4094

CoS field cannot be included with DSCP or IP precedence in the same class-map.

Configuring QoS 8-19


Configuring QoS Service Policy Map

After creating class-maps, system checks the inbound or outbound packets by the criteria in
class-maps. QoS actions defined in the policy-map for the class will be applied to the classified
packets into classes.

To create a class map and specify the way in which the Corecess S5 System should classify
traffic, enter the following commands in Global configuration mode:

Table 8-2 Creating a class map

Command Description
qos 1. Enter QoS configuration mode.
Class-map 2. Create a class map and enters class-map
<class-map-name> configuration mode.
Match any
match cos <value>
match dsap <value>
match dscp <value>
match ether-type <value>
match fragment-bit <value>
match input-port <port-type>
<slot>/<port>
match ip-da <destination-ip> <mask>
match ip-prec <value>
match ip-sa <source-ip> <wildcard>
match mac-da <destination-mac>
3. Define the classification criteria for the class map.
match mac-sa <source-mac>
match output-port <port-type>
<slot>/<port>
match protocol <protocol field>
match ssap <value>
match tcp-dpn <tcp-port-num>
match tcp-flag <flag-num>
match ttl <value>
match udp-dpn <udp-port-num>
match ucp-spn <udp-port-num>
match vlan-sid <vlan-id>
match vlan-did <vlan-id>
End 4. Return to the Privileged mode.
Show classmap <class-map-name> 5. Verify the class map configuration.

8-20 Corecess S5 System With GPON User's Guide


Configuring QoS Service Policy Map

The following example shows how to create a class map and define a classification criterion by
using the source IP address:

(config)# qos
(config-qos)# class-map class1
(config-cmap)# match ip-sa 172.27.2.16 0.0.255.255
(config-cmap)# end
# show classmap
ClassMap
Name : class1
Match Content : ip-sa 172.27.2.16/0.0.255.255

Total Entries = 1

The following example shows how to create a class map and define the criteria by using the
destination IP address and the destination TCP port number:

(config)# qos
(config-qos)# class-map class2
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255
(config-cmap)# match tcp-dpn 25
(config-cmap)# end
# show classmap class2
ClassMap
Name : class2
Match Content : ip-da 10.10.10.1/0.0.0.255
: tcp-dpn 25

Total Entries = 2
#

To delete a class-map, use the no class-map <class-map-name> command in the QoS


configuration mode. To remove a criterion from a class-map, use no match command in the
class-map configuration mode.

Configuring a Policy Map


A policy-map specifies which traffic class to act on. A policy map can include several classes

Configuring QoS 8-21


Configuring QoS Service Policy Map

that have different classification and QoS actions that are applied to the classes. And, several
policy maps can be applied to an interface. Each policy map should be applied to different types
of traffic.

The Corecess S5 System supports the following QoS actions.

Table 8-3 QoS action supported by the Corecess S5 System

QoS Action Description Command


Action for changing values of QoS field (CoS, IP precedence,
Remarking mark
DSCP)
Action for deciding whether the traffic is discarded or
Packet Filtering Filter
forwarded.
Policing Action for configuring the rate-limiting feature. Rate-limit
Action for configuring the priority(high or low) of the
Priority traffic. The priority is used for selecting the traffic to be Priority
discarded when the system congestion.

To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a
policy-map.

8-22 Corecess S5 System With GPON User's Guide


Configuring QoS Service Policy Map

Creating a Policy-map

To create a policy-map and configure QoS actions for a traffic class, perform this task:

Table 8-4 Creating a policy map

Command Description
qos 1. Enter QoS configuration mode.
62. Create a policy map and enter the policy-
map configuration mode.
Policy-map <policy-map-name>
 <policy-map-name>: Name of
a policy map to define.
3. Specify the class to which the policy map applies and
Class <class-name>
enter the policy-map-class configuration mode.
Filter {deny|logging
|permit|to-proc}
4. Configures QoS actions for the class. Refer to the 메모 [zwyi3]: logging 추가
mark {cos|dscp|ip-prec} <value>
following sections for configuring QoS actions in the
priority <value>
policy-map class configuration mode.
rate-limit rate <value>

End 5. Return to the Privileged mode.


Show policymap 6. Verify the policy map configuration.

The following example shows how to create a policy map and specify a class map to which the
policy map applies:

(config)# qos
(config-qos)# policy-map policy1
(config-pmap)# class class1
(config-pmap-c)# priority 7
(config-pmap-c)# end
# show policymap policy1
PolicyMap

Name : policy1
Linked ClassMap : class1
Policy : priority 7
Total Entries = 1
#

Configuring QoS 8-23


Configuring QoS Service Policy Map

Configuring Policy-Map Class Remarking (CoS, IP Precedence, or


DSCP)

The QoS fields such as the Layer 2 CoS (802.1p field) or Layer 3 IP precedence, ToS, or DSCP
fields are used for classifying the traffic class. Depending on the network state or QoS policy,
user can set these fields to the specified values which can change the priority of traffic.

To set the QoS fields of packets, which belong to the policy-map class to the specified values,
perform this task in the Policy map class configuration mode.

Table 8-5 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map

Command Description
qos 1. Enter QoS configuration mode.
63. Create a policy map and enter policy-map configuration
Policy-map
mode.
<policy-map-name>
 <policy-map-name>: The name of a policy-map.
64. Specify the class to which the policy map applies and enter
policy-map-class configuration mode.
Class <class-name>
 <class-name>: The name of the class to which the policy map
applies.
65. Specify the value and type of the field to change.
 cos <value>: Specify the value of the CoS field (0 ~ 7).
Mark {cos | dscp |
 dscp <value>: Specify the value of the DSCP field. (0 ~ 64).
ip-prec} <value>
 ip-prec <value>: Specify the value of the IP precedence field(0 ~
7).

This example configure remarking feature to set the CoS field to “7” of the traffic class class3 in
the policy map polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# mark cos 7
(config-pmap-c)#

8-24 Corecess S5 System With GPON User's Guide


Configuring QoS Service Policy Map

Configuring Packet Filtering

In a policy-map, you can add criteria for filtering a traffic class or forwarding it to the internal
system processor.

To add a criterion for deciding whether filtering packets or forwarding, perform this task.

Table 8-6 Configuring packet filtering of a traffic class in a policy map

Command Description
qos 1. Enter QoS configuration mode.
66. Create a policy map and enter policy-map
Policy-map <policy-map-name> configuration mode.
 <policy-map-name>: The name of a policy-map.
67. Specify the class to which the policy map applies
and enter policy-map-class configuration mode.
Class <class-name>
 <class-name>: The name of the class to which the policy
map applies.
68. Select the filtering method of the traffic class.
Filter  deny: Discard the traffic.
{deny|permit|to-proc}  permit: Forward the traffic.
 to-proc: Send the traffic to the CPU.

This example configures to discard the traffic class class2 in the policy map polmap6:.

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# filter deny
(config-pmap-c)#

Configuring QoS 8-25


Configuring QoS Service Policy Map

Configuring Policy-Map Class Priority

The priority command in the policy-map configuration mode can assign the user-defined
priority to a traffic class. This user-defined priority is used for selecting one of eight
transmission queues in an output port for buffering packets. It is also used as the value for CoS
field. By default, a transmission queue is select by this user-defined priority. However, you can
use the CoS, DSCP, or VLAN ID when selecting a transmission queue. To do this, use the
queue-precedence command in the QoS configuration mode.

The following is a procedure for specifying the user-defined priority for a traffic class:

Table 8-7 Specifying a priority of a traffic class in a policy map

Command Description
qos 1. Enter QoS configuration mode.
Policy-map 69. Create a policy map and enter policy-map configuration
<policy-map- mode.
name>  <policy-map-name>: The name of a policy-map.
70. Specify the class to which the policy map applies and enter
Class <class- policy-map-class configuration mode.
name>  <class-name>: The name of the class to which the policy map
applies.
71. Gives priority to a class of traffic belonging to a policy-map.
Priority
 <value>: Priority (0 ~ 7). ‘0’ is the lowest priority queue and ‘7’ is the
<value>
highest priority queue.

This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map
polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class4
(config-pmap-c)# priority 7
(config-pmap-c)#

8-26 Corecess S5 System With GPON User's Guide


Configuring QoS Service Policy Map

Configuring Policy-Map Class Policing (Rate-Limiting)

In a policy map, you can configure the rate limiting feature which discards the packets that
exceed the bandwidth limits.

Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a
packet is classified, the rate limiting process can begin. The rate limiting involves creating a
policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are
dropped.

To configure the rate limiting feature in a policy map, perform this task in the Global
configuration mode:

Table 8-8 Configuring rate-limit of a traffic class in a policy map

Command Description
qos 1. Enter QoS configuration mode.
Policy-map 72. Enter policy-map configuration mode.
<policy-map-name>  <policy-map-name>: The name of a policy-map.
73. Specify the class to which the policy map applies and enter
policy-map-class configuration mode.
Class <class-name>
 <class-name>: The name of the class to which the policy map
applies.
74. Establish target bandwidth to apply Policy.
Rate-limit rate
 <target-rate> : input target bandwidth by 64 Kbpses (0 ~
<target-rate>
1000000, Kbps) .
bucket <bucket>
 <bucket> : Input bucket size (dimension : bytes)
메모 [zwyi4]: we delete

Note: Policing can be applied to a specific port as well as a specific traffic class. Entering description of unit.
the rate-limit command in the QoS configuration mode specifies the target bandwidth to be
applied to both incoming and outgoing traffic through a port. How to configur e policing for a
port will be described later in this chapter.

This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting
in the policy map polmap6:

(config)# qos
(config-qos)# policy-map polmap6
(config-pmap)# class class2
(config-pmap-c)# rate-limit rate 640
(config-pmap-c)#

Configuring QoS 8-27


Configuring QoS Service Policy Map

Configuring Service Policy


Service policy specifies which policy map is applied in the defined policy maps. If QoS action is
related to bandwidth such as bandwidth, rate-limit and weight, an output port that QoS
action is applied should be specified in service policy. If QoS action is filter, mark or
priority, you don’t need to specify an output port.

Defining class map and policy map is a process to make rules for QoS. On the other hand,
defining service policy is a process to select which rule is applied and which port uses the rule.

To configure service policy, use the following commands.

Table 8-9 Applying QoS service policy

Command Description
qos 1. Enter the QoS configuration mode.
Service-policy <service-name> 75. Define service policy.
policy-map <policy-map-name>  <service-name> Name of the service map.
[input-port gigabitethernet  <policy-map-name> Name of the policy map.
<slot>/<port>] [output-port  input-port Attach the policy map to input traffic.
gigabitethernet  output-port Attach the policy map to output traffic.
<slot>/<port>]  <slot>/<port> Slot number and port number
end 3. Return to the Privileged mode.
Show service-policy
4. Verify the service policy configuration.
[<service-policy-name>]

Note: Defining service policy, you can allocate aggregated ID to the specified port. In other
words, Between 1/1 port and 1/2 port in LACP, you can apply QoS rules not to 1/2 port but
to 1/1 port, the representative port between two ports . Naturally, rules applied to 1/1 can be
also applied to 1/2 port. And QoS rules before LACP is no more valid. However, in the
moment that the ports are free from LACP, the previous rules will be just applied. To
comprehend more detailed Description, confirm chapter.14 LACP Configuring.

8-28 Corecess S5 System With GPON User's Guide


Configuring QoS Service Policy Map

This example applies the policy map named ‘polmap6’ to the Gigabit Ethernet port 17/1 and
verifies the configuration:

(config)# qos
(config-qos)# service-policy service1 policy-map polmap6 input-port gigabitethernet 17/1
(config-qos)# end
# show service-policy
ServicePolicy
Name : service1
Linked PolicyMap : polmap6
Port(In ) : 17/1
Port(Out) : 17/1

Total Entries = 1
#

Configuring QoS 8-29


Configuring Non-Class-map QoS Features

Configuring Non-Class-map QoS Features


The previous sections describe QoS features for the traffics classified by class maps(classifiers).
The Corecess S5 System has QoS features which can be applied without classifiers. This section
describes how to configure these non-class-map QoS features.

Controlling Scheduling mode on port


Table 8-10 Controlling scheduling mode

Command Description
config 1. Enter configuration mode.

76. Set the control function of broadcast storm on VLAN.


Port gigabitethernet
 <slot>/<port> Slot number and port number
<slot>/<port> tx-queue
 spq : strict priority mode
mode <sqp|wrr>
 wrr : Weighted round robin mode

end 3. Return to Privileged mode.

Write momory 4. Save the changed configuration.

Controlling Broadcast Storm


In the Corecess S5 System, you can set the maximum value of broadcast traffic to each port or
VLAN not to occur broadcast storm. At this time, all broadcast packets that exceed the
maximum value are discarded.

To control broadcast storm, use the following commands.

Table 8-11 Controlling Broadcast Storm

Command Description
qos 1. Enter QoS configuration mode.

Broadcast-storm-control 77. Set the control function of broadcast storm on VLAN.


[port gigabitethernet  <slot>/<port> Slot number and port number
<slot>/<port> |  <vlan-id> VLAN ID (1~4094)
vlan id <vlan-id>]  <packet-number> The maximum number of packet that can
pps <packet-number> transmit per a second (16~1048560)

8-30 Corecess S5 System With GPON User's Guide


Configuring Non-Class-map QoS Features

end 3. Return to Privileged mode.

Write momory 4. Save the changed configuration.

The following example shows how to discard excess packets when broadcast packet is received
more than 256 per a second.

(config)# qos
(config-qos)# broadcast-storm-control vlan id 1 pps 256
(config-qos)#

Configuring QoS 8-31


Configuring Non-Class-map QoS Features

Configuring Packet Filtering


This section describes types of packet filtering, filtering purpose and how to configure packet
filtering.

Packet Filtering

The packet filtering is used in the following cases.

 DHCP Packet Filtering


When a host which is connected to the Corecess S5 System operates a DHCP server, unusual
IP addresses can be assigned to other hosts. The Corecess S5 System can filter packets of the
DHCP server received from the host to prevent assigning unusual IP address.

 File and Resource Sharing Protocol Filtering


To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter the following protocols:

- Apple FileSharing Protocol


- Rendezvous Protocol
- NetBIOS Protocol
- UpnP (Universal Plug & Play) Protocol

 Default Traffic Filtering


The Corecess S5 System can filter default traffic that is not classified by class map.

 Broadcast Packet Filtering


To prevent hosts that are connected with the Corecess S5 System from transmitting
unnecessary broadcast packets to other networks, the Corecess S5 System can filter broadcast
packet transmitted form a particular port.

8-32 Corecess S5 System With GPON User's Guide


Configuring Non-Class-map QoS Features

DHCP Packet Filtering

If a host who is connecting to a Corecess S5 System runs a private DHCP server, other
subscribes connected with the Corecess S5 System may receive an invalid IP address from that
private DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.

Internet or LAN

Corecess S5 System
Filter DHCP Offer packets received
from the DHCP server of ONU

ONU ONU ONU

Host DHCP Server Host

To discard the all DHCP packets, enter the following commands:

Table 8-12 Filtering DHCP Offer Packet

Command Description
qos 1. Enter QoS configuration mode.
78. Filter DHCP server packet received to the specified
port. If a port is not specified, all port of the system are
Dhcp-offer filter discard filtered.
[port gigabitethernet
<slot>/<port>]  accept Allow receiving DHCP server packet.
 discard Discard receiving DHCP server packet.
 <slot>/<port> Slot number and port number
end 3. Return to the Privileged mode.
4. Display the ports configured to filter the DHCP packets received
Show dhcp-offer-filter
from hosts..

Configuring QoS 8-33


Configuring Non-Class-map QoS Features

The following example configures to discard all the DHCP OFFER packets received from the all
the ports:

(config)# qos
(config-qos)# dhcp-offer filter discard
(config-qos)# end
# show dhcp-offer-filter
Dhcp Offer Filter Ports
Accept :
Discard : All Ports
#

File and Resource Sharing Protocol Filtering

To prevent hosts that are connected on the same VLAN from sharing files and resources, the
Corecess S5 System can filter protocols as follows:

Ethernet Switch Internet or LAN

Corecess S5 System

ONU
ONU

호스트 호스트

Host Host

8-34 Corecess S5 System With GPON User's Guide


Configuring Non-Class-map QoS Features

To filter the packet of file and resource sharing protocol, use the following commands.

Table 8-13 Filtering File and Resource Sharing Protocol

Command Description
qos 1. Enter QoS configuration mode.
2. Set to deny receiving particular protocol packets.
Apple-filesharing-protocol 2-1. Refuse Apple FileSharing packets. This command is applied
filter discard to all ports.
Netbios filter discard
2-2. Refuse NetBIOS packet received to the specified port.
[port gigabitethernet
 <slot>/<port> Slot number and port number
<slot>/<port>]
2-3. Refuse Rendezvous packets. This command is applied to all
rendezvous filter discard
ports.
Upnp filter discard 2-4. Refuse UpnP packets. This command is applied to all ports.
End 3. Return to Privileged mode.
Show running-config 4. Verify the filtering configuration.

The following example shows how to filter the file and resource sharing protocols received to
all ports.

(config)# qos
(config-qos)# apple-filesharing-protocol filter discard
(config-qos)# netbios filter discard
(config-qos)# rendezvous filter discard
(config-qos)# upnp filter discard
(config-qos)# end
# show running-config
.
.
!
qos
default traffic deny
shaping output-port gigabitethernet 17/1 rate 128000
netbios filter discard
rendezvous filter discard
apple-filesharing-protocol filter discard
upnp filter discard
!
.
.

Configuring QoS 8-35


Configuring Non-Class-map QoS Features

Default Traffic Filtering

Default traffic is traffic that is not classified with defined class map in the Corecess S5 System. If
default traffic is filtered, traffic that is not specified by network operators is discarded, so it can
prevent traffic that is not permitted from receiving.

To filter default traffic, use the following commands.

Table 8-14 Filtering Default Traffic

Command Description
qos 1. Enter QoS configuration mode.

Default traffic deny 2. Set default traffic to be refused.

End 3. Return to Privileged mode.

Show default-traffic-policy 4. Verify the filtering configuration..

The following example shows how to refuse default traffic that is not classified with class map.

(config)# qos
(config-qos)# default traffic deny
(config-qos)# end
# show default-traffic-policy
Default QoS Traffic Policy
Deny
#

8-36 Corecess S5 System With GPON User's Guide


Configuring Non-Class-map QoS Features

Broadcast Packet Filtering

The Corecess S5 System can filter broadcast packets that are transmitted from a particular port.
It prevents unnecessary broadband packets from transmitting.

To filter broadband packets, use the following commands.

Table 8-15 Filtering Broadcast Packet

Command Description
qos 1. Enter QoS configuration mode.

Egress-filter broadcast 79. Discard broadcast packets from a particular port on the
vid <vlan-id> port specified VLAN.
gigabitethernet  <vlan-id> VLAN ID (1 ~ 4094)
<slot>/<port>  <slot>/<port> Slot number and port number
end 3. Return to Privileged mode.

The following example shows how to filter broadcast packet on the Gigabit Ethernet port 17/1.

(config)# qos
(config-qos)# egress-filter broadcast vid 1 port gigabitethernet 17/1
(config-qos)#

Configuring QoS 8-37


QoS Configuration Commands

QoS Configuration Commands


The following table lists the commands for configuring QoS on the Corecess S5 System:

Table 8-16 QoS Configuration Commands

Command Description Mode


Assign the user defined priority for the specified VLAN
8021p user-priority
or port.
apple-filesharing-
protocol filter Refuse Apple FileSharing packet.
discard
Broadcast-storm-
Set control function of broadcast storm.
control
Class-map Define class map to classify packet.
Set packets that are not classified with class map to be
Default traffic deny
discarded. QoS
Dhcp-offer filter Filter DHCP server packet received to the specified port. Configuratio
Egress-filter Discard broadcast packets that are transmitted from a n Mode
broadcast particular port on the specified VLAN.
Refuse NetBIOS packets that are received to the
Netbios filter discard
specified port.
Policy-map Define/Change service policy for traffic class.
Rate-limit Configure rate limiting function.
Rendezvous filter
Set to refuse Rendezvous packet.
discard
Define service policy that specifies policy map and a
Service-policy
port.
Set shaping function for traffic that is transmitted QoS
Shaping
through the specified output port. Configuratio
upnp filter discard Refuse UpnP packet. n Mode

Command Description Mode


Add the entry that compares CoS value of the packet to
match cos
class map.
Add the entry that compares DSCP value of the packet to
match dscp
class map.
Add the entry that compares destination IP address of the
Match ip-da
packet to class map.
Add the entry that compares IP precedence value of the Class-map
Match ip-prec
packet to class map. Configurati
Add the entry that compares source IP address of the packet on Mode
Match ip-sa
to class map.
Add the entry that compares destination MAC address of
Match mac-da
the packet to class map.
Add the entry that compares source MAC address of the
Match mac-sa
packet to class map.
Match tcp-dpn Add the entry that compares TCP port number for receiving

8-38 Corecess S5 System With GPON User's Guide


QoS Configuration Commands

packets to class map.


Add the entry that compares TCP port number for
Match tcp-spn
transmitting packets to class map.
Add the entry that compares UDP port number for
Match udp-dpn
receiving packets to class map.
Add the entry that compares UDP port number for
Match udp-spn
transmitting packets to class map.
Filter Set filtering rule of the specified class traffic.
Change the values of CoS field, IP precedence and DSCP Policy-map
mark
field for the specified class traffic. class
Specify the priority of queue that is used when the specified Configurati
Priority
class traffic is in network congestion. on mode
Rate-limit Set rate limiting function to the specified class traffic.

Configuring QoS 8-39


QoS Configuration Commands

8-40 Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Chapter 9 Configuring DHCP

This chapter describes how to configure DHCP server or DHCP relay agent.
DHCP (Dynamic Host Configuration Protocol) Overview

DHCP (Dynamic Host Configuration Protocol)


Overview
DHCP Server

DHCP has client-server architecture. A DHCP server is generally located in central place, and is
operated by network operators. DHCP server can receive reliable and appropriate information
for the current network status because of network operators.

Most of network consists of several subnets called VLAN. Each VLAN should basically have a
DHCP server because packets are only broadcasted in internal VLAN. If a VLAN has not a
DHCP server, it should be configured that the VLAN supports the DHCP relay agent feature.

A DHCP client broadcasts DHCPDISCOVER message to search a DHCP server. If there is a


DHCP server in the network, the DHCP server assigns an IP address as response to the DHCP
client. The DHCP client, which is assigned the IP address, requests lease time for using the IP
address to the DHCP server.

Communication between DHCP Server and Client

DHCP clients and DHCP servers request and transmit information using DHCP messages. The
following figure shows the basic steps that occur when a DHCP client requests an IP address
from a DHCP server.

1. DHCPDISCOVER

2. DHCPOFFER

3. DHCPREQUEST

4. DHCPACK

DHCP Client 5. DHCPRELEASE DHCP Server

9-2 Corecess S5 System With GPON User's Guide


DHCP (Dynamic Host Configuration Protocol) Overview

80. DHCPDISCOVER
A DHCP Client broadcasts the DHCPDISCPVER message to local network for searching a
DHCP server.

81. DHCPOFFER
If there is a DHCP server in the local network, the DHCP server, which receives the
DHCPDISCOVER message, transmits the DHCPOFFER message with DHCP configuration
parameters (IP address, MAC address, domain name and assigned time of IP address).

82. DHCPREQUEST
When the DHCP client, which transmitted DHCPDISCOVER message, receives the
DHCPOFFER message, the DHCP client transmits the DHCPREQUEST message to
requests that the client uses the received parameters.

83. DHCPACK
When the DHCP server receives the DHCOREQUEST message, the DHCP server transmits
the DHCPACK message to approve that the client can use the assigned IP address.

84. DHCPRELEASE
When lease time of IP address that the DHCP client uses is over, or the DHCP client is shut
down, the DHCPRELEASE message is transmitted.

Configuring DHCP 9-3


Configuring DHCP Server

Configuring DHCP Server


Sequence to configure DHCP Server
The sequence to configure the most basic DHCP Server in Corecess S5 system is as shown
below:

 Enable DHCP Server in the interface to be used;

 Create IP Pool to be connected with DHCP Server;

 Designate the IP address range to be allocated in IP Pool;

 Designate the Host to use static IP;

 Configure DHCP Server Parameter to be allocated when allocating the IP of corresponding Pool in IP Pool; and

 Connect interface and IP Pool.

Values to be identified
Corecess S5 configures DHCP Server by VLAN unit. To configure DHCP Server, below-listed
values should be identified in advance:

 Interface to configure DHCP Server;

 Range of IP to be allocated;

 Various network information including the gateway address to be used by the Host to which IP was
allocated; and

 IP lease time.

9-4 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

Activating DHCP Server


DHCP Server is Enabled by executing below-shown commands:

Command Description
configure terminal Enter into Configuration mode.
Interface vlan id [id] Enter into Interface mode.
Ip dhcp server Enable DHCP Server.
End Return to Privileged mode.
Show ip dhcp interface Check the activation of DHCP Server.

Below-shown is the example to Enable DHCP Server:

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp server
localhost(config-if)# end
localhost# show ip dhcp interface

Interface DHCP Status


vlan32 DHCP Disabled
vlan50 DHCP Server
vlan1000 DHCP Disabled
localhost#

To disable DHCP Server so as not to act anymore, run no ip dhcp server command in Interface
Mode.

Localhost(config-if)# no ip dhcp server


localhost(config-if)#

Configuring DHCP 9-5


Configuring DHCP Server

Configuring GLOBAL DHCP Parameters

Below-shown are the kinds and default values of parameters supplied by DHCP in Corecess:

Parameter Description Default Value


Default lease time IP lease time allocated to Client 43200
Default gateway Default gateway address of client
Dns server DNS Server address
Log server LOG Server address
Wins server WIN Server address
Merit dump Path of Merit dump file where Core image of client is saved
Root path Path where Root disk of client exists

These DHCP Parameters may set distinguishing into Global mode applied to all the subnet and
IP Pool mode applied to only one subnet.
If the setting is done to both Global mode and IP Pool mode, the value set in IP Pool mode is
firstly applied in corresponding subnet.
The method to designate the parameter as the prior Global mode as shown below:

Command Work
configure terminal Enter into Global Configuration mode.
Ip dhcp leasetime <time> Designate Default lease allocation time.
Ip dhcp default-gateway <ip-
address> Designate default gateway.
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-path <string> Designate the path of Root disk.

Setting default lease time


The default lease time of IP to be allocated to client may be set as shown below:

Localhost(config)# ip dhcp leasetime 86400


Set lease time to 86400

9-6 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

Localhost(config)#

To return the default lease time to default setting value, 43200, execute no ip dhcp leasetime
command.

Setting default gateway


The IP of default gateway may be set as shown below:

Localhost(config)# ip dhcp default-gateway 50.1.1.1


set default gateway to 50.1.1.1.
Localhost(config)#

To delete default gateway setting, execute no ip dhcp default-gateway command.

Setting DNS Server IP


The IP of DNS Server may be set as shown below:

Localhost(config)# ip dhcp dns-server 60.1.1.1


dns server setting is finished.
Localhost(config)#

It is also possible to set multiple Ips at a time. (maximum 3)

Localhost(config)# ip dhcp dns-server 60.1.1.1 60.1.1.2 60.1.1.3


dns server setting is finished.
Localhost(config)#

To delete set DNS Server address, execute no ip dhcp dns-server command.

Setting Log Server IP


The IP of Log Server may be set as shown below:

Localhost(config)# ip dhcp log-server 70.1.1.1


log server setting is finished.
Localhost(config)#

It is also possible to set multiple Ips at a time. (maximum 3)

Configuring DHCP 9-7


Configuring DHCP Server

Localhost(config)# ip dhcp log-server 70.1.1.1 70.1.1.2 70.1.1.3


log server setting is finished.
Localhost(config)#

To delete set Log Server address, execute no ip dhcp log-server command.

Setting WINS Server IP


The IP of WINS Server may be set as shown below:

Localhost(config)# ip dhcp wins-server 80.1.1.1


WINS server setting is finished.
Localhost(config)#

It is also possible to set multiple Ips at a time. (maximum 3)

Localhost(config)# ip dhcp wins-server 80.1.1.1 80.1.1.2 80.1.1.3


WINS server setting is finished.
Localhost(config)#
To delete set WINS Server address, execute no ip dhcp WINS server command.

Setting Merit-dump-file path


The path of merit-dump-file may be set as shown below:

localhost(config)# ip dhcp merit-dump-file /tmp/boot.img


set merit-dump-file-path to /tmp/boot.img
localhost(config)#
To delete the set path information of merit-dump-file, execute no ip dhcp merit-dump-file
command.

Setting root-path
The path of root disk may be set as shown below:

localhost(config)# ip dhcp root-pathname /tmp/


set root path to /tmp/
localhost(config)#

To delete set root-path, execute no ip dhcp root-path command.

9-8 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

Creating IP Pool
In IP Pool, Ips allocated to clients in DHCP Server and related parameters may be set. To do so,
IP Pool should be created in advance.
To create IP Pool, execute below-shown command.

Command Description
configure terminal Enter into Global Configuration mode.
Ip pool <string> Create IP Pool named <string>.
End Return to Privileged mode.
Show service-manager ip pool config Check created IP Pool.

Below-shown is the example to create IP Pool.

Localhost# configure terminal


localhost(config)# ip pool test
localhost(config-ippool)# end
localhost# show service-manager
interface ip protocol-manager session
localhost# show service-manager ip pool config

Service Manager Static Host


Used Static Host Address Count : 0
Free Static Host Address Count : 0

Service Manager Ip Pool test


Used IP Address Count : 0
Free IP Address Count : 0
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%

To delete IP Pool, execute no ip pool test command in Config mode.

Setting IP subnet and address range


The range of IP address and subnet to be allocated to clients is set.
Subnet and IP address range may be set with use of below-shown commands:

Configuring DHCP 9-9


Configuring DHCP Server

Command Description
configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Network <ip-address/mask> Set subnet.
Ip range dhcp <start-ip> <end-ip> or
IP range to be allocated is set.
ip range dhcp <ip-address/mask>
End Return to Privileged mode.
Show service-manager ip pool config Check pool setting.

The next is the example to set the IP range to be allocated to subnet in IP Pool.

Localhost# configure terminal


localhost(config)# ip pool test
localhost(config-ippool)# network 50.1.1.0/24
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254
localhost(config-ippool)# end
localhost# show service-manager
interface ip protocol-manager session
localhost# show service-manager ip pool config

Service Manager Static Host


Used Static Host Address Count : 0
Free Static Host Address Count : 0

Service Manager Ip Pool test


Range : 50.1.1.2 ~ 50.1.1.254
Used IP Address Count : 0
Free IP Address Count : 253
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%
localhost#

To delete subnet and IP address range set in IP Pool, execute below-shown commands:

When deleting subnet:


localhost(config-ippool)# no network
When deleting IP address range:
localhost(config-ippool)# no ip range dhcp <ip address range>
- At this time, set <ip address range> as the value inputted at first creation.

9-10 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

Ex)
When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254

When deleting:
localhost(config-ippool)# ip range dhcp 50.1.1.3 50.1.1.254 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.250 (X)
localhost(config-ippool)# ip range dhcp 50.1.1.2 50.1.1.254 (O)

When creating:
localhost(config-ippool)# ip range dhcp 50.1.1.0/24

When deleting:
localhost(config-ippool)# no ip range dhcp 50.1.1.0/26 (X)
localhost(config-ippool)# no ip range dhcp 50.1.1.0/24 (O)

To exclude specific IP range from the allocation range, use below-shown commands:

Command Description
configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Ip range excluded-address <start-ip> Set the IP Range to be excluded from allocation
<end-ip> range.
End Return to Privileged mode.
Show service-manager ip pool config Check pool setting.

Below-shown is the example to set the IP Range to be excluded from the allocation range in IP
Pool.

Localhost# configure terminal


localhost(config)# ip pool test
localhost(config-ippool)# ip range excluded-address 50.1.1.5 50.1.1.200
localhost(config-ippool)# end
localhost# show service-manager ip pool config

Service Manager Static Host


Used Static Host Address Count : 0
Free Static Host Address Count : 0

Configuring DHCP 9-11


Configuring DHCP Server

Service Manager Ip Pool test


Range : 50.1.1.0/24
Exclusive Range : 50.1.1.5 ~ 50.1.1.200
Used IP Address Count : 0
Free IP Address Count : 58
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%

localhost#

9-12 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

Setting IP Pool Parameters


To set the parameters to be allocated to clients in IP Pool, execute below-shown commands:

Command Description
configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Ip dhcp leasetime <time> Designate Basic lease allocation time.
Ip dhcp default-gateway <ip-
Designate basic gateway.
address>
Ip dhcp dns-server <ip-address> Designate the address of Dns-Server.
Ip dhcp log-server <ip-address> Designate the address of Log-Server.
Ip dhcp wins-server <ip-address> Designate the address of Wins-Server.
Ip dhcp merit-dump-file <string> Designate the route of Merit-dump-file.
Ip dhcp root-pathname <string> Designate the path of Root disk.

Setting basic lease time


The basic lease time of IP to be allocated to client may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp leasetime 86400
Set lease time to 86400
Localhost(config)#
To return the basic lease time to basic setting value, 43200, execute no ip dhcp leasetime
command.

Setting default gateway


The IP of default gateway may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp default-gateway 50.1.1.1
set default gateway to 50.1.1.1.
Localhost(config)#

To delete default gateway setting, execute no ip dhcp default-gateway command.

Setting DNS Server IP


The IP of DNS Server may be set as shown below:

Configuring DHCP 9-13


Configuring DHCP Server

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp dns-server 60.1.1.1
dns server setting is finished.
Localhost(config)#

It is also possible to set multiple Ips at a time. (maximum 3)

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp dns-server 60.1.1.1 60.1.1.2 60.1.1.3
dns server setting is finished.
Localhost(config)#

To delete set DNS Server address, execute no ip dhcp dns-server command.

Setting Log Server IP


The IP of Log Server may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp log-server 70.1.1.1
log server setting is finished.
Localhost(config)#

It is also possible to set multiple Ips at a time. (maximum 3)


Localhost(config)# ip pool test
Localhost(config-ippool)# ip dhcp log-server 70.1.1.1 70.1.1.2 70.1.1.3
log server setting is finished.
Localhost(config)#

To delete set Log Server address, execute no ip dhcp log-server command.

Setting WINS Server IP


The IP of WINS Server may be set as shown below:

Localhost(config)# ip pool test


Localhost(config-ippool)# ip dhcp wins-server 80.1.1.1
WINS server setting is finished.
Localhost(config)#

It is also possible to set multiple Ips at a time. (maximum 3)

Localhost(config)# ip pool test

9-14 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

Localhost(config-ippool)# ip dhcp wins-server 80.1.1.1 80.1.1.2 80.1.1.3

WINS server setting is finished.

Localhost(config)#

To delete set WINS Server address, execute no ip dhcp WINS server command.

Setting Merit-dump-file path


The path of merit-dump-file may be set as shown below:

Localhost(config)# ip pool test


localhost(config-ippool)# ip dhcp merit-dump-file /tmp/boot.img
set merit-dump-file-path to /tmp/boot.img
localhost(config)#

To delete the set path information of merit-dump-file, execute no ip dhcp merit-dump-file


command.

Setting root-path
The path of root disk may be set as shown below:

Localhost(config)# ip pool test


localhost(config-ippool)# ip dhcp root-pathname /tmp/
set root path to /tmp/
localhost(config)#

To delete set root-path, execute no ip dhcp root-path command.

Configuring DHCP 9-15


Configuring DHCP Server

Configuring Pool Chaining


To allocate Ips to the clients belonging to each subnet when multiple subnets exist in an
interface, create IP Pools corresponding to the number of subnets and connect them with
interface.
IP Pools may separately be registered in the interface and this Pool Chaining method may be
used when intending to firstly allocate the IP of a specific subnet or to designate the IP
allocation order to subnets.
In this Pool Chaining method, the order of IP Pools is designated by connecting the created
pools to a single direction list shape.
Below-shown figure is the example:

Five pools are connected to a single direction list by Pool Chaining method and Pool #1 at the
front is connected with interface.
When IP request is received from a client, IP is firstly allocated to Pool #1 at the left and then in
the order of Pool #2, Pool #3…
Below-shown is the commands to configure Pool Chaining.

Command Description
configure terminal Enter into Global Configuration mode.
Ip pool <string> Create and Enter into <string> pool.
Designate the next Pool to be connected by Pool
Next-pool <string>
Chaining.
End Return to Privileged mode.
Show service-manager ip pool
Check pool setting.
config

Above-shown Pool Chaining may be configured with use of below-shown commands.

Localhost# configure terminal


localhost(config)# ip pool pool5

9-16 Corecess S5 System With GPON User's Guide


Configuring DHCP Server

localhost(config-ippool)# exit
localhost(config)# ip pool pool4
localhost(config-ippool)# next-pool pool5
localhost(config-ippool)# exit
localhost(config)# ip pool pool3
localhost(config-ippool)# next-pool pool4
localhost(config-ippool)# exit
localhost(config)# ip pool pool2
localhost(config-ippool)# next-pool pool3
localhost(config-ippool)# exit
localhost(config)# ip pool pool1
localhost(config-ippool)# next-pool pool2
localhost(config-ippool)# exit
localhost(config)# interface vlan id 50
localhost(config-if)# dhcp address-pool local pool1
localhost(config-if)#

IP allocation by DHCP option


It is possible to set so that the client having the option value same as designated option value
may receive IP allocation.
When using this function, it is possible that IP is allocated only to the client using specific OS or
equipment or separate IP is allocated.
This function becomes available with the option and option value to firstly be applied is set and
the option strategy set in interface mode and IP Pool are connected together.
Commands are as shown below:
Command Description
configure terminal Enter into Global Configuration mode.
Dhcp option <name> id
<option number> value Create and Enter into <string> pool.
<string value>
Dhcp option <option name> Assign the IP address from the address pool defined in <pool name>
address-pool local <pool based on the value in DHCPDISCOVER packets referring to its
name> registered <option name>.
end Return to Privileged mode.
Show service-manager ip
Check pool setting.
pool config
Below-shown is the example setting that DHCP Option 60 allocates IP only to the Packet that is
‘MSFT 5.0’.
localhost(config)#
localhost(config)# dhcp option test id 1 value “MSFT 5.0”
localhost(config)# interface vlan id 32
localhost(config-if)# dhcp option test address-pool local test

Configuring DHCP 9-17


Configuring DHCP Server

localhost(config-if)#

9-18 Corecess S5 System With GPON User's Guide


Configuring DHCP Relay Agent

Configuring DHCP Relay Agent


The process to configure DHCP Relay in Corecess S5 as shown below:

- Activating DHCP Relay


- Designating DHCP Server to be used by DHCP Relay Agent
- Allocating the weight of Secondary IP Address
- Activating option82 function

Activating DHCP Relay


The thing to be done first to configure DHCP Relay Agent is to Enable DHCP Relay by below-
shown method:

Command Description
configure terminal Enter into Configuration mode.
Interface vlan id [id] Enter into Interface mode.
Ip dhcp relay Enable DHCP Relay.

End Return to Privileged mode.


ip dhcp interface
Check the activation of DHCP Server.

Below-shown is the example to Enable DHCP Relay:

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp relay
localhost(config-if)# end
localhost# show ip dhcp interface

Interface DHCP Status


vlan31 DHCP Disabled
vlan5 DHCP Disabled
vlan32 DHCP Server
vlan50 DHCP Relay
vlan1000 DHCP Disabled

In case of DHCP Relay also, like DHCP Server, activation by interface unit is possible. The

Configuring DHCP 9-19


Configuring DHCP Relay Agent

interface to be Enabled is the one that belongs to the network where the client to receive IP
through DHCP exists.

Designating DHCP Server


External DHCP Server to send/receive Packets to/from DHCP Relay may be designated.
External DHCP Server is designated with use of below-shown commands.

Command Description
configure terminal Enter into Global Configuration mode.
Interface vlan id <id> Enter into Interface mode.
Ip dhcp helper-address <ip-address> Set External DHCP Server Address.
End Return to Privileged mode.

Below-shown is the example to designate DHCP Server to send/receive Packets to/from DHCP
Relay.

Localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# end
localhost#

As shown below, designation of multiple DHCP Servers is also possible.

Localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# ip dhcp helper-address 30.1.1.1
server set to 30.1.1.1
localhost(config-if)# ip dhcp helper-address 40.1.1.1
server set to 40.1.1.1
localhost(config-if)# end
localhost#

DHCP Relay unicasts Packets to DHCP Server designated by above-shown commands every
time when the DHCP packet broadcasted by client is received.

9-20 Corecess S5 System With GPON User's Guide


Configuring DHCP Relay Agent

Designating DHCP Secondary weight


When two or more subnets exist in the interface where clients exist, DHCP Server creates IP
Pool to each subnet and allocates IP by the strategy of DHCP Server in each IP Pool upon every
request for IP allocation from corresponding interface.

However, sometimes DHCP Server cannot allocate IP to multiple subnets of an interface. The
purpose of DHCP Secondary weight function is to support IP allocation connected with such
DHCP Server.

To allocate corresponding IP to each subnet, weight should be given to the interface Ips
(secondary Ips) corresponding to each subnet excluding the first subnet.
To give weight to secondary Ips, execute below-shown commands:

Command Description
configure terminal Enter into Global Configuration mode.
Interface vlan id <id> Enter into Interface mode.
Ip dhcp secondary weight
<ip-address> <weight> <total> Set weight to secondary Ips.

End Return to Privileged mode.

In the commands to give weight to secondary Ips, <total> means the whole ratio of Ips for
allocation and <weight> means the ratio of IP allocated to the subnet corresponding to
secondary IP.
Below-shown is the example of such command.

Ip dhcp secondary weight 210.147.10.254 20 100


When this command is executed, DHCP Relay corrects the giaddr field of DHCP Packet and
sends it to DHCP Server so that 20 Ips are allocated to the subnet having 210.147.10.254 as the
gateway IP in the 100 IP request through corresponding interface.

Configuring DHCP 9-21


Configuring DHCP Proxy Server

Configuring DHCP Proxy Server


The method to configure DHCP Proxy Server is as shown below:

Command Description
configure terminal Enter into Global Configuration mode.
Interface vlan id <id> Enter into Interface mode.
Ip dhcp proxy-server Enable DHCP Proxy Server in interface.
End Return to Privileged mode.

Below-shown is the example to configure DHCP Proxy Server.

Localhost#
localhost# configure terminal
localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy-server
Sep 28 15:51:30 localhost DHCP-7-INFO: DHCP Proxy Server serviced on interface
v
lan50.
Localhost(config-if)# end
localhost# show ip dhcp interface

Interface DHCP Status


vlan31 DHCP Disabled
vlan5 DHCP Disabled
vlan32 DHCP Disabled
vlan50 DHCP Proxy Server
vlan1000 DHCP Disabled
localhost#

9-22 Corecess S5 System With GPON User's Guide


Configuring DHCP Proxy Server

Designating DHCP Server


The DHCP Server to send/receive Packets to/from DHCP Proxy Server may be designated.
DHCP Server is designated with use of below-shown commands:

Command Description
configure terminal Enter into Global Configuration mode.
Interface vlan id <id> Enter into Interface mode.
Ip dhcp proxy helper-address <ip-address> Set External DHCP Server Address.
End Return to Privileged mode.

Below-shown is the example to designate DHCP Server:

localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# end
localhost#

As shown below, designation of multiple DHCP Servers is also possible.

Localhost# configure terminal


localhost(config)# interface vlan id 50
localhost(config-if)# ip dhcp proxy helper-address 20.1.1.1
server set to 20.1.1.1
localhost(config-if)# ip dhcp proxy helper-address 30.1.1.1
server set to 30.1.1.1
localhost(config-if)# ip dhcp proxy helper-address 40.1.1.1
server set to 40.1.1.1
localhost(config-if)# end
localhost#

Configuring DHCP 9-23


Displaying DHCP Configuration Information

Displaying DHCP Configuration Information


In this section, the commands to output the various kinds of configuration information of
DHCP are described.

Displaying DHCP Activation Information


When using show ip dhcp interface command, whether DHCP Service (Server, Proxy Server,
and Relay) is Enabled in each interface may be identified.
Below-shown is the example used the command.

Localhost# show ip dhcp interface

Interface DHCP Status


vlan31 DHCP Disabled
vlan5 DHCP Disabled
vlan32 DHCP Disabled
vlan50 DHCP Proxy Server
vlan1000 DHCP Disabled
localhost#

9-24 Corecess S5 System With GPON User's Guide


Displaying DHCP Configuration Information

Displaying IP Pool Configuration information


When using show service-manager ip pool [IP Pool name] config command, the configuration
information of corresponding IP Pool may be identified.
Also, when using show service-manager ip pool config command, the setting information of
all IP Pools created until now may be identified.
Below-shown is the example used the command.

Localhost# show service-manager ip pool test config

Service Manager Static Host


Used Static Host Address Count : 0
Free Static Host Address Count : 0

Service Manager Ip Pool test


Range : 50.1.1.50 ~ 50.1.1.60
Used IP Address Count : 0
Free IP Address Count : 11
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%

localhost#

localhost# show service-manager ip pool config

Service Manager Static Host


Used Static Host Address Count : 0
Free Static Host Address Count : 0

Service Manager Ip Pool test


Range : 50.1.1.50 ~ 50.1.1.60
Used IP Address Count : 0
Free IP Address Count : 11
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%

Configuring DHCP 9-25


Displaying DHCP Configuration Information

Service Manager Ip Pool test2


Range : 60.1.1.10 ~ 60.1.1.20
Used IP Address Count : 0
Free IP Address Count : 11
Declined IP Address Count : 0
IP Pool Usage Level : 0.00%

localhost#

9-26 Corecess S5 System With GPON User's Guide


Displaying DHCP Configuration Information

Displaying allocated lease information


Displaying whole lease information
When using show ip dhcp leases command, all the lease information allocated by DHCP Server
or Proxy Server may be identified.
Below-shown is the example used the command.

Localhost# show ip dhcp leases

DHCP Lease Information


(current time : 2007/06/28 17:32:50)

Interface name : vlan250


IP Address MAC Address Status Remain
50.1.1.50 00:e0:00:59:53:e1 active 00h:59m
50.1.1.51 00:e0:00:53:53:e2 active 00h:59m
Total 2 Entries Assigned

Interface name : vlan200


IP Address MAC Address Status Remain
60.1.1.50 00:e0:10:ac:53:e1 active 00h:59m
Total 1 Entries Assigned

Total lease count with all interfaces : 3


localhost#

Configuring DHCP 9-27


Displaying DHCP Configuration Information

Displaying the lease information of each interface


When using show ip dhcp leases interface vlan id [vlanid] command, the lease information
belonging to corresponding interface may be identified.
Below-shown is the example used the command.

Localhost# show ip dhcp leases interface vlan id 250

DHCP Lease Information


(current time : 2007/06/28 17:34:27 interface : vlan250)

Interface name : vlan250


IP Address MAC Address Status Remain
50.1.1.50 00:e0:00:59:53:e1 active 00h:57m
50.1.1.51 00:e0:00:53:53:e2 active 00h:57m
Total 2 Entries Assigned

localhost#

Displaying lease information in detail


When using show ip dhcp leases detail command, detailed information of each lease may be
identified.
Below-shown is the example used the command.

Localhost# show ip dhcp leases detail

DHCP Lease Information


(current time : 2007/06/28 17:35:13)

Interface name : vlan250


IP Address : 50.1.1.50
MAC Address : 00:e0:00:59:53:e1
Status : active
Client Id : 00:e0:00:59:53:e1
Start time : 06/28 17:32:17
Renewing time : 06/28 17:32:17
End time : 06/28 18:32:17
Remain time : 00h:57m:04s

Total 1 Entries Assigned

9-28 Corecess S5 System With GPON User's Guide


Displaying DHCP Configuration Information

Interface name : vlan200


Total 0 Entries Assigned

Total lease count with all interfaces : 1


localhost#

Displaying summarized information of whole lease


When using show ip dhcp leases summary command, the summarized information of whole
lease may be identified.
Below-shown is the example used the command.

Localhost# show ip dhcp leases summary

DHCP Lease Information Summary


(current time : 2007/06/28 17:40:18 )
Interface Allocated Lease
vlan250 2
vlan200 1
Total 3
localhost#

Configuring DHCP 9-29


Displaying DHCP Configuration Information

Displaying DHCP Packet statistics information


To identify the flow of DHCP Packet, the function to identify the statistics information of DHCP
Packet is provided. This function may valuably be used to identify the cause of trouble when a
trouble is occurred in DHCP Service.

Displaying whole statistics information


When using show ip dhcp packet statistics command, the packet statistics information on all
the interfaces may be identified.
Below-shown is the example used the command.

Localhost# show ip dhcp packet statistics


DHCP Statistics
rxDhcpDiscovers : 3 txDhcpDiscovers : 0
rxDhcpRequests : 5 txDhcpRequests : 0
rxDhcpOffers : 0 txDhcpOffers : 3
rxDhcpAcks : 0 txDhcpAcks : 4
rxDhcpNaks : 0 txDhcpNaks : 1
rxDhcpDeclines : 0 txDhcpDeclines : 0
rxDhcpReleases : 1 txDhcpReleases : 0
rxDhcpInforms : 1 txDhcpInforms : 0
rxDhcpBadPackets : 1 txErrorPackets : 0
rxTotalPackets : 11 txTotalPackets : 8
rxBootpRequest : 0 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
localhost#

9-30 Corecess S5 System With GPON User's Guide


Displaying DHCP Configuration Information

Displaying statistics information on each interface


When using show ip dhcp packet statistics interface vlan id [vlanid] command, the statistics
information on corresponding interface may be identified.
Below-shown is the example used the command.

Localhost# show ip dhcp packet statistics interface vlan id 250


DHCP Statistics : vlan250
rxDhcpDiscovers : 3 txDhcpDiscovers : 0
rxDhcpRequests : 5 txDhcpRequests : 0
rxDhcpOffers : 0 txDhcpOffers : 3
rxDhcpAcks : 0 txDhcpAcks : 4
rxDhcpNaks : 0 txDhcpNaks : 1
rxDhcpDeclines : 0 txDhcpDeclines : 0
rxDhcpReleases : 1 txDhcpReleases : 0
rxDhcpInforms : 1 txDhcpInforms : 0
rxDhcpBadPackets : 1 txErrorPackets : 0
rxTotalPackets : 11 txTotalPackets : 8
rxBootpRequest : 0 txBootpRequest : 0
rxBootpReply : 0 txBootpReply : 0
localhost#

Configuring DHCP 9-31


Displaying DHCP Configuration Information

DHCP Configuration Commands


The following table lists the commands for configuring DHCP on the Corecess S5 System:

Table 9-1 DHCP configuration Commands

Command Description
dhcprelay Enables the DHCP relay agent on the Corecess S5 System.
Dhcprelay security Enables the DHCP relay security feature.
Adds the DHCP servers which will assign the IP address to the DHCP
Dhcprelay serverlist
relay.
Dhcpserver bootp Allows for the DHCP server to respond to the BOOTP queries.
Specifies the global default Domain Name System (DNS) server which
Dhcpserver defaultdns
applies to all the DHCP subnets.
Dhcpserver
Specifies the global default gateway list for all the DHCP subnets.
defaultgateway
Dhcpserver Specifies the duration of the lease for an IP address that is assigned from
defaultleasetime a DHCP server to a DHCP client.
Dhcpserver Enables the DHCP server on the Corecess S5 System.
Dhcpserver host Specifies the IP address for a manual binding to a DHCP client.
Specifies a log server to which logging information DHCP clients are
Dhcpserver log-server
sent.
Dhcpserver
Specifies the upper limit of the default lease time.
maxleasetime
Specifies the path name of the merit dump file to which the client’s core
Dhcpserver merit-dump
image should be placed in the event the client crashes.
Dhcpserver root-path Specifies the path name that contains the client’s root disk.
Dhcpserver security Enables the DHCP server security feature.
Adds a DHCP subnet. The clients in the DHCP subnet can be assigned
Dhcpserver subnet
the IP addresses from the DHCP server.
Dhcpserver subnet
Specifies the default Domain Name System (DNS) server for a subnet.
defaultdns
Dhcpserver subnet
Specifies the default gateway list for a subnet.
defaultgateway
Specifies the duration of the lease for an IP address that is assigned to the
Dhcpserver subnet
DHCP clients in a subnet. This value will apply to the specified DHCP
defaultleasetime
subnet.

9-32 Corecess S5 System With GPON User's Guide


Displaying DHCP Configuration Information

(Continued)
Command Description
dhcpserver subnet
Specifies the high-threshold of the number of the leased IP addresses.
highthreshold
Dhcpserver subnet Sets the range of addresses (or address pool) for DHCP clients in the
iprange specified subnet.
Dhcpserver subnet Specifies a log server to which logging information DHCP clients are sent
log-server for a subnet.
Dhcpserver subnet
Specifies the low-threshold of the number of the leased IP addresses.
lowthreshold
Dhcpserver subnet
Specifies the upper limit of the default lease time for a subnet.
maxleasetime
Dhcpserver subnet Specifies the path name of the merit dump file to which the client’s core
merit-dump image should be placed in the event the client crashes for a subnet.
Dhcpserver subnet
Specifies the path name that contains the client’s root disk for a subnet.
root-path
Dhcpserver unicast Allows for the DHCP server to send unicast reply.
Dhcpserver Allows for the DHCP server to assign IP addresses to the unknown
unknownclien ts hosts.
Show dhcp statistics Shows the statistics of the DHCP
show dhcp version Shows the version of the DHCP module.
Show dhcprelay Shows the status of the DHCP relay agent
show dhcprelay Shows the list of the DHCP servers which assign the IP addresses to the
serverlist clients of the DHCP relay agent.
Show dhcpserver Shows the global DHCP server configuration.
Show dhcpserver host Shows the list of the static hosts who can get the fixed IP addresses.
Shows the current usage of the IP addresses available for the DHCP
Show dhcpserver lease
clients.
Show dhcpserver
Shows the DHCP subnet configuration.
subnet

Configuring DHCP 9-33


Edition: 0006
Distribution: 12/2012

Chapter 10 Configuring Netsnoop

In this chapter, the method to use the Netsnoop functions of Corecess S5 System is described.
Understanding NetSnoop

Understanding NetSnoop
In this chapter, the specific features of NetSnoop and the method to use are described.

Understanding NetSnoop
NetSnoop is the function to manage user’s profile and to protect users and equipment from
various wrong network attack with use of DHCP and ARP.
It consists of two modules: DHCP Snoop and ARP Snoop.
In general, this function is available when using L3 Gateway or L2 Switch.

DHCP Snoop

Differently from DHCP Server or Relay, it manage DHCP state machine to snoop DHCP Packet
and supports with security function for basic DHCP Packet. Also, when it interworks with ARP
Snoop, it may prevent illegal use of IP by the method to pass only the ARP Packet to which IP
was assigned through DHCP.

DHCP Snoop Base Rule

This is the filtering rule of whole S5 equipment. Two modes – Permit and Deny – are provided;
in case of Permit mode, control such as communication blocking is not performed. In contrast,
in case of Deny mode, the subscribers who were assigned with Ips through DHCP may only
communicate.

DHCP Snoop Port Type

Each Port of S5 equipment exists in three types in DHCP Snoop:


Server Port
Transparent Port
Client Port
Server Port means the Port connected with DHCP Server. DHCP Snoop transfers all the Packets,
which was transferred to server by client, to Server Port. When the server exists in upper
network, Uplink is designated as the Server Port. When the equipment does not drive DHCP
Server, Server Port is not separately designated.
Client Port means the Port connected with Subscriber Client. The DHCP Packet sent by client is

10-2 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

received by this Port and the Packets sent from Server are blocked. Also, if Base Rule is in Deny
status, the clients received Ips through DHCP may only communicate.
Transparent Port acts as a common port. In this port, all the hosts may communicate regardless
of Base Rule.

Configuring Netsnoop 10-3


Understanding NetSnoop

Configuring DHCP Snoop

Order of configuration of DHCP Snoop

The process to configure DHCP Snoop in Corecess S5 System is as shown below:

 Enable DHCP Snoop;

 Set System Base Rule;

 Set the strategies of Ports;

 (Optional) Set security strategy by the situation of network; and

 (Optional) Set the functions of DHCP Option82.

Activating DHCP Snoop

The thing to be done for the first time to configure DHCP Snoop is to Enable DHCP Snoop in
the Corecess S5 System by the method shown below:

Command Description
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop 2. Enable DHCP snoop.

Below-shown is the example to Enable DHCP Snoop in Corecess S5 System.


# configure terminal
localhost(config)# ip dhcp snoop
localhost(config)#
To disable DHCP Server so as not to act anymore, run no ip dhcp snoop command in Global
Configuration Mode.
Localhost(config)# no ip dhcp snoop
localhost(config)#

10-4 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

Setting DHCP Snoop System Base Rule

This is the basic value to permit communication to the users with assignment of Ips through
licensed DHCP and converts the System Base Rule set as Permit mode to Deny mode.

Command Description
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop base-rule
deny 2. System Base Rule of DHCP snoop is converted into Deny mode.

The next is the example to set Base Rule of Corecess S5 System as Deny mode.

Localhost(config)# ip dhcp snoop base-rule deny


localhost(config)# end
localhost# show ip dhcp snoop
ip dhcp snoop : $Revision: 1.22 $
ip dhcp snoop is enable
system’s base rule : deny
base-rule timeout : none
enforced deny rule : applied
information policy : replace
secure-unicast : off
suppression : off
client-aging time(sec): 300
option82 insertion mode : disable
uptime : 26s

Internal router port information


dhcp snooping port 0/0 is enable ref(3) type(L:A)
link up, vlan 1, clients limit 0 (serviced 0)
base port rule: permit, port snooping type: server
port traffic rule: none
port timer-id: 15186480
opt82 circuit-id (none)

localhost#

Configuring Netsnoop 10-5


Understanding NetSnoop

Setting DHCP Snoop Port Strategy

Below-shown commands are used to decide the strategy of each port.

Command Description
configure terminal 1. Enter into Global Configuration Mode.
Ip dhcp snoop port <port 2. Set corresponding port as Server Port. The port connected with
info> server DHCP Server is set as this one.
3. Set corresponding port as Transparent Port (basic value). In
Ip dhcp snoop port <port
info> transparent case of ports that do not need to or should not manage hosts are
set as theses ports.
4. Set corresponding port as Client Port. The ports that intend to
Ip dhcp snoop port <port
info> client permit the communication to the subscribers with assignment of
Ips through licensed DHCP are set as these ports.
Ip dhcp snoop port <port
info> client-limit <num> 5. Number of clients of corresponding port is limited to <num>.
Ip dhcp snoop port <port
info> circuit-id <str> 6. The Circuit-ID of corresponding port is set as <str>.
Ip dhcp snoop port <port
info> base-rule 7. The Base-Rule of corresponding port is set as Deny mode.
<permit|deny>
Ip dhcp snoop port <port 8. A host is set as static type so that a specific host may always
info> static <MAC> <IP> communicate in the corresponding port.
No ip dhcp snoop port <port
info> 9. Corresponding port should not use Netsnoop function.

Setting the Port to be connected with DHCP Server


Execute ip dhcp snoop port <port info> server command to the port to be connected with DHCP
Server so that DHCP Snoop may forward DHCP Packets to server.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 server
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

10-6 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

Setting the port to be connected with DHCP Clients


Execute ip dhcp snoop port <port info> client command in the port to be connected with DHCP
Clients so that DHCP Snoop may forward DHCP Packets to clients and the users with
assignment of Ips from licensed DHCP Server may communicate.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 client
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

Setting the port to be connected with Temporary DHCP Server


Execute ip dhcp snoop port <port info> server command to the port to be connected with DHCP
Server so that DHCP Snoop may forward DHCP Packets to server.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 captive server
localhost(config)#
When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

When setting as transparent port, basic setting, again, execute ip dhcp snoop port <port info>
transparent command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 transparent
localhost(config)#

Limiting the number of Clients by Port unit


To limit the number of Clients that may be connected with specific Ports, perform setting with
ip dhcp snoop port <port info> client-limit <num> command so that <num> clients may only
communicate.
However, this setting is possible in the ports that are set as clients.

Configuring Netsnoop 10-7


Understanding NetSnoop

Below-shown is the example to execute the command.


Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/3 clients-limit 200
localhost(config)#
To cancel the limit number of clients in a specific port, execute no ip dhcp snoop port <port info>
client-limit command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/3 clients-limit
localhost(config)#

Setting Circuit-ID for a specific port


Circuit-ID is one of the sub-options of DHCP Option #82. To add and transfer Circuit-ID set in
all the DHCP Packets coming from corresponding port by setting Circuit-ID in a specific Port
when using DHCP Option82, execute ip dhcp snoop port <port info> circuit-id <str> command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/1 circuit-id aaa
slotport 3/1 circuit_id(aaa)
localhost(config)#
To delete set Circuit-ID, execute no ip dhcp snoop port <port info> circuit-id command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/1 circuit-id
localhost(config)#

Setting Base-Rule in a specific port


To set own Base-Rule in a specific port regardless of the whole Base-Rule, execute ip dhcp snoop
port <port info> base-rule <permit|deny> command.
However, this function is available in client port only and is effective when the setting is done in
contrast to the whole Base-Rule.
Below-shown is the example to execute the command.

Localhost# configure terminal


localhost(config)# ip dhcp snoop port fastethernet 3/3 base-rule deny
localhost(config)#

localhost# configure terminal


localhost(config)# ip dhcp snoop port fastethernet 3/3 base-rule permit
localhost(config)#

10-8 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

Registering Static Host


To set a specific host to communicate always in the connected port, execute ip dhcp snoop port
<port info> static <MAC> <IP> command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)#ip dhcp snoop port fastethernet 3/3 static a:a:a:a:a:a
10.1.1.1
localhost(config)#
To delete static host, execute no ip dhcp snoop port <port info> static <IP> command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/3 static 10.1.1.1
localhost(config)#

Configuring Netsnoop 10-9


Understanding NetSnoop

Turning DHCP snoop function off in a specific port


Not to use DHCP snoop function in a specific port, execute no ip dhcp snoop port <port info>
command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop port fastethernet 3/3
localhost(config)#
To use DHCP snoop function again, execute ip dhcp snoop port <port info> command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop port fastethernet 3/3
localhost(config)#

10-10 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

Setting DHCP Snoop Packet Control


Table 10-1 Kinds of Global DHCP snoop Packet Control Parameters

Default
Parameter Description
value
When inputted Packet is not same with saved information,
Information policy Replace
whether to update is decided.
Inspection Appropriateness of inputted Packet is inspected. None
Broadcast is converted into Unicast with use of saved
Secure-unicast None
information.
Suppression Burst packet attack is blocked with use of DHCP Packet. None

The method to set the values of such DHCP snoop parameters are as follows:
Command Description

configure terminal 1. Enter into Global Configuration Mode.


85. When inputted Packet is not same with saved
information, whether to update is decided.
Ip dhcp snoop information
policy <drop|replace>  <drop> : Inputted Packet is dropped.
 <replace> : Existing information is replaced with the
information of inputted Packet.
86. Appropriateness of inputted Packet is inspected
and the Packet that does not meet the condition is
dropped.
 <mac-match> : It is inspected whether the mac address of

Ip dhcp snoop inspection 10-11thernet header and the mac address recorded in chaddr of
<mac-match|client-id| dhcp header is same.
state_transition>
 <client-id> : It is inspected whether the mac address of
10-11thernet header and the mac address recorded in client-id of
dhcp header is same.
 <state transition> : It is inspected whether inputted Packet is
appropriate DHCP Packet in terms of state.
4. The Packet, which is transferred to broadcast if corresponding
Ip dhcp snoop secure-
unicast client information exists when the Packet to be transferred to
client is inputted, is transferred to unicast.
87. When two or more Discover Packets are inputted
Ip dhcp snoop suppression from a same DHCP Client within the set time, the
<seconds> Packets other than the firstly inputted Discover
Packet are dropped.

Configuring Netsnoop 10-11


Understanding NetSnoop

 <seconds> : The section to process only one Packet is set as


time.
In the above-shown table, the processes from #2 through #6 are the Descriptions on the method
to configure all the DHCP snoop parameters. It is not need to set all the parameters shown in
the table. You may set the values of needed parameters only regardless of the order.

10-12 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

Setting Snoop information policy as drop


Below-shown is the example to set so as to drop the Packet with use of ip dhcp snoop
information policy Command when the Packet inputted in DHCP snoop differs from the
saved information.
Localhost(config)# ip dhcp snoop information policy drop
localhost(config)#

To set so as to update saved information to the client information of newly inputted Packet,
execute ip dhcp snoop information policy replace command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# ip dhcp snoop information policy replace
localhost(config)#

Setting inspection function


Below-shown is the example to set inspection function in DHCP snoop with execution of ip
dhcp snoop inspection command.
Localhost(config)# ip dhcp snoop inspection mac-match
localhost(config)#
Not only mac-match but also client-id and state-transition may also be set. Each setting may be

duplicated. If you do not want to use inspection function, execute no ip dhcp snoop inspection

command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop inspection
localhost(config)#

Configuring Netsnoop 10-13


Understanding NetSnoop

Setting secure unicast function


Below-shown is the example to set secure-unicast function in DHCP snoop with execution of ip
dhcp snoop secure-unicast command.
Localhost(config)# ip dhcp snoop secure-unicast
localhost(config)#

To delete the setsecure-unicast function, execute no ip dhcp snoop secure-unicast command.


Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop secure-unicast
localhost(config)#
Setting suppression function
Below-shown is the example to set suppression function in DHCP snoop with execution of ip
dhcp snoop suppression command.
Localhost(config)# ip dhcp snoop suppression 1
localhost(config)#
The time is inputted in second unit next to suppression. As shown above, if the time is set as 1 second,
other Packets having same mac in the chaddr field of dhcp header excluding the Packet firstly inputted
within the 1 second are blocked. To delete suppression function, execute no ip dhcp snoop
suppression command.
Below-shown is the example to execute the command.
Localhost# configure terminal
localhost(config)# no ip dhcp snoop suppression
localhost(config)#

Setting DHCP relay information (Option82)

What is DHCP relay information (Option82)?


When the Server allocates IP through DHCP Relay, the Server does not know the information
on the network position of client because it does not belong to the same network of client. To
recover such problem, the position information of client may be attached when transferring
DHCP Packet from relay to server. At this time, the part in which network position information
is inputted is #82 of DHCP Option field and this is called ‘DHCP relay information (hereinafter
referred to as ‘Option82’)’.
Option82 may have many suboptions. As the suboption currently set as the standard, circuit-
id(suboption1) remote-id(suboption2) is available and various suboptions may be defined and
used for each vendor. Also, the suboption field set as standard may also be somewhat different.
In Corecess S5, DHCP Snoop adds DHCP Option82 to Packet.

10-14 Corecess S5 System With GPON User's Guide


Understanding NetSnoop

Setting Option82
Below-shown is the command to add DHCP Option82 in DHCP Snoop.
Command Description

configure terminal 1. Enter into Global Configuration Mode.

2. The function is Enabled so that dhcp packet option82 may be


Ip dhcp snoop opt82 epon added so as to be transferred to Server.
Information(LLID + LLID MAC + ONU MAC).
3. The function is Enabled so that dhcp packet option82 may be
added so as to be transferred to Server.
Ip dhcp snoop opt82 epon2
Information(Port + Index + LLID + LLID MAC + ONU
MAC).
ip dhcp snoop opt82 gpon Enable opt82 on gpon port
ip dhcp snoop opt82 gpon
circuit-id <client-
mac|onu-index|onu-mac| Configure Opt82 circuit id value
port|serial-id|slot|vlan >

ip dhcp snoop opt82 gpon


remote-id <client-mac|onu- Configure opt82 remote-id value
index>

Below-shown is the example to execute the command.

localhost# configure terminal


localhost(config)# ip dhcp snoop opt82 epon
localhost(config)#

If you intend not to use Option82 function anymore, execute no ip dhcp snoop opt82 command.
Below-shown is the example to execute the command.

localhost# configure terminal


localhost(config)# no ip dhcp snoop opt82
localhost(config)#

Configuring Netsnoop 10-15


Understanding NetSnoop

L2DhcpRelay
L2DhcpRelay is the function that relay DHCP packet to DHCP server in L2 Switch.

Usually, When there is no DHCP server to subnet with client that receive actual IP, it is that
'L2Dhcprelay' relay packet between DHCP client and DHCP server. Therefore, this function acts
in gateway. However, you should offer DHCP Relay function in L2 switch if it is situation that
operate each DHCP server because several subnets share single gateway mounting and ISP
exists in each subnet. In this case you need DHCP Relay function in L2 switch.

Command Description
[no] ip dhcp snoop l2-relay
To relevant vlan giaddr l2-relay that do <ip> action.
vlan id <id> gateway ip <ip>
[no] ip dhcp snoop l2-relay
To vlan that l2-relay is acting helper-address addition.
vlan id <id> helper-address <ip>

The setting example is as follows;

localhost# configure terminal


localhost(config)# ip dhcp snoop
localhost(config)# ip dhcp snoop l2-relay vlan id 10 gateway ip 10.1.1.254
localhost(config)# ip dhcp snoop l2-relay vlan id 10 helper-address 20.1.1.1
localhost(config)# ip dhcp snoop l2-relay vlan id 20 gateway ip 30.1.1.254
localhost(config)# exit

Displaying current configuration.

localhost# show ip dhcp l2-relay


Corecess L2-Relay Configurations
------------------------------------------------------------------
VLAN Status Helper-address
------------------------------------------------------------------
10 enable 20.1.1.1
20 enable NULL
30 disable NULL
------------------------------------------------------------------
localhost#

10-16 Corecess S5 System With GPON User's Guide


Configuring ARP Snoop

Configuring ARP Snoop


In this section, the method to configure ARP Snoop is described.

ARP Snoop

In case of existing LAN switch, the arp request used in linking ip address and mac address in
IPv4 is basically broadcasted. In this case, malicious user may easily obtain the ip/mac
information of other hosts of nodes on the LAN by sniffing the Packet with substitution of own
network device for promiscuous mode. Based on such information, the arp information of
router may be poisoned and the traffic of other hosts may be monitored. Also, by producing
wrong arp reply/request, proper users become ip conflict status and cannot receive network
service. To solve such problem, ARPsnoop blocks inputting of improper arp packet by
inspecting all the arp request/reply inputted into the switch and manages the ip/mac in the
table to reduce the quantity of broadcasted arp request .
When interworking with DHCPsnoop, arp request/reply is permitted only to the subscribers
using the ip-pool allocated through proper dhcp action and it can be prevented that malicious
user receives service by producing improper arp request or setting static IP.

Enabling ARP Snoop

To enable ARP snoop, below-shown command is executed in Global Configuration mode.

Command Description

ip arp snoop  ARP snoop enable

localhost(config)# ip arp snoop


To disable ARP snoop so to stop the action, execute no ip arp snoop command in Global
Configuration mode.
localhost(config)# no ip arp snoop

Configuring Netsnoop 10-17


Configuring ARP Snoop

Maintenance of ARP Snoop table entry

When the user communicates with use of proper IP, the entry is created and maintained in the
table managed by ARP snoop. Also, the users using static IPs set by group access list have static
entries. If you want to maintain the table of static IP users by maintaining the entries until the
users’ terminals are turned off, you may set ARP snoop active-probing and then ARP snoop
periodically transfers ARP request message to maintain the entries.

Command Description

ip arp snoop active-probing  ARP snoop table entries are maintained.

localhost(config)# ip arp snoop active-probing


To disable active-probing so to stop the action, execute below-shown command.

localhost(config)# no ip arp snoop active-probing


If you execute arp-move command, it may be prevented that, in case of properly registered
entries, ARP snoop table entry is changed by received ARP message.

Command Description

ip arp snoop arp-move


 ARP snoop table entries are maintained.
restricted

Localhost(config)# ip arp snoop arp-move restricted


To disable, execute below-shown command.
localhost(config)# no ip arp snoop arp-move restricted

10-18 Corecess S5 System With GPON User's Guide


Configuring ARP Snoop

ARP Snoop access function

When performing arp secured with use of dhcp binding information, Deny and Permit may be
performed with referring to access-list only with no secure checking of IP existing in
corresponding access-list to manage the lower layer equipment using static IP.

Command Description

ip arp snoop group access


 <list-number> 1 ~ 99 IP standard access list
<list-number>

To activate group access function, group-access list should be configured in


advance.
localhost(config)#ip arp snoop group access 1

The command to disable the activated group-access list is as follows:


localhost(config)#no ip arp snoop group access

GARP sending cycle setting

As improper ARP Snoop table may be configured when arp poisoning is detected by the
equipment where ARP Snoop is set, ARP Snoop table may be reconfigured by sending the
GARP of proper ip/mac to the port where poisoning is detected.

Command Description

ip arp snoop guard arp-  < sec > : Cycle to send GARP
poisoning <sec> <packets>  < packets > : Number of GARP Packets

Below-shown is the command to send 5 GARPs in a second. < sec > may be set in the range of 1
~ 10 and < packets >may be set in the range of 5 ~ 60.

localhost(config)#ip arp snoop group guard arp-poisoning 1 5

The command to disable the activated GARP function is as follows:

localhost(config)#no ip arp snoop group guard arp-poisoning

Configuring Netsnoop 10-19


Configuring ARP Snoop

ARP Snoop inspection setting

ARP Snoop provides with ARP Snoop inspection function to drop Packet when modified ARP
Packet is sent for poisoning attack. Inspection function is available as two types: mac-match and
unsolicited-reply. Mac-match function is the one to drop improper ARP Packet judged when
source mac address of Ethernet header part and source mac address part of ARP packet are not
same. Unsolicited-reply function is the one to judge and drop ARP poisoning attack when multi
ARP reply packets are received in a short time.

Command Description

ip arp snoop inspection <mac-  < mac-match > : Source mac address inspection
match/unsolicited-reply>  < unsolicited-reply > Reply packet inspection

Both mac-match and unsolicited-reply may be used at the same time and only one mode may
also be used.
localhost(config)#ip arp snoop inspection mac-match
localhost(config)#ip arp snoop inspection unsolicited-reply

To disable the activated ARP Snoop inspection function, execute below-shown command. It is
not impossible to disable one of Mac-match mode or unsolicited-reply mode; if inactivation is
performed when two modes are set, both two are disabled.
localhost(config)#no ip arp snoop inspection

ARP Snoop packet inspection

This is the function to drop the ARP packet to which proper IP is not allocated through DHCP
server, by referring the dhcp binding information in arp source address and target address.
Three mode are available and default mode is All: Target, Source, and All.

Command Description

ip arp snoop reply < all,  < all > : Both source and target are inspected.
source, target >  < source/target > : Either target or source is inspected.

localhost(config)#ip arp snoop reply source


As default mode is All, to change to default mode, execute all command.
localhost(config)#ip arp snoop reply all

10-20 Corecess S5 System With GPON User's Guide


Configuring ARP Snoop

ARP Snoop cache reply function

ARP Snoop unicasts reply message to the port received request for the ARP request message
already registered in ARP Snoop table to reduce the quantity of ARP packets.

Command Description

ip arp snoop reply-cache  ARP Snoop reply cache function is activated.

localhost(config)#ip arp snoop reply-cache

To disable the activated ARP Snoop reply cache function, execute below-shown command.
localhost(config)#no ip arp snoop reply-cache

ARP request message forwarding setting

ARP Snoop may set whether to broadcast or unicast ARP request message.
Four request modes are available: broadcast, protected-broadcast, restricted-broadcast, and
secure-broadcast. Default mode is broadcast. In the broadcast mode, if there is no target
information, ARP request message is transferred to all the server port, transparent port, and
client port in the port types set in DHCP snoop.

Command Description
ip arp snoop request
<broadcast, protected-
 ARP Snoop request message setting
broadcast, restrict-broadcast,
secure-broadcast>

When the mode is set as Restrict-broadcast, if the IP information was not properly allocated by
DHCP to source IP, ARP request packet is dropped. At this time, DHCP snoop base-rule should
be set as Deny. ARP request message is transferred to the port to which target belongs to when
there is the information on target; if there is no information on target and the request message is
sent from client port, it is broadcasted to server port and transparent port; if request message is
sent from server port, it is broadcasted to all ports.

localhost(config)#ip arp snoop request restrict-broadcast

Configuring Netsnoop 10-21


Configuring ARP Snoop

The basic action is same in the secure-broadcast mode and restrict-broadcast mode but, if there
is the information on target, the ARP request packet is unicasted to the physical address of
target IP.

localhost(config)#ip arp snoop request secure-broadcast

In protected-broadcast mode, ARP request packet is broadcasted to server port/router port only.
Therefore, action is possible only when local proxy arp is set in the router and ip dhcp snoop
base-rule deny is set. This setting is performed so that lower layer switch sends all the arp
requests to router to be processed when local-proxy-arp is derived in the router to perform user
isolation.

localhost(config)#ip arp snoop request protected-broadcast

The command to set ARP request as default mode again is as follows:


localhost(config)#ip arp snoop request broadcast

Prevention of MAC-move production to arp-entry registered as static IP

If arp sticky command is activated, MAC move is not produced in the users or equipments
using static IPs.

Command Description

ip arp snoop sticky  Setting of MAC move prevention to static IPs.

Below-shown is the example command to activate ARP sticky.


Localhost(config)#ip arp snoop sticky
The command to disable the activated ARP sticky is as follows:
localhost(config)#no ip arp snoop sticky

10-22 Corecess S5 System With GPON User's Guide


PPPoE Snooping

PPPoE Snooping
This solution is designed for the PPPoE access method and is based on the Access Node
implementing a PPPoE intermediate agent function in order to insert access loop identification.
This functionality is described in the following.
The PPPoE Intermediate Agent intercepts all upstream PPPoE discovery stage packets, i.e. the
PADI, PADR and upstream PADT packets, but does not modify the source or destination MAC
address of these PPPoE discovery packets. Upon reception of a PADI or PADR packet sent by
the PPPoE client, the Intermediate Agent adds a PPPoE TAG to the packet to be sent upstream.
The TAG contains the identification of the access loop on which the PADI or PADR packet was
received in the Access Node where the Intermediate Agent resides. If a PADI or PADR packet
exceeds 1500 octets after adding the TAG containing the access loop identification, the
Intermediate Agent must not send the packet to the Broadband Network Gateway. In response
to the received PADI or PADR packet, the PPPoE Intermediate Agent should issue the
corresponding PADO or PADS response with a Generic-Error TAG to the sender.

Configuring Netsnoop 10-23


PPPoE Snooping

The concept of PPPoE Snooping function can know through above figure. Existent PPPoE
Service could not send identification information to PPPoE Server.
PPPoE Snooping function can send message adding Circuit ID or Remote-ID from PPPoE client
to server configured PPPoE or PPPoE+

0x0105 (Vendor-Specific) TAG_LENGTH

0x00000DE9 or Corecess ID

0x01 length Agent Circuit ID value

0x02 length Agent Remote ID vlaue

PPPoE Snooping function send Corecess ID, Circuit ID and Remote-ID and so on to PPPoE or
PPPoE+ server Using vendor-specfi-tag among one of TLV value

10-24 Corecess S5 System With GPON User's Guide


PPPoE Snooping

Configuring PPPoE Snooping


The PPPoE Snooping is set up as a pair of Server Port/Client port. This setup is enabled using
the following commands.

Command Description
configure terminal Enter Global configuration mode.

pppoe-snoop Enable PPPoE snooping.

pppoe-snoop port <Port Type> Sets up whether the port to be determined as .PPPoE snooping is
<Port Number> server/client Server Port or Client Port.
pppoe-snoop port <Port Type>
The PPPoE snoop agent sets up the DSL tag.
<port Number> tag dsl

The following is an example of PPPoE Snooping setup. (During DSL tag setup)

Localhost# configure terminal


Localhost(config)# pppoe-snoop
Localhost(config)# pppoe-snoop port fastethernet 3/7 server
Localhost(config)# pppoe-snoop port fastethernet 3/1-3 client
Localhost(config)# pppoe-snoop port fastethernet 3/1-3 tag dsl
Localhost(config)# end

PPPoE Snooping Client Session confirming


At PPPoE snooping, the current state of Client, Client MAC address and Server MAC address
can be confirmed with a command used for checking subscribers connected to the Client port.

Command Description
Enable the confirmation of Client Session currently at the
Show pppoe-snoop client session
PPPoE Snooping

The following is an example of confirming the PPPoE Snooping Client Session.

Right_Router# show pppoe-snoop client session


PPPoE Snoop Session Client
Codes: I :The client sends PADI and waits for PADO

Configuring Netsnoop 10-25


PPPoE Snooping

O :The server send PADO and waits for PADR


R :The client sends PADR and waits for PADS
S :The client receives PADS from the server
T :PADT is sent by either the client or the server
---- ---- ---- ------------------- ------------------ ----- -------
Slot Port Vid Client mac-address Server mac-address State Timeout
---- ---- ---- ------------------- ------------------ ----- -------
0003 0002 0000 00:X0:00:XX:XX:XX 00:0X:XX:XX:XX:XX IORS 783377
0003 0001 0000 00:X0:00:XX:XX:XX 00:0X:XX:XX:XX:XX IORS 482377
---- ---- ---- ------------------- ------------------ ----- -------
Total PPPoE Snoop Session 2

Setting Up the Compatibility between PPPoE


Snooping and Cisco Equipment

Command Description
configure terminal Enter Global configuration mode.

pppoe-snoop port <Port Type>


Setup is done at the Client Port and gets set up if the PPPoe-
<Port Number> compatible
Server is Cisco equipment.
cisco

The following is an example of setting up compatibility between PPPoE Snooping and Cisco
equipment.

Localhost# configure terminal


Localhost(config)# pppoe-snoop port fastethernet 3/1-3 compatible cisco
Localhost(config)# end

10-26 Corecess S5 System With GPON User's Guide


PPPoE Snooping

Setting up node-id, circuit-id, remote-id with PPPoE


Snooping
Command Description
configure terminal Enter Global configuration mode..

Decide ID that go out commonly to PPPoE Packet to Client port


pppoe-snoop port node-id that leave equipment.
<WORD> When is not established, specify Circuit-id as
Corecess_PPPoE+_Node by default

Command Description
configure terminal Enter Global configuration mode..

Configure ID entering to remote-id of PPPoE Packet to Client


pppoe-snoop port <Port Type>
port to leave equipment.
<Port Number> circuit-id
If it is configured to port, Each Circuit-ID has priority more than
<WORD>
global ID

Command Description
configure terminal Enter Global configuration mode.

pppoe-snoop port <Port Type> Configure ID entering to remote-id of PPPoE Packet to Client
<Port Number> remote-id port to leave equipment.
<WORD> Remote-id is optional

The following is an example of setting up node-id, circuit-id and remote-id with PPPoe
Snooping

Localhost# configure terminal


Localhost(config)# pppoe-snoop port node-id Corecess
Localhost(config)# pppoe-snoop port fastethernet 3/1 circuit-id
Corecess_3_1_CIRCUIT_ID
Localhost(config)# pppoe-snoop port fastethernet 3/1 remote-id
Corecess_3_1_REMOTE_ID
Localhost(config)# end

Configuring Netsnoop 10-27


Edition: 0006
Distribution: 12/2012

Chapter 11 Configuring Security

This chapter describes how to configure security features on the Corecess S5 System.
Managing Password and Session

Managing Password and Session


This section describes how to set the password and time out value of Telnet session.

Configuring Password
Console is a terminal to connect the system directly through a console port, and virtual terminal
is a terminal to connect the system through Telnet. In the Corecess S5 System, users who access
the system through console or virtual terminal require a password. It can enhance the system
security.

Changing CLI Login Password

By default, the Corecess S5 System requires a login password. The default login password is
‘corecess’. To change the default login password, use passwd command.

The following example shows how to change the password.

> passwd
Changing password for corecess
(current) UNIX password: ******** Enter the current password.
New UNIX password: ******** Enter the new password.
Retype new UNIX password: ******** Enter the new password again.
passwd: all authentication tokens updated successfully
>

After setting the CLI login password, you should enter the login password at the login prompt
that is shown when you connect the system.

11-2 Corecess S5 System With GPON User's Guide


Managing Password and Session

Setting the Privileged Mode Password

You can set the Privileged mode password that controls access to privilege mode. By default,
the Corecess S5 System does not require the Privileged mode password for entering the
Privileged mode.

You can specify the password for the Privileged mode using enable passwd command. The
following example shows how to set the Privileged mode password to ‘corecess’ by the
enable passwd command.

(config)# enable passwd corecess


(config)#

After setting the Privileged mode password, you should enter the password to go to the
Privileged mode from user mode as follows:

> enable
Password: corecess

Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all
commands to view statistics and configure the system.

# The privileged mode prompt

Configuring Security 11-3


Managing Password and Session

Password Encryption

All IDs and passwords on the system can be shown by using the write terminal command.
In the Corecess S5 System, user passwords are stored and displayed by the password
encryption. Even if the writer terminal command is executed, only system administrator can see
the user password.

The following example shows how to add a CLI user who ID and password are ‘guest’ using
the username command and how to display the user using the write terminal command.

# configure terminal
(config)# username guest passwd guest
(config)# end
# write terminal
Building configuration...

Current configuration:
banner incoming "welcome\n"
username recover passwd 8 $1$$nlCC0vP6YG0ZB0Mp685Fy0
username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/

.
.

11-4 Corecess S5 System With GPON User's Guide


Managing Password and Session

Configuring Telnet Session Timeouts


The timeout for an unattended telnet session provides an additional security measure. If the
telnet line is left unattended in Privileged mode, any user can modify the system configuration.

The default timeout for an unattended telnet session is 10 minutes. To change the login timeout,
enter the following commands:

Table 11-1 Configuring Telnet Session Timeouts

Command Description
line vty 1. Enter the VTY-line configuration mode.
2. Set the login timeout.
exec-timeout <minute>
 <minute>: Timeout in minutes ( 1 ~ 600)

The following commands change the timeout to 1 minute:

(config)# line vty


(config-line)# exec-timeout 1
(config-line)#

Configuring Security 11-5


Configuring Access Lists

Configuring Access Lists


Access Lists
Access lists filter network traffic by controlling whether routed packets are forwarded or
blocked at the system's interfaces. Your system examines each packet to determine whether to
forward or drop the packet, based on the criteria you specified within the access lists.

Access list criteria could be the source address of the traffic, the destination address of the traffic,
the upper layer protocol, or other information. Note that sophisticated users can sometimes
successfully evade or fool basic access lists because no authentication is required.

You can use standard access lists to control the Telnet or SNMP access methods to management
functions on the Corecess S5 System.

Internet or LAN
Router 인터넷이나 LAN Server A

Server B

Corecess S5 System

Access List
 Source Address : 172.20.128.64
 Permit/Deny : Permit
 Flow : Out

Host A Host B
IP: 172.20.128.10 IP: 172.20.128.64

In the above example, the access list allows access from the 172.20.128 64 host. Therefore the
host B connected to the Corecess S5 System can access to the Server A or Server B and the host
A can’t access to the Servers.

11-6 Corecess S5 System With GPON User's Guide


Configuring Access Lists

Defining Access Lists

The Corecess S5 System is basically set to be connected to all networks. Therefore, you should
limit addresses not to access the system using access list for safety if possible.

To define access lists, use the following commands on the Corecess S5 System:

Table 11-2 Defining Access Lists

Command Description
configure terminal Enter Global configuration mode.
Permit/Deny packets from the specified source network address.
 <list-number> Number of the standard access list (1 ~ 99,
1300 ~ 1999)
 permit Permits the frame whose source address matches
access-list <list-number> the condition.
{permit| deny} <source-ip>  deny Denies the frame whose source address matches the
/M exact-match condition.
 <source-ip>/M The IP address of the source network or
host
 exact-match : Exact match of the prefixes

access-list <list-number>
Permit/Deny packets from the specified source host address.
{permit| deny} host
 <host-addr> IP Address of the host
<host-addr>
access-list <list-number> Remark: Access list entry comment
remark LINE LINE: Comment up to 100 characters
access-list <list-number>
Permit/Deny packets from all network or host.
{permit| deny} any
end Return to Privileged mode.
show access-list Verify the access list.

Note:
 The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting
of ones and zeros. Zeros in the mask mean the packet's source address must match the
<source-ip>. Ones mean any value matches. For example, the <source-ip> and <wild-
card> values 209.157.22.26 0.0.0.255 mean that all hosts in the Class C sub -net
209.157.22.x match the policy.
 The packets that do not match any entries in an access list are denied.

Configuring Security 11-7


Configuring Access Lists

The following example shows how to define an access list which permits the access from hosts
in the specified network:

# configure terminal
(config)# access-list 1 permit 192.5.34.0 0.0.0.255
(config)# access-list 1 permit 128.88.0.0 0.0.255.255
(config)# access-list 1 permit 36.0.0.0 0.255.255.255
(config)# end
# show access-list
Standard IP access list 1
permit 192.5.34.0, wildcard bits 0.0.0.255
permit 128.88.0.0, wildcard bits 0.0.255.255
permit 36.0.0.0, wildcard bits 0.255.255.255

The following example shows how to define an access list which denies the access from the
specified host:

# configure terminal
(config)# access-list 2 deny host 171.69.198.102
(config)# access-list 2 permit any
(config)# end
# show access-list
Standard IP access list 2
deny 171.69.198.102
permit any

11-8 Corecess S5 System With GPON User's Guide


Configuring Access Lists

Applying the Access List to Terminal Line

After you create an access list, you can apply it to terminal line. In this case, access lists can be
applied on both outbound and inbound flows. To restrict terminal line access to the system
using access lists, enter commands such as the following:

Table 11-3 Applying the access list to terminal line

Command Description
line vty 1. Enter the VTY-line configuration mode.
2. Apply the access lists to terminal line.
 <access-list-number>: Number of an IP access list (1
~ 99, 1300 ~ 1999).
access-class <list-number>
 in: Restricts incoming connections between the system
{in | out}
and the addresses in the access list.
 out: Restricts outgoing connections between the system and
the addresses in the access list.

The following example shows how to apply the access list to terminal line. The Corecess S5
System allows Telnet access to all IP addresses except the hosts listed in access list 2.

(config)# line vty


(config-line)# access-class 2 in
(config-line)#

The following example shows how to apply the access list to terminal line. The Corecess S5
System denies connections to networks other than network 192.89.55.0:

# configure terminal
(config)# access-list 12 permit 192.89.55.0 0.0.0.255
(config)# line vty 0 5
(config-line)# access-class 12 out
(config-line)#

Note: To remove access restrictions, use the no access-class <list-number> {in


| out} command.

Configuring Security 11-9


Configuring Access Lists

Applying the Access List to SNMP Access

After you create an access list, you can apply it to SNMP access. In this case, access lists can be
applied on inbound flow.

To restrict SNMP access to the system using access lists, enter commands such as the following:

Table 11-4 Applying the Access List to SNMP Access

Command Description
snmp-server group Apply the access list to SNMP access.
access <list-number>  <list-number>: Standard access list number (1 ~ 99, 1300 ~ 1999)

The following example shows how to apply the access list to SNMP access. The Corecess S5
System allows SNMP access to all IP addresses except the hosts listed in access list 2.

(config)# snmp-server group access 2


(config)#

11-10 Corecess S5 System With GPON User's Guide


Bridge Block

Bridge Block
Bridge block prevents LAN interface from a DoS attack. A DoS occurs when ARP or unknown
IP backing the subnet, creating excessive traffic and degrading network performance. Bridge
block uses filtering that measures source mac address activity in a subnet over a measure
interval and compares the measurement with predefined threshold. If the threshold is reached,
further bridge block denies a bridge service of a source mac address, that it cannot accesses in to
the network.

Table 11-5 Bridge Block Command

Command Description
Block IP Layer unknown multicast traffic.
bridge block l3-multicast
Bn7000 is not applied as it is L2 device.
bridge block multicast Block unknown multicast traffic.
Block unknown multicast traffic vlan id
bridge block multicast vlan id <1-4094>
<1-4094>.
bridge block unknown-unicast module
Block unknown unicast traffic.
WORD
bridge block mac-flood hold-time
Hold time (sec) for blocking mac.
<1-1024>
bridge block mac-flood port
(fastethernet|gigabitethernet|adsl|giga Enable bridge block mac-flood specific port.
bitethernet |shdsl) WORD
bridge block mac-flood Blocking threshold-arp-packets for threshold
threshold-arp-packets <1-65535> time.
bridge block mac-flood Disable blocking threshold-arp-packets
threshold-arp-packets disable For threshold time.
bridge block mac-flood threshold-
packets Blocking threshold-packets for threshold time.
<1-65535>
bridge block mac-flood threshold-
Disable blocking threshold-packets for
packets
threshold time.
disable
bridge block mac-flood threshold-time
Measure interval threshold time (sec).
<1-360>

Configuring Security 11-11


Security Configuration Commands

Security Configuration Commands


The following table lists the commands for configuring security on the Corecess S5 System:

Table 11-6 Security configuration Commands

Command Description
Restricts incoming and outgoing connections between the Corecess S5 System
access-class
virtual terminal and the addresses in an access list.
access-list Defines a standard IP access list using source addresses for
(Standard) filtering packets received/transmitted through the specific interface.
enable passwd Sets the Privileged mode password.
Sets the interval that the EXEC command interpreter waits until user input is
exec-timeout
detected.
passwd Specifies or changes the CLI login password
snmp-server group Limits hosts which can access to the system through SNMP based on the
access access list.

11-12 Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Chapter 12 Configuring Multicast

This chapter describes how to configure the Corecess S5 System for multicast routing protocols.
Multicast Routing Overview

Multicast Routing Overview


Multicast is a transmission mode which transmits the copy of packets to multiple destinations. It
is a special mode of broadcast transmission mode which transmits the copy of packets to all
destinations. There are three Internet transmission mode - unicast, broadcast, and multicast.

Unicast transmission mode transmits data from one source to one destination. It is used in
general Internet application program such as Telnet or ftp.

Broadcast transmission mode is the transmission of the copy of packet to all receivers in the
same network from one transmitter.

Multicast transmission mode is used in application programs of Internet image conference and
etc, as a mode of more than one transmitters transmitting data to more than one certain
receivers. When a transmitter transmits the pack to a multicast group address, only the
receivers belonging to that multicast group can receive the copy of the packet transmitted by
the transmitter.

The following example shows the difference between unicast transmission mode and multicast
transmission mode.

Unicast Mode Multicast Mode

Video Video
Server Server

Multicast Router Multicast Router

Service User Multicast User

12-2 Corecess S5 System With GPON User's Guide


Multicast Routing Overview

Multicast transmission mode minimizes the network resource loss due to repetitive
transmission of the data like the broadcast transmission mode and thus can save network
bandwidth, and can save transmission time since there is no need to transmit the packet to all
receivers separately like the unicast transmission mode.

There is the receiver address displayed on the packet header in unicast transmission, but in the
multicast transmission, marking the multicast group address where receivers belong other than
the receiver address on the header, it transmits the packet.

D class IP address is used for multicast group address. The range of D class is 224.0.0.0 ~
239.255.255.255, and IP address 224.0.0.0 ~ 224.0.0.255 among this range is assigned for other
uses and cannot be used.

Multicast routing is that routers exchange messages for multicast transmission and make
routing trees, then decide the path from source to destination (group members of multicast).
The Corecess S5 System supports the following multicast routing protocols.

• IGMP (Internet Group Management Protocol) version 2 and IGMP snooping


• PIM-SM (Protocol Independent Multicast Sparse-Mode) version 2

This section provides the overview of each multicast routing protocol.

Configuring Multicast 12-3


Multicast Routing Overview

IGMP (Internet Group Management Protocol)


IGMP is used to dynamically register individual hosts in a multicast group on a particular LAN.
Hosts identify group memberships by sending IGMP messages to their local multicast router.
Under IGMP, routers listen to IGMP messages and periodically send out queries to discover
which groups are active or inactive on a particular subnet.

IGMP snooping manages multicast traffic at Layer 2 on the Corecess S5 System by allowing
directed switching of IP multicast traffic. Switches can use IGMP snooping to configure Layer 2
interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces
associated with IP multicast devices.

When IGMP snooping is enabled on the Corecess S5 System, the route processor sends out
periodic general queries to all VLANs. The switch processor responds to the route processor’s
queries with only one join request per MAC multicast group. The switch processor creates one
entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an
IGMP join request. All hosts interested in this multicast traffic send join requests and are added
to the port mask of this forwarding table entry.

IGMP Proxy
If IGMP(Internet Group Management Protocol) Proxy receives the IGMP join/leave message
from the host, it send the IGMP join/leave message to the router instead of the host.
If it receives the IGMP query from the IGMP router, it transmits the IGMP query to the host
instead of the router.
In other words, it functions as IGMP router for the host and as IGMP host for IGMP router.

12-4 Corecess S5 System With GPON User's Guide


Multicast Routing Overview

DVMRP (Distance-Vector Multicast Routing Protocol)


DVMRP (Distance-Vector Multicast Routing Protocol) is an intra-domain routing protocol to
transmit multicast data among multicast routers that is located in the domain. DVMRP uses
IGMP to manage IP multicast groups.

DVMRP consists the multicast tree that the root is one source. If the DVMAP source transmits
multicast packets to the DVMRP network, the routers that does not want to receive the packets
of the multicast group transmits the prune message to upstream routers. Then, the routers that
transmit the prune message are removed from the multicast tree, and finally the multicast tree
is completed with the routers who want to receive multicast packets. The prune state is released
after a certain time, and the source transmits the multicast packet to the DVMRP network again.

DVMRP uses RPF (Reverse Path Forwarding) algorithm to maintain a multicast tree that has the
minimum branch. If DVMRP is enabled, the multicast tree is made to transmit multicast packets
to a downstream interface. When the interface receives multicast packets, the interface checks
its DVMRP routing table to find the shortest path. If the interface has the shortest path, the
interface transmits multicast packets to adjacent DVMRP router. If the interface does not have
the shortest path, the interface ignores multicast packets and transmits the prune message to the
upstream router.

Pruning a Multicast Tree

After the multicast tree is constructed, pruning of the tree will occur after IP multicast packets
begin to traverse the tree. As multicast packets reach leaf networks (sub-nets with no
downstream interfaces), the local IGMP database checks for the recently arrived IP multicast
packet address. If the local database does not contain the address (the address has not been
learned), the router prunes (removes) the address from the multicast tree and no longer receives
multicasts until the prune age expires.

Grafts to a Multicast Tree

A DVMRP router restores pruned branches to a multicast tree by sending graft messages
towards the upstream router. Graft messages start at the leaf node and travel up the tree, first
sending the message to its neighbor upstream router. You do not need to perform any
configuration to maintain the multicast delivery tree. The prune and graft messages
automatically maintain the tree.

Configuring Multicast 12-5


Multicast Routing Overview

PIM (Protocol Independent Multicast)


PIM protocol maintains the current IP multicast service mode of receiver-initiated membership.
It is not dependent on a specific unicast routing protocol.

There are two modes in which PIM operates: Dense and Sparse. The Dense Mode is suitable for
densely populated multicast groups, primarily in the LAN environment. The Sparse Mode is
suitable for sparsely populated multicast groups with the focus on WAN. PIM primarily differs
from DVMRP by using the IP routing table instead of maintaining its own, thereby being
routing protocol independent.

Once PIM is enabled on each router, when a multicast packet is received on a PIM-capable
router interface, the interface checks its IP routing table to determine whether the interface that
received the message provides the shortest path back to the source. If the interface does provide
the shortest path back to the source, the multicast packet is then forwarded to all neighboring
PIM routers. Otherwise, the multicast packet is discarded and a prune message is sent back
upstream.

PIM-SM (Protocol Independent Multicast-Sparse Mode)

PIM-SM searches the point where various transmitting places (sources) converges into one
route and set up a tree to where point becomes the route. This type of tree that makes up PIM-
SM is called Shared Tree and the route for Shared Tree is called RP(Rendezvous Point). First,
data are transmitted to RP and then they are transmitted to receivers in each group.

Shared Tree shares one tree per each multicast group. It means that multicast group can use
only one router as RP whereas PIM-SM domain can have multiple RP. At default, Shared Tree
automatically selects RP to be built itself but user customized versions can also be used. User-
defined version of RP is called static RP. Since Shared Tree must pass RP it goes through
different path than optimized SPT (Shortest Path Tree).

BSR is a router that receives candidate RP messages with prioritization information and its own
IP address and transmits information to multicast router for RP selection. When RP is selected
RP router transmits information about its domain to BSR by unicast. Then, BSR include this
message in its Bootstrap message and transmits them to all the PIM-SM routers in its domain.
Based on this information, all the routers can map the multicast group to a RP.

12-6 Corecess S5 System With GPON User's Guide


Multicast Routing Overview

PIM-SM Router Types


Routers that are configured with PIM-SM interfaces also can be configured to fill one or more of
the following roles:

• BSR – The Bootstrap Router (BSR) distributes RP information to the other PIM-SM routers
within the domain. Each PIM-SM domain has one active BSR. For redundancy, you can
configure ports on multiple routers as candidate BSRs. The PIM-SM protocol uses an election
process to select one of the candidate BSRs as the BSR for the domain. The BSR with the
highest BSR priority (a user-configurable parameter) is elected. If the priorities result in a tie,
then the candidate BSR interface with the highest IP address is elected.

• RP – The Rendezvous Point (RP) is the meeting point for PIM-SM sources and receivers. A
PIM-SM domain can have multiple RPs, but each PIM-SM multicast group address can have
only one active RP. PIM-SM routers learn the addresses of RPs and the groups for which they
are responsible from messages that the BSR sends to each of the PIM-SM routers.

Note: We recommends that you configure the same interfaces as candidate BSRs and RPs.

Configuring Multicast 12-7


Multicast Routing Overview

PIM-DM (Protocol Independent Multicast-Dense Mode)

PIM-DM(dense mode) assumes that the downstream networks want to receive the datagram
forwarded to them. The PIM-DM router forwards all packets on all outgoing interfaces until
pruning and truncating occurs. Thus, interfaces with PIM-DM enabled receive the multicast
data stream until it times out. PIM-DM is most useful under these conditions:

 Senders and receivers are in close proximity to each other.


 The internetwork has fewer senders than receivers.
 The stream of multicast traffic is constant.

In the figure below, the root node (RTA) is forwarding multicast packets for group 229.225.0.1,
which it receives from the server, to its downstream nodes, RTB, RTC, and RTD. Router RTD is
an intermediate router with RTE and RTF as its downstream routers. Because RTE and RTF
have no downstream interfaces, they are leaf nodes. The receivers in this example are those
workstations that are resident on routers RTB, RTC, and RTF.

Server
RTA

229.225.0.1

229.225.0.1
RTB RTC
Group
RTD
Group ....

....

RTE RTF

Group
....
229.225.0.1

As multicast packets reach these leaf routers, the routers check their IGMP databases for the
group. If the group is not in a router’s IGMP database, the router discards the packet and sends
a prune message to the upstream router. The router that discarded the packet also maintains the
prune state for the source, group (S,G) pair. The branch is then pruned (removed) from the

12-8 Corecess S5 System With GPON User's Guide


Multicast Routing Overview

multicast tree. No further multicast packets for that specific (S,G) pair will be received from that
upstream router until the prune state expires. You can configure the PIM Prune Timer (the
length of time that a prune state is considered valid).

For example, in the figure above the sender with address 207.95.5.1 is sending multicast packets
to the group 229.225.0.1. If a PIM router receives any groups other than that group, the router
discards the group and sends a prune message to the upstream PIM router.

Router RTD is a leaf node with no group members in its IGMP database. Therefore, the router
must be pruned from the multicast tree. RTE sends a prune message upstream to its neighbor
router RTD to remove itself from the multicast delivery tree and install a prune state, as seen in
the figure RTE will not receive any further multicast traffic until the prune age interval expires.

When a node on the multicast delivery tree has all of its downstream branches (downstream
interfaces) in the prune state, a prune message is sent upstream. In the case of RTD, if both RTE
and RTF are in a prune state at the same time, RTD becomes a leaf node with no downstream
interfaces and sends a prune message to RTA. With RTD in a prune state, the resulting
multicast delivery tree would consist only of leaf nodes RTB and RTC.

Configuring Multicast 12-9


Configuring IP Multicast Routing

Configuring IP Multicast Routing


This section describes how to configure IP multicast routing on the Corecess S5 System.

Enabling Multicast Routing


Enabling IP multicast routing allows the Corecess S5 System to forward multicast packets. By
default, IP multicast routing is disabled on the Corecess S5 System. This section describes how
to enable the following multicast routing protocols on the Corecess S5 System:

• PIM-SM (Protocol Independent Multicast Sparse-Mode)


• PIM-DM (Protocol Independent Multicast Dense-mode)
• DVMRP (Distance Vector Multicast Routing Protocol)
• IGMP-Proxy (Internet Group Management Protocol Proxy)

Enabling PIM-SM

To configure PIM-SM network using the Corecess S5 System, enable PIM globally on the switch
and enable PIM-SM locally on VLAN interfaces. To enable PIM-SM, use the following
command in Privileged mode:

Table 12-1 Enabling PIM-SM

Command Description
configure terminal 1. Enter Global configuration mode.
ip multicast-routing 2. Enable PIM on the Corecess S5 System.
3. Enter Interface configuration mode for the VLAN
interface vlan interface that will use PIM-SM.
{id <id> | name <name>}  <id> VLAN ID (1 ~ 4094)
 <name> VLAN name
4. Configuring IP address of the VLAN interface.
ip address
<ip-address>/<M>  <ip-address>: IP address of the VLAN interface
 <M>: Subnet mask
ip pim sparse-mode 5. Enable PIM-SM on the VLAN interface.
end 6. Return to Privileged mode.
show running-config 7. Verify the result.

Note: PIM-SM use IGMP to dynamically manage multicast group members. Enabling PIM-
SM on an interface also enables IGMP operation on that interface.

12-10 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

The following example enables PIM-SM on the Corecess S5 System and on the VLAN interface:

# configure terminal
(config)# ip multicast-routing
(config)# interface vlan id 10
(config)# ip address 10.10.10.20/24
(config-if)# ip pim sparse-mode
(config-if)# end
localhost# show running-config
Building configuration...

Current configuration:
!
!
ip multicast-routing
!
interface management
!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip pim sparse-mode
!
#

Note: To disable PIM-SM on a VLAN interface, use the no ip pim sparse-mode


command in Interface configuration mode and to disable PIM on the switch, use the no ip
multicast-routing pim command in Global configuration mode.

If you enable PIM-SM, PIM-SM will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all PIM-SM parameters. To change PIM-SM and IGMP parameters according to your
network environment, refer to the following sections:

 To configure PIM-SM parameters, see the Configuring PIM and Configuring PIM-SM section
in this chapter.

 To configure IGMP parameters, see the Configuring IGMP section in this chapter.

 To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP Snooping
section in this chapter.

Configuring Multicast 12-11


Configuring IP Multicast Routing

Enabling PIM-DM

To configure PIM-DM network using the Corecess S5 System, enable PIM globally on the switch
and enable PIM-DM locally on VLAN interfaces. To enable PIM-DM, use the following
command in Privileged mode:

Table 12-2 Enabling PIM-DM

Command Description
configure terminal 1. Enter Global configuration mode.

ip multicast-routing 2. Enable PIM on the Corecess S5 System.


3. Enter Interface configuration mode for the VLAN
interface vlan interface that will use PIM-DM.
{id <id> | name <name>}  <id> VLAN ID (1 ~ 4094)
 <name> VLAN name
4. Configuring IP address of the VLAN interface.
ip address
 <ip-address>: IP address of the VLAN interface
<ip-address>/<M>
 <M>: Subnet mask
ip pim dense-mode 5. Enable PIM-DM on the VLAN interface.

end 6. Return to Privileged mode.

show running-config 7. Verify the result.

Note: PIM-DM use IGMP to dynamically manage multicast group members. Enabling PIM-
DM on an interface also enables IGMP operation on that interface.

The following example enables PIM-DM on the Corecess S5 System and on the VLAN interface:

# configure terminal
(config)# ip multicast-routing
(config)# interface vlan id 10
(config)# ip address 10.10.10.20/24
(config-if)# ip pim dense-mode
(config-if)# end
# show running-config
Building configuration...

Current configuration:
!
!
ip multicast-routing
!

12-12 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

interface management
!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip pim dense-mode
!
#

Note: To disable PIM-DM on a VLAN interface, use the no ip pim dense-mode


command in Interface configuration mode and to disable PIM on the switch, use the no ip
multicast-routing pim command in Global configuration mode.

If you enable PIM-DM, PIM-DM will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all PIM-DM parameters. To change PIM-DM and IGMP parameters according to
your network environment, refer to the following sections:

 To configure PIM-DM parameters, see the Configuring PIM and Configuring PIM-DM
section in this chapter.

 To configure IGMP parameters, see the Configuring IGMP section in this chapter.

 To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP Snooping
section in this chapter.

Configuring Multicast 12-13


Configuring IP Multicast Routing

Enabling DVMRP

To configure DVMRP network using the Corecess S5 System, enable DVMRP globally on the
switch and locally on VLAN interfaces. To enable DVMRP, use the following command in
Privileged mode:

Table 12-3 Enabling DVMRP

Command Description
configure terminal 1. Enter Global configuration mode.

ip multicast-routing 2. Enable DVMRP on the Corecess S5 System.


3. Enter Interface configuration mode for the VLAN interface
interface vlan that will use PIM-DM.
{id <id> | name <name>}  <id> VLAN ID (1 ~ 4094)
 <name> VLAN name
4. Configuring IP address of the VLAN interface.
ip address
 <ip-address>: IP address of the VLAN interface
<ip-address>/<M>
 <M>: Subnet mask
ip dvmrp 5. Enable DVMRP on the VLAN interface.

end 6. Return to Privileged mode.

show running-config 7. Verify the result.

Note: DVMRP use IGMP to dynamically manage multicast group members. Enabling
DVMRP on an interface also enables IGMP operation on that interface.

The following example enables DVMRP on the Corecess S5 System and on the VLAN interface:

# configure terminal
(config)# ip multicast-routing
(config)# interface vlan id 10
(config)# ip address 10.10.10.20/24
(config-if)# ip dvmrp
(config-if)# end
localhost# show running-config
Building configuration...

Current configuration:
!
ip multicast-routing
!
interface management

12-14 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

!
interface vlan id 1
!
interface vlan id 10
ip address 10.10.10.20/24
ip dvmrp
#

Note: To disable DVMRP on a VLAN interface, use the ip dvmrp command in Interface
configuration mode and to disable DVMRP on the switch, use the no ip multicast-routing
dvmrp command in Global configuration mode.

If you enable DVMRP, DVMRP will run on the switch with default values for all global and
interface parameters. IGMP is also automatically enabled. Therefore you do not need to
configure all DVMRP parameters. To change DVMRP and IGMP parameters according to your
network environment, refer to the following sections:

 To configure DVMRP parameters, see the Configuring DVMRP section in this chapter.

 To configure IGMP parameters, see the Configuring IGMP section in this chapter.

 To enable IGMP snooping and configure IGMP snooping parameters, see the Configuring IGMP
Snooping section in this chapter.

Configuring Multicast 12-15


Configuring IP Multicast Routing

Enabling IGMP-Proxy

To set the IGMP-proxy network it’s necessary to Enable IGMP-proxy and to set the multicast
group forwarder in the VLAN interface defined in the Corecess S5 system.
To do this, execute the following command in the privileged mode.

Command Description
configure terminal Enter the global configuration mode
ip multicast-routing Enable the multicast routing in the Corecess S5 system
Enter the VLAN interface configuration mode to Enable IGMP-
Proxy
interface vlan
<id> VLAN의 ID (1 ~ 4094)
{id <id> | name <name>}
ID of VLAN
<name> Name of VLAN
Set the IP address of the interface
ip address
<ip-address> IP address to be allocated to the interface
<ip-address>/<M>
<M> the length of subnet mask(the number of bit of the value 1
Enable IGMP-Proxy in the interface
 Set the IP IGMP-Proxy in the interface linked to IGMP host
ip igmp-proxy (forwarder)
 Set the IP IGMP-Proxy forwarder in the interface linked to
IGMP router.
exit Enter the global configuration mode
Set the multicast group forwarder.
 A.B.C.D/M set the address range of multicast group.
ip igmp-proxy forwarder
 <id>ID of VLAN(1~4094), VLAN interface to transmit igmp
A.B.C.D/M vlan id <id>
join/leave message of the designated multicast group
(primary | secondary)
 (primary | secondary) Use vlan interface as (primary |
secondary) forwarder
end Return the privileged mode
show running-config Verify the configuration

Note: IGMP-Proxy is used to manage multicast group members. Consequently, if IGMP-proxy


is Enabled in the specified inter face of Corecess S5 system IGMP is also Enabled
automatically.

The following is an example to Enable IGMP-Proxy in the VLAN interface of Corecess S5


system

Note: If the IGMP-proxy is intended not to work in the specified interface execute no ip
igmp-proxy in the interface configuration mode.
If the IGMP-proxy protocol is intended not to work in the Corecess S5 system execute no ip
multicast-routing in the global configuration mode.

12-16 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

If IGMP-Proxy multicast routing protocol is Enabled no additional configuration is necessary


because IGMP-proxy operates according to the default value assigned to the Corecess S5
system. To change the IGMP-Proxy or IGMP configuration according to network environment
refer to the following.
 Refer to the IGMP-Proxy configuration chapter to change the IGMP-Proxy parameter

 Refer to the IGMP configuration chapter to set the IGMP function to manage the group members in the
IGMP-Proxy

 Refer to IGMP Snooping configuration chapter to Enable and set the IGMP snooping.

Configuring Multicast 12-17


Configuring IP Multicast Routing

Configuring a Static Multicast Route


Static multicast routes allow you to control the network path used by multicast traffic. Static
multicast routes are especially useful when the unicast and multicast topologies of a network
are different. You can avoid the need to make the topologies similar by instead configuring
static multicast routes.

MR1 UR1 UR2 MR2

Source Tunnel Destination

In the above figure, MR1-UR1-UR2-MR2 path is used to forward unicast packets and the MR1-
MR2 tunnel is used to forward multicast packets.

You can configure more than one static multicast route. The Corecess S5 System always uses the
most specific route that matches a multicast source address. Thus, if you want to configure a
multicast static route for a specific multicast source and also configure another multicast static
route for all other sources, you can configure two static routes as shown in the examples below.

To add a multicast static route, use the following command in global configuration mode:

Table 12-4 Configuring a Static Multicast Route

Command Description
 <source>: IP address of the multicast source
ip pim sparse-
 <M>: Mask on the IP address of the multicast source( Bit number that has value
mode mroute
of ‘1’)
<source>/<M>
 <rpf-address>: IP address of PIM neighbor. PIM Joins, Grafts, and Prunes are
<rpf-address>
sent to this address.

Note: ip mroute command does not apply to DVMRP route but applies to the multicast
routing protocol that use unicast routing information.

The following example configures the specified sources within the network number 172.16.0.0
are reachable through 172.30.10.13 and all other sources are reachable through 172.30.10.14:

(config)# ip pim sparse-mode mroute 172.16.0.0/16 172.30.10.13


(config)# ip pim sparse-mode mroute 0.0.0.0/0 172.30.10.14

12-18 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

Configuring PIM
This section describes how to configure the following PIM parameters that apply to PIM-SM
and PIM-DM.

• Setting Hello message interval and hold time

• Setting Join/Prune message interval

• Filtering PIM neighbors

Setting Hello Message Interval and Hold Time

The Hello interval specifies how often the local router sends PIM hello messages on this PIM
interface to neighboring routers in the PIM domain. PIM routers periodically send hello
messages so that PIM neighbors can discover each other. Hello messages are multicast using
address 224.0.0.13 (all PIM routers group) and are sent on all communication links.

The default hello interval is 30 seconds and the default hello hold time is 105 (hello interval
times× 3.5). To modifying the hello interval and hold time, use the following commands in
Interface configuration mode:

Command Description

ip pim hello-holdtime  <seconds> PIM Hello hold time. Valid range are 1 ~ 65535
<seconds> seconds.

ip pim hello-interval
 <seconds> PIM Hello interval. Valid range are 1 ~ 65535 seconds.
<seconds>

The following example shows how to configure PIM hello message interval and hold time for
the VLAN interface:

(config)# interface vlan id 10


(config-if)# ip pim hello-interval 60
(config-if)# ip pim hello-holdtime 200
(config-if)#

Configuring Multicast 12-19


Configuring IP Multicast Routing

Setting Join/Prune Message Interval

The Join/Prune interval is the interval at which each PIM interface on the router sends periodic
join/prune messages to its upstream neighbor.

The default Join/Prune message interval is 60 seconds. To change this interval, use the
command in Interface configuration mode.

Command Description

ip pim jp-timer
 <seconds>: Join/Prune message interval (1 ~ 65535 seconds)
<seconds>

The following example shows how to set the PIM Join/Prune message interval to 30 seconds for
the VLAN interface:

(config)# ip pim jp-timer 30


(config)#

Filtering PIM Neighbors

To prevent the Corecess S5 System from participating in PIM, use the following command in
Interface configuration mode:

Command Description

ip pim neighbor-filter  <access-list-number>: Number of a standard IP access list


<access-list-number> that denies PIM packets from a source. Valid range are 1 ~ 99.

Note: ip pim neighbor-filter command filters all PIM control messages based on the
given access-list. It can be used to administratively deny a misconfigured PIM neighbor from
participating in PIM. This command does not filter Auto-RP announcements and is only intended
to filter neighbor-to-neighbor packets.

The following example denies PIM packets form the source address 10.0.0.1:

(config)# access-list 1 deny 10.0.0.1


(config)# access-list 1 permit any
(config)# interface vlan id 1
(config-if)# ip pim neighbor-filter 1

12-20 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

Configuring PIM-SM
You can configure the following PIM-SM features:

• Configuring candidate BSR

• Configuring candidate RP

• Statically specifying the RP

• Filtering register messages

• Preventing join messages to false RPs

• Specifying the IP source address of register message

• Limiting the number of register messages

• Setting the register suppression timer

• Configuring RP reachability message

• Disabling switching from the RP to the STP

• Enabling router compatibility with RFC 2362

 Setting traffic load distribution using ECMP routing paths (Equal-Cost-Multi-Path)

• Configuring PIM Domain Border (Interface parameter)

• Specifying the DR Priority (Interface parameter)

Configuring Candidate BSR

Bootstrap Router (BSR) provides a fault-tolerant, automated RP discovery and distribution


mechanism. Thus, routers dynamically learn the group-to-RP mappings. BSR should be chosen
for a given range of multicast groups. PIM-SM uses the BSR to discover and announce RP-set
information for each group prefix to all the routers in a PIM domain. A BSR is elected among
the candidate BSRs automatically. They use bootstrap messages to discover which BSR has the
highest priority. This router then announces to all PIM-SM routers in the PIM domain that it is
the BSR. Routers that are configured as candidate RPs then unicast to the BSR the group range
for which they are responsible. The BSR includes this information in its bootstrap messages and
disseminates it to all PIM-SM routers in the domain. Based on this information, all routers will
be able to map multicast groups to specific RPs.

Configuring Multicast 12-21


Configuring IP Multicast Routing

You can configure the Corecess S5 System as a candidate BSR. To configure the Corecess S5
System as a candidate BSR, use the command in Global configuration mode:

Command Description
 <if-name>: Interface name. The IP address of this interface is used as a
candidate BSR. You should specify the name of interface that PIM-SM is
ip pim bsr- enabled.
candidate <if-name>  <hash>: Hash Mask Length. This is the number of bits in a group
[<hash>] address that are significant when calculating the group-to-RP mapping.
[<priority>]  <priority>: BSR Priority (0-200). When the election process for BSR
takes place, the candidate BSR with the highest priority becomes the
BSR. Default is ‘0’.

Note : The first value to be considered for BSR descision is priority and, if they have same
values, then IP addresses are compared.

The following example configures the VLAN interface as a candidate BSR:

(config)# ip pim bsr-candidate vlan id 10 24 10


(config)#

To remove the VLAN interface as a candidate BSR, use the no ip pim bsr-candidate
command in Global configuration mode.

(config)# no ip pim bsr-candidate vlan id 10


(config)#

Configuring Candidate RP

If you configure PIM-SM, you must also choose one or more routers to be RP (Rendezvous
Point). An RP acts as the meeting place for sources and receivers of multicast data.

To elect an RP, a BSR uses candidate RP messages advertised from candidate RPs. The
candidate RP message has the IP address and priority used for selecting an RP. You can
configure the Corecess S5 System as a candidate RP for the PIM domain. The Corecess S5
System configured as a candidate RP then advertises itself as a candidate RP to the BSR.

To configure the Corecess S5 System as a candidate RP, use the following command in Global
configuration mode:

12-22 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

Command Description
 <if-name>: Interface name. The IP address of this interface is used
as a candidate RP. You should specify the name of interface that
ip pim rp-candidate PIM-SM is enabled.
<if-name> [<priority>]  <priority>: RP Priority (0-255). When the election process for RP
takes place, the candidate RP with the highest priority becomes the
RP. Default is ‘0’.

The following example configures the VLAN interface as a candidate RP with a priority of 100:

(config)# ip pim rp-candidate vlan id 10 priority 100


(config)#

To remove the Corecess S5 System as a candidate RP, use the no ip pim rp-candidate
command in Global configuration mode.

(config)# no ip pim rp-candidate vlan id 10


(config)#

Static RP Configuration (Candidate direct RP )

RP for multicast group is required to set up PIM-SM. As explained above, RP can be manually
set by the user and can be set automatically. When selecting RP among the candidate RP no
additional steps are needed for the selection. In automatic option, even if the selected router is
not working properly, the router can automatically be selected. Hence, it is better to have it set
in this way for the selection whenever possible.
In case that RP is not desired to be set automatically, the PR can be set manually. This is called
static RP. Static IP may be convenient in small network but not suitable for large-scaled network.

To set the RP router manually next line should be input in Global Setup Mode.

Command Description

ip pim rp-address
<ip-address>  <ip-address> IP address to be used for RP

The following example shows how to set the router interface of which IP address is 30.10.10.1 as
static RP.
(config)# ip pim rp-address 30.10.10.1
(config)#

Configuring Multicast 12-23


Configuring IP Multicast Routing

To delete the static IP use no pim rp-address command in global setup mode as shown
below.
(config)# no ip pim rp-address 30.10.10.1
(config)#
Note : When setting the Static RP all routers in the PIM-SM domain should be set under
same static RP. And it is necessary to check if the selected router is in the backbone and
connected with other parts of the network

Filtering Register Messages

You can prevent unauthorized sources from registering with the RP. If an unauthorized source
sends a register message to the RP, the RP will immediately send back a register-stop message.

To configure a candidate RP router to filter PIM register messages, use the following command
in Global configuration mode:

Command Description

ip pim accept-register <access-list-number> Standard access list number (1 ~ 99,


list <access-list-number> 1300 ~ 1999)

The following example shows how to restrict the RP from allowing sources in the specified
access list range of addresses to with the specified access list address range to register with the
RP:

(config)# access-list 1300 deny 232.0.0.0 0.255.255.255


(config)# access-list 1300 permit any
(config)# ip pim accept-register list 1300
(config)#

12-24 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

Accept Join/Prune messages

You can take a defensive measure to prevent a misconfigured leaf router from interrupting PIM
service to the remainder of a network. To do so, configure the local router to accept Join/Prune
messages only when the group is in the group range specified by the access list.

To configure this feature, use the following command in Global configuration mode:

Command Description
 Interface for Candidate RP among interfaces that are set
up for <if-name> Corecess S5 system, with enabled PIM-SM,
ip pim accept-rp list
must be used.
<access-list-number>
 <access-list-number>: The standard access-list number (1 ~
99, 1300 ~ 1999)
ip pim rp-address  <ip-address> Specific RP Address
<ip-address>  <access-list-number> Access List Number (1 ~ 99,
<access-list-number> 1300 ~ 1999

The following example shows how to configure the router to accept Join/Prune messages only
when the multicast group is 224.2.2.2 about static RP 10.1.1.1:

(config)# access-list 3 permit 224.2.2.2


(config)# ip pim rp-address 10.1.1.1 group-list 3
(config)#

Specifying the IP Source Address of Register Message

You should specify the IP source address of register message only when the IP source address
of a register message is not a uniquely routed address to which the RP can send packets. This
situation may occur if the source address is filtered such that packets sent to it will not be
forwarded or if the source address is not unique to the network. In these cases, the replies sent
from the RP to the source address will fail to reach the DR, resulting in PIM-SM protocol
failures.

To configure the IP source address of a register message to an interface address other than the
outgoing interface address of the DR leading toward RP, use the following command in Global
configuration mode:

Configuring Multicast 12-25


Configuring IP Multicast Routing

Command Description

ip pim register-source  <ip-address> The IP source address of a register message


{<ip-address>|  <if-name> The name of interface that identify the IP source address
<if-name>} of a register message.

The following example shows how to configure the IP source address of the register message to
the loopback 3 interface of a DR:

(config)# ip pim register-source loopback id 3


(config)#

Limiting the Number of Register Messages

The Corecess S5 System can limit the number of register messages that the DR will allow for
each (S, G) entry.

To set a limit on the maximum number of PIM-SM register messages sent per second for each (S,
G) routing entry, use the following command in Global configuration mode:

Command Description

ip pim register-  <rate>: Maximum number of register messages sent per second by the
rate limit <rate> router. Valid range are 1 ~ 65535.

The following example shows how to configure the maximum number of PIM-SM register
messages sent per second to 2:

(config)# ip pim register-rate-limit 2


(config)#

Setting the Register Suppression Timer

The RP sends a register-stop message when it receives native multicast packets from the DR and
there are no downstream routers (receivers) to forward these packets to. The source’s DR stops
the outgoing interface from sending further register packets and sets its register suppression
timer. The register suppression timer determines how long the DR waits before sending register
messages back to the RP.

12-26 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

The default register suppression timer is 60 seconds. To set the register suppression timer, use
the following command in Global configuration mode:

Command Description

ip pim register-  <seconds> Register suppression timer. Valid range are 1 ~ 65535
suppression <seconds> seconds.

The following example sets the register suppression timer to 120 seconds:

(config)# ip pim register-suppression 120


(config)#

Configuring RP Reachability Message

RP reachability messages are generated by RPs periodically and distributed down the (*, G) tree
established for the group. This allows downstream routers to detect when their current RP has
become unreachable and triggers joining toward an alternate RP.

By default, the Corecess S5 System is set to not generate RP reachability message. To generate
and distribute a periodic RP reachability message, enter the ip pim register-rp-
reachability command in Global configuration mode:

(config)# ip pim register-rp-reachability


(config)#

Disabling Switching From the RP to the SPT

In a typical PIM-SM domain, there may be two or more paths from a DR for a multicast source
to a PIM group receiver. One is path through the RP and the other is Shortest Path (STP).

By default, the Corecess S5 System switches from the RP to the SPT when a source sends at a
rate greater than or equal to 1000bps rate. To configure the Corecess S5 System to send
multicast packets using the RP indefinitely and does not switch over to the SPT, use the ip pim
spt-threshold infinity command in Global configuration mode.

# configure terminal
(config)# ip pim spt-threshold infinity

Configuring Multicast 12-27


Configuring IP Multicast Routing

To configure the Corecess S5 System to send multicast packets using the STP when a source
sends at a rate greater than or equal to 1000bps rate, use the no ip pim spt-threshold
infinity command in Global configuration mode:

(config)# no ip pim spt-threshold infinity


(config)#

Configuring PIM Domain Border1

If you configure an interface to be the PIM domain border, no PIM Version 2 BSR messages will
be sent or received through the interface. Configure an interface bordering another PIM domain
to avoid BSR messages from being exchanged between the two domains. BSR messages should
not be exchanged between different domains, because routers in one domain may elect RPs in
the other domain, resulting in protocol malfunction or loss of isolation between the domains.

To prevent BSR messages from being sent or received through an interface, enter the ip pim
bsr-border command in Interface configuration mode.

The following example configures the VLAN interface to be the PIM domain border:

(config)# interface vlan id 10


(config-if)# ip pim bsr-border
(config-if)#

Note: ip pim bsr-border command does not set up multicast boundaries. It sets up
only a PIM domain BSR message border.

Specifying the DR Priority

The DR priority indicates the priority level for a DR on the LAN. The higher the number, the
higher the priority. A PIM-SM router configured with a DR election priority sends to its PIM
neighbors a Hello message that contains its priority level. The PIM-SM router with the highest
priority level is elected the DR for the LAN. Local routers not configured with a DR election
priority level elect a DR based on the highest IP address.

The default DR priority is 1. To specify the DR priority, use the following command in Interface

1 Not implemented yet.

12-28 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

configuration mode:

Command Description

ip pim dr-priority
<priority>  <seconds>: DR priority. Valid range are 0 ~ 4294967294.

The following example shows how to set the DR priority for the VLAN interface to 200:

(config)# interface vlan id 1


(config-if)# ip pim dr-priority 200
(config-if)#

Enabling Router Compatibility with RFC 2362

By default, the Corecess S5 System is compatible with the standard PIM-SM specification
defined in RFC 2362. However, you can enable the Corecess S5 System to interoperate with
routers configured with nonstandard PIM implementations that do not comply with RFC 2362.

To enable router compatibility with RFC 2362, use the following commands:

Table 12-5 Enabling router compatibility with RFC 2362

Command Description
configure terminal 1. Enter Global configuration mode.
2. Enable the PIM-SM router to computes checksum on the PIM header
and data portion of the register packet.
ip pim cisco-register-
 group-list: Specifies the number of a standard access list that
checksum [group-list
describes the multicast groups.
<access-list-number>]
 <access-list-number>: Access list number (1 ~ 99,
1300 ~ 1999)
3. Enable the PIM-SM router to send non-zero prefix count in RP
ip pim crp-cisco-prefix
advertisement messages.
ip pim ignore-rp-set- 4. Enable the PIM-SM router to use the hash mask length instead of
priority priority to elect RP.
5. Enter Interface configuration mode for the VLAN interface to
interface vlan configure.
{id <id> | name <name>}  <id>: VLAN ID (1 ~ 4094)
 <name>: VLAN name
6. Prevent the PIM-SM router from appending generation identifiers to
ip pim exclude-genid
Hello messages that it sends to its neighbors.

The following example shows how to enable router compatibility with RFC 2362:

(config)# ip pim cisco-register-checksum

Configuring Multicast 12-29


Configuring IP Multicast Routing

(config)# ip pim crp-cisco-prefix


(config)# ip pim ignore-rp-set-priority
(config)# interface vlan id 1
(config-if)# ip pim exclude-genid
(config-if)# end
(config)#

Note: Use the ip pim-sm cisco-rp-prefix-count command only when the Cisco
router that does not support RFC 2362 is elected as the BSR.

Distribution of Multicast Traffic Load Using PIM-SM

Corecess S5 system supports distribution of multicast traffic load via ECMP (Equal-Cost-Multi-
Path) routing path. To use distribution of multicast traffic load PIM-SM must be enabled for the
interface in which ECMP routing path exists.
Distribution of multicast traffic load is done in the following process. At the router that
performs PIM Join, for (*, G) Join, each group, using different routing path, transmits by
applying hash function of which the keys are used as group address, to ECMO routing path.
For (S, G) Join, similar ways are used and it transmits Join to the traffic sources through
different routing paths
To apply distribution of multicast traffic load, following commands should be used. In this
example, basic PIM-SM setup is assumed.
Command Description

configure terminal 1. Enter the Global Setup mode.

2. Set up the function that hashes the multicast group address.


ip pim sparse-mode ecmp  Execute modular function with number of ECMP
(modulo-n|hash) routing paths set asmodulo-n multi cast group address
 After hashing the multicast group address with hash function, set
the number of ECMP routing paths to modular function.

The following is example of setting distribution of multicast traffic load in Corecess S5 system.

(config)# ip pim sparse-mode ecmp hash


(config)#

Note : In the hash distribution of multicast traffic load, the traffic may be distributed exactly
into 1/n over ECMP paths.

12-30 Corecess S5 System With GPON User's Guide


Configuring IP Multicast Routing

Configuring PIM-DM
This section describes how to configure the PIM-DM state refresh control message interval.

Configuring State Refresh Control Message Interval

PIM-DM builds source-based multicast distribution trees that operate on a flood and prune
principle. Multicast packets from a source are flooded to all areas of a PIM-DM network. PIM
routers that receive multicast packets and have no directly connected multicast group members
or PIM neighbors send a prune message back up the source-based distribution tree toward the
source of the packets. As a result, subsequent multicast packets are not flooded to prune
branches of the distribution tree. However, the pruned state in PIM-DM times out
approximately every 3 minutes and the entire PIM-DM network is reflooded with multicast
packets and prune messages. This reflooding of unwanted traffic throughout the PIM-DM
network consumes network bandwidth.

The PIM-DM State Refresh feature keeps the pruned state in PIM-DM from timing out, which
saves network bandwidth by greatly reducing the reflooding of unwanted multicast traffic to
pruned branches of the PIM-DM network. This feature also enables PIM-DM routers to
recognize topology changes (sources joining or leaving a multicast group) before the state
refresh timeout period.

If you enable PIM-DM on the Corecess S5 System, the state refresh feature is automatically
enabled. To disable the state refresh feature, use the ip pim state-refresh disable
command.

To configure the origination interval for the state refresh control message, use the following
command:

Command Description

ip pim state-refresh origination-  <seconds>: The number of seconds between control


interval<seconds> messages. Valid range are 4 ~ 100 seconds.

Note: The origination interval for the state refresh control message must be the same for all
PIM routers on the same LAN. Specifically, the same origination interval must be configured
on each router interface that is directly connected to the LAN

Configuring Multicast 12-31


Configuring IP Multicast Routing

The following example shows how to configure the origination interval for the state refresh
control message to 60 seconds.

(config)# interface vlan id 1


(config-if)# ip pim state-refresh origination-interval 60
(config-if)#

Configuring DVMRP
This section describes how to configure a metric for DVMRP interface.

Modifying the DVMRP Metric

The DVMRP router uses the metric when establishing reverse paths to some networks on
directly attached interfaces.

The default DVMRP metric is 1. To modify a DVMRP interface’s metric, use the following
command in Interface configuration mode:

Command Description

ip dvmrp metric
<metric>  <ip-address>: The metric for this interface. Valid range are 1 ~ 32.

The following example shows how to set a metric of 5 for the VLAN interface:

(config)# interface vlan id 10


(config-if)# ip dvmrp metric 5

12-32 Corecess S5 System With GPON User's Guide


Configuring IGMP-Proxy

Configuring IGMP-Proxy
Corecess S5 system is already set to be performed without additional configuration on IGMP-
Proxy. If necessary, it’s possible to set the following IGMP-Proxy configuration

 Set the bootstrap to the forwarder interface.

 Set the unsolicited-report the forwarder interface.

 Set the forwarder-sticky the forwarder interface.

 Set the multi-forwarder interfaces

 Set the several multicast group forwarder.

This chapter shows how to perform the configuration.

Set the bootstrap to the forwarder interface.


When the forwarder interface is linked-up, IGMP-proxy transmits the IGMP join message to
forwarder interface for the registered multicast group.
In this case, IGMP join massage transmission is delayed for the link-up process time of the
IGMP router set by the bootstrap.
To set the bootstrap, execute the following command in the interface configuration mode.

Command Description

ip igmp-proxy bootstrap (<seconds>)  <seconds> bootstrap time, Default value is 2 sec

The following is the example to set the bootstrap of VLAN interface having ID 2.

(config)# interface vlan id 2


(config-if)# ip igmp-proxy bootstrap
(config-if)#

Configuring Multicast 12-33


Configuring IGMP-Proxy

Set the unsolicited-report to forwarder interface.


IGMP-Proxy transmits the IGMP join message to forwarder interface for the registered
multicast group only when it receives the IGMP query from the IGMP router linked to the
forwarder interface
If unsolicited-report is set to forwarder interface, IGMP-Proxy transmits the IGMP join message
to the forwarder interface periodically without receiving IGMP query.

To set the unsolicited-report, execute the following command in the interface configuration
mode

Command Description
ip igmp-proxy
 <seconds> a period of transmitting the IGMP join. Default value is 125
unsolicited-reopr
sec
(<seconds>)

The following is the example to set the unsolicited-repot of VLAN interface whose ID is 2
(config)# interface vlan id 2
(config-if)# ip igmp-proxy unsolicited-reoprt
(config-if)#

Set the forwarder-sticky to the forwarder interface


IGMP-Proxy sets the multi forwarder interfaces. After then, if the one of the interfaces is
terminated IGMP-Proxy transmits multicast group linked to the terminated one to the other
available one.
Afterwards, if the terminated interface is recovered, the transferred multicast group will be
back to the recovered interface.
If forwarder-sticky is set, in spite of recovering of the terminated forwarder interface the
transferred multicast group is still fixed to the forwarder interface currently linked to for a
configured time.
To set the forwarder-sticky execute the following command in the global configuration mode

Command Description
ip igmp-proxy fwd-vif-
<seconds> Time to fix the multicast group. Default value is 255 sec
sticky (<seconds>)

The following is the example to set the unsolicited-repot of VLAN interface whose ID is 2.
(config)# ip igmp-proxy fwd-vif-sticky

12-34 Corecess S5 System With GPON User's Guide


Configuring IGMP-Proxy

Set the multi-forwarder interfaces.


IGMP-Proxy supports multi forwarder interface setting.
It functions forwarder redundancy and load-distribution compounding each forwarder
interface mode. For forwarder redundancy, one forwarder interface is set as primary mode and
the other is set as secondary mode.

For forwarder load distribution, multi forwarder interfaces are distributed into primary mode
or secondary mode. To set the multi forwarder interfaces execute the following command in the
global configuration mode.

Command Description
 Set the multicast group address range of A.B.C.D/M
ip igmp-proxy
forward A.B.C.D/M  <id> ID of VLAN(1~4094) VLAN interface to transmit IGMP join/leave
vlan id <id> of the designated multicast group.
(primary |
secondary)  (primary | secondary)Use the VLAN interface as (primary | secondary)
forwarder

The following is the example to set the IGMP-Proxy interface redundancy configuring VLAN
interfaces having ID(2, 3) as primary/secondary forwarder.

(config)# ip igmp-proxy forward 224.0.0.0/4 vlan id 2 primary


(config)# ip igmp-proxy forward 224.0.0.0/4 vlan id 3 secondary

The following is the example to set the IGMP-Proxy interface load distribution configuring
VLAN interfaces having ID(2, 3) as primary/secondary forwarder
(config)# ip igmp-proxy forward 224.0.0.0/4 vlan id 2 primary
(config)# ip igmp-proxy forward 224.0.0.0/4 vlan id 3 primary

Configuring Multicast 12-35


Configuring IGMP-Proxy

Set the multi multicast group forwarder


IGMP-Proxy supports the multi multicast group forwarder setting.
Configuring the various different range of multicast group for each forwarder, IGMP-Proxy
enables to receive multicast packets from the various different forwarder interfaces according to
multicast group addresses. To set the multi multicast forwarder execute the following
command in the global configuration mode.

Command Description
 Set the multicast group address range of A.B.C.D/M
ip igmp-proxy
forward A.B.C.D/M  <id> ID of VLAN(1~4094) VLAN interface to transmit IGMP join/leave
vlan id <id> of the designated multicast group.
(primary |
secondary)  (primary | secondary)Use the VLAN interface as (primary | secondary)
forwarder

The following is the example to set that the multicast group of 233.18.1.0/24 receives multicast
packet for VLAN interface having ID 2 and the multicast group of 233.18.2.0/24 receives
multicast packet for VLAN interface having ID 3

(config)# ip igmp-proxy forward 233.18.1.0/24 vlan id 2 primary


(config)# ip igmp-proxy forward 233.18.2.0/24 vlan id 3 primary

The following is the example to set that the multicast group of 233.18.1.0/24 receives multicast
packet for VLAN interface having ID 3 and the other multicast group receives multicast
packet for VLAN interface having ID 2

(config)# ip igmp-proxy forward 224.0.0.0/4 vlan id 2 primary


(config)# ip igmp-proxy forward 233.18.1.0/24 vlan id 2 primary

12-36 Corecess S5 System With GPON User's Guide


Configuring IGMP-Proxy

Configuring IGMP
You can use the Corecess S5 System without additional configuration of the IGMP. If necessary,
you may configure the following IGMP features.

 Controlling access to the multicast groups

 Configuring IGMP Static Querier

 Modifying the IGMP host query message interval

 Changing the IGMP query timeout

 Changing the maximum query response time

 Enabling IGMP immediate leave feature

 Modifying the last member query count and interval

Controlling Access to the Multicast Groups

To control the multicast groups that hosts on the subnet serviced by a VLAN interface can join,
use the following command in Interface configuration mode:

Command Description

ip igmp access-group
<access-list-number>  <seconds> Number of a standard IP access list (1 ~ 99)

In the following example, hosts serviced by the VLAN interface can join the group 225.2.2.2
only:

(config)# access-list 1 permit 255.2.2.2


(config)# interface vlan id 10
(config-if)# ip igmp access-group 1
(config-if)#

To disable groups on a VLAN interface, use the no ip igmp access-group command.

(config-if)# no ip igmp access-group


(config-if)#

Configuring Multicast 12-37


Configuring IGMP-Proxy

Configuring IGMP Static Querier

By default, IGMP querier is selected by the automatic IGMP querier selection mechanism.
However, you can configure the specified interface to act as IGMP querier using ip igmp
querier command in interface configuration mode.

To configure IGMP static querier on a VLAN interface, use the ip igmp querier command in
Interface configuration mode.

The following example enables IGMP static querier on the VLAN whose id is ‘1’:

(config)# interface vlan id 1


(config-if)# ip igmp static-querier

Note: Enabling IGMP static querier may severly affect multicast forwarding. We recommend
using automatic IGMP querier selection mechanism.

To disable IGMP static querier on a VLAN interface, use no ip igmp querier command in
the interface configuration mode.

(config)# interface vlan id 1


(config-if)# no ip igmp querier

You can configure statistically the router based on priority using ip igmp non-querier and
ip igmp querier IGMP commands. Any router port can be statically configured as IGMP
querier or non-querier without changing the IP address of the router port.

(config)# interface vlan id 2


(config-if)# ip igmp static-non-querier
(config-if)#

12-38 Corecess S5 System With GPON User's Guide


Configuring IGMP-Proxy

Modifying the IGMP Host-Query Message Interval

Multicast routers send IGMP host-query messages to discover which multicast groups are
present on attached networks. These messages are sent to the all-systems group address of
224.0.0.1 with a TTL of 1. The IGMP query interval period defines how often a router will query
an interface for group membership. Possible values are 10 ~ 43200 seconds and the default
value is 125 seconds.

To modify the IGMP query interval, use the following command in Interface configuration
mode:

Command Description
 <seconds>: Frequency, in seconds, at which to send IGMP host-
ip igmp query-interval
query messages (10 ~ 43200, seconds). Default setting is 125
<seconds>
seconds.

The following example changes the frequency at which the designated router sends IGMP host-
query messages to 120 seconds:

(config)# interface vlan id 1


(config-if)# ip igmp query-interval 120
(config-if)#

To restore the default IGMP query interval, use the no igmp query-interval command in
interface configuration mode.

(config-if)# no ip igmp query-interval


(config-if)#

Note: IGMP intervals come with preset values. The defaults work well in most network s, we
recommend that you use the default interval value.

Configuring Multicast 12-39


Configuring IGMP-Proxy

Changing the IGMP Query Timeout

You can specify the period of time before the Corecess S5 System takes over as the querier for
the interface, after the previous querier has stopped doing so. By default, the router waits twice
the query interval specified by the ip igmp query-interval command. After that time, if
the Corecess S5 System has received no queries, it becomes the querier.

By default, the IGMP query timeout value is set to 255 seconds. To change the IGMP query
timeout, use the following command in Global configuration mode:

Command Description
 <seconds>: Number of seconds that the router waits after the
ip igmp querier-timeout
previous querier has stopped querying and before it takes over as
<seconds>
the querier. Valid range are 30 ~ 1200 seconds.

The following example changes the IGMP query timeout value to 300 seconds:

(config)# interface vlan id 1


(config-if)# ip igmp querier-timeout 300
(config-if)#

To reset the IGMP query timeout value, use the no ip igmp query-timeout command.

(config)# interface vlan id 1


(config-if)# no ip igmp querier-timeout
(config-if)#

Changing the Maximum Query Response Time

By default, the maximum query response time advertised in IGMP queries is 10 seconds. If the
router is using IGMP Version 2, you can change this value. The maximum query response time
allows a router to quickly detect that there are no more directly connected group members on a
LAN.

12-40 Corecess S5 System With GPON User's Guide


Configuring IGMP-Proxy

To change the maximum query response time, use the following command in Interface
configuration mode:

Command Description

ip igmp
query-max-response-time  <seconds>: The maximum query response time advertised in
<seconds> IGMP queries. Valid range are 1 ~ 20 seconds.

The following example changes the maximum query response time value to 15 seconds:

(config)# interface vlan id 1


(config-if)# ip igmp query-max-response-time 15

To restore the default value, use the no ip igmp query-max-response time command.

(config-if)# no ip igmp query-max-response-time


(config-if)#

Enabling IGMP Immediate Leave Feature

Normally a router sends an IGMP group-specific query message upon receipt of an IGMPv2
group leave message. The router will stop forwarding traffic for that group only if no host
replies to the query within the timeout period. The timeout period is determined by the ip
igmp last-member-query-interval command and the IGMP robustness variable, which
is defined by the IGMP specification.

If IGMP immediate leave feature is enabled, the router assumes that only one host has joined
the group and stops forwarding the group's traffic immediately upon receipt of an IGMPv2
group leave message.

By default, IGMP immediate leave feature is disabled. To minimize the leave latency of IGMP
memberships and only one receiver host is connected to each interface, use the following
command in Interface configuration mode:

Command Description

ip igmp immediate-leave
group-list  <access-list-number>: Access list number (1 ~ 99, 1300 ~
<access-list-number> 1999)

Configuring Multicast 12-41


Configuring IGMP-Proxy

The following example shows how to enable the immediate leave feature on the VLAN
interfaces for the multicast groups 255.2.2.2:

(config)# access-list 1 permit 255.2.2.2


(config)# interface vlan id 10
(config-if)# ip igmp immediate-leave group-list 1
(config-if)#

Modifying the Last Member Query Count and Interval

When a router receives an IGMP Version 2 leave group message on an interface, it waits twice
the query interval; after which, if no receiver has responded, the router drops the group
membership on that interface.

By default, the Corecess S5 System sends the Group-Specific Queries message twice every 1000
milliseconds to the group being left.

To configure the count to which the router sends IGMP group-specific host query messages and
the frequency at which the router sends IGMP group-specific host query messages, use the
following commands in Interface configuration mode:

Command Description

ip igmp last-member-query-  <count>: The count to which the router sends IGMP group-
count <count> specific host query messages.
ip igmp last-member-query-  <interval>: The frequency at which the router sends IGMP
interval <interval> group-specific host query messages.

Specifies in tenths of a second how long the system waits after receiving an IGMP leave
message before it sends another query.

The following example shows how to modify the last member query count and interval for the
VLAN interface:

(config)# interface vlan id 10


(config-if)# ip igmp igmp last-member-query-count 3
(config-if)# ip igmp igmp last-member-query-interval 2000
(config-if)#

12-42 Corecess S5 System With GPON User's Guide


Configuring IGMP Snooping

Configuring IGMP Snooping


This section describes how to configure the IGMP snooping on the Corecess S5 System. To
configure the IGMP snooping, perform the following tasks:
 Enabling IGMP snooping.
 Configuring a multicast router port
 Enabling IGMP immediately leave feature on a port interface
 Configuring a host statically to join a group
 Changing the IGMP group membership time

Enabling IGMP Snooping

By default, IGMP snooping is globally disabled on the Corecess S5 System. When globally
enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. IGMP
snooping is by default disabled on all VLANs, but can be enabled and disabled on a per-VLAN
basis. Global IGMP snooping override the VLAN IGMP snooping. If global snooping is
disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or
disable VLAN snooping.
To globally enable IGMP snooping on the Corecess S5 System and enable VLAN IGMP
snooping, use the following command in Global configuration mode:

Command Description

ip igmp snoop
 <vlan-id>: ID of a VLAN to enable IGMP snooping.
[vlan id <vlan-id>]

First, execute ip igmp snoop command to enable igmp snooping so that igmp snooping is
applied on vlan interface. After the execution of ip igmp snoop, enable igmp snooping for each
of vlan interface.
If ip igmp snoop is not executed you cannot enable igmp snooping on vlan interface.
The following is example of enabling igmp snooping on vlan id for 2 person interface.
(config)# ip igmp snoop
(config)# ip igmp snoop vlan id 2
Execute no ip igmp snoop vlan id number to disable igmp snoop on the interface where igmp
snooping is enabled.
If you do not want to use igmp snooping on the equipment regardless of vlan interface, execute
no ip igmp snoop command. Then igmp snooping is disabled for all vlan interfaces.
(config)# no ip igmp snoop
(config)# no ip igmp snoop vlan id 2

Configuring Multicast 12-43


Configuring IGMP Snooping

Configuring a Multicast Router Port


If membership query messages are forwarded from the Corecess S5 System to a multicast router,
there is a possibility that the router may not operate normally. According to IGMP rules, if there
are two or more IGMP querier in one LAN, the IGMP querist with the smaller IP address
operates as the IGMP querier. This is because if two or more multicast routers are connected to
one LAN, the two routers both receive multicast traffic from outside the network, and transfer
the traffic to inside the network, resulting in the same data redundantly received and
transferred.

However, if a multicast router receives a membership query message from the Corecess S5
System, which is not a multicast route, but a system that provides IGMP snooping functions,
and recognizes it as a multicast router, it may stop its role as the IGMP querier (if the IP address
of the Corecess S5 System is smaller than the IP address of the multicast router). If this happens,
a problem may occur in which the multicast router stops forwarding multicast traffic from
outside the network into the LAN. Therefore, membership query messages must not be sent
from the Corecess S5 System to the multicast router. In order to do so, the port connected to the
multicast router must be manually set as a router port.

To configure a static router port, use the command in the Global configuration mode:

Command Description

ip igmp snoop mrouter port


 <slot>/<port> Slot number and port number
gigabitethernet <slot>/<port>
 <vlan-id> VLAN ID (1 ~ 4094)
[vlan id <vlan-id>]

The following example adds the Gigabit Ethernet port 17/1 as a router port:

(config)# ip igmp snoop mrouter port gigabitethernet 17/1


(config)# end
# show ip igmp snoop mrouter
---- --------------------
Vlan Port
---- --------------------
1 17/1
---- --------------------
#

12-44 Corecess S5 System With GPON User's Guide


Configuring IGMP Snooping

To remove a multicast router, use the no ip igmp snooping mrouter command in Global
configuration mode.

(config)# no ip igmp snoop mrouter port gigabitethernet 17/1


(config)#

Note: Multicast routers that support only IGMPv1 cannot process host membership report
messages received from devices that support IGMPv2. In addition, multicast routers which
support only IGMPv1 can not understand Leave messages, which are sent by hosts leaving
multicast groups. Since there is no way for IGMP snooping devices, such as the Corecess
S5 System, to automatically recognize ports connected to these IGMPv1 multicast r outers,
the user must manually specify them.

Enabling IGMP Immediately Leave Feature on a Port Interface

When you enable IGMP immediately leave feature, the Corecess S5 System immediately
removes a port when it detects an IGMP version 2 leave messages on that port.

To enable IGMP immediately leave feature on a port interface, use the following command in
Global configuration mode:

Command Description

ip igmp snoop fast-leave {port


 <slot>/<port> Slot number and port number
gigabitethernet <slot>/<port> | vlan
 <vlan-id> VLAN ID (1 ~ 4094)
id <vlan-id>}

This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 17/1:

(config)# ip igmp snoop fast-leave port gigabitethernet 17/1


(config)#

To disable IGMP fast-leave processing, use the no ip igmp snooping fast-leave


command:

(config)# no ip igmp snoop fast-leave port gigabitethernet 17/1


(config)#

Configuring Multicast 12-45


Configuring IGMP Snooping

Configuring a Host Statically to Join a Group

Hosts normally join multicast groups dynamically, but you can also configure a host statically
on an interface.

To add a port as a member of a multicast group, use the following command in Global
configuration mode:

Command Description
ip igmp snoop static-mgroup
 <group-address> IP address of multicast group
<group-address> port
 <slot>/<port> Slot number and port number
gigabitethernet <slot>/<port> [vlan
id <vlan-id>]  <vlan-id> VLAN ID (1 ~ 4094)

This example shows how to add the Gigabit Ethernet port 17/1 as a member of the group
01:00:5e:00:02:03:

(config)# ip igmp snoop static-mgroup 01:00:5e:00:02:03 port gigabitethernet


17/1
(config)# end
# show ip igmp snoop
---- ------------------ ------------------ ---------- ------- ------------
vlan mac group ip group ports type timeout left
---- ------------------ ------------------ ---------- ------- ------------
1 1:0:5e:0:2:3 0.0.0.0 17/1 static 0
---- ------------------ ------------------ ---------- ------- ------------
Total number : 1
---- ------------------ ------------------ ---------- ------- ------------
#

To remove the port from the multicast group, use the no ip igmp snooping static-
mgroup command.

(config)# no ip igmp snoop static-mgroup 01:00:5e:00:02:03 port gigabitethernet


17/1

12-46 Corecess S5 System With GPON User's Guide


Configuring IGMP Snooping

Changing the IGMP Group Membership Timeout

IGMP group membership time defines how long a group will remain active on an interface in
the absence of a group report. You can specify how many seconds an IP Multicast group can
remain on a Corecess S5 System interface in the absence of a group report.

To change IGMP group membership time, use the following command in Global configuration
mode:

Command Description

ip igmp snoop membership  <seconds> The IGMP group membership time in seconds
timeout <seconds> from 1 to 1200 seconds.

The following example changes IGMP membership time to 200 seconds:

(config)# ip igmp snoop membership timeout 200


(config)# end
# show ip igmp snoop membership timeout
200
#

Configuring Multicast 12-47


Configuring IGMP Snooping

Specifying the Maximum Number of Multicast Groups

By default, each port of the Corecess S5 System can belong to up to 1024 multicast groups. To
configure the maximum number of multicast groups that a port can belong to, use the following
command in Global configuration mode:

Command Description

ip igmp snoop group-


number-limit <number> port  <number>: The number of multicast groups (1 ~ 4096)
gigabitethernet  <slot>/<port> Slot number and port number
<slot>/<port>

The following example shows how to specify the number of multicast groups for the Gigabit
Ethernet port 17/1 to 2048:

(config)# ip igmp snoop group-number-limit 2048 port gigabitethernet 17/1

To restore the default value, enter the no ip igmp snooping group-number-limit


command in Global configuration mode.

(config)# no ip igmp snoop group-number-limit port gigabitethernet 17/1


(config)#

12-48 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Monitoring IP Multicast Routing


This section describes how to display multicast routing information on the Corecess S5 System.

Displaying the Contents of IP Multicast Routing Table


To display the contents of the IP multicast routing table, enter the show ip mroute command
in Privileged mode. This command shows the multicast group address which the device driver
set up.

Command Description

 <address>: IP address of the multicast group.


show ip mroute
 summary: Displays a one-line, abbreviated summary of each entry
[<address> | summary]
in the IP multicast routing table.

The following example shows how to display the IP multicast routing table written down to the
device for all groups.

# show ip mroute

IP Multicast Routing Table


Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installed
N - Negative Forwarder installed, D - FILTERED BY RT_LIMIT
Timers: Uptime/Stat Expiry
Interface State: Interface (Address) TTL

(10.1.1.2, 224.1.1.1), uptime 00:05:23, stat expires 00:02:03


Owner PIM-SM, Flags: TF
Incoming interface: vlan100 (100.1.1.1)
Outgoing interface list:
vlan200 (100.1.200.1) TTL:1

Configuring Multicast 12-49


Monitoring IP Multicast Routing

To see information other than the information on the multicast routing table that was
maintained by multicast routing protocol device, and to see the information on multicast
routing table of Corecess S5, execute show ip mroute <protocol> command in the privilege
mode.

Command Description

show ip mroute  <protocol>: one of the multicast routing protocols


<protocol> (i.e. pim sparse-mode, pim dense-mode, dvmrp)

The following example shows how to display the IP multicast routing table which is maintained
by the multicast protocols for all groups.

# show ip mroute pim sparse-mode

IP Multicast Routing Table


Flags: D - PIM Dense, S - PIM Sparse, V - DVMRP, C - Connected
L - Local, P - Pruned, G - Grafting, R - RP-bit set, T - SPT-bit set
F - Register flag, J - Join SPT, N - Negative Cache
Timers: Uptime/Expires
Interface state: Interface, Next-Hop, State/Mode

(10.0.0.1, 224.1.1.1), 00:04:45/00:01:44, flags: VC


Incoming interface: vlan10 (10.0.0.254), RPF neighbor 0.0.0.0
vlan20 (20.0.0.1), Forward/Sparse, 00:04:45/00:00:00

12-50 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

The following table describes the fields in the show ip mroute <protocol>command output:

Table 12-6 show ip mroute Field Description

Field Description
Information about the entry:
- D Entry is operating in PIM-DM
- S Entry is operating in PIM-SM
- V Entry is operating in DVMRP
- C A member of the multicast group is present on the directly connected
interface
- L The router itself is a member of the multicast group
Flags: - P Route has been pruned
- G Route has been graft
- R Indicates that the (S,G) entry is pointing towards the RP.
- T Indicates that packets have been received on the shortest path source tree.
- F Indicates that the software is Registering for a multicast source
- J For (*, G) entries, indicates that the rate of traffic flowing down the shared
tree is exceeding the SPT-Threshold set for the group. For (S, G) entries,
indicates that the entry was created because the SPT-Threshold for the group
was exceeded.
How long in hours, minutes, and seconds the entry has been in the IP multicast
Timers::
routing table / How long in hours, minutes, and seconds until the entry will be
Uptime/Expires
removed from the IP multicast routing table on the outgoing interface

The state of incoming or outgoing interface:


- Interface Name and number of the interface
Interface state - Next-Hop Next hop specifies downstream neighbor's IP address
- State/Mod Indicates that packets will be forwarded on the interface if there are
no restrictions due to access lists / mode in which the interface is operating

IP multicast routing table. The entry consists of the IP address of the source
(10.0.0.1, 224.1.1.1)
router followed by IP address of the multicast group.

flags Information about the entry.

Expected interface for a multicast packet from the source. If the packet is not
Incoming interface:
received on this interface, it is discarded.

RPF neighbor IP address of the upstream router to the source

Configuring Multicast 12-51


Monitoring IP Multicast Routing

Displaying PIM Information


This section describes how to display PIM configuration:

 PIM configuration information

 PIM configuration information for a VLAN interface

 PIM neighbor information

 PIM-SM BSR information

 PIM-SM RP information

 PIM-SM RP hash information

Displaying PIM Configuration Information

To display basic configuration information for PIM, use the show ip pim configuration
command in Privileged mode.

The following example shows how to display basic configuration information for PIM on the
Corecess S5 System:

# show ip pim configuration


PIM Daemon Start Time : 1d16h43m
PIM Daemon Up Time : 00:01:19
PIM Default Hello Interval : 30 secs
PIM Default Hello Holdtime : 105 secs
PIM Join/Prune Interval : 60 secs
PIM Join/Prune Holdtime : 210 secs
PIM-SM Bootstrap Interval : 60 secs
PIM-SM C-RP Adv. Interval : 60 secs
PIM SG Keepalive Time : 210 secs
PIM RP Reg Keepalive Time : 365 secs
PIM-SM Register Probe Time : 5 secs
PIM-SM Register Supp. Time : 60 secs
PIM-DM State Refresh Interval : 60 secs
#

12-52 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

The following table describes the fields in the show ip pim configuration command output:

Table 12-7 show ip pim configuration field Descriptions

Field Description

PIM Daemon Start Time How many seconds have passed since the router is started

PIM Daemon Up Time How many seconds have passed since the PIM is enabled
The interval at which each PIM interface on the router sends periodic
PIM Default Hello Interval
hello messages to its PIM neighbor
How many seconds the local router will wait for a hello message from
PIM Default Hello Holdtime a neighbor before determining that the neighbor is no longer present
and removing cached PIM forwarding entries for the neighbor.
The interval at which the local router sends PIM-SM Join/Prune
PIM Join/Prune Interval
messages for the multicast groups it is forwarding.
The amount of time a receiver must keep the Join/Prune state alive,
PIM Join/Prune Holdtime
in seconds.
The interval at which the BSR sends the RP set to the RPs within the
PIM-SM Bootstrap Interval
PIM-SM domain.

The interval at which the candidate PR sends candidate RP


PIM-SM C-RP Adv. Interval
advertisement messages to the BSR.

PIM-SM Register Probe Time PIM-SM Register probe timer


PIM-SM Register Supp. Time PIM-SM Register suppression timer
PIM-SM SG Keepalive Expiration Time for (S,G) Keep alive timer (sec)
PIM-SM Reg Keepalive Expiration Time for (S,G) Register of P (sec)
PIM-DM State Refresh Interval The interval for the PIM-DM state refresh feature control message.

Configuring Multicast 12-53


Monitoring IP Multicast Routing

Displaying PIM Interface Information

To display information about interfaces configured for PIM, use the show ip pim
interface [detail] command in Privileged mode.

The following is sample output from the show ip pim interface command:

# show ip pim interface


Address Interface VIFindex Ver/ Nbr DR DR
Mode Count Prior
10.0.0.1 vlan10 0 v2/S 2 1 10.0.0.1
20.0.0.1 vlan20 2 v2/S 2 1 20.0.0.1
#

The following table describes the fields in the show ip pim interface command output:

Table 12-8 show ip pim interface field Descriptions

Field Description

Address IP address of the VLAN interface

Interface Name of the VLAN interface

VIFindex Index number of the VLAN interface

PIM version and multicast mode in which the router is operating


Ver/Mode - v2/S : PIM version 2 / Sparse mode
- v2/D: PIM version 2 / Dense mode
Number of PIM neighbors that have been discovered through this
Nbr Count
interface
DR Priority DR priority of the VLAN interface

DR IP address of the DR (Designated Router)

The following is sample output from the show ip pim interface detail command:

# show ip pim interface detail


vlan10 (vif 0):
Address 10.10.10.20, DR 10.10.10.20
Hello period 30 seconds, Next Hello in 9 seconds
Triggered Hello period 5 seconds
PIM domain border: disabled
Neighbors: 198.92.37.1

vlan20 (vif 2):

12-54 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Address 20.0.0.1, DR 20.0.0.1


Hello period 30 seconds, Next Hello in 10 seconds
Triggered Hello period 5 seconds
PIM domain border: disabled
Neighbors:
#

The following table describes the fields in the show ip pim interface detail command
output:

Table 12-9 show ip pim interface detail field Descriptions

Field Description
vlan10 (vif 0) Name of the VLAN interface (Index)
Address IP address of the VLAN interface
DR IP address of the DR
Hello period Interval for the origination of the PIM hello messages
Indicates how many seconds will pass before the local router sends its next
Next Hello
hello message.
Indicates whether the interface is enabled as a PIM domain border (enable,
PIM domain border
disable)
Neighbors IP address of the PIM neighbor

Configuring Multicast 12-55


Monitoring IP Multicast Routing

Displaying PIM Neighbor Information

To display information about neighbor configured for PIM, use the show ip pim neighbor
[detail] command in Privileged mode.

The following is sample output from the show ip pim neighbor command:

# show ip pim neighbor


Neighbor Interface Uptime/Expires Ver DR
Address Priority/Mode
2.2.2.2 vlan10 00:00:05/00:01:40 v2 1 / DR

The following table describes the fields in the show ip pim neighbor command output:

Table 12-10 show ip pim neighbor field Descriptions

Field Description
Neighbor Address Address of Neighbor
Interface Interface connected to Neighbor
Uptime Time that discovers Neighbor
Expires Time that lease connection when the Neighbor does not response
Version PIM version of Neighbor
DR Priority DR priority of Neighbor
Mode PIM mode of Neighbor

12-56 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Displaying PIM-SM BSR Information

To display the PIM-SM bootstrap router (BSR) information, use the show ip pim bsr-
router command in Privileged mode.

# show ip pim bsr-router


PIMv2 Bootstrap information
This system is the Bootstrap Router (BSR)
BSR address: 2.2.2.2
Uptime: 00:00:57, BSR Priority: 0, Hash mask length: 10
Expires: 00:01:13
Role: Candidate BSR
State: Pending BSR

Candidate RP: 2.2.2.2(loopback1)


Advertisement interval 60 seconds
Next Candidate RP Advertisement in 00:00:59
#

The following table describes the fields in the show ip pim bsr-router command output:

Table 12-11 show ip pim bsr-router field Descriptions

Field Description

BSR address IP address of the BSR

Uptime Length of time that this router has been up (in hours, minutes, and seconds

BSR Priority Priority of the BSR

Hash mask length Length of a mask (32 bits maximum)

Next Time (in hours, minutes, and seconds) in which the next candidate RP
Cand_RP_advertisement advertisement will be sent

RP List of IP addresses of RPs

Configuring Multicast 12-57


Monitoring IP Multicast Routing

Displaying PIM-SM RP Information

To display all group-to-RP mappings of which the router is aware, use the show ip pim rp
mapping command in Privileged mode.

The following is sample output from the show ip pim rp mapping command:
# show ip pim rp mapping
PIM Group-to-RP Mappings
This system is the Bootstrap Router (v2)
Group(s): 224.0.0.0/4
RP: 2.2.2.2
Info source: 2.2.2.2, via bootstrap, priority 192
Uptime: 00:02:23, expires: 00:02:10

Dynamic mapping : 1
Static mapping : 0
Total mapping : 1
#

The following table describes the fields in the show ip pim rp mapping command output:

Table 12-12 show ip pim rp mapping Field Description

Field Description
Address of the multicast group about which to display RP information (Static,
Group(s)
Dynamic)
RP Address of the RP for that group.
Info source PIM that transmits RP information
Length of time the RP has been up (in days and hours). If less than 1 day, time is
Uptime
shown in hours, minutes, and seconds.

To display which rendezvous point (RP) is being selected for a specified group, use the show
ip pim rp-hash <group-address> command in Privileged mode.

The following is sample output from the show ip pim rp-hash command with the group
address 224.0.0.0 specified.

# show ip pim rp-hash 224.0.0.0


RP: 2.2.2.2
Info source: 2.2.2.2, via bootstrap, priority 192
Uptime: 00:04:14, expires: 00:02:22 RP: 30.10.10.1

12-58 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Displaying DVMRP Information


This section describes how to display DVMRP configuration:

 DVMRP configuration information

 The Status of the DVMRP Interface

 DVMRP Neighbor Information

 DVMRP Prune Information

 DVMRP Route Information

Displaying DVMRP Information

To display DVMRP information for the Corecess S5 System, use the show ip pim
configuration command in Privileged mode.

The following is sample output from the show ip pim configuration command:

# show ip dvmrp configuration


DVMRP Daemon Start Time : 1d19h14m
DVMRP Daemon Up Time : 00:00:32
DVMRP Default Metric : 1
DVMRP Probe Interval : 10 secs
DVMRP Neighbor Timeout Interval : 35 secs
DVMRP Route Report Interval : 60 secs
DVMRP Route Expiration Time : 200 secs
DVMRP Route Discard Time : 340 secs
DVMRP Holddown Period : 120 secs
#

The following table describes the fields in the show ip dvmrp configuration
command output:

Table 12-13 show ip dvmrp configuration filed Descriptions

Filed Description

DVMRP Daemon Start Time How many seconds have passed since the router is started

DVMRP Daemon Up Time How many seconds have passed since the PIM is enabled

DVMRP Default Metric The metric (or cost) of all DVMRP interfaces on the router.

(Continued)

Configuring Multicast 12-59


Monitoring IP Multicast Routing

Filed Description
DVMRP Probe Interval The interval between the transmissions of probe messages.
DVMRP Neighbor Timeout If no message is received from a DVMRP neighbor during this time
Interval period, the neighbor is considered “down.”
The interval between the transmissions of route reports. A route
DVMRP Route Report Interval
report advertises all active routes.
DVMRP Route Expiration Time A route expires if it has not been refreshed within this time period.
DVMRP Route Discard Time The period of time before a route is deleted on a DVMRP router.
The period during which a deleted route is advertised with a metric
DVMRP Holddown Period
of infinity.

Displaying the Status of the DVMRP Interface

To display the status of a VLAN interface running DVMRP, use the show ip dvmrp
interface command in Privileged mode.

# show ip dvmrp interface


Address Interface Vif Ver Nbr Type Remote
Count Address
10.0.0.254 vlan10 0 v3.ff 0 SUBNET N/A
20.0.0.1 vlan20 1 v3.ff 1 SUBNET N/A
#

The following table describes the fields in the show ip dvmrp interface command output:

Table 12-14 show ip dvmrp interface field Descriptions

Filed Description

Address IP address of the VLAN interface.

Interface Name of the VLAN interface.

Vif The index number of the VLAN interfaces.

Ver Version of DVMRP that is operating on the VLAN interface

Nbr Count Number of DVMRP neighbor routers.

Type Type of interface (Subnet, Tunnel)

Remote Address IP address of terminal interface

12-60 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Displaying DVMRP Neighbor Information

To display information about DVMRP neighbors, use the show ip dvmrp neighbor
command in Privileged mode.

# show ip dvmrp neighbor


Neighbor Interface Uptime/Expires State Ver
Address
20.0.0.254 vlan20 02:46:58/00:00:27 2WAY v3.ff
#

The following table describes the fields in the show ip dvmrp neighbor command output:

Table 12-15 show ip dvmrp neighbor field Descriptions

Filed Description
IP address of the DVMRP neighbor from which the interface has received Probe
Neighbor Address
messages.
Interface DVMRP interface for which neighbor information is displayed.
The amount of time the neighbor has been “up.” /
Uptime/Expires
The amount of time before the neighbor expires
State The status information of the DVMRP neighbor
Version of DVMRP that is operating on the VLAN interface. 3 indicate compliance
Ver
with the draft-ietf-idmr-dvmrp-v3-10 draft.

Displaying DVMRP Route Information

To display information about DVMRP routes, use the show ip dvmrp route command in
Privileged mode.

# show ip dvmrp route


Flags: C = ChangedRoute, D = DirectlyConnected, H = HoldDown, U = Unreachable
Route Flags Nexthop Nexthop Metric Uptime/Expires
Interface Neighbor
30.0.0/24 .... vlan20 20.0.0.254 2 02:47:17/00:03:00
20.0.0/24 .D.. vlan20 Direct Connect 1 02:47:58
10.0.0/24 .D.. vlan10 Direct Connect 1 02:48:02
#

Configuring Multicast 12-61


Monitoring IP Multicast Routing

The following table describes the fields in the show ip dvmrp route command output:

Table 12-16 show ip dvmrp route field Descriptions

Filed Description

Route The route to the network.

Flags Information about the entry.

Nexthop interface The VLAN interface attached to the next hop.

Nexthop Neighbor The IP address of the next hop.

Metric The cost of DVMRP route


The amount of time the route has been saved in the DVMRP routing table /
Uptime/Expires
The amount of time before the route is removed from the DVMRP routing table

Displaying DVMRP Prune Information

To display the prunes that were received, use the show ip dvmrp prune command in
Privileged mode.

# show ip dvmrp prune


Flags: F = Forwarding, P = Pruned, G = Grafting
Source Group Flags Prune Snd Prune Rcv Prune
Address Address Interface If Counts Exptime
10.0.0.1 224.1.1.1 ... vlan10 1 01:36:27
#

The following table describes the fields in the show ip dvmrp prune command output:

Table 12-17 show ip dvmrp prune field Descriptions

Field Description

Source address IP address of the source

Group address IP address of the multicast group

Flags Information about the entry.

Prune Snd Interface The interface that the local router sends the Prune message.

Prune Rcv If Counts The number of interface that receives Prune messages

Prune Exptime The amount of time before the prune message expires

12-62 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Display IGMP-Proxy Information

It is possible to display the following IGMP-Proxy information in the Corecess S5 system


 IGMP-Proxy forwarder configuration information

 IGMP-Proxy configuration information of a interface

 IGMP-Proxy local-member information

 IGMP-Proxy mroute information

 IGMP-Proxy reception-state information

Display IGMP-Proxy forwarder

If the command show ip igmp-proxy forward [A.B.C.D] is executed in the privileged mode,
you can find out the multicast group forwarder information.
The following is the example to execute the command show ip igmp-proxy forward in the
Corecess S5 system.

# show ip igmp-proxy forward


IGMPPROXY forwarder information
224.0.0.0/4:
Num of Forwarder: 1
Num of Primary Forwarder: 1
Num of Secondary Forwarder: 0
forward: vlan2 primary up

The following shows the meaning of each item output in case of executing the command show
ip igmp-proxy forwarder

Table 12-18 show ip igmp-proxy forwarder field Descriptions

Field Description

224.0.0.0/4 The multicast group address range to be handled by a forwarder


Num of
The number of forwarder interfaces
Forwarder
Num of Primary
The number of primary forwarders
Forwarder
Num of
Secondary The number of secondary forwarders
Forwarder

Configuring Multicast 12-63


Monitoring IP Multicast Routing

forwarder: vlan2
The state of the VLAN2 interfaces configured as a forwarder.
primary up

Display IGMP-Proxy configuration information in an interface

If the command show ip igmp-proxy interface is executed in the privileged


mode, you can find out IGMP-Proxy configuration information in the VLAN interface
which IGMP-Proxy Enables in.

The following is the example to execute the command show ip igmp-proxy interface
in the Corecess S5 system

# show ip igmp-proxy interface


Address Interface VIFindex Mode Ver RV MaxRspTime Bst Unsol-Rpt
10.10.10.20 vlan1 2 ENABLE - - - - -
20.20.20.1 vlan2 3 FORWARDER 2 2 100 2 125
# #

The following shows the meaning of each item output in case of executing the command ip
igmp-proxy interface.

Table 12-19 show ip igmp-proxy interface field Descriptions

Field Description

Address An IP address of a VLAN interface

Interface A name of a VLAN interface

VIFindex An index of a VLAN interface

IGMP-Proxy mode in operating VLAN interface


Mode - ENABLE : IGMP router mode
- FORWARDER : IGMP host mode

Ver IGMP protocol version (1-3)

RV The value of IGMP Protocol Robustness Variable

MaxRspTime The value of IGMP Protocol Maximum Response Time

BST The value of IGMP-Proxy Bootstrap time

Unsol-Rpt The value of IGMP-Proxy Bootstrap time

12-64 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Display IGMP-Proxy local-members

If the show ip igmp-proxy local-members is executed in the privileged mode,


you can find out IGMP-Proxy local-member information

# show ip igmp-proxy local-members


IGMPPROXY Local membership information
vlan1:
(*, 233.18.254.1) : INCLUDE

The following shows the meaning of each item output in case of executing the command show
ip igmp-proxy local-members

Table 12-20 show ip igmp-proxy local-members field Descriptions

Field Description
vlan1 A name of a VLAN interface
(*, 233.18.254.1) Multicast packet transmitter, Multicast group address
INCLUDE The state of multicast group transmission (INCLUDE, EXCLUDE)

Display IGMP-Proxy mroute information

If the show ip igmp-proxy mroute is executed in the privileged mode, you


can find out IGMP-Proxy multicast group routing information

# show ip igmp-proxy mroute


IP IGMPPROXY Multicast Routing Table
(*,G) Entries: 1
(S,G) Entries: 0

(*, 233.18.254.1)
upstream vlan2 state: JOINED mode: INCLUDE
Outgoing interface list:
vlan1 (10.10.10.10), Forward/INCLUDE, 00:00:22/00:00:00

The following shows the meaning of each item output in case of executing the command show
ip igmp-proxy mroute.

Configuring Multicast 12-65


Monitoring IP Multicast Routing

Table 12-21 show ip igmp-proxy local-members field Descriptions

Field Description
(*,G) Entries (*,G) The number of the Entries
(S,G) Entries (S,G) The number of the Entries
Upstream vlan2 state: The state of multicast group routing (JOINED, PRUNED)
JOIND mode: INCLUDE The mode of multicast group routing (INCLUDE, EXCLUDE)
vlan1 (192.168.1.254),
multicast group forwarding interface information
Forward/INCLUDE

Display IGMP-Proxy reception-state Information

If the show ip igmp-proxy reception-state is executed in the privileged


mode, you can find out IGMP-Proxy multicast group reception-state information.

# show ip igmp-proxy reception-state


IGMPPROXY Reception state
vlan2:
(*, 233.18.254.1) mode INCLUDE

#
The following shows the meaning of each item output in case of executing the command show
ip igmp-proxy reception-state

Table 12-22 show ip igmp-proxy reception-state field Descriptions

Field Description
vlan2 The name of VLAN interface
(*, 233.18.254.1) (Multi-cast packet departure, Multicast group address)
INCLUDE The reception state of multi-cast group(INCLUDE, EXCLUDE)

12-66 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Displaying IGMP Information


This section describes how to display IGMP configuration:

 IGMP information for interfaces

 IGMP multicast group information

 IGMP snooping information

 Multicast router Interface

 List of interface IGMP fast-leave is enabled

 IGMP group membership time

Displaying IGMP Information for Interfaces

To display IGMP information for interfaces configured on the Corecess S5 System, enter the
show ip igmp interface command in Privileged mode.

The following is sample output from the show ip igmp interface command:

# show ip igmp interface


Interface vlan id 10 (Index 8)
IGMP Active, Querier, Default version 2
Internet address is 10.10.10.20
IGMP querier
IGMP query interval is 125 seconds (next query in 00:00:51)
IGMP querier timeout is 255 seconds
IGMP max query response time is 10 seconds
Last member query response interval is 1000 ms
#

The following table describes the fields in the show ip igmp configuration command output:

Table 12-23 show ip igmp configuration field Descriptions

Field Description
Interface Name of the interface
Internet address IP address of the interface
IGMP querier Indicates whether the interface is IGMP querier or not.
IGMP query interval The time interval between general queries.
The timeout time before the system takes over as the querier for the
IGMP querier timeout
interface.

Configuring Multicast 12-67


Monitoring IP Multicast Routing

IGMP max query The maximum amount of time within which a host must send a membership
response time report after it receives a query.
Last member query
The number of seconds between group-specific queries.
response interval
Last member query
The number of group-specific queries that will be sent.
count
IGMP querying router IP address of the IGMP querier
IGMP is Indicates whether IGMP is enabled or not on the interface.

Displaying Multicast Group Information

To display the multicast groups that are directly connected to the Corecess S5 System and that
were learned via IGMP snooping, use the show ip igmp snooping command in Privileged
mode.

Command Description
 <address>: Address of the multicast group for which to display
show ip igmp group host memberships.
[<address> | <if-name>]  <if-name>: Name of the interface for which to display host
memberships.

The following example displays the multicast groups that are directly connected to the Corecess
S5 System:

# show ip igmp groups


IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter

224.1.1.1 vlan1 239 21 10.6.0.7


224.3.3.1 vlan1 138 122 10.9.0.5
224.3.3.2 vlan10 227 33 10.9.0.5
#

The following example shows how to display the information about the multicast group
224.3.3.2 by using the show ip igmp group <address> command:

# show ip igmp groups 224.3.3.2


IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.3.3.2 vlan10 227 33 10.9.0.5
#

12-68 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

The following example shows how to display the information about the multicast groups on the
default VLAN interface by using the show ip igmp group <if-name> command:

# show ip igmp groups vlan id 1


IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 vlan1 239 21 10.6.0.7
224.3.3.1 vlan1 138 122 10.9.0.5
#

The following table describes the fields in the show ip igmp group command output:

Table 12-24 show ip igmp group field Descriptions

Field Description
Group Address The IP address of the multicast group.
Interface Name of the interface that belongs to the multicast group.
Uptime The amount of time that the interface has been a member of the group.
Expires The amount of time left before membership to the group expires.
Last Reporter The interface on which a membership report for the group was last received.

Configuring Multicast 12-69


Monitoring IP Multicast Routing

Displaying IGMP Snooping

To display IGMP snooping, use the show ip igmp snoop command in Privileged mode.

Command Description
 <vlan-id> VLAN ID (1 ~ 4094). Displaying IGMP snooping
show ip igmp snoop information for a specific VLAN interface.
[vlan id <vlan-id> |
 static Displays static multicast groups.
static | dynamic]
 dynamic Displays dynamic multicast groups.

The following example displays the IGMP snooping information on the Corecess S5 System.

# show ip igmp snoop


---- --------------- --------------- ---------- ------- -------
vlan mac group group ip ports type timeout
---- --------------- --------------- ---------- ------- -------
1 1:0:5e:64:64:65 239.100.100.101 17/1,17/2 static N/A
2 0:a0:cc:77:a1:8d 224.1.2.3 17/3-4 dynamic 240
---- --------------- --------------- ---------- ------- -------
Total number : 2
---- --------------- --------------- ---------- ------- -------
#

The following example displays the IGMP snooping of the default VLAN using the show ip
igmp snoop vlan command.

# show ip igmp snoop vlan id 1


---- --------------- --------------- ---------- ------- -------
vlan mac group group ip ports type timeout
---- --------------- --------------- ---------- ------- -------
1 1:0:5e:64:64:65 239.100.100.101 5/1,5/2 static N/A
---- --------------- --------------- ---------- ------- -------
Total number : 1
---- --------------- --------------- ---------- ------- -------
#

The following example displays the multicast groups that were learned via IGMP snooping:

# show ip igmp snoop vlan id 1


---- --------------- --------------- ---------- ------- -------
vlan mac group group ip ports type timeout

12-70 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

---- --------------- --------------- ---------- ------- -------


2 0:a0:cc:77:a1:8d 224.1.2.3 5/3-4 dynamic 240
---- --------------- --------------- ---------- ------- -------
Total number : 1
---- --------------- --------------- ---------- ------- -------
#

The following table describes the fields in the show ip igmp snooping command output:

Table 12-25 show ip igmp snooping field Descriptions

Filed Description

vlan VLAN ID of the multicast group.

mac group MAC Address of the multicast group.

group ip IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed.

ports Interface through which the group is reachable.

How the multicast group is registered.


type - static : Multicast groups that are directly connected to the system.
- dynamic : Multicast groups that were learned by IGMP snooping.

How long in seconds until the entry is removed from the IGMP groups table. In case of a
timeout left
static multicast group, 0 is displayed.

Displaying Multicast Router Interface

To display information on dynamically learned and manually configured multicast router


interfaces, use the show ip igmp snoop mrouter command in Privileged mode.

The following example shows how to display information on multicast router interfaces on the
Corecess S5 System:

# show ip igmp snoop mrouter


---------- ----- ---------------
port vlan router ip
---------- ----- ---------------
5/1 1 172.19.2.1
---------- ----- ---------------
Total Number : 1
---------- ----- ---------------
#

Configuring Multicast 12-71


Monitoring IP Multicast Routing

The following table describes the fields in the show ip igmp snoop mrouter command
output:

Table 12-26 show ip igmp snooping mrouter field Descriptions

Filed Description

port Slot number and port number of the multicast router port

vlan ID of the VLAN that the multicast router port belongs to.

router ip IP address of multicast router that the multicast port is connected to.

Total Number The number of multicast router ports that are registered to the system.

Displaying the List of Interfaces IGMP Fast-leave is Enabled

To display the list of the VLANs and ports which IGMP immediately leave feature is enabled on,
use the show ip igmp snoop fast-leave command in Privileged mode. If you enable
IGMP immediately leave feature, the system immediately removes a port when it detects an
IGMP version 2 leave messages on that VLAN or port.

The following is the sample output from show ip igmp snoop fast-leave command:

# show ip igmp snoop fast-leave


vlan : 1
port : 5/1
#

Displaying IGMP Group Membership Time

To display IGMP group membership time which defines how long a group will remain active
on an interface in the absence of a group report, use the show ip igmp snooping
membership timeout command in Privileged mode.

# show ip igmp snoop membership timeout


260
#

12-72 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

IP Multicast Routing Command

The following table lists the commands for configuring IP multicast on the Corecess S5 System
and displaying IP multicast configuration:

Table 12-27 IP multicast routing Commands

Command Description
Enables DVMRP (Distance Vector Multicast Routing Protocol) on a VLAN
ip dvmrp
interface.
ip dvmrp metric Configures the interface metric for DVMRP reports.
ip igmp access- Control the multicast groups that hosts on the subnet serviced by an
group interface can join.
ip igmp immediate- Minimizes the leave latency of IGMP memberships and only one receiver
leave host is connected to each interface
ip igmp last- Configures the count to which the router sends IGMP group-specific host
member-query-count query messages.
ip igmp last-
Configures the frequency at which the software sends IGMP group
member-query-
specific host query messages.
interval
ip igmp querier- Configures the timeout time before the router takes over as the querier for
timeout the interface.
ip igmp query- Configures the frequency at which the software sends IGMP host query
interval messages.
ip igmp query-max-
Configures the maximum response time advertised in IGMP queries.
response-time
ip igmp static-non- Configures an interface as IGMP non-querier which will not send IGMP
querier query messages and thus will not be able to manage the IGMP hosts.
ip igmp static- Configures an interface as IGMP querier which will send IGMP query
querier messages and thus will be able to manage the IGMP hosts.
ip igmp snoop Enables IGMP snooping feature on the router.
Enables IGMP immediately leave feature which is the router immediately
ip igmp snoop
removes a port when it detects an IGMP version 2 leave message on that
fast-leave
port.
ip igmp snoop Configure the maximum number of multicast groups that a port can
group-number-limit belong to.
ip igmp snoop Specifies IGMP group membership time which defines how long a group
membership timeout will remain active on an interface in the absence of a group report.
ip igmp snoop
Adds a port as a member of a multicast group.
mgroup
(Continued)

Configuring Multicast 12-73


Monitoring IP Multicast Routing

Command Description
ip pim rp-register-
Set keep alive timer value to monitor PIM register message.
kat
ip pim spt-threshold
Causes all sources for the specified group to use the shared-tree.
infinity
ip pim sparse-mode Enables PIM-SM on a VLAN interface.
ip pim state-refresh
Disables PIM-DM the state refresh feature.
disable
ip pim state-refresh
Configures the origination interval for the state refresh control message.
origination-interval
show ip dvmrp
Displays DVMRP global parameters.
configuration
show ip dvmrp
Displays DVMRP interface information.
interface
show ip dvmrp
Displays DVMRP-neighbor information on a per-interface basis.
neighbor
show ip dvmrp prune Displays the DVMRP upstream prune state.
show ip dvmrp route Displays the DVMRP routing table contents.
Displays IGMP host members for a particular multicast group or for all
show ip igmp group
multicast groups
show ip igmp
Displays IGMP related information about an interface.
interface
Displays the multicast groups with receivers that are directly connected
show ip igmp snoop
to the router, and that were learned through IGMP snooping.
show ip igmp snoop display the list of the VLANs and ports which IGMP immediately leave
fast-leave feature is enabled on
Displays IGMP group membership time which defines how long a
show ip igmp snoop
group will remain active on an interface in the absence of a group
membership
report.
show ip igmp snoop Displays information on dynamically learned and manually configured
mrouter multicast router interfaces
show ip pim
Display the PIM-SM bootstrap router (BSR) information
bsr-router
show ip pim
Displays basic configuration information for PIM
configuration
show ip pim interface Displays information about interfaces configured for PIM
show ip pim neighbor Displays information about PIM neighbor.
(Continued)

12-74 Corecess S5 System With GPON User's Guide


Monitoring IP Multicast Routing

Command Description

show ip pim rp
Displays all group-to-RP mappings of which the router is aware
mapping

show ip pim rp-hash Displays which RP is being selected for a specified group

ip igmp-proxy Set the IGMP-Proxy router mode to the interface.


ip igmp-proxy
Enable the IGMP-Proxy bootstrap function to the interface
bootstrap
ip igmp-proxy
Set the IGMP-Proxy host mode to the interface
forwarder
ip igmp-proxy
Enable the IGMP-Proxy unsolicited-report function to the interface
unsolicited-reoprt
ip igmp-proxy
forwarder A.B.C.D/M
Set the IGMP-Proxy multi-cast group forwarder
vlan id <id>
(primary|secondary)
ip igmp-proxy fwd-
Fix the IGMP-Proxy multi-cast group to the existing forwarder interface
vif-sticky
show ip igmp-proxy Display the IGMP-Proxy multi-cast group forwarder setting
forward information
show ip igmp-proxy
Display the IGMP-Proxy interface information
interface
show ip igmp-proxy
Display the IGMP-Proxy host join/report information
local-members
show ip igmp-proxy
Display the IGMP-Proxy multi-cast group routing information
mroute
show ip igmp-proxy
Display the IGMP-Proxy multi-cast group join/report information
reception-state

Configuring Multicast 12-75


Edition: 0006
Distribution: 12/2012

Chapter 13 Configuring Routing Protocol

This chapter describes how to configure the following routing protocols supported by the Corecess S5
System:
Configuring Static Route

Configuring Static Route


This section describes types of static route which supports the Corecess S5 System and how to
configure each static route.

Type of Static Route


The following types of static route can be configured in the Corecess S5 System.

 Standard Route
The standard route consists of a network address of a destination, a network mask and an IP
address of next hop gateway. The standard route transmits packets that destination is a
particular network or host to the specified next hop router.

 VLAN Interface Route


The VLAN interface route consists of a network address of a destination, a network mask and
a VLAN interface. The VLAN interface route transmits packets that destination is a particular
network or host to the specified VLAN interface.

 Loopback route
The loopback route consists of a network address of a destination, a network mask and an
index number of a loopback interface. The loopback route transmits packets that destination
is a particular network or host to the specified loopback interface. The loopback route is used
for testing of the loopback path.

 Null Route
The null route consists of a network address of a destination, a network mask and an index
number of the null interface. If the null route cannot use the standard route, the null route is
used as a backup route for discarding traffic.

 Default Route (default gateway)


The default gateway is used for the transmission of packets that are not matched with other
routing entries. If the default route is not in the routing table, the router cannot transmit
packets that are not matched with other routing table entries.

13-2 Corecess S5 System With GPON User's Guide


Configuring Static Route

Configuring the Standard Route


The standard route transmits packets that destination is a particular network or host to the
specified next hop router. To add the standard static route to the routing table of the Corecess
S5 System, use the following commands in Privileged mode.

Table 13-1 Configuring the Standard Route

Command Description

configure terminal 1. Enter Global configuration mode.

2. Add the standard static route.


ip route <address>/<M>  <address> Network address of the destination
<gateway> [<distance>]  <M> Subnet mask of the destination (CIDR)
 <gateway> IP address of the next hop router
 <distance> Administrative distance of the route (1-255)
end 3. Return to Privileged mode.
show ip route static 4. Verify the route configuration.

The following example shows how to add the static route. The destination address is 192.0.0.0/8,
and the IP address of the next hop router is 195.1.1.1:

(config)# ip route 192.0.0.0/8 195.1.1.1


(config)# end
# show ip route static
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

S> * default [1/0] via 172.19.1.254, management


S 192.0.0.0/8 [1/0] via 195.1.1.1

Route Source Num of Entries


connected 0
static 1
Total 1

Configuring Routing Protocol 13-3


Configuring Static Route

Configuring the VLAN Interface Route


The VLAN interface route transmits packets that destination is a particular network or host to
the specified VLAN interface. To add the VLAN interface route to the routing table of the
Corecess S5 System, use the following commands in Privileged mode.

Table 13-2 Configuring the VLAN Interface Route

Command Description
configure terminal 1. Enter Global configuration mode.

2. Add the VLAN interface route.


ip route <address>/<M>  <address> Network address of the destination
vlan {id <vlan-id> |  <M> Subnet mask of the destination (CIDR)
name <vlan-name>}  <vlan-id> VLAN ID (1~4094)
[<distance>]  <vlan-name> VLAN name
 <distance> Administrative distance of the route (1-255)
end 3. Return to Privileged mode.
show ip route static 4. Verify the route configuration.

Note: When you configure the VLAN interface route, the VLAN interface that is used as the
next hop should be enabled. If the VLAN interface is not enabled, the message of ‘%
Malformed gateway or interface not found.’ is displayed on the console
terminal. To enable the VLAN interface, use interface vlan id <vlan-id> command
in Global configuration mode.

The following example shows how to configure the static route that uses the VLAN as the next
hop:

(config)# ip route 192.129.2.0/24 vlan id 1


(config)# end
# show ip route static
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

S> * default [1/0] via 172.19.1.254, management


S 192.129.2.0/24 [1/0] is directly connected, vlan1

Route Source Num of Entries


connected 0
static 1
Total 1

13-4 Corecess S5 System With GPON User's Guide


Configuring Static Route

Configure the Loopback Route


The loopback route transmits packets that destination is a particular network or host to the
specified loopback interface. The packet, which is transmitted to the loopback interface, is not
transmitted to the destination. The packet is immediately returned to the source instead. To add
the loopback route to the routing table of the Corecess S5 System, use the following commands
in Privileged mode.

Table 13-3 Configure the Loopback Route

Command Description
configure terminal 1. Enter Global configuration mode.

2. Add the loopback route.


ip route <address>/<M>  <address> Network address of the destination
loopback-id <index>  <M> Subnet mask of the destination (CIDR)
[<distance>]  <index> Index number of the loopback interface (1~32)
 <distance> Administrative distance of the route (1-255)
end 3. Return to Privileged mode.
show ip route static 4. Verify the route configuration.

Note: When you configure the loopback route, the loopback interface should be enabled. If
the loopback interface is not enabled, the message of ‘% Malformed gateway or
interface not found.’ is displayed on the console terminal. To enable the loopback
interface, use interface loopback id <index> command in Global configuration
mode.

The following example shows how to configure the static route that transmits the packet to the
loopback interface.

(config)# ip route 192.45.6.1/32 loopback id 1


(config)# end
# show ip route static
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

S> * default [1/0] via 172.19.1.254, management


S 192.45.6.1/32 [1/0] is directly connected, loopback1

Route Source Num of Entries


connected 0
static 1
Total 1

Configuring Routing Protocol 13-5


Configuring Static Route

Configuring the Null Route


The null route discards packets when receiving packets that the destination is a particular
network or host. To add the null route to the routing table of the Corecess S5 System, use the
following commands in Privileged mode.

Table 13-4 Configuring the Null Route

Command Description
configure terminal 1. Enter Global configuration mode.

2. Add the null route.


ip route <address>/<M>  <address> Network address of the destination
null-id <index>  <M> Subnet mask of the destination (CIDR)
[<distance>]  <index> Index number of the null interface (1 ~ 32)
 <distance> Administrative distance of the route (1~255)
end 3. Return to Privileged mode.
show ip route static 4. Verify the route configuration.

Note: When you configure the null route, the null interface should be enabled. If the null
interface is not
enabled, the message of ‘% Malformed gateway or interface not found.’ is
displayed on the console terminal. To enable the null interface, use interface null id
<index> command in Global configuration mode.

The following example shows how to configure the static route that discards packets.

(config)# ip route 209.157.22.0/24 null id 1


(config)# end
# show ip route static
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

S> * default [1/0] via 172.19.1.254, management


S 209.157.22.0/24 [1/0] is directly connected, null1

Route Source Num of Entries


connected 0
static 1
Total 1

13-6 Corecess S5 System With GPON User's Guide


Configuring Static Route

Configuring the Default Gateway


The default gateway is used for the transmission of packets that are not matched with other
routing entries. To add the default gateway to the routing table of the Corecess S5 System, use
the following commands in Privileged mode.

Table 13-5 Configuring the Default Gateway

Command Description
configure terminal 1. Enter Global configuration mode.
2. Specify IP address of the default gateway.
ip route default
<gateway> [<distance>]  <gateway-address> IP address of the default gateway
 <distance> Administrative distance of the route (1-255)
end 3. Return to Privileged mode.
show ip route static 4. Verify the route configuration.

The following example shows how to add the default route:

(config)# ip route default 172.168.99.254


(config)# end
# show ip route static
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info

S> * default [1/0] via 172.19.1.254, management


via 172.168.99.254
S 192.0.0.0/8 [1/0] via 195.1.1.1

Route Source Num of Entries


connected 0
static 1
Total 1

Configuring Routing Protocol 13-7


Configuring BGP

Configuring BGP
BGP(Border Gateway Protocol) Overview

BGP Introduction

The BGP (Border Gateway Protocol) is an external gateway protocol to exchange routing
information among IP routers that are in the different AS (Autonomous System). The BGP is
defined in RFC 1105, and the current version is BGP4 which is defined in RFC 1771. The BGP is
generally used for ISP (Internet Service Provider). The BGP is used not only in huge commerce
networks but also in multi home networks.

An AS is a set of network under the same routing policy and management policy, and an
enterprise intranet that consists of several networks with the same policy is an example of AS.
Routers in the same AS can use internal gateway protocols, such as RIP or OSPF, to exchange
routing information. But if the routers exchange information with routers that are in the
different AS, the routers should use external gateway protocols such as BGP4.

The following picture shows the example of BGP-4 AS. Each AS has three BGP-4 routers. BGP-4
routers of the same AS exchange information using IBGP, and BGP-4 routers of the different AS
exchange information using EBGP. Each router also uses internal gateway protocols. Routers of
AS 1 are OSPF routers, and routers of AS 2 are RIP routers. You can configure the Corecess S5
System to redistribute routes among BGP4, RIP and OSPF, and also to redistribute static routes.

13-8 Corecess S5 System With GPON User's Guide


Configuring BGP

BGP Route Table and IP Route Table

The BGP4 route table of the Corecess S5 System can have several routes for the same destination,
and these routes are received from other BGP4 neighbors. The BGP4 neighbor is a router that is
executing BGP4 routing. The BGP neighbor uses TCP port 179 to transmit information. If the
Corecess S5 System is configured to the BGP router, the network administrator should define
BGP4 neighbors first.

Even the BGP4 routing table of routers can have several routes, but the BGP4 protocol evaluates
each route and chooses an optimal route to transmit the IP route table. If a problem occurs in
the route, the BGP4 protocol updates route information of the IP route table.

The BGP route includes the following information:

 Net Description number (Prefix): This value consists of the network mask bit and the IP
address and is displayed as the form of ‘address/mask’. For example, ‘192.215.129.0/18’
means that the network mask of eighteen bit is applied to the IP address of ‘192.215.129.0’.
When the BGP4 router transmits routes to neighbor routers, the routes are expressed with
the form.

 AS Path: The AS path of a list of AS that routes are passed. The BGP4 router can use the AS
path to detect or remove the routing loop. For example, if the route that is received from the
BGP4 router includes the AS number of the current router, the router detects the loop and
does not add the route to its BGP4 table.

 Path Attribute: The path attribute is the list of parameters that displays the attribute of route
(ORIGIN, AS-PATH, NEXT-HOP, MED, local- pref. and, aggregator, etc.).

When the Corecess S5 System connects a BGP session with neighbor routers (BGP peer)
successfully, the Corecess S5 System exchanges the BGP routing table to the neighbor. After this
initial exchange of information, the Corecess S5 System only exchanges the UPDATE message
to inform new routes, changed routes and unavailable routes.

The BGP router transmits the KEEPALIVE message periodically to maintain the BGP session
with neighbor routers.

Configuring Routing Protocol 13-9


Configuring BGP

BGP Path Selection Process

BGP selects only one path as the best path. When the path is selected, BGP puts the selected
path in its routing table and propagates the path to its neighbors. BGP uses the following
criteria, in the order presented, to select a path for a destination:

1. If the path specifies a next hop that is inaccessible, drop the update.

2. Prefer the path with the largest weight.

3. If the weights are the same, prefer the path with the largest local preference.

4. If the local preferences are the same, prefer the path that was originated by BGP running on
this router.

5. If no route was originated, prefer the route that has the shortest AS-path.

6. If all paths have the same AS-path length, prefer the path with the lowest origin type (where
IGP is lower than EGP, and EGP is lower than Incomplete).

7. If the origin codes are the same, prefer the path with the lowest MED attribute.

8. If the paths have the same MED, prefer the external path over the internal path.

9. If the paths are still the same, prefer the path through the closest IGP neighbor.

Generally, the important element is the length of AS_path because the elements about the BGP
path such as weight or the local preference are same.

13-10 Corecess S5 System With GPON User's Guide


Configuring BGP

Basic BGP Configuration

BGP Configuration Procedure

The BGP configuration procedure in the Corecess S5 System is as follows:


1. Enabling BGP
2. Setting Router ID
3. Configuring BGP neighbors
4. Configuring BGP peer group
5. Setting BGP neighbor Parameter
6. Setting BGP Parameter

Enabling BGP

To enable the BGP protocol on the Corecess S5 System, execute the following tasks :
1. Enabling BGP Protocol
2. Specifying Local AS Number
3. Specifying BGP Network

To enable the BGP protocol and specify the BGP network, use the following commands.

Table 13-6 Enabling BGP

Command Description
configure terminal 1. Enter Global configuration mode.
2. Enable BGP process on the system.
router bgp <as-num>
 <as-num>: AS (Autonomous System) number (1 ~ 65535)
3. Specifies the networks to be advertised by the BGP and multi protocol
BGP routing processes.
network <network-  <network-num>: Network that BGP or multi protocol BGP will
num>/<M> [multicast | advertise. This network should be connected directly or a route to
unicast multicast] the network specified must be present in the routing table.
 <M>: Network or sub-network mask

The following example enables BGP process for autonomous system 100 and sets up network
200.10.10.0 to be included in the BGP updates:

# configure terminal
(config)# bgp router 100
(config-router)# network 200.10.10.0/24

Configuring Routing Protocol 13-11


Configuring BGP

(config-router)#

To remove a routing process, use the no router bgp command in Global configuration mode.

Specifying Router ID (Optional)

The BGP and OSPF routing protocol should use a router ID to identify each router on the
network. Therefore, the router ID should be unique. By default, the Corecess S5 System uses the
IP address of the loopback interface that has the lowest index number for the router ID. If the
loopback interface is not defined in the Corecess S5 System, the lowest number of the interface
IP address that is defined in the Corecess S5 System is used for the router ID.

The Corecess S5 System uses the same router ID as the one of BGP and OSPF. Therefore, if
OSPF is already configured in the Corecess S5 System, the router ID of OSPF is used. If OSPF is
not configured in the system, the default router ID or the static router ID can be assigned.

To specify the router ID in the Corecess S5 System, use the following commands.

Table 13-7 Specifying Router ID

Command Description
configure terminal 1. Enter Global configuration mode.

2. Enable BGP process on the system.


router bgp <as-num>
 <as-num>: AS (Autonomous System) number (1 ~ 65535)
bgp router-id 3. Specify the router ID
<router-id>  <router-id> Static router ID

The following example shows how to specify the static router ID.

# configure terminal
(config)# router bgp 100
(config-router)# bgp router-id 1.1.1.1
(config-router)#

If you change the router ID of the BGP network that is already operating, the new ID is applied
after system rebooting or BGP process restarting. To restart BGP process manually, use the
clear ip bgp command.

13-12 Corecess S5 System With GPON User's Guide


Configuring BGP

Configure BGP Neighbors

Two BGP routers become neighbors once they establish a TCP connection between each other.
You should specify the IP address and AS number of the neighbor because the BGP protocol
does not search neighbors automatically to exchange routing information.

To specify a BGP neighbor, use the following command in BGP configuration mode:

Command Description
 <ip-address>: IP address of the neighbor.
neighbor <ip-address>
 <as-num>: AS (Autonomous System) number which the neighbor
remote-as <as-num>
belongs to (1 ~ 65535).

The following example adds BGP neighbors to exchange BGP routing information in each
router (RTA, RTB, RTC, and RTD):

AS100 AS300

IBGP

AS200

Configuring Routing Protocol 13-13


Configuring BGP

RTA
(config)# router bgp 100
(config-router)# neighbor 170.16.1.2 remote-as 200

RTB
(config)# router bgp 200
(config-router)# neighbor 170.16.1.1 remote-as 100
(config-router)# neighbor 120.10.1.2 remote-as 200

RTC
(config)# router bgp 200
(config-router)# neighbor 190.10.1.2 remote-as 300
(config-router)# neighbor 120.10.1.1 remote-as 200

RTD
(config)# router bgp 300
(config-router)# neighbor 190.10.1.1 remote-as 200

13-14 Corecess S5 System With GPON User's Guide


Configuring BGP

Configuring BGP Peer Group

There may be a lot of neighbors that should consist of the same update policy such as route map,
distribute list, filter list and update source. The neighbor can group together for the simple
configuration and efficiency, and the group is called ‘peer group.

With the BGP peer group, you can set the same parameters of BGP neighbors once. Also, you
can save flash memory because the fewer configuration commands are saved into the backup
configuration file.

All parameters of BGP neighbor can be set in the peer group. When a neighbor is added in the
peer group, the neighbor has the same parameter attribute that is set in the peer group. If a
parameter value is not set in the peer group, or each neighbor is not set a parameter, the
neighbor uses the default parameter value.

Reference of the BGP Peer Group Configuration


When you configure the BGP peer group, refer the following articles.

 You should configure the peer group before a neighbor is added in the peer group.

 When the parameter values that are applied to the peer group are removed, if the parameter values are
not set to each neighbor, the default values are set to the neighbor. In this case, the values that are set
to each router are applied to the router, and the default values are applied to other routers.

 When you add a neighbor to the peer group, you cannot configure the following parameters in the
neighbor.
- Default-information-originate
- Next-hop-self
- route map (Outbound)
- filter list (Outbound)
- distribute list (Outbound)
- prefix list (Outbound)
- Remote AS
- Route reflector client
- Send community, Timers
- Update source

 If you change the outbound parameter of each neighbor, remove neighbors from the peer group. In
this case, you cannot add the neighbors to the same peer group again and can add the neighbors to the
different peer group. Neighbors in the peer group should have the same value of outbound parameters.

Configuring Routing Protocol 13-15


Configuring BGP

If you change the outbound parameter values of all neighbors to the same values in the peer group,
change the parameters of the peer group. In this case, you do not need to remove neighbors and
change each parameter.

 If you set the outbound parameter for the peer group, the parameter is applied to all neighbors in peer
group automatically.

 When you add a neighbor to the peer group, the system software removes all outbound parameters of
the neighbor from the current configuration. Thus, if you save the current system configuration to the
backup configuration file, the backup configuration file does not include outbound parameters for
each neighbor in the peer group. The only outbound parameters that are included in the backup
configuration file are related to the peer group. But the current configuration file and the backup
configuration file can have not only each of outbound parameter but also the parameter of neighbors
in the peer group.

Defining BGP Peer group


The following example shows how to define the IBGP peer group named ‘internal’. Each
member of the peer group is in the same AS (AS 100).

(config)# router bgp 100


(config-router)# neighbor internal peer-group
(config-router)# neighbor 172.16.232.53 peer-group internal
(config-router)# neighbor 172.16.232.54 peer-group internal
(config-router)# neighbor 172.16.232.55 peer-group internal
(config-router)#

The following example shows how to define the EBGP peer group named ‘external’. Each
member of the peer group is in the different AS (AS 200, 300, 400).

(config)# router bgp 100


(config-router)# neighbor external-peers peer-group
(config-router)# neighbor 172.16.232.90 remote-as 200
(config-router)# neighbor 172.16.232.90 peer-group external-peers
(config-router)# neighbor 172.16.232.100 remote-as 300
(config-router)# neighbor 172.16.232.100 peer-group external-peers
(config-router)# neighbor 172.16.232.110 remote-as 400
(config-router)# neighbor 172.16.232.110 peer-group external-peers
(config-router)#

13-16 Corecess S5 System With GPON User's Guide


Configuring BGP

Setting BGP Neighbor Parameter

After the configuration of the BGP neighbor or the BGP peer group, you can set the following
BGP neighbor parameters.

Table 13-8 BGP neighbor Parameters

Parameter Description
capability route-
Set the router to request route refresh dynamically with BGP neighbor.
refresh
default-originate Allow to use the default route of the BGP neighbor.
Description Add a simple explanation for the BGP neighbor.
Filter routing information that is transmitted or received to the BGP neighbor
distribute-list
depending on the condition of the access list.
ebgp-multihop Connect the router to external node.
Filter routing information that is transmitted or received to the BGP neighbor
filter-list
using the AS-path access list.
Specify the maximum number of prefix that can be received from the BGP
maximum-prefix
neighbor.
Change the next hop of the route to its IP address when the route is transmitted
next-hop-self
to the specified BGP neighbor.
Set a TCP port that is used when connection between the BGP neighbor and the
port
BGP session.
Filter routing information that is transmitted or received to the BGP neighbor
prefix-list
using the Prefix list.
Filter route that is transmitted or received to the BGP neighbor using the route
route-map map or change the attribute of the route (weight, community, local preference,
metric, next hop, etc.)
route-reflector- Set a local router to the BGP route reflector of the specified neighbor. The route
client reflector transmits the route that is learned from other router to other routers.
Transmit the community attribute together when the route is transmitted to the
send-community
specified BGP router.
shutdown Remove all sessions and routing information for the BGP neighbor.
soft-reconfiguration Apply the changed configuration for the BGP neighbor.
timers Set the timer value for the BGP neighbor.
Allow to specify the BGP neighbor using the loopback interface instead of
update-source
physical interface from the other BGP router.
version Specify the BGP version for the communication to the BGP neighbor.
weight Specify the value of weight to the received route that is from the BGP neighbor.

The following section explains how to configure the BGP neighbor parameters.

Set the Dynamic Route Refresh


To set the router to request the route refresh dynamically with the specified BGP neighbor, use
the following command in BGP configuration mode.

Configuring Routing Protocol 13-17


Configuring BGP

Command Description
neighbor {<ip-address> |
 <ip-address> IP address of the BGP neighbor
<peer-group-name>}
capability route-refresh  <peer-group-name> Name of the BGP peer group

When the routing policy of a particular node is changed, the node requests the latest route
information to BGP neighbor. If you use this command, you can set the local router to renew the
route information dynamically with the specified BGP neighbor.

The BGP router, which supports the route refresh, requests the route refresh with the OPEN
message. The BGP router only transmits the route refresh information to the BGP neighbor that
requested the route information. If a BGP router does not support the route refresh, the request
is ignored, but a BGP router that supports the route refresh transmits its RIB (Routing
Information Base) to response the request.

The following example shows how to set the routers to request the route refresh.

(config)# router bgp 100


(config-router)# neighbor 168.31.1.9 capability route-refresh
(config-router)#

13-18 Corecess S5 System With GPON User's Guide


Configuring BGP

Setting Whether Transmits the Default Route


To allow the BGP neighbor to become the default route of the BGP neighbor, use the following
command in BGP configuration mode.

Command Description

neighbor {<ip-address> |  <ip-address> IP address of the BGP neighbor


<peer-group-name>} default-  <peer-group-name> Name of the BGP peer group
originate always [route-map  <route-map> Route map name to apply the default route
<map-name>] (0.0.0.0)

The following example shows how to set the BGP router to transmit the default route entry .

(config)# router bgp 100


(config-router)# network 160.10.10.0/24
(config-router)# neighbor 160.89.1.2 remote-as 200
(config-router)# neighbor 160.89.1.2 default-originate always
(config-router)#

Adding an Explanation for the BGP Neighbor


To add simple text information such as a name of the BGP neighbor, use the following
command.

Command Description
 <ip-address> IP address of the BGP neighbor
neighbor {<ip-address> |
 <peer-group-name> Name of the BGP peer group
<peer-group-name>}
 <string> Explanation for the BGP neighbor (Maximum 80
Description <string>
character)

The following example shows how to add an explanation to the BGP neighbor.

(config)# router bgp 100


(config-router)# network 160.89.0.0
(config-router)# neighbor 160.89.2.3 Description peer with abc.com
(config-router)#

Configuring Routing Protocol 13-19


Configuring BGP

Filtering the Route


The route filtering is a function to control the route information for the BGP neighbor. The
Corecess S5 System supports four BGP route filtering method as follows:

 Route Filtering using access list

 Route Filtering using route map

 Route Filtering using AS-path

 Route Filtering using IP prefix

You can not apply filtering lists of the access list and IP prefix to the same BGP neighbor.

Route Filtering using Access List


To filter the route information for the specified neighbor with the condition of the access list, use
the following command in BGP configuration mode.

Command Description
 <ip-address> IP address of the BGP neighbor
 <access-list-number> Number of an access list to apply (500 ~
neighbor <ip-address>
999)
distribute-list
 in Apply the access list when receiving the routing information
<access-list-number>
from the specified BGP neighbor.
{in | out}
 out Apply the access list when transmitting the routing
information from the specified BGP neighbor.

The following example shows how to set filtering with access list. When the BGP router in AS
100 receives routing information from the BGP neighbor that IP address is 163.130.0.1, the
information is filtered depending on the condition of the access list (500).

(config)# router bgp 100


(config-router)# neighbor 160.13.0.1 distribute-list 500 in
(config-router)#

The following example shows how to set filtering with access list. When the BGP router in AS
100 transmits routing information from the BGP neighbor that IP address is 163.130.0.1, the
information is filtered depending on the condition of the access list (500).

(config)# router bgp 100


(config-router)# neighbor 160.13.0.1 distribute-list 510 out
(config-router)#

13-20 Corecess S5 System With GPON User's Guide


Configuring BGP

Route Filtering using Route Map


To specify the route map that is applied to the route for the specified BGP neighbor, use the
following command in BGP configuration mode.

Command Description
 <ip-address> IP address of the BGP neighbor
 <peer-group-name> Name of the BGP peer group
neighbor {<ip-address> |
 <route-map-name> Name of the route map to apply
<peer-group-name}
 in Apply the route map to the receiving route from the BGP
route-map <rout-map-
neighbor.
name> {in | out}
 out Apply the route map to the transmitting route from the BGP
neighbor.

You can filter a particular route or the attribute of the route with the route map.

On the network configuration as above, RTA receives information for the local network of AS
200 and the network of AS 300 through RTB. If you want RTA to receive information only for
the local network of AS 200 and want to set the weight value of the received route to 20, use the
neighbor route-map command.

First, define the route map (map1) and the AS-path access list (path1) as follows:

(config)# route-map map1 permit 10


(config-route-map)# match as-path path1
(config-route-map)# set weight 20
(config-route-map)# exit
(config)# ip as-path access-list path1 permit ^200$

Configuring Routing Protocol 13-21


Configuring BGP

Then, apply the defined route map to RTA as follows.

(config)# router bgp 100


(config-router)# neighbor 170.10.1.2 route-map map1 in

Route Filtering using AS-path Access List


To filter route updates using as-path access list, use the following command in BGP
configuration mode:

Command Description

 <ip-address> IP address of the BGP neighbor


 <peer-group-name> Name of the BGP peer group
neighbor {<ip-address> |  <bgp-address-list> Number of the AS-path access list to
<peer-group-name} apply (500 ~ 999)
filter-list <bgp-access-  in Apply the AS-path access list to the receiving route from the
list> {in | out} BGP neighbor.
 out Apply the AS-path access list to the transmitting route from
the BGP neighbor.

The following example shows how to filter the route using the AS-path access list.

(config)# ip as-path access-list 500 deny _200_


(config)# ip as-path access-list 500 deny ^2000$
(config)# router bgp 100
(config-router)# neighbor 192.10.10.1 remote-as 50
(config-router)# neighbor 192.10.10.1 filter-list 1 out

Route Filtering using Prefix List


To specify a neighbor to apply a prefix list, use the following command in BGP configuration
mode:

Command Description

 <ip-address> IP address of the BGP neighbor


 <peer-group-name> Name of the BGP peer group
neighbor {<ip-address> |
 <prefix-list-name> Name of the prefix list to apply
<peer-group-name}
 in Apply the prefix list to the receiving route from the BGP
prefix-list <prefix-list-
neighbor.
name> {in | out}
 out Apply the prefix list to the transmitting route from the BGP
neighbor.

13-22 Corecess S5 System With GPON User's Guide


Configuring BGP

You can configure the maximum number of 1000 IP prefix list filters in the Corecess S5 System.
To configure the IP prefix list, use the ip prefix-list command in Global configuration
mode.

The following example applies the prefix list named prefix ii to incoming advertisements to
neighbor 120.10.1.1:

(config)# router bgp 100


(config-router)# neighbor 120.10.1.1 remote-as 100
(config-router)# neighbor 120.10.1.1 prefix-list ii in
(config-router)#

Specifying Multihop
If you specify an external node to the BGP neighbor for the EBGP connection, use neighbor
ebgp-multihop command in BGP configuration mode.

Command Description

neighbor {<ip-address> |  <ip-address> IP address of the BGP neighbor


<peer-group-name}  <peer-group-name> Name of the BGP peer group
ebgp-multihop [<ttl>]  <ttl> Number of hop BGP between nodes to connect (1 ~ 255).

When executing the neighbor ebgp-multihop command, you can specify the number of hop (1 ~
255) between the specified neighbor and external nodes that allow the EBGP connection. The
number of hop is called TTL. If you set TTL to 1, you can not specify the node that over two
routers is in the connection to the EBGP neighbor.

The following example shows that two interface set the TCP connection for the BGP routing.

RTA
(config)# router bgp 100
(config-router)# neighbor 180.225.1.1 remote-as 300
(config-router)# neighbor 180.225.1.1 ebgp-multihop
(config-router)#

Configuring Routing Protocol 13-23


Configuring BGP

RTB
(config)# router bgp 300
(config-router)# neighbor 172.16.1.2 remote-as 100
(config-router)#

Setting the Maximum Number of IP Prefix


To set the maximum number of IP prefix that is received from the specified BGP neighbor, use
the neighbor maximum-prefix command in BGP configuration mode.

Command Description
 <ip-address> IP address of the BGP neighbor
 <peer-group-name> Name of the BGP peer group
neighbor {<ip-address> |
 <maximum> Maximum number of the prefix (1 ~ 4294967295)
<peer-group-name}
 <threshold> Percentage value (0 ~ 100%). The default value is
maximum-prefix <maximum>
75%. If the number of prefix exceeds the maximum number that is
[<threshold>] [warning-
set in <maximum>, the warning log is stored.
only]
 warning-only the number of prefix exceed the value of
<maximum> and <threshold>, the warning log is stored.

The following example shows how to set the maximum number of prefix.

(config)# router bgp 100


(config-router)# network 131.108.0.0
(config-router)# neighbor 129.140.6.6 maximum-prefix 1000
(config-router)#

Changing The Next Hop to IP Address


To change the next hop of the route to its own IP address, use the neighbor next-hop-self
command in BGP configuration mode.

Command Description
neighbor {<ip-address> |
 <ip-address> IP address of the BGP neighbor
<peer-group-name}
next-hop-self  <peer-group-name> Name of the BGP peer group

13-24 Corecess S5 System With GPON User's Guide


Configuring BGP

For an example of the network as follows, network information of 60.1.1.0 is transmitted to RTB
and RTC through RTA. At this time, the next hop of 60.1.1.0 is specified to 50.1.1.1. After RTB
receives network information of 60.1.1.0 from RTA, RTB transmits network information to RTC
with next hop information.

When the network of 20.1.1.0 transmits a packet to the network of 60.1.1.0, RTC try to connect to
50.1.1.1, which is the next hop of 60.1.1.0. Since RTC cannot be connected to the network of
50.1.1.1, the packet is dropped. To prevent above situation, use the neighbor next-hop-
self command. If the neighbor 10.1.1.2 next-hop-self command is executed in RTB,
when network information of 60.1.1.0 is transmitted from RTB to RTC, RTB changes the next
hop to 10.1.1.1, which is its own IP address. Then, when the packet is transmitted from RTC to
the network of 60.1.1.0, RTC is connected to 10.1.1.1, and the packet can be transmitted to the
network of 60.1.1.0.

When the neighbor next-hop-self command is executed, if the BGP peer group is set as a
parameter, the command is applied to all members of the BGP peer group. However, the value
by IP address of the BGP neighbor is prior than the value by the BGP peer group.

The following example shows how to change the next hop to its own IP address.

(config)# router bgp 100


(config-router)# neighbor 192.10.10.1 next-hop-self
(config-router)#

Configuring Routing Protocol 13-25


Configuring BGP

Setting TCP Port


To set TCP port for the connection between the specified BGP neighbor and the BGP session,
use the neighbor port command in BGP configuration mode. By default the number of 179 port
is used.

Command Description

neighbor <ip-address>  <ip-address> IP address of the BGP neighbor


port <port-number>  <port-number> Number of TCP port (0 ~ 65535)

The following example shows how to set the TCP port.

(config)# router bgp 100


(config-router)# neighbor 192.10.10.1 port 1024
(config-router)#

Configuring Route Reflector


Solution for the explosion of IBGP peering within an autonomous system is Route Reflectors
(RR). A BGP speaker will not advertise a route learned via another IBGP speaker to a third IBGP
speaker. By relaxing this restriction a bit and by providing additional control, we can allow a
router to advertise (reflect) IBGP learned routes to other IBGP speakers. This will reduce the
number of IBGP peers within an AS.

In normal cases, all Interior Border Gateway Protocol (IBGP) speakers in an autonomous system
must be fully meshed. By utilizing the route reflector concept, not all IBGP speakers need be
fully meshed. In the route reflector model, an internal BGP peer is configured to be a route
reflector responsible for passing IBGP learned routes to IBGP neighbors. This scheme eliminates
the need for each router to talk to every other router.

To configure the local router as the route reflector and the specified neighbor as one of its clients,
use the following command in BGP configuration mode:

Command Description

 <ip-address> IP address of the BGP neighbor being identified


neighbor {<ip-address> |
as a client
<peer-group-name}
 <peer-group-name> name of the BGP peer group being
route-reflector-client
identified as a client

13-26 Corecess S5 System With GPON User's Guide


Configuring BGP

In the following example, the local router that belongs to autonomous system 100 is a route
reflector. It passes learned IBGP routes to the neighbor at 192.20.16.1:

(config)# router bgp 100


(config-router)# neighbor 192.20.16.1 route-reflector-client
(config-router)#

Specifying Community Attribute


To send the community attribute with the route to the BGP neighbor, use the neighbor send-
community command in BGP configuration mode.

Command Description
 <ip-address> IP address of the BGP neighbor
neighbor {<ip-address> |  <peer-group-name> Name of the BGP peer group
<peer-group-name}  both Transmit the extend community and standard community
send-community [both | of the BGP route
extended | standard]  extended Transmit the extend community of the BGP route
 standard Transmit the standard community of the BGP route.

The following example shows how to use the neighbor send-community command:

(config)# router bgp 100


(config-router)# neighbor 120.10.1.1 send-community both

Shut Down BGP Neighbor


You can shut down the specified BGP neighbor not to start the session connection between the
BGP neighbor and the Corecess S5 System. This feature is useful to set the parameters of the
neighbor when the BGP neighbor is not ready for the operation.

To shut down the neighbor, use the neighbor shut down command in BGP configuration mode.

Command Description

neighbor {<ip-address> |
 <ip-address> IP address of the BGP neighbor
<peer-group-name}
shutdown  <peer-group-name> Name of the BGP peer group

After the configuration of the BGP neighbor parameters, use the no neighbor shutdown
command to connect the session with the neighbor again.

Configuring Routing Protocol 13-27


Configuring BGP

The following example shows how to shut down the connected session or routing information.

(config)# router bgp 100


(config-router)# neighbor 192.10.1.1 shutdown

Configuring Soft Reconfiguration


BGP receives the BGP table from the BGP neighbor when the new policy or the filtering is
applied. When BGP receives the BGP table, the new policy is applied. Since BGP does not
update the table between BGP neighbors periodically, and transmits and receives the
KEEPALIVE message, BGP disconnects and reconnects the session to get the new BGP table.
But, if the session is disconnected and reconnected whenever applying new policy, packet loss
might occur. To solve this problem, the Corecess S5 System supports the soft reconfiguration
feature.

The soft reconfiguration stores all BGP tables from the BGP neighbor into the memory. When
applying new policy, the soft reconfiguration uses tables which are in the memory instead the
session reset or receiving tables from the BGP neighbor.

If the soft reconfiguration is set in the Corecess S5 System, and the BGP neighbor supports the
dynamic refresh, the Corecess S5 System transmits the refresh message to neighbors. But, if the
BGP neighbor does not support the dynamic refresh, the Corecess S5 System resets the session
of neighbors.
This is a process to confirm that the Corecess S5 System has complete tables, and this process
occurs once when you set the soft reconfiguration feature to operate.

To use the soft reconfiguration feature, use the neighbor soft-reconfiguration


command in BGP configuration mode.

Command Description

neighbor {<ip-address> |
<peer-group-name}  <ip-address> IP address of the BGP neighbor
soft-reconfiguration  <peer-group-name> Name of the BGP peer group
inbound

The following example shows how to set the soft reconfiguration feature to operate.

(config)# router bgp 100


(config-router)# neighbor 130.10.10.1 remote-as 200
(config-router)# neighbor 130.10.10.1 soft-reconfiguration inbound

13-28 Corecess S5 System With GPON User's Guide


Configuring BGP

To apply new policy, use the clear ip bgp command in Privileged mode. Then, the Corecess S5
System updates tables dynamically comparing to the stored table and route policy.

# clear ip bgp 130.10.10.1 soft in


#

Setting Timer
There are three timer of the BGP neighbor as follows:

Table 13-9 BGP neighbor Timer

Timer Description Default


Transmission time interval of the KEEPALIVE message that is transmitted to
60
keepalive confirm the operation status of the specified BGP neighbor (0 ~ 65535
seconds
seconds).
Time interval for receiving the next message after receiving KEEPALIVE
message from the BGP neighbor (0 ~ 65535 seconds). If the KEEPALIVE 180
hold
message is not received within the time interval, the Corecess S5 System seconds
disconnects the TCP session and removes the entire received route.

Waiting time that the Corecess S5 System tries to reconnect with the BGP 60
connect
neighbor after disconnection of BGP neighbor (0 ~ 65535 seconds) seconds

To set the timers of the BGP neighbor, use the following commands in BGP configuration mode.

Command Description
 <ip-address> IP address of the BGP neighbor
neighbor {<ip-address> |
 <peer-group-name> Name of the BGP peer group
<peer-group-name>}
 <keepalive-timer> Value of the keepalive timer (0 ~ 65535
timer <keepalive-timer>
seconds)
<hold-timer>
 <hold-timer> Value of the Hold timer (0 ~ 65535 seconds)
neighbor <ip-address>  <ip-address> IP address of the BGP neighbor
timers connect <connet-  <connet-timer> Value of the Connect timer (0 ~ 65535
timer> seconds)

The following example shows how to set timers of the BGP neighbor.
(config)# router bgp 100
(config-router)# neighbor 190.10.1.14 timers 50 150
(config-router)# neighbor 190.10.1.14 timers connect 100

Setting Update Source


To allow other BGP routers to specify the BGP neighbor using the loopback interface instead of
their physical interface, use the neighbor update-source command in BGP configuration
mode. This command is used only in IBGP (Internal BGP).

Configuring Routing Protocol 13-29


Configuring BGP

Command Description
neighbor {<ip-address>| <peer-
 <ip-address> IP address of the BGP neighbor
group-name}
 <peer-group-name> Name of the BGP peer group
update-source {loopback id
 <loopback-id> Loopback interface ID (1 ~ 32)
<loopback-id> | port
 <slot>/<port> Number of slot/port
gigabitethernet <slot>/<port>|
 <vlan-id> VLAN ID (1 ~ 4095)
vlan id <vlan-id>|
 <vlan-name> VLAN name
vlan name <vlan-name>}

The loopback interface is an interface that IP address is assigned, and is not related to a physical
port. Since the physical port is not assigned, the loopback interface cannot transmit and receive
a packet.

If the loopback is used when a neighbor is specified using the neighbor remote-as
command, the neighbor should allow to use its loopback interface using the neighbor
update-source command.

The following example shows how to set a neighbor using the loopback interface.

RTA
(config)# router bgp 100
(config-router)# neighbor 192.10.1.1 remote-as 100

RTB
(config)# router bgp 100
(config-router)# neighbor 172.16.1.2 remote-as 100
(config-router)# neighbor 172.16.1.2 update-source vlan id 1

13-30 Corecess S5 System With GPON User's Guide


Configuring BGP

Setting the Weight


To set the weight value to the route that is received from the specified BGP neighbor, use the
neighbor weight command in BGP configuration mode.

Command Description

neighbor {<ip-address> |  <ip-address> IP address of the BGP neighbor


<peer-group-name>}  <peer-group-name> Name of the BGP peer group
weight <weight>  <weight> Weight value (0 ~ 65535).

The weight is an attribute that is set to the route that is registered in a local router, and is not
transferred to other routers. If the router learns several routes for the same destination, the
route that has higher weight value is chosen.

The default weight that is learnt from other BGP neighbors is ‘0’, and the default weight that is
learnt from local routers is ‘32768’.
The following example shows how to configure routes to set weight.

(config)# router bgp 100


(config-router)# neighbor 210.10.1.0 weight 50

Setting BGP Version


To set the BGP version that is used to communicate with the BGP neighbors, use the neighbor
version command in BGP configuration mode.

Command Description
 <ip-address> IP address of the BGP neighbor
 <peer-group-name> Name of the BGP peer group
neighbor {<ip-address> |
 <version> BGP version (4, 4-)
<peer-group-name>}
- 4 : BGP version 4
version <version>
- 4- : Multi protocol extension version of BGP version 4
(previous version)

The following example shows how to set the BGP protocol to BGP version 4.

(config)# router bgp 200


(config-router)# neighbor 210.126.9.8 version 4
(config-router)#

Configuring Routing Protocol 13-31


Configuring BGP

Configuring Parameters of BGP Path Selection


BGP considers values of parameters such as MED (Multi Exit Discriminator), the length of AS-
path or router ID, and chooses the best path. Users can set how to use values of parameters
when the selection of path.

Setting to Always Compare MED Value


The MED is one of parameters that are used when a router selects a path. The router basically
chooses a path that has lower MED value comparing to MED values of paths in the same AS.

To allow the comparison of the MED for paths from neighbors in different AS, use the bgp
always-compare-med command in BGP configuration mode.

The following example shows how to set the BGP router to compare paths from the different AS
when selecting the path.

(config)# router bgp 100


(config-router)# bgp always-compare-med
(config-router)#

Setting the Infinity Value to Missing MED


You can set the infinity value to the missing MED so that the path cannot be chosen.

The following example shows that the BGP router regards missing MED as assigning the
infinity value so that the BGP router does not choose the path.

(config)# router bgp 100


(config-router)# bgp bestpath med missing-as-worst
(config-router)#

Setting to Ignore the Length of AS-path


To prevent the router from considering the as-path length when selecting a route, use bgp
bestpath as-path ignore command in BGP configuration mode.

By default, the Corecess S5 System considers the as-path length when selecting a route.
The following example shows how to configure the route to ignore as-path length in selecting a
route.

(config)#router bgp 100


(config-router)# bgp bestpath as-path ignore
(config-router)#

13-32 Corecess S5 System With GPON User's Guide


Configuring BGP

Setting to Compare to Router ID


To compare similar routes received from external BGP routers and switch the best path to the
route with the lowest router ID, use the bgp best compare-routerid command in BGP
configuration mode.

The following example shows how to compare similar routes and chose the best path that has
the lowest ID.

(config)# router bgp 100


(config-router)# bgp bestpath compare-routerid

Configuring BGP Parameters


The following BGP parameters can be configured.

Table 13-10 BGP Parameters

Parameter Description
Distance is used to compare routes of different protocols for the same
Distance destination. It can be changed that the proper route is chosen depending on
the network.
When routes are redistributed to other routing protocols, you can set route
redistribution metric
metric values to be changed.
bgp client-to-client
Set BGP neighbors not to be operated as route reflectors.
reflection
Cluster-id Configure the cluster ID if the BGP cluster has more than one route reflector.
default ipv4-unicast Enable the IP version 4 unicast address family on all neighbors
Default local-
Change default local preference value when selecting exit point.
preference
Configure a router to deny an update received from an external BGP router
Enforce-first-as that does not list its AS number at the beginning of the AS_SEQUENCE in the
incoming update
Scan time Configure scanning interval of BGP routers for next hop validation

The following section describes how to configure BGP parameters.

Configuring Routing Protocol 13-33


Configuring BGP

Setting Distance
Distance is a value to compare routes of different routing protocols for the same destination.
The lower value is preferred . To change the distance value for topology or retribution, use the
distance command in BGP configuration mode.

Command Description
 <distance> Distance of the BGP route to specify newly (1 ~ 255)
distance <distance>
 <ip-address>/<M> IP address/subnet mask of the network that the
<ip-address>/<M>
BGP router is included.
[<access-list-num>]
 <access-list-num> Number of access list to apply (500 ~ 999)

The following example shows how to set the distance value.

(config)# router bgp 100


(config-router)# distance 100 192.10.10.0/24
(config-router)#

Setting Redistribution Metric


To apply different metric values to external routes that are redistributed to BGP depending on
routing protocol or route map, use the redistribute command in BGP configuration mode.

Command Description
redistribute <protocol>  <protocol> Type of route to redistribute
[metric <metric>]  <metric> metric value of route entry (1 ~ 16)
[route-map <route-map-name>]  <route-map-name> Name of route map to be applied

The following example shows how to change metric of RIP route that is satisfied to the
condition of route map (rip-map) to 200.

(config)# router bgp 100


(config-router)# redistribute rip metric 200 route-map rip-map
(config-router)#

Setting Router Reflector


Clients of a router reflector do not need direct connections since clients can receive route
information by the route reflector. However, if clients is connected each other, clients do not
need the connection with the route reflector. In this case, use the no bgp client-to-client
reflection command not to operate the route reflector.

13-34 Corecess S5 System With GPON User's Guide


Configuring BGP

The following example shows how to set the route reflector not to operate.

(config)# router bgp 100


(config-router)# neighbor 20.20.20.1 route-reflector-client
(config-router)# neighbor 20.20.20.2 route-reflector-client
(config-router)# no bgp client-to-client reflection
(config-router)#

Setting Cluster ID
To configure the cluster ID if the BGP cluster has more than one route reflector, use the bgp
cluster-id command.

The following example shows how to configure the cluster ID.

(config)# router bgp 5


(config-router)# neighbor 198.92.70.24 route-reflector-client
(config-router)# bgp cluster-id 50000
(config-router)#

Enabling IPv4 Unicast Address Family


To enable the IP version 4 unicast address family on all neighbors, use the bgp default
ipv4-unicast command in BGP configuration mode.

The following example shows how to enable IP version 4 unicast address family on all neighbor.

(config-router)# bgp default ipv4-unicast


(config-router)#

Setting Default Local Preference


The local preference is an attribute to select an exit point when there are several exit points that
are from other AS in the same AS. The local preference, which is different from weight, is
exchanged among routers in the local AS.

To change the default local preference value, use the bgp default local-preference
command in BGP configuration mode.

Command Description
bgp default local-  <value> Value of default local preference (0 ~ 4294967295). The higher
preference <value> value is more preferred.

Configuring Routing Protocol 13-35


Configuring BGP

The following example shows how to change the local preference.

(config)# router bgp 100


(config-router)# bgp default local-preference 200
(config-router)#

Setting enforce-first-as
To configure a router to deny an update received from an external BGP router that does not list
its AS number at the beginning of the AS_SEQUENCE in the incoming update, use the bgp
enforce-first-as command in BGP configuration mode.

The following example shows how to configure a router to receive update message.

(config-router)# bgp enforce-first-as


(config-router)#

Setting Scan time


To configure scanning interval of BGP routers for next hop validation, use the bgp scan-time
command in BGP configuration mode.

Command Description
bgp scan-time
 <interval> Time interval (5 ~ 60 seconds)
<interval>

By default, the default scanning interval is 60 seconds in the Corecess S5 System. The following
example shows how to set the scanning interval.

(config)# router bgp 100


(config-router)# bgp scan-time 20
(config-router)#

Configuring BGP Equal Cost Multipath Routing


BGP ECMP Routing supports multiple equal-cost paths between routers, and distributes the
traffics among the possible paths. Maximum 4 links can working with one ECMP link and the
traffic can be shared on a basis of IP address destination session.

Corecess S5 system uses bgp equal-cost-multipath command in BGP configuration mode to


distribute the load with Equal Cost Multipath Routing

13-36 Corecess S5 System With GPON User's Guide


Configuring BGP

The following example show how BGP routers execute load balancing by the Equal Cost
Multipath Routing Protocol

(config)# router bgp 100


(config-router)# bgp equal-cost-multipath
(config-router)#

Configuring Routing Protocol 13-37


Configuring BGP

Displaying BGP Configuration Information


This section describes how to display various BGP configuration information.

Displaying BGP Rout Entry

To display the route entry of the BGP routing table, use the show ip bgp command in
Privileged mode.

# show ip bg

BGP table version is 0, local router ID is 172.18.30.124


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next HopMetricLocPrfWeightPath
* 2.2.2.0/242.2.2.10100i
*> 0.0.0.032768i
* i3.3.3.0/243.3.3.21000i
*> 0.0.0.032768i
*> 10.10.10.0/240.0.0.032768?
* 2.2.2.10100i
*> 130.10.0.02.2.2.10100i
*> 140.10.0.00.0.0.032768i
*> i150.10.0.03.3.3.21000i
*>=i80.0.4.0/24 35.35.35.2 0 10 0 1000 i
*>=i 25.25.25.2 0 10 0 1000 i
Total number of prefixes 11

When executing the show ip bgp command, the following entry information of the BGP route:

Table 13-11 show ip bgp field Description

Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes
 * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
Origin of the entry. The origin code is placed at the end of each line in the table. It
Origin codes can be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was

13-38 Corecess S5 System With GPON User's Guide


Configuring BGP

registered with a network command in BGP configuration mode.


 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
 = – ECMP(Equal Cost Multi Path)
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

Display Attribute of BGP Route

To display information of the BGP route attribute, use the show ip bgp attribute-info
command in Privileged mode.

# show ip bgp attribute-info


attr[2] nexthop 0.0.0.0
attr[2] nexthop 172.28.3.92
attr[1] nexthop 172.28.3.176

When executing the show ip bgp attribute-info command, the following information of
the BGP route attribute is displayed.

Configuring Routing Protocol 13-39


Configuring BGP

Table 13-12 show ip bgp attribute-info Field Description

Field Description
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was registered
with a network command in BGP configuration mode.
Origin codes
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP from
an IGP.
 = – ECMP(Equal Cost Multi Path)
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the bgp
LocPrf
default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each AS
Path
in the path.

Display CIDR Route

To display CIDR (Classless Interdomain Routing) routes, use the show ip bgp cidr-only
command in Privileged mode.

# show ip bgp cidr-only

BGP table version is 0, local router ID is 172.18.30.124


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next HopMetricLocPrfWeightPath
* 2.2.2.0/242.2.2.10100i
*> 0.0.0.032768i
* i3.3.3.0/243.3.3.21000i
*> 0.0.0.032768i
*> 10.10.10.0/240.0.0.032768?
* 2.2.2.10100i
*>=i80.0.4.0/24 35.35.35.2 0 10 0 1000 i
*>=i 25.25.25.2 0 10 0 1000 i
Total number of prefixes 7
When executing the show ip bgp cidr-only command, the following information of the
CIDR route is displayed.

Table 13-13 show ip bgp cidr-only Field Description

13-40 Corecess S5 System With GPON User's Guide


Configuring BGP

Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP from
an IGP.
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

Configuring Routing Protocol 13-41


Configuring BGP

Display BGP Community Information

To display information of all BGP community, use the show ip bgp community-info
command.

# show ip bgp community-info


Address Refcnt Community
[0x101ad150](1)no-export

When executing the show ip bgp community-info command, the following information of the
BGP community is displayed.

Table 13-14 show ip bgp community-info Field Description

Field Description

Version number of the BGP routing table. This number is incremented


BGP table version
whenever the table changes. The default value is 0.

local router ID IP address of the router


Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)

Display Routes that belong to BGP Communities

To display routes that belong to specified BGP communities, use the show ip bgp
community local-AS command in Privileged mode.

# show ip bgp community local-AS


BGP table version is 0, local router ID is 172.18.30.124
Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path


*> 10.10.10.0/24 2.2.2.1 0 100 i

13-42 Corecess S5 System With GPON User's Guide


Configuring BGP

*> 20.20.20.0/24 2.2.2.1 0 100 i

Total number of prefixes 2


#

When executing the show ip bgp community local-AS command, the following
information of BGP routes that belong to specified communities is displayed:

Table 13-15 show ip bgp community Field Description

Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

Configuring Routing Protocol 13-43


Configuring BGP

Display Routes that are permitted by BGP Community List

To display routes that are permitted by the BGP community list, use the show ip bgp
community-list command in Privileged mode.

The following example shows how to display information of the route that is in the community
list of 20.

# show ip bgp community-list 2


BGP table version is 0, local router ID is 172.18.30.124
Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next HopMetricLocPrfWeightPath


*> 10.10.10.0/242.2.2.10100i
*> 20.20.20.0/242.2.2.10100i

Total number of prefixes 2


#

When executing the show ip bgp community-list command, the following information is
displayed:

Table 13-16 show ip bgp community-list Field Descriptions

Field Description
Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.

13-44 Corecess S5 System With GPON User's Guide


Configuring BGP

Network IP address of destination.


IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

Display Routes that are matched with condition of access list

To display routes that are matched with condition of access list, use the show ip bgp
filter-list command in Privileged mode.

The following example shows how to display routes that is filtered with condition of as-path
access list named 2 in the BGP routing table.

# show ip bgp filter-list 2

BGP table version is 1738, local router ID is 198.92.72.24


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

# show ip bgp filter-list 1


BGP table version is 0, local router ID is 172.18.30.124
Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next HopMetricLocPrfWeightPath


*> 2.2.2.0/240.0.0.032768i
*> 3.3.3.0/240.0.0.032768i
*> 140.10.0.00.0.0.032768i

Total number of prefixes 3

When executing the show ip bgp filter-list command, the following information is
displayed:

Table 13-17 show ip bgp filter-list Field Descriptions

Configuring Routing Protocol 13-45


Configuring BGP

Field Description
BGP table Version number of the BGP routing table. This number is incremented whenever
version the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP from
an IGP.
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

13-46 Corecess S5 System With GPON User's Guide


Configuring BGP

Display Routes of BGP neighbor

To display route information that is transmitted and received from the BGP neighbor, use the
show ip bgp neighbors command in Privileged mode.

The following example shows how to display routes that is transmitted to the neighbor of
172.16.232.178 using the show ip bgp neighbors advertised-routes command.

# show ip bgp neighbors 3.3.3.2 advertised-routes


BGP table version is 0, local router ID is 172.18.30.124
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path


*> 2.2.2.0/24 3.3.3.1 32768 i
*> 3.3.3.0/24 3.3.3.1 32768 i
*> 10.10.10.0/24 3.3.3.1 0 100 i
*> 20.20.20.0/24 3.3.3.1 0 100 i
*> 140.10.0.0 3.3.3.1 32768 i

Total number of prefixes 5


#

When executing the show ip bgp neighbors command, the following route information is
displayed.

Table 13-18 show ip bgp neighbors Field Description

Field Description
BGP table Version number of the BGP routing table. This number is incremented whenever
version the table changes. The default value is 0.
local router ID IP address of the router
Status of the table entry. The status is displayed at the beginning of each line in the
table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)
Origin of the entry. The origin code is placed at the end of each line in the table. It can
be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP from

Configuring Routing Protocol 13-47


Configuring BGP

an IGP.
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route to
this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

13-48 Corecess S5 System With GPON User's Guide


Configuring BGP

Displaying BGP Path

To display information of all BGP paths that stored in the database, use the show ip bgp paths
command in Privileged mode.

# show ip bgp paths

Address Refcnt Path


[0x101ab9e0:0] (6)
[0x101abba0:203] (3) 200
[0x101b7050:249] (2) 200 300

When executing the show ip bgp paths command, the following information is displayed.

Table 13-19 show ip bgp neighbors path Filed Descriptions

Field Description
Address Internal address where the path is stored.
Refcnt Number of routes using that path.
Path AS number path for this route, followed by the origin code for that route.

Retrieving Routes using Regular Expression

You can retrieve BGP routes, which a particular string is included in AS paths, using BGP
regular expression as follows:
. : Matches any single character.
* : Matches zero or more sequences of the character preceding the asterisk.
+ : Matches one or more sequence of the character preceding the plus sign.
? : Matches zero or one occurrence of the pattern.
^ : Matches the character null string at the beginning of an input string.
$ : Matches the character or null string at the end of an input string.
| : Matches one of the characters or character patterns on either side of the vertical bar.
 space : Matches two of the characters or character patterns on both side of the space.

Configuring Routing Protocol 13-49


Configuring BGP

To display routes matching the AS path regular expression, use the show ip bgp regexp
command in Privileged mode.

# show ip bgp regexp 300$


BGP table version is 0, local router ID is 172.18.30.43
Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next HopMetricLocPrfWeightPath


*> 30.30.30.0/242.2.2.20200 300i
*> 150.10.0.02.2.2.20200 300i

Total number of prefixes 2


When executing the show ip bgp regexp command, the following information is displayed.

Table 13-20 show ip bgp regexp Field Descriptions

Field Description

Version number of the BGP routing table. This number is incremented whenever
BGP table version
the table changes. The default value is 0.

local router ID IP address of the router


Status of the table entry. The status is displayed at the beginning of each line in
the table. It can be one of the following value:
 s – The table entry is suppressed.
Status codes  * - The table entry is valid.
 > - The table entry is the chosen path (the shortest distance)
 i – The table entry was learned via an IBGP session.
 = – ECMP(Equal Cost Multi Path)

13-50 Corecess S5 System With GPON User's Guide


Configuring BGP

Field Description
Origin of the entry. The origin code is placed at the end of each line in the table. It
can be one of the following values:
 i – Path originated from an IGP(Interior Gateway Protocol) and was
Origin codes registered with a network command in BGP configuration mode.
 e – Path originated from an EBGP neighbor
 ? – Origin of the path is not clear. Usually, this is redistributed into BGP
from an IGP.
Network IP address of destination.
IP address of the next system that is used when forwarding a packet to the
Next Hop destination. An entry of 0.0.0.0 indicates that the router has some non-BGP route
to this network.
Metric Metric value used in internal of AS.
Local preference value of the route (default: 100). This value is specified with the
LocPrf
bgp default local-preference command in BGP configuration mode.
Weight Weight value of the route
AS paths to the destination network. There can be one entry in this field for each
Path
AS in the path.

Displaying Scan Time

To display information of scan time, use the show ip bgp scan command in Privileged mode.
The scan time is time interval that BGP routers check valid next hop.

# show ip bgp scan

BGP Instance: (Default) AS 100, router-id 40.40.40.40


BGP scan interval is 60
Current BGP nexthop cache:
25.25.25.2 valid [IGP metric 0]
35.35.35.2 valid [IGP metric 0]

When executing the show ip bgp scan command, the following information is displayed.

Table 13-21 show ip bgp scan Field Description

Field Description
BGP Instance Status of Current BGP setting
BGP scan interval Time interval that the BGP router check valid next hop
Current BGP nexthop cache Cache for list that is registered as next hop
BGP connected route Network information that local interface of the BGP router is included.

Configuring Routing Protocol 13-51


Configuring BGP

Displaying BGP Connection Status

To display the status of all BGP connections, use the show ip bgp summary command in
Privileged mode.

# show ip bgp summary


BGP router identifier 151.100.1.1, local AS number 100
10 BGP AS-PATH entries
7 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd


193.100.1.1 4 100 26 22 199 0 0 00:14:23 Active
194.100.1.1 4 100 21 51 199 0 0 00:13:40 Active

Total number of neighbors 2


#

When executing the show ip bgp summary command, the following information is
displayed.

Table 13-22 show ip bgp summary Field Descriptions

Field Description

BGP router
BGP router ID. The router identifier is specified by the bgp router-id command.
identifier

Neighbor IP address of the neighbor

V BGP version

AS AS Number

MsgRcvd BGP message received from the neighbor

MsgSent BGP message sent from the neighbor

TblVer Last version of the BGP database that was sent to the neighbor

InQ Number of messages queued to be processed from the neighbor

OutQ Number of messages queued to be sent to the neighbor

The length of time that the BGP session has been in the Established state, or the
Up/Down
current status if not in the Established state.
Current state of the BGP session, and number of prefixes that have been received
from a neighbor or peer group. When the maximum number is reached, the string
State/PfxRcd
‘PrxRcd’ appears in the entry, the neighbor is shut down, and the connection is set to
Idle.

13-52 Corecess S5 System With GPON User's Guide


Configuring BGP

BGP Commands
The BGP commands in the Corecess S5 System are as follows:

Table 13-23 BGP Commands

Command Description
address-family Enter Address-family configuration mode to configure BGP routing session
ipv4 that used standard IPv4 multicast address prefix.
aggregate-address Specify aggregate route entry in BGP.
bgp always- Allow the comparison of the MED (Multi Exit Discriminator) for paths from
compare-med neighbors in different AS.
bgp bestpath
Ignore the AS path length when calculating preferred paths.
as-path ignore
bgp bestpath Compare identical routes received from external BGP peers during the best
compare-routerid path selection process and select the route with the lowest router ID.
bgp bestpath med
Enable MED comparison among paths learned from confederation peers.
confed
bgp bestpath med
Set the infinity value to the missing MED so that the path cannot be chosen
missing-as-worst
bgp client-to-
Enable reflection of routes between route-reflection via a BGP route reflector.
client reflection
bgp cluster-id Configure the cluster ID if the BGP cluster has more than one route reflector.
bgp default
Enable the IP version 4 unicast address family on all neighbors
ipv4-unicast
bgp default local-
Change the default local preference value.
preference
bgp deterministic- Allow the comparison of the MED variable when choosing routes advertised
med by different peers in the same AS.
bgp equal-cost- Configuration for the purpose of load balancing for the traffic with Equal Cost
multipath Multipath BGP Routing
Configure a router to deny an update received from an external BGP router
bgp that does not list its AS number at the beginning of the AS_SEQUENCE in the
enforce-first-as incoming update, use the bgp enforce-first-as command in BGP configuration
mode.
bgp router-id Apply a fixed router ID to the BGP router.
bgp scan-time Configure scanning interval of BGP routers for next hop validation
bgp soft-restart-
Apply the changed BGP configuration to the system directly.
auto
Specify administrative distance of external route, internal routes and
distance bgp
local routes.
neighbor Enable Allow exchanging routing information to the specified BGP neighbor.
neighbor
capability Allow requesting route refresh dynamically with the specified BGP neighbor.
route-refresh
neighbor Allow a BGP speaker to send the default route 0.0.0.0 to a neighbor for use as a
default-originate default route.
neighbor
Add a simple explanation of a BGP neighbor.
Description
neighbor Filter the route information for the specified neighbor with the condition of the
distribute-list access list

Configuring Routing Protocol 13-53


Configuring BGP

neighbor Accept and attempt BGP connections to external peers residing on networks
ebgp-multihop that are not directly connected.
neighbor
Define BGP filter using access list.
filter-list
neighbor maximum- Specify the maximum number of prefix that a local router can be received from
prefix BGP neighbors.
neighbor Configure the router as the next hop for a BGP-speaking neighbor or peer
next-hop-self group.
neighbor
Configure BGP peer group.
peer-group
Set TCP port for the connection between the specified BGP neighbor and the
neighbor port
BGP session.
neighbor Apply routes that are received and sent from the specified BGP neighbor to the
prefix-list specified prefix list.
neighbor remote-as Define BGP neighbors.
Apply a route map to incoming or outgoing routes for filtering or changing
neighbor route-map
attributes.
neighbor route-
Configure the router as a BGP route reflector.
reflector-client
neighbor send-
Send the community attribute with the route to the BGP neighbor.
community
Remove all operating sessions and routing information for the specified BGP
neighbor shutdown
neighbor.
neighbor soft-
Apply the changed configuration to the system for the specified BGP neighbor.
reconfiguration
neighbor timers Set timer values for the specified BGP neighbor.
neighbor timers
Set the connect timer value for the specified BGP neighbor.
connect
neighbor Allow other BGP routers to specify the BGP neighbor using the loopback
update-source interface instead of their physical interface.
neighbor version Specify the BGP version for the communication of BGP neighbors.
Set the weight value to the route that is received from the specified BGP
neighbor weight
neighbor.
network Specify the networks to be advertised by the BGP.
network backdoor Set high route priority of the specified network.
redistribute Redistribute received routes of different routing protocols.
show ip bgp Display route entries of the BGP routing table.
show ip bgp
Display information of BGP route attributes.
attribute-info
show ip bgp
Display the CIDR(Classless Interdomain Routing) route.
cidr-only
show ip bgp
Display information of routes that is included in the specified BGP community.
community
show ip bgp
Display information of all BGP communities.
community-info
show ip bgp
Display routes that are permitted by the BGP community list.
community-list
show ip bgp
Display routes that are matched with condition of access list.
filter-list
show ip bgp Display route information that is transmitted and received from the BGP
neighbors neighbor

13-54 Corecess S5 System With GPON User's Guide


Configuring BGP

show ip bgp paths Display information of all BGP paths that stored in the database.
show ip bgp regexp Display routes matching the AS path regular expression.
show ip bgp scan Display information of scan time.
show ip bgp
Display the status of all BGP connections
summary

Configuring Routing Protocol 13-55


Configuring OSPF

Configuring OSPF
OSPF (Open Shortest Path First) Overview

Introduction

OSPF (Open Shortest Path First) protocol is an internal gateway protocol that sends and
receives routing information in AS (Autonomous System). The Corecess S5 System supports
OSPF version 2.0 defined in RFC 2328.

OSPF protocol provides equal cost multipath routing that can transmit packets simultaneously
to a particular destination through more than one interface. Thus, OFPF is appropriate for
complicated networks.

OSPF protocol uses SPF (Shortest Path First) algorithm to select the shortest path. SPF algorithm
calculates status of network interface and path cost that is used in the interface and connected
network, and selects a path that has the lowest cost. SPF algorithm only delivers routing
information when the network is changed. Thus, unnecessary traffic is not delivered. Also, SPF
algorithm can control the complicated and sophisticated network.

OSPF protocol can divide a network to several regions and can communicate link status
information in limited regions. The limited region is called ‘area’. OSPF can limit appropriate
number of routers in the area to maintain the link status database.
OSPF protocol supports VLSM (Variable Length Subnet Mask). Thus, OSPF protocol can assign
and use IP address efficiently. OSPF protocol can save the router memory and bandwidth and
can improve performance because of communicating summarized information.

OSPF Routing Topology

OSPF protocol has a topology to apply routing algorithm different from RIP protocol. The
largest topology is an AS (Autonomous System), and an AS is a group of networks that shares
the common routing policy and managed by one structure. An AS is divided to several areas,
and an area is a group of sequential networks and connected hosts. The network that connects
areas in an AS is called ‘backbone’.

The following picture shows the typical network structure of OSPF topology.

13-56 Corecess S5 System With GPON User's Guide


Configuring OSPF

Configuring Routing Protocol 13-57


Configuring OSPF

The type of the router is classified by OSOF topology as follows:

 IR (Internal Router)
Routers connected directly to a network in a particular area (RTC, RTE)

 ABR (Area Border Router)


Routers connected to an area and backbone network. ABRs summarize path information for
the connected area and deliver the information to a backbone network. The backbone
delivers the path information to other ABRs (RTB, RTG).

 BR (Backbone Router)
Routers connected to a backbone network. ABRs and routers that are included in a backbone
network are BRs (RTA, RTB, RTG).

 ASBR (Autonomous System Boundary Router)


Routers that send and receive path information from routers in other AS. The path
information is AS external path and is delivered to all routers in the AS (RTI).

13-58 Corecess S5 System With GPON User's Guide


Configuring OSPF

Configuring OSPF

OSPF Configuration Procedure

The following procedure describes how to configure OSPF routing protocol in the Corecess S5
System.

1. Specifying OSPF Operating Status


Enable OSPF protocol in the Corecess S5 System.

2. Setting Router ID
Set the router ID of the Corecess S5 System. The router ID is used to identify each router in
OSPF.

3. Configuring OSPF Area


Divide the OSPF network to several areas to exchange link status information in limited
areas.

4. Configuring OSPF Parameters


Configure OSPF parameters such as distance, default metric, metric of external route,
passive interface and timer.

5. Configuring OSPF Interface Parameters


Configure OSPF interface parameters such as authentication, interface cost and transmission
interval of various packets.

6. Configuring Virtual Link


If an ABR is not connected to a backbone area physically, the ABR configures a virtual link
with other router in the same area. The router should be connected to the backbone area
physically.

7. Display OSPF Configuration Information


Display information of OSPF configuration in the Corecess S5 System.

Configuring Routing Protocol 13-59


Configuring OSPF

Specifying OSPF Operating Status

Set the Corecess S5 System to operate OSPF protocol, use the router ospf command in Global
configuration mode.

# configure terminal
(config)# router ospf
(config-router)#

When executing the above command, OSPF routing protocol operates and enter OSPF
configuration mode.

Set Router ID

A router ID is used to classify each router in OSPF. A router ID is needed to set the relation of
adjacent router or to control messages between copies of SPF algorithm.

To set a router ID in OSPF, use the router-id command in OSPF configuration mode.

Command Description

router-id  <router-id> Fixed router ID (A.B.C.D in IP address format). Each router ID


<router-id> must be unique.

The following example shows how to set the router ID to 1.1.1.1.


# configure terminal
(config)# router ospf
(config-router)# router-id 1.1.1.1
If the fixed router ID is not assigned to the Corecess S5 System, the largest number of IP address
of loopback interface is used as the router ID. If a loopback interface is not assigned to the
Corecess S5 System, the largest number of IP address of an interface that is defined in the
system is used as the router ID. When changing a router ID, the OSPF router transmits its all
LSA to adjacent routers. In the Corecess S5 System, after assigning the fixed router ID, the
router ID is not changed even if all interfaces are down.

When the router ID of OSPF network that is already operating is changed, the new router ID is
applied directly to the system and is reconnected to adjacent routers. If you restart OSPF
process manually, use the clear ip ospf command.

13-60 Corecess S5 System With GPON User's Guide


Configuring OSPF

Configuring OSPF Area

If networks are increased, the size of link state database is increased, and required time is also
increased for calculating of the shortest path tree. Thus, it affects performance of total network.
To solve above problems, a network can be divided to several areas in OSPF protocol, and link
state information can be exchanged in the limited area.

Areas in OSPF are configured to be connected to the area 0 as follows:

The area 0 is a central area that receives link state information from each area and sends link
state information to each area again. The area 0 is called ‘backbone area’, and other areas are
called ‘leaf area’. The backbone area includes all ABR (Area Border Router). In the Corecess S5
System, several OSPF areas can be configured, but at least one area must be configured as
backbone.

There are stub area and NSSA except backbone area and leaf area in OSPF area. Features of stub
area and NSSA are as follows:

 Stub area
Stub area does not receive LSA that notifies external network information, the traffic is
transmitted through the interface that is specified to the default route to external networks.
The area that is specified to the stub area can reduce size of topology database and memory
that is for the database.

 NSSA (Not-So-Stubby Area)


NSSA has the feature of stub area and allow incoming external routing information

Configuring Routing Protocol 13-61


Configuring OSPF

selectively. NSSA is generally used to deliver external routing information to other areas.

This section describes how to configure OSPF area including stub areas and NSSAs.

Configuring Area
To define the interfaces on which OSPF runs and to define the area ID for those interfaces, use
the network area command in OSPF configuration mode.

Command Description
 <network-address> IP address to operate OSPF routing
protocol.
network <network-
 <area-id> Area that is to be associated with the OSPF address
address> area <area-id>
range. It can be specified as either a decimal value or as an IP
address.

The following example shows how to set the network of 172.16.1.1/32 and the network of
172.162.1/32 to operate OSPF protocol and how to specify interfaces of the two networks to be
included in the area 0.

# configure terminal
(config)# router ospf
(config-router)# network 172.16.1.1/32 area 0
(config-router)# network 172.16.2.1/32 area 0

13-62 Corecess S5 System With GPON User's Guide


Configuring OSPF

Configuring Stub area


You should specify a stub area that there is only one connected point for external networks.
There are two types of stub area. One is a stub area that does not receive external network
information from ASBR. Other is a totally stub area that does not receive both external network
information from ASBR and routing information from ABR.

For example, the area of 0.0.0.1 can be specified as the stub area in the following picture.

To define an OSPF stub area, use the following command in OSPF configuration mode.

Command Description

 <area-id> Area that is to be associated with the OSPF address range.


area <area-id> stub It can be specified as either a decimal value or as an IP address.
[no-summary]  no-summary Prevents an ABR from sending summary link advertisements
into the stub area.

The following example shows how to specify the area of 0.0.0.1 as the stub area.

# configure terminal
(config)# router ospf
(config-router)# network 192.168.3.0/24 area 0.0.0.1
(config-router)# area 0.0.0.1 stub

Configuring Routing Protocol 13-63


Configuring OSPF

Configuring NSSA
NSSA has the feature of stub area and allow incoming external routing information selectively.
NSSA is generally used to deliver external routing information to other areas.

For the following example, external routing information from RIP cloud must be passed
through the area of 0.0.0.5 to be delivered to other network in the domain. At this time, the area
of 0.0.0.5 becomes NSSA.

The following example shows how to set the area of 0.0.0.5 to the NSSA.

(config)# router ospf


(config-router)# network 172.19.92.0/24 area 0.0.0.5
(config-router)# area 0.0.0.5 nssa

Argument Description
Default-information-originate Originate Type 7 default into NSSA area.
No-redistribution No redistribution into this NSSA area.
No-summary Do not send summary LSA into NSSA.
Translator-role NSSA-ABR Translator role.

13-64 Corecess S5 System With GPON User's Guide


Configuring OSPF

Configuring Route Summarization


OSPF uses summary-LSA to notify information of an area to other areas. Summary-LSA that is
generated in each network is transmitted to other areas by ABR. If network addresses in an area
are assigned in sequence, information of these networks can be summarized with one summary
LSA. ABR transmits the integrate summary LSA like information of one network. This feature is
called route summarization, and can reduce amount of routing information.

To use route summarization in the Corecess S5 System, use the area range command in
OSPF configuration mode. The area range command can be only used in ABR.

Command Description

 <area-id> Identifier of the area about which routes are to be


summarized. It can be specified as either a decimal value or as an IP
area <area-id> address.
range <address>/<M>  <address>/<M> IP address of the network range to be summarized
[advertise| /number of 1 in subnet mask.
not-advertise|  advertise Set the address range status to advertise and generates a
substitute summary-LSA.
<address>/<M>]  not-advertise Set the address range status no to advertise.
 substitute Substitute other address range status for the address
range status.

The following example shows how to summarize the host information of network from 160.10.8.0 to
160.10.15.0 in area 2. To specify one range of networks from 160.10.8.0 to 160.10.15.0, subnet mask
should be 255.255.248.0 which has twenty one of number 1.

(config)# router ospf


(config-router)# network 160.10.8.0/24 area 2
(config-router)# area 2 range 160.10.8.0/21
(config-router)#

Configuring Routing Protocol 13-65


Configuring OSPF

Setting OSPF Parameters


The Corecess S5 System provides the following parameters.

Table 13-24 OSPF Parameters

Parameter Description
Default Route Information advertise a default route of an OSPF routing domain
change the specified OSPF distance value for topology property or
Distance
redistribution
Default Metric change the default metric value
Metric of External Route specify metric values depending on routing protocols
filter routes when transmitting route entries using access-list to other
Filtering List
protocols
Passive Interface Specify passive interface.
Refresh Timer Specify the refresh period of OSPF LSA database.
SPF Timer Set SPF (Shortest Path First) timer.

The following section describes how to configure each OSPF parameter.

Setting Default Route Information


A router can be configured to advertise default route information of OSPF routing
automatically to neighbor routers. This feature is called default information origination.
By default, the Corecess S5 System does not advertise a default route of an OSPF routing
domain. To advertise a default route of an OSPF routing domain, use the default-
information originate command in OSPF configuration mode.

Command Description
default-information  always Even if a default route is not configured, ASBR generates
originate [always] and advertises a default route.
[metric <metric>]  <metric> Cost of the default route entry (1 ~ 16777214)
[metric-type <type>]  <type> Type of external route (1, 2)

The following example shows how to configure a router to advertise a default route of an OSPF
routing domain to neighbor routers.

(config)# router ospf


(config-router)# default-information originate
(config-router)#

13-66 Corecess S5 System With GPON User's Guide


Configuring OSPF

Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 110 in the Corecess S5 System.

To change the specified OSPF distance value for topology property or redistribution, use the
distance command in OSPF configuration mode.

Command Description
distance <distance>  <distance> Distance of OSPF route (1 ~ 255)

The following example shows how to specify the OSPF route distance of the OSPF router to 100
in area 1.

(config)# router ospf


(config-router)# network 172.27.10.0/24 area 1
(config-router)# distance 100 172.27.10.0/24
(config-router)#

Setting Default Metric Value


When route entries received from different routing protocols are redistributed to OSPF
networks, the default metric value should be set to be applied without the type of routing
protocol. The default metric can solve problems that occur when redistributing routes that have
inappropriate values. Whenever the metric is not changed, the default metric is used for
providing proper value to proceed redistribution.

The default metric value of OSPF route is 10. To change the default metric value, use the
default-metric command in OSPF configuration mode.

Command Description
default-metric <number>  <number> default metric value (0 ~ 16777214)

The following example shows how to change the default metric value of OSPF route to 4.

(config)# router ospf


(config-router)# default-metric 4

Configuring Routing Protocol 13-67


Configuring OSPF

Setting Metric Value of External Route


To use static routes or routes from networks that use different routing protocols in OSPF
networks, metric values of the routes should be changed to other values that can be used in
OSPF networks. To specify metric values depending on routing protocols, use the redistribute
command in OSPF configuration mode.

Command Description

redistribute <protocol>  <protocol> Type of route to redistribute


[metric <metric>]  <metric> Cost of the route entry (1 ~ 16777214)
[metric-type <type>]  <type> Type of the external route (1, 2)
[route-map <route-map-name>]  <route-map-name> Name of route map

There are two types of methods (type 1, type 2) to calculate cost in an external route. Type 1 of
an external route adds external cost and internal cost to calculate cost. Type 2 of an external
route only uses external cost. If there are two external routes that have the same destination,
OFPF chooses type 1 of the external route.

There are an example that the external route E1 (Type 1) and E2


(Type 2) is redistributed as the right network. The cost of E1 and E2
are calculated as follows:

Cost of E1 = a + b + c
Cost of E2 = a

The redistribute command is used when you specify different


metric values depending on types of routing protocol or the condition of
route map. The other hand, the default-metric command is used
when you specify the metric value that is applied to all route entry from
different type of routing protocols.

The following example shows how to change the metric value that is
advertised from BGP network to ‘10’, and how to set the route type to type 1.

(config)# router ospf


(config-router)# redistribute bgp metric 10 metric-type 1

13-68 Corecess S5 System With GPON User's Guide


Configuring OSPF

Filtering OSPF Route


To filter routes when transmitting route entries using access-list to other protocols, use the
distribute-list command in OSPF configuration mode.

Command Description
distribute-list  <access-list-number> Number of the access list to apply
<access-list-number> out (500 ~ 999)
[<protocol>]  <protocol> Protocol to transmit the route entry.

The following example shows how to filter routes matched the condition of access list 550.

(config)# router ospf


(config-router)# distribute-list 550 out bgp

Specifying Passive Interface


A passive interface is an interface that receives routing information from connected neighbor
routers but does not transmit its routing information. A passive interface is used for filtering
routing information.

To specify a passive interface in the Corecess S5 System, use the passive-interface


command in OSPF configuration mode.

Command Description
 loopback id Specify the loopback interface that is used as the
passive interface.
passive-interface
 <loopback-id> Loopback interface ID that is set to the passive
{loopback id
interface (1 ~ 32).
<loopback-id>|
 port Specify the port that is set to the passive interface.
port gigabitethernet
 <slot>/<port> Slot of the port/Number of the port
<slot>/<port>|
 vlan Specify the VLAN interface that is set to the passive interface.
vlan id <vlan-id>|
 <vlan-id> VLAN interface ID that is set to the passive interface (1 ~
vlan name
4094).
<vlan-name>}
 <vlan-name> VLAN interface name that is set to the passive
interface.

The following example shows how to specify the VLAN interface that ID is 2 as the passive
interface.

(config)# router ospf


(config-router)# passive-interface vlan id 2

Configuring Routing Protocol 13-69


Configuring OSPF

Setting Refresh Period


The default refresh period of OSPF LSA database is ten seconds in the Corecess S5 System. To
change the refresh period of OSPF LSA database, use the refresh timer command in OSPF
configuration mode.

Command Description
refresh timer <seconds>  <seconds> Refresh period (10 ~ 1800 seconds)

The following example shows how to set the refresh period of OSPF LSA database to sixty
seconds.

(config)# router ospf


(config-router)# refresh timer 60

Setting SPF Timer


OSPF protocol uses two timers to decide when SPF (Shortest Path Fist) is calculated after
receiving information of changed topology. The feature of two timer and default values are as
follows:

Table 13-25 SPF Timer

Default
Timer Description
Value
Waiting time until calculating SPF after an OSPF router receives information of
5
delay changed topology. If the timer is set to ‘0’, calculation of SPF is immediately
Seconds
started when receiving the information.
Waiting time until calculation the next SPF after a SPF is calculated. If the
10
holdtime timer is set to ‘0’, calculation of the next SPF is immediately started after
Seconds
calculating the SPF.

To change values of the OSPF timers, use the timers spf command in OSPF configuration
mode.

Command Description
 <delay-timer> Value of the delay timer (0 ~ 4294967295
timers spf <delay-timer> seconds)
<holdtime-timer>  <holdtime-timer> Value of the Holdtime timer (10 ~ 1800
seconds)
The following example shows how to set the timers.

# configure terminal
(config)# router ospf
(config-router)# timers spf 10 20

13-70 Corecess S5 System With GPON User's Guide


Configuring OSPF

Configuring Virtual Link

All ABR must be connected to the OSPF backbone area either directly or indirectly. If an ABR is
not connected to the backbone area physically, the ABR can configure a virtual link with other
ABR that is connected to the backbone area physically in the same area.

RTA is an ABR that is not physically connected to the backbone area (area 0) as follows. To
connect RTA to the backbone, a virtual link should be configured between ATA and ARC using
area 1 (transit area). The virtual link should be defined in routers that are located in the end of
the link, and routers that are in transit area do not need any configuration about the virtual link.

To define the virtual link, use the area virtual-link command in OSPF configuration mode.

Command Description
 <area-id> Area ID assigned to the transit area for the virtual link.
area <area-id> This can be either a decimal value or a valid IP address.
virtual-link <router-  <router-id> Router ID that is connected to the virtual link.
id> [authentication-  authentication-key <key> Set simple password method to be
key <key> | message- used when authenticating with neighbors, and specify the password.
digest-key <key-id>  message-digest-key <key-id> md5 <key> Set MD5
md5 <key>] authentication method to be used when authenticating with
neighbors, and specify the password.

RTA

Configuring Routing Protocol 13-71


Configuring OSPF

RTA(config)# router ospf


RTA(config-router)# area 0.0.0.2 virtual-link 209.157.22.1

RTC
RTC(config)# router ospf
RTC(config-router)# area 0.0.0.2 virtual-link 10.0.0.1

Setting Parameters for Virtual Link


To configure parameters of the virtual link that is already defined, use the following command
in OSPF configuration mode.

Command Description
 <area-id> Area ID assigned to the transit area for the virtual link.
area <area-id>
This can be either a decimal value or a valid IP address.
virtual-link <router-
 <router-id> Router ID that is connected to the virtual link.
id>
 dead-interval Time that hello packets are not seen before a
{dead-interval|
neighbor declares the router down. This value must be the same for
hello-interval|
all routers.
retransmit-interval|
 hello-interval Time between the hello packets. This value
transmit-delay}
must be the same for all routers.
<seconds>
 retransmit-interval Time between link-state advertisement
[{dead-nterval|
(LSA) retransmissions for adjacencies belonging to the interface. The
hello-interval|
value must be greater than the expected round-trip delay
retransmit-interval|
 transmit-delay Estimated time required to send a link-state
transmit-delay}
update packet on the interface.
<seconds> ...]
 <seconds> Time interval (1 ~ 65535 seconds)

13-72 Corecess S5 System With GPON User's Guide


Configuring OSPF

Displaying OSPF Configuration Information


This section describes how to display various OSPF information.

Displaying OSPF Configuration Information

To display OSPF configuration information, use the show ip ospf command in Privileged
mode.

# show ip ospf

Routing Process "ospf 0" with ID 3.3.3.1


Process uptime is 10 days 20 hours 37 minutes
Process bound to VRF default
Conforms to RFC2328, and RFC1583Compatibility flag is disabled
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Refresh timer 10 secs
Number of incoming current DD exchange neighbors 0/5
Number of outgoing current DD exchange neighbors 0/5
Number of external LSA 6. Checksum 0x02790F
Number of opaque AS LSA 0. Checksum 0x000000
Number of non-default external LSA 6
External LSA database is unlimited.
Number of LSA originated 46
Number of LSA received 1089
Number of areas attached to this router: 2
Area 0 (BACKBONE)
Number of interfaces in this area is 4(5)
Number of fully adjacent neighbors in this area is 2
Area has no authentication
SPF algorithm last executed 00:15:39.691 ago
SPF algorithm executed 295 times
Number of LSA 11. Checksum 0x0473bc
Area 1 (Inactive)
Number of interfaces in this area is 0(0)
Number of fully adjacent neighbors in this area is 0
Number of fully adjacent virtual neighbors through this area is 0
Area has no authentication
SPF algorithm executed 0 times
Number of LSA 0. Checksum 0x000000

Configuring Routing Protocol 13-73


Configuring OSPF

When executing the show ip ospf command, the following information is displayed.

Table 13-26 show ip ospf Command Field Description

Field Description
Router ID OSPF route ID
Supports ... Number of types of service supported (type 0)
Whether RFC 1583 is used when calculating cost of summary route. If
RFC1583 Compatibility flag
the value is ‘disable’, RFC 2328 is used.
Waiting time until calculating SPF after a OSPF router receives
SPF schedule delay
information of changed topology
Hold time between two SPFs Waiting time until calculation the next SPF after a SPF is calculated.
Refresh timer Refresh period of LSA
Number of external LSA Number of external LSA
Number of areas attached to
Number of areas that this router is connected to.
this router
Area ID Area ID that this router is connected to.
Number of interfaces in this
Number of interfaces in this area
area
Number of fully adjacent
Number of fully adjacent neighbors in the area
neighbors in this area
SPF algorithm executed Number of calculation of SPF in the router of the Area
Number of LSA Number of LSA
This field is displayed when the area does not use authentication
Area has no authentication
method.

Display Information of ABR and ASBR

To display the routing table of ABR and ASBR, use the show ip ospf border-routers
command in Privileged mode.

# show ip ospf border-routers


OSPF process 0 internal Routing Table

Codes: i - Intra-area route, I - Inter-area route

i 25.25.25.3 [10] via 25.25.25.3, vlan41, ABR, ASBR, Area 0.0.0.0


i 35.35.35.3 [10] via 35.35.35.3, vlan53, ABR, ASBR, Area 0.0.0.0
#

When executing of the show ip ospf border-routers command, the following


information of the route entry are displayed.

Table 13-27 show ip ospf border-routers Field Description

Field Description

13-74 Corecess S5 System With GPON User's Guide


Configuring OSPF

Destination Router ID of the destination

Next Hop Next hop toward the destination

Cost Cost of using this route

Type Router type of the destination (ABR, ASBR)

Rte Type Type of route (Inter area route, Intra-area route)

Area The area ID of the area from which this route is learned

SPF No Information of area in which the router is included such as number and address

Display OSPF Database Information

To display OSPF database information, use the show ip ospf database command in
Privileged mode. You can specify several options with the show ip ospf database command,
and different database information is displayed depending on each option

Table 13-28 show ip ospf database Command Option

Option Description

nssa-external Display information only about the external NSSAs.

Display information only about the ASBR(Autonomous System Boundary Router)


asbr-summary
summary LSAs.

external Display information only about the external LSAs.

network Display information only about the network LSAs.

router Display information only about the router LASs.

summary Display information only about the summary LSAs.

Configuring Routing Protocol 13-75


Configuring OSPF

Display OSPF Interface Information

To display OSPF interface information, use the show ip ospf interface command in
Privileged mode.

# show ip ospf interface


Interface management is up
line protocol is up
OSPF not enabled on this interface
Interface vlan id 53 is up
line protocol is up
Internet Address 35.35.35.1/24, Area 0.0.0.0, MTU 1500
Process ID 0, Router ID 3.3.3.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 3.3.3.1, Interface Address 35.35.35.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:10
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 1183083345
Hello received 120 sent 188, DD received 2 sent 4
LS-Req received 1 sent 1, LS-Upd received 1 sent 5
LS-Ack received 5 sent 1, Discarded 0

When executing the show ip ospf interface command, the following information about
OSPF interface is displayed.

Table 13-29 show ip ospf interface Filed Description

Field Description

Interface name, line protocol Physical status of the interfaces and status of the protocol

Internet Address IP address of the interfaces and subnet mask

Area IP address of the area in which the interfaces are included.

Router Id Router ID

Network Type Network type

Cost Cost of LSA

Transmit Delay Transmission period of LSA

State Interface state

Priority Router priority

13-76 Corecess S5 System With GPON User's Guide


Configuring OSPF

Designated Router DR ID and IP address of the interface

Backup Designated router Backup DR ID and IP address of the interface

Timer types and values


- Hell : Transmission period of the Hello packets
Timer intervals configured
- Dead : Maximum waiting time of the Hello packet (second)
- Retransmit : Retransmission period of the Hello packets

Hello Number of seconds until next hello packet is sent out the interface

Neighbor Count Number of Neighbors and adjacent neighbors

Display OSPF Neighbor Information

To display OSPF routing information, use the show ip ospf neighbor command in
Privileged mode.

# show ip ospf neighbor


OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
25.25.25.3 0 Full/DROther 00:00:39 25.25.25.3 vlan41
35.35.35.3 0 Full/DROther 00:00:38 35.35.35.3 vlan53
#

When executing the show ip ospf neighbor command, the following information about OSPF
neighbors is displayed.

Table 13-30 show ip ospf neighbor Field Description

Field Description

Neighbor ID Neighbor ID

Pri Router priority of the neighbor

State OSPF state

Dead Time Waiting time until the router infers that the neighbor is down

Address IP address of Neighbors

Interface Interface name that is connected to the neighbor

Configuring Routing Protocol 13-77


Configuring OSPF

Display OSPF Route Information

To display OSPF route information, use the show ip ospf route command in Privileged
mode.
# show ip ospf route
OSPF process 0:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2

C 3.3.3.0/24 [10] is directly connected, vlan51, Area 0.0.0.0


C 18.1.1.0/24 [10] is directly connected, vlan54, Area 0.0.0.0
C 25.25.25.0/24 [10] is directly connected, vlan41, Area 0.0.0.0
C 35.35.35.0/24 [10] is directly connected, vlan53, Area 0.0.0.0
O 90.0.0.0/26 [11] via 35.35.35.3, vlan53, Area 0.0.0.0
O 90.0.0.128/25 [11] via 35.35.35.3, vlan53, Area 0.0.0.0
O 90.0.1.0/25 [11] via 25.25.25.3, vlan41, Area 0.0.0.0
O 90.0.2.0/24 [11] via 35.35.35.3, vlan53, Area 0.0.0.0
O 90.0.3.0/24 [11] via 25.25.25.3, vlan41, Area 0.0.0.0
IA 90.0.4.0/24 [20] via 35.35.35.3, vlan53, Area 0.0.0.0
IA 90.0.5.0/24 [20] via 35.35.35.3, vlan53, Area 0.0.0.0
IA 90.0.6.0/24 [20] via 35.35.35.3, vlan53, Area 0.0.0.0
IA 90.0.7.0/24 [20] via 25.25.25.3, vlan41, Area 0.0.0.0
IA 90.0.8.0/24 [20] via 25.25.25.3, vlan41, Area 0.0.0.0
E1 90.0.9.0/24 [1010] via 35.35.35.3, vlan53
E1 90.0.10.0/24 [1010] via 35.35.35.3, vlan53
E1 90.0.11.0/24 [1010] via 35.35.35.3, vlan53
E1 90.0.12.0/24 [1010] via 25.25.25.3, vlan41
E1 90.0.13.0/24 [1010] via 25.25.25.3, vlan41
#

When executing the show ip ospf route command, the following information is displayed.

Table 13-31 show ip ospf route Field Description

Low of
Description
Routing Table

1 LSA type (N : Network, R : Router)

2 IP address and net mask of the destination

3 Area ID

Interface name that is connected and connection state


4
(directly : Direct connection, via <ip> : Connection via IP)

13-78 Corecess S5 System With GPON User's Guide


Configuring OSPF

OSPF Commands

OSPF commands supported in the Corecess S5 System are as follows:

Table 13-32 OSPF Commands

Command Description
area
Enable authentication for an OSPF area.
authentication
area default-
Specify a cost for the default summary route sent into a stub or NSSA.
cost
Limit routing information that is transmitted from the specified area to other
area export-list
areas.
area import-list Limit particular routing information that is received from other areas.
area filter-list Filter routes when transmitting route entries using access-list to other protocol.
area range Specify the network range to use summary LSA.
Define the specified area as the stub area not to receive information about the
area stub
external network.
area nssa NSSA is generally used to deliver external routing information to other areas.
area virtual-
Define OSPF virtual links.
link
default-
information Generate a default external route into an OSPF routing domain.
originate
default-metric Set default value for the OSPF routing protocol.
distance Specify administrative distances of OSPF route.
distribute-list Specify the route filtering to be applied when transmitting route entries.
Specify the network that operates OSPF routing protocol, and specify area in
network
which the interface connected to the network is included.
passive- Configure the specified interface not to transmit OSPF routing information to
interface other routers.
redistribute Redistribute routes from other routing domain into OSPF routing domain.
refresh Specify refresh interval of OSPF LSA.
router-id Assign a fixed router ID.
timers spf Change values of the OSPF timers
ip ospf
Assign a password to be used by neighboring routers that are using the OSPF
authentication-
simple password authentication.
key
ip ospf cost Specify cost of OSPF interfaces.
ip ospf Set the interval during which at least one hello packet must be received from a
dead-interval neighbor before the router declare that neighbor down.
ip ospf
Specify the interval between hello packets that are sent on the interface.
hello-interval
ip ospf message-
Specify a ID and a password when enabling OSPF MD5 authentication
digest-key
ip ospf priority Set the router priority, which helps determine the DR for this network.
ip ospf
Specify the time between LSA retransmissions for adjacencies belonging to
retransmit-
the interface.
interval
ip ospf transmit- Set the estimated time required to send a link-state update packet on the

Configuring Routing Protocol 13-79


Configuring OSPF

delay interface.
clear ip ospf Clear information learnt from OSPF.
show ip protocols Display information of IP protocol that is operating in the system.
show ip ospf Display basic information of OSPF.
show ip ospf Display the internal OSPF routing table entries to an ABR (Area Border
border-routers Router) and ASBR (Autonomous System Boundary Router).
show ip ospf
Display information about OSPF database of the router.
database
show ip ospf Display OSPF configuration information for interfaces that are defined in the
interface system.
show ip ospf
Display OSPF neighbor information on a per-interface basis.
neighbor
show ip ospf
Display information of OSPF network, routers and external routing tables.
route

13-80 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Configuring IS-IS
IS-IS Overview

Introduction

IS-IS (Intermediate System to Intermediate System) protocol is the same type of link-state
routing protocol as OSPF. IS-IS can exchange routing information among routers in a particular
domain. IS-IS is defined in RFC 1195 and is usually used for exchanging routing information
among multi-protocol stack such as IP and OSI.

IS-IS network consist of ES (End System) and IS (Intermediate System). ES is an object that
sends and transmits packet as a host. IS is such a router that sends, transmits packets.

IS-IS can be configured to exchange link-state information in limited region because a domain
can be divided to several regions. The limited region is called ‘area’. Routing among areas is
consisted hierarchically, and a domain is divided to small areas and is managed. Level 1 routers
and level 2 routers can be configured for the hierarchical structure. Level 1 routers take charge
of routing in an area. If destination of packets is external area, level 1 routers route packets to
level 2 router. Level 2 router take charge of routing among areas or other domains.

IS-IS protocol selects the shortest path using SPF (Shortest Path First) algorithm. SPF algorithm
calculates status of network interface and path cost that is used in the interface and connected
network, and selects a path that has the lowest cost. SPF algorithm only delivers routing
information when the network is changed. Thus, unnecessary traffic is not delivered. Also, SPF
algorithm can control the complicated and sophisticated network.

Configuring Routing Protocol 13-81


Configuring IS-IS

Type of IS-IS System

There are three types of IS (Intermediate System) as follows:

 Level 1 Router : A router that cannot be connected to other areas.


- Exists in a particular area.
- Operates the same as an internal OSPF backbone router.
- Does not have information about a destination that is out of its area.

 Level 2 Router : A router that is connected to other areas.


- Connected to several areas.
- Allowed to be connected to other level 2 routers.
- Operates the same as an OSPF Backbone router.

 Level 1 / Level 2 Router : A router that can be connected to Level 1 routers and Level 2 routers.
- Maintains additional link status for connection of level 1 and level 2.
- Operates the same as an OSPF ABR.

The following picture shows IS-IS hierarchical structure.

area 49.0001
L1

Level-1
Area

L1 / L2

Level-2
area 49.0002 Backbon area 49.0003
L1 / L2 L1 / L2

Level-1 Level-1
Area Area

L1 L1

13-82 Corecess S5 System With GPON User's Guide


Configuring IS-IS

IS-IS Network Address

IS-IS uses an ISO network address. Each network address plays a role as NSAP (Network
Service Access Point) to distinguish network connection point.

ES can have several NSAP addresses that value of last byte (n-selector) is different. Each NASP
indicates services that can be used on a node. Therefore, ES can have several services, and a
node can be included in several areas.

A IS has specific network address called NET (Network Entity Title). NET is a NSAP address
that last byte (n-selector) is 0x00. Most IS has one NET. However, IS that is configured by
several areas can have several NETs.

The following is the typical structure of NET.

49.0001.00a0.c96b.c490. 00
   

Table 13-33 IS-IS NET Structure

Field Size (byte) Description

 AFI 1 Area ID. The area ID is used for level 1 routing, and each router
 Area address Variable (1~12) can define three of area ID.

System ID. The system ID is used for level 2 routing. The system
 System ID 6 ID must be unique. The system ID generally uses type of MAC
address.

 NSEL 1 N-selector (This value is always 0x00.)

IS-IS Addressing Rule


 At least one NET should be assigned for each node.

 All routers that are in the same area should use the same area ID.

 All nodes that are in the same area should use the same system ID.

 System ID length of all nodes that are in the same domain should be the same.

Configuring Routing Protocol 13-83


Configuring IS-IS

IS-IS Packet Type

The following types of packets are used in IS-IS for exchanging routing information.

Hello Packet
The Hello packet establishes and maintains relation of adjacent IS-IS systems. There are three
types of hello packet as follows:

 Level 1 LAN IS-IS Hello Packet: Used by level 1 routers on a broadcast LAN.
 Level 2 LAN IS-IS Hello Packet: Used by level 2 routers on a broadcast LAN.

 Point-to-point Hello Packet: Used by medias that do not have broadcasting feature such as a Point-to-
Point link.

LSP (Line State Packet)


The LSP has link-state information and operates the same as the LSA of OSPF protocol. There
are two types of LSP.

 Level 1 LSP: Level 1 routing LSP


 Level 2 LSP: Level 2 routing LSP

Level 1 routers transmit Level 1 LSPs. However, level 2 routers transmit both level 1 LSPs and
level 2 LSPs.

CSNP (Complete sequence number Packet)


The CSNP includes all list of LSP in the IS-IS database. The CSNP is transmitted periodically to
all links, and systems that received the CSNP use information of CSNP to update or
synchronize their LSP database. There are two types of CSNP.

 Level 1 CSNP: Level 1 routing CSNP


 Level 2 CSNP: Level 2 routing CSNP

PSNP (Partial sequence-number Packet)


The PSNP is a packet that is sent among routers that receive CSNPs. The PSNP is used for
request of updated LSP when a checksum error occurs in LSP packet, or LSP information is
changed. Routers that are received PSNP broadcast requested LSP. There are two types of PSNP.

 Level 1 PSNP: Level 1 routing PSNP


 Level 2 PSNP: Level 2 routing PSNP

13-84 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Configuring IS-IS

IS-IS Configuration Procedure

The following procedure describes how to configure IS-IS routing protocol.

1. Enabling IS-IS
Enable IS-IS protocol in the Corecess S5 System.

2. Configuring IS-IS Interface Parameters


Configure IS-IS interface parameters such as routing level, transmission period of various
packets, mesh group, authentication password and priority.

3. Configuring IS-IS Parameters


Configure IS-IS parameters such as routing level, distance, password, external route metric,
passive interface and timer.

4. Display IS-IS Configuration Information


Display IS-IS configuration information of the Corecess S5 System.

Enable IS-IS

To enable IS-IS protocol in the Corecess S5 System, the following tasks should be executed.

1. Creating IS-IS Routing Process


2. Configuring NET
3. Specifying IS-IS Interface

By default, IS-IS is set not to be operated in the Corecess S5 System. To enable IS-IS protocol in
the Corecess S5 System, use the following commands.

Table 13-34 Enabling IS-IS

Command Description
configure terminal 1. Enter Global configuration mode.
2. Enable IS-IS routing process, and enter IS-IS configuration mode.
router isis  <area-tag> Name of IS-IS routing process. <area-tag> is used
[<area-tag>] when configuring several IS-IS area. Also, <area-tag> classify
each area.
net 3. Configuring NET of IS-IS routing process.
<network-entity-title>  <network-entity-title> Area address and system ID of IS-

Configuring Routing Protocol 13-85


Configuring IS-IS

IS routing process. This argument can be either an address or a


name.
exit 4. Return Global configuration mode.
interface 5. Enter Interface configuration mode.
ip router isis 6. Assign the IS-IS routing process to the interface.
[<area-tag>]  <area-tag> Name of IS-IS routing process

The following example shows how to configure IS-IS protocol and IS-IS NET and how to enable
the IS-IS process in the default VLAN interface.

(config)# configure terminal


(config)# router isis
(config-router)# net 49.0001.0000.0000.000a.00
(config-router)# exit
(config)# interface vlan id 1
(config-if)# ip router isis
(config-if)#

The following example shows how to set the area tag to classify each process when creating
over two IS-IS process in the system.

(config)# router isis corecess


(config-router)# net 19.0001.0000.0000.0020.00
(config-router)# exit
(config)# interface vlan id 1
(config-if)# ip router isis corecess
(config-if)#

13-86 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Configuring IS-IS Parameters

The Corecess S5 System provides the following IS-IS parameters.

Table 13-35 IS-IS Parameters

Parameter Description
adjacency-check performs consistency checks on hello packets
area-password Set IS-IS area authentication password.
default-information Set default route of IS-IS routing domain to be transmitted to neighbors.
distance Change distance value of IS-IS.
domain-password Set authentication password of IS-IS.
dynamic-hostname Set host name or area tag to be used.
hostname dynamic Set mapping information to be displayed.
ignore-lsp-errors Allow the router to ignore checksum errors of LSP.
is-type Set IS-IS routing level of a router.
lsp-gen-interval Set LSP (Link-State Packet) generation interval.
lsp-refresh-interval Set LSP(Link-state packet) refresh interval.
max-area-addresses Set the maximum number of IS-IS area.
max-lsp-lifetime Set the maximum LSP(Link-state packet) life time.
Specify a passive interface that does not transmit routing information to
passive-interface
other routers.
Apply different values to external route, which is redistributed to IS-IS,
redistribute
depending on types of protocol or the condition of route map.
Set overload bit not to use the local router as an intermediate router in their
set-overload-bit
SPF calculations.
spf-interval Set SPF (Shortest Path First) calculation interval of IS-IS.
summary-address Add the aggregate route entry of IS-IS.

Configure IS-IS Routing Level


To set the IS-IS routing level of the Corecess S5 System, use the following command in IS-IS
configuration mode.
Command Description
is-type {level-1 |  level-1 Router performs only level 1 (intra-area) routing.
level-1-2 | level-  level-1-2 Router performs both level 1 and level 2 routing.
2-only}  level-2-only Router performs only level 2 routing.

Configuring Routing Protocol 13-87


Configuring IS-IS

The following example shows how to set the Corecess S5 System to the level 1 (intra-area)
router.

(config)# router isis


(config-router)# is-type level-1
(config-router)#

Verify Protocol Version of Adjacent Routers


IS-IS performs consistency checks on hello packets and will form an adjacency only with a
neighboring router that supports the same set of protocols. A router running IS-IS for both IPv4
and IPv6 will not form an adjacency with a router running IS-IS for IPv4 only.

To performs consistency checks on hello packets, use the adjacency-check command in IS-IS
configuration mode.

The following example shows how to configure IPv4 IS-IS router to form an adjacency with
IPv4 or IPv6 routers.

(config)# router isis


(config-router)# no adjacency-check
(config-router)#

Configuring LSP Generation Interval


By default, the Corecess S5 System is configured to generate IS-IS LSP (Link-State Packet) every
five seconds. To change LSP generation interval, use the following command in IS-IS
configuration mode.

Command Description
lsp-gen-interval  level-1 Apply the specified interval to level 1 (intra-area) routing.
[level-1 | level-2]  level-2 Apply the specified interval to level 2 (inter-area) routing.
<seconds>  <seconds> LSP generation interval (1 ~ 120 seconds)

The following example shows how to IS-IS LSP generation interval to 6 seconds.

(config)# router isis


(config-router)# isis-gen-interval 6
(config-router)#

13-88 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Configuring LSP Refresh Interval


The default LSP refresh interval is 900 seconds in the Corecess S5 System. To set LSP refresh
interval, use the following command in IS-IS configuration mode.

Command Description
lsp-refresh-  level-1 Apply the specified interval to level 1 (intra-area) routing.
interval [level-1 |  level-2 Apply the specified interval to level 2 (inter-area) routing.
level-2] <seconds>  <seconds> LSP refresh interval (1 ~ 65535 seconds)

The following example shows how to IS-IS LSP refresh interval to 800 seconds.

(config)# router isis


(config-router)# lsp-refresh-interval 800
(config-router)#

Setting Maximum LSP Lifetime


Maximum lifetime of IS-IS LSP (Link-State Packet) is time that IS-IS state packets persist
without being refreshed. Maximum LSP lifetime decides how long LSPs can be transmitted.
When IS-IS LSP lifetime reaches maximum lifetime, the packets are not transmitted any more.

To set maximum LSP lifetime, use the following command in IS-IS configuration mode.

Command Description
max-lsp-lifetime
 <seconds> maximum LSP lifetime (1 ~ 65535 seconds)
<seconds>

The following example shows how to set maximum LSP lifetime to 1000 seconds.

(config)# router isis


(config-router)# max-lsp-lifetime 1000
(config-router)#

Configuring Routing Protocol 13-89


Configuring IS-IS

Ignoring LSP Checksum Error


By default, when receiving packets that include checksum errors, IS-IS purges the packets in the
Corecess S5 System. To allow the Corecess S5 System to ignore checksum errors of LSP (Link-
State Packet), use the ignore-lsp-errors command in IS-IS configuration mode.

The following example shows how to ignore LSP that include checksum errors.

(config)# router isis


(config-router)# ignore-lsp-errors
(config-router)#

Setting Maximum Number of IS-IS Static Area


By default, the maximum number of three IS-IS static area can be configured. To change the
maximum number of IS-IS static area, use the following command in IS-IS configuration mode.

Command Description

max-area-addresses
 <number> Maximum number of IS-IS static area (3 ~ 254)
<number>

The following example shows how to set the maximum number of IS-IS static area to 10.

(config)# router isis


(config-router)# max-area-addresses 10
(config-router)#

Setting Authentication Password of IS-IS Area


To set the authentication password of IS-IS area, use the following command in IS-IS
configuration mode.

Command Description

area-password
 <string> Authentication password of IS-IS area
<string>

The following example shows how to set the authentication password to ‘corecess’.

(config)# router isis


(config-router)# area-password corecess
(config-router)#

13-90 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Setting Default Route Information


A router can be configured to transfer a default route information of IS-IS routing domain
automatically to neighbor routers. This feature is called default information origination.

By default, the Corecess S5 System is configured not to transfer a default route. To transfer a
default route to neighbor routers, use the default-information originate command in IS-
IS configuration mode.

The following example shows how to transfer a default route of a IS-IS routing domain
automatically to neighbor routers.

(config)# router is-is


(config-router)# default-information originate
(config-router)#

Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 115 in the Corecess S5 System.

To change the specified IS-IS distance value for topology property or redistribution, use the
distance command in IS-IS configuration mode.

Command Description

distance {level-1 |
level-2} <distance>
 level-1 Set distance value of IS-IS level 1 route (intra-area
distance level-1 route).
<distance> level-2  level-2 Set distance value of IS-IS level 2 route (inter-area route).
<distance>  <distance> Distance of IS-IS route (1 ~ 255)
distance level-2  <prefix> Prefix of the network in which the router is included or
<distance> level-1 IP address of the router
<distance>  <M> Subnet mask of <prefix>
 <access-list-number> Number of access list to be applied to
distance <distance> received routing information (500 ~ 999).
[<prefix>/<M>
[<access-list-number>]]

The following example shows how to set IS-IS route distance of the router which is operating on
the network of 198.10.1.0 to 130. The IP address of the router is 198.10.1.3.
(config)# router rip
(config-router)# network 198.10.1.0/32
(config-router)# distance 130 198.10.1.3/32
(config-router)#

Configuring Routing Protocol 13-91


Configuring IS-IS

Setting Domain Password


To set the authentication password of IS-IS routing domain, use the following command in IS-IS
configuration mode.

Command Description

domain-password
 <string> Authentication password of IS-IS routing domain
<string>

The following example shows how to the authentication password of IS-IS routing domain to
‘corecess’.

(config)# router isis


(config-router)# domain-password corecess
(config-router)#

Specify Value for IS-IS Node Name


IS-IS uses the 6-byte system ID to display nodes in a network. Because this system ID is
displayed in hexadecimal, it is hard to remember or input when a network administrator
monitors status of a particular IS-IS adjacency. To solve this problem, the Corecess S5 System
can use host name or area tag of the node instead of the hexadecimal system ID. The router
stores and manages the mapping table for dynamic host names and system IDs.

To use a host name or an area tag for displaying a particular node in IS-IS networks, use the
following command in IS-IS configuration mode.

Command Description

dynamic-hostname
 area-tag Use the area tag as the host name.
[area-tag]

The following example shows how to use the host name of a particular node.

(config)# router isis


(config-router)# dynamic-hostname
(config-router)#

13-92 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Setting Mapping Information to Display


To display mapping information for a host name and a system ID when executing the show isis
command, use the hostname dynamic command in IS-IS configuration mode.

The following example shows how to display mapping information for the host name and the
system ID when executing the show isis command.

(config)# router isis


(config-router)# hostname dynamic
(config-router)#

Specify Passive Interface


The passive interface is an interface that receives IS-IS routing information from connected
neighbor routers, but does not transmit its routing information. The passive interface is used for
filtering routing information.

To specify the passive interface, use the following command in IS-IS configuration mode.

Command Description
 loopback id Specify the loopback interface that is used as the
passive interface.
passive-interface
 <loopback-id> Loopback interface ID that is set to the passive
{loopback id
interface (1 ~ 32).
<loopback-id>|
 port Specify the port that is set to the passive interface.
port <port-type>
 <slot>/<port> Slot of the port/Number of the port
gigabitethernet |
 vlan Specify the VLAN interface that is set to the passive
vlan id <vlan-id>|
interface.
vlan name <vlan-name>}
 <vlan-id> VLAN interface ID (1 ~ 4094)
 <vlan-name> VLAN interface name

The following example shows how to specify the VLAN interface as the passive interface.

(config)# router isis net1


(config-router)# net 49.0001.0000.0000.0020.00
(config-router)# passive-interface vlan id 10
(config-router)#

Configuring Routing Protocol 13-93


Configuring IS-IS

Setting Overload Bit


The overload bit can be set not to use the local router as an intermediate router in their SPF
calculations in the Corecess S5 System. Then, paths through the local router become invisible to
other routers in the area.

To set the overload bit, use the following command in IS-IS configuration mode.

Command Description
 on-startup <seconds> Set the overload bit only after a system
reload
- <seconds>: Period after the reload during which the overload
set-overload-bit bit is set (5 ~ 86400 seconds)
[on-startup seconds>]  suppress Set IP prefix of the specified type not to transmit when
[suppress {external| overload bit is already set.
 external Set IP prefix learnt from other protocols not to transmit
interlevel | when overload bit is already set
external interlevel |  interlevel Set IP prefix learnt from other IS-IS routing levels not
interlevel external}] to transmit when overload bit is already set.
 external interlevel, interlevel external Set IP prefix
learnt from either other protocols or other IS-IS routing levels not to
transmit when overload bit is already set.

The following example shows how to set overload bit to 60 seconds.

(config)# router isis


(config-router)# set-overload-bit on-startup 60 suppress interlevel
(config-router)#

13-94 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Setting Redistribution Metric


In the Corecess S5 System, different metric values can be applied depending on types of routing
protocol or the condition of the route map when route entries that received from different types
of routing protocols are distributed to IS-IS networks.

To apply different metric values to external route, which is redistributed to IS-IS, depending on
types of protocol or the condition of route map, use the following command in IS-IS
configuration mode.

Command Description

 <protocol> Type of route to redistribute (bgp, connected,


kernel,ospf,ppp,rip,static)
 <level> Route level
- level-1: Routes that are redistributed to level 1(intra-area)
redistribute <protocol> - level-1-2: Routes that are redistributed to both level 1(intra-
{[<level>] area) and level 2(interarea)
[metric <metric>] - level-2: Routes that are redistributed to level 2 (interarea)
[metric-type <type>]}  metric <metric> <protocol> Specify cost of the external
route entry that was received from the specified routing protocol.
- <metric> : Cost of the route entry (0 ~ 4261412864)
 metric-type <type> Specify the external route type.
- <type> : The external route type (internal, external)

The following example shows how to redistribute RIP routes to IS-IS level 1 routes.

(config)# router isis


(config-router)# net 01.0000.0000.0001.00
(config-router)# redistribute rip metric 40 level-1
(config-router)#

Configuring Routing Protocol 13-95


Configuring IS-IS

Summarizing Address Range


If addresses are aggregated in IS-IS, the number of LSP and database can be reduced. To
aggregate several routes, use the following command in IS-IS configuration mode.

Command Description
 <prefix> IP route prefix
 <M> Subnet mask of IP route
summary-address  level-1 Aggregate routes that are matched to the specified to level 1
<prefix>/<M> [level- routes.
1 | level-1-2 |  level-1-2 Aggregate routes that are matched to the specified to
level-2] level 1 and level 2 routes.
 level-2 Aggregate routes that are matched to the specified to level 2
routes.

The following example shows how to aggregate addresses.

(config)# router isis


(config-router)# summary-address 13.1.0.0/16
(config-router)#

Setting SPF Calculation Interval


The SPF (Shortest Path First) calculation interval is waiting time until the next SPF is calculated.

The default SPF calculation interval is 5 seconds. To change the SPF calculation interval, use the
following command in IS-IS configuration mode.

Command Description

 level-1 Apply the specified SPF calculation interval to level 1 (intra-


area) routing.
spf-interval
 level-2 Apply the specified SPF calculation interval to level 1 (intra-
[level-1 | level-2]
area) and level 2 (interarea) routing.
<seconds>
 <seconds> Waiting time until the next SPF is calculated (1 ~ 120
seconds)

The following example shows how to set the SPF calculation interval to 10 seconds.

(config)# router isis


(config-router)# spf-interval 10
(config-router)#

13-96 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Displaying IS-IS Configuration Information


This section describes how to display various IS-IS information and displayed information.

Displaying IS-IS Status Information

To display status information of all IS-IS routing processes, use the show isis counter
command in Privileged mode.

# show isis counter


Area No Area Tag:
IS-IS Level-1 isisSystemCounterEntry:
isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0
isisSysStatSPFRuns: 0

IS-IS Level-2 isisSystemCounterEntry:


isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0

Configuring Routing Protocol 13-97


Configuring IS-IS

isisSysStatSPFRuns: 0

When executing the show isis counter command, the following information is displayed.

Table 13-36 show isis counter Field Description

Field Description

isisSysStatCorrLSPs Number of damaged LSPs

isisSysStatAuthTypeFails Number of authentication type fail for a process

isisSysStatAuthFails Number of authentication fail for a process

isisSysStatLSPDbaseOloads Number that the LSP database are overloaded

isisSysStatManAddrDropFromAreas Number that static addresses are discarded in the area.


isisSysStatAttmptToExMaxSeqNums Number that IS exceeds the maximum sequence number

isisSysStatSeqNumSkips Number of the sequence number skips


isisSysStatOwnLSPPurges Number of receiving LSPs that are created in the system

Number of receiving IS-IS control PDUs that have different length


isisSysStatIDFieldLenMismatches
of ID field from length of the receiving system ID field

Number of receiving IS-IS control PDUs that have different value


isisSysStatMaxAreaAddrMismatches
of Maximum Area Addresses from the value of the system

isisSysStatPartChanges Number that partition is changed

isisSysStatSPFRuns Number of SPF calculation

13-98 Corecess S5 System With GPON User's Guide


Configuring IS-IS

Displaying IS-IS Database Information

To display IS-IS routing database information, use the show isis database command in
Privileged mode.

The following example shows how to display the detail information of IS-IS routing database
using the show isis database detail command.

# show isis database detail


Area No Area Tag:
Area corecess:
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
0000.0000.0020.00-00* 0x0000000E 0xE7BE 1167 0/0/0
Area Address: 19.0001
NLPID: 0xCC
IP Address: 10.1.1.1
Metric: 10 IP 10.1.0.0 255.255.0.0
When executing the show isis database command, the following information is displayed.

Table 13-37 show isis database Field Description

Field Description
LSPID LSP ID. The first six octets form the system ID of the router that originated the LSP.
LSP sequence number. This LSP sequence number is increased whenever LSP is
LSP Seq Num
updated.
LSP Checksum Checksum of all LSP packets.
Amount of time the LSP remains valid (in seconds). If this value becomes zero, the
LSP Holdtime
LSP is removed from LSDB of all routers.
Attach bit. If this value is 1, it means that the router is connected to at least one area
ATT
through level 2 router.
P P bit. If this value is 1, it means that the router provides area partition-repair feature.
Overload bit. If this value is 1, it means the router is overloaded. Therefore, other
OL
routers cannot use the router as an intermediate router when SFP calculation.
Area Address Area address that the router can reach.
NLPID NLP(Network Layer Protocol) ID
IP Address IP address of the interface
Metric IS-IS metric value and IP prefix/subnet mask of the interface

Displaying IS-IS Interface Information

To display IS-IS routing process information of all interfaces, use the show isis interface

Configuring Routing Protocol 13-99


Configuring IS-IS

command in Privileged mode.

# show isis interface


management is up, line protocol is up
IS-IS not enabled on this interface
vlan1 is up, line protocol is up
Routing Protocol: IS-IS (corecess)
Circuit Type: level-1-2
Local circuit ID: 0x01
Local SNPA: 0090.ac0b.0002
IP interface address:
10.1.1.1/16
Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.0020.01
Number of active level-1 adjacencies: 0
Next IS-IS LAN Level-1 Hello in 6 seconds

When executing the show isis interface command, the following


information is displayed.

Table 13-38 show isis interface Field Description

Field Description

State Operating state of the interface

Routing protocol Routing Protocol that is operating on the interface (area tag)

Circuit Type IS-IS routing level that is operating on the interface

Local circuit ID Index number of the interface

Local SNPA MAC address of the interface

IP interface address IP address of the interface

Level-1 Metric Level 1 IS-IS metric value of the interface


Number of active Total number of operating level 1 neighbor routers that are connected to
level-1 adjacencies the interface.
Next IS-IS LAN Level-1 Hello Time until the next level 1 hello packet is transmitted (second).

Displaying IS-IS Topology Information

To display the list of routers that are connected to IS area, use the show isis topology
command in Privileged mode.

13-100 Corecess S5 System With GPON User's Guide


Configuring IS-IS

# show isis topology

Area corecess:
IS-IS paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0020 --
0000.0000.000a 10 0000.0000.000a vlan1 00e0.b064.46ec
IS-IS paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0020 --
0000.0000.000a 10 0000.0000.000a vlan1 00e0.b064.46ec
0000.0000.000b 20 0000.0000.000b vlan1 00e0.b064.46ec
#

When executing the show isis topology command, the following information is
displayed.

Table 13-39 show isis topology Field Description

Field Description

System Id System ID that is listed at level 1 and level 2 transfer tables.

Metric IS-IS metric value of routes

Next-Hop System ID of the lowest cost next-hop

Interface Interface that learns next-hop system

SNPA SNPA (Subnetwork Point of Attachment) of next-hop

Configuring Routing Protocol 13-101


Configuring IS-IS

IS-IS Commands
The following IS-IS commands are provided in the Corecess S5 System.

Table 13-40 IS-IS Commands

Command Description
adjacency-check Perform consistency checks on hello packets.
area-password Set the IS-IS area authentication password.
Reset IS-IS (Intermediate System-to-Intermediate System) configuration
clear isis
information.
distance Specify administrative distance value of IS-IS routes.
domain-password Set authentication password of a IS-IS routing domain.
Set a host name or an area tag to be used for displaying a particular node in
dynamic-hostname
IS-IS networks.
Display mapping information for a host name and a system ID when
hostname dynamic
executing the show isis command.
ignore-lsp-errors Allow the router to ignore checksum errors of LSP.
ip router isis Enable IS-IS routing protocol on the interface.
is-type Set IS-IS routing level of the router.
isis circuit-type Set IS-IS routing level on the specified interface.
isis csnp-interval Set IS-IS CSNP (Complete Sequence Number PDUs) transmission interval.
isis hello padding Enable the padding function.
isis hello-
Set transmission interval of IS-IS hello packets on the specified interface.
interval
isis Specify multiplier value that is used when calculating transmission interval
hello-multiplier of IS-IS hello packets.
isis lsp-interval Set transmission interval of IS-IS LSPs.
isis mesh-group Set the specified interface to a member of the specified mesh group.
isis metric Specify the metric value of the specified interface.
isis password Set IS-IS authentication password of the specified interface.
isis priority Set priority of the DR (Designated Router).
isis
retransmit- Set retransmission interval of IS-IS LSPs (Link-state packet).
interval
max-area-addresses Set the maximum number of IS-IS areas that can be configured as static area.
Set maximum LSP lifetime that IS-IS LSP(Link-state packet) persist without
max-lsp-lifetime
being refreshed.
net Configure NET of the IS-IS routing process
Specify a passive interface that does not transmit routing information to
passive-interface
other routers.
Apply different values to external route, which is redistributed to IS-IS,
redistribute
depending on types of protocol or the condition of route map.
Redistribute IS-IS level 1 routes to level 2 routes, or redistribute level 2
redistribute isis
routes to level 1 routes.
router isis Enable IS-IS routing protocol, and enter IS-IS routing configuration mode.
Set overload bit not to use the local router as an intermediate router in their
set-overload-bit
SPF calculations.
spf-interval Set SPF (Shortest Path First) calculation interval of IS-IS.
summary-address Add the aggregate route entry of IS-IS.

13-102 Corecess S5 System With GPON User's Guide


Configuring IS-IS

show clns is-


Display all lists of IS (Intermediate System) that is connected to the router.
neighbors
show clns Display all lists of ES (End System) and IS (Intermediate System) that are
neighbors connected to the Corecess S5 System.
show isis counter Display status information of all IS-IS routing processes.
show isis database Display IS-IS routing database information.
show isis
Display IS-IS routing process information of the interface.
interface
show isis topology Display lists of routers that are connected to the IS-IS area.

Configuring Routing Protocol 13-103


Configuration RIP

Configuration RIP
RIP (Routing Information Protocol) Overview

Introduction

RIP (Routing Information Protocol) is a dynamic routing protocol that exchange routing
information in internal AS (Autonomous System). RIP is used for small-scale networks.
Dynamic routing protocol exchanges messages with routers and applies changed network
status to routing tables when a topology is changed, or an error occurs. RIP transmits its routing
information (RIP message) periodically to all of connected neighbor routers through number
520 of UDP port. And, RIP receives routing information from neighbor routers and modifies its
routing table. When routing information is advertised as above, all router of internal AS can
exchange their routing information.

If there are several routes that have the same destination in the routing table, RIP selects the
shortest path using the distance-vector algorithm. The distance-vector algorithm selects the
shortest next hop and the shortest distance (or cost) of the destination as the best path. A
routing protocol can be easily configured using the algorithm, and less system memory is used.

The distance of each path is called metric in RIP. The network administrator can specify the
metric depending on path state or speed. The default metric value is 1. RIP selects the path that
has the lowest value of metrics as the best path. Therefore, the metric is the basic value to select
paths in RIP.

The disadvantage of RIP is the occurrence of a routing loop. The routing loop occurs when
routers consider that the routers can reach the destination through each other and exchange
routing information continuously. To prevent this situation, RIP limits metric value to less than
15. If there is a path that metric value is over 15, RIP considers the path unreachable, and the
path cannot be transmitted to neighbors. For this reason, RIP is generally used in single AS
(Autonomous System). Split Horizon or triggered update is used to solve the routing loop.

13-104 Corecess S5 System With GPON User's Guide


Configuration RIP

RIP Version

The Corecess S5 System supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2). The
difference of two versions is as follows:

Table 13-41 Differences of RIPv1 and RIPv2

Item RIPv1 RIPv2


RFC RFC1923 RFC2453
Subnet Mask Support Class A, B, C, D. Support CIDR
Authentication Does not support authentication. Support authentication for RIP messages.
 AFI (2) : Address Family Identifier  AFI (2) : Address Family Identifier
Message  IP address(4) : IP address of  IP address(4) : IP address of destination
Form destination  subnet mask(4) : Subnet mask
(RTE part)  metric(4) : metric value of path  next hop(4) : IP address of next hop
 Stuff rest 10bytes with ‘0’  metric(4) : metric value of path
Transmits RIP messages to multicast
RIP Message address of 224.0.0.
Broadcast RIP messages to all neighbor
Transmission Routers that are connected to networks
can only receive.

By default, RIPv2 is operated in the Corecess S5 System. RIPv1 does not support subnet mask.
Thus, RIPv2 is recommended.

RIP Routing Table

Each route entry in RIP routing table consist of the following fields.

Table 13-42 Fields of RIP Route Entry

Field Description
Destination IP address and subnet mask of destination
Next hop The IP address of neighbor router to reach the destination.
Route change flag Flag for indicating the recent change of the route entry
Timer The last time the route was updated

Configuring Routing Protocol 13-105


Configuration RIP

RIP Operation

When a RIP router is booted, the following procedures proceed.

1. RIP Request Transmission


When booting the router, the router requests routing information to all neighbor routers
using the RIP request message.

2. RIP Response Receiving


When neighbors receive the RIP request message, neighbor routers send their routing
information (routing table) to the router using the RIP response message.

3. Routing Table Update


When the router receives RIP response messages from neighbor routers, the router update
its routing table with the received information. First, the router verifies that each entry of the
received tables is valid path. Then, if the entry is not in its routing table, the entry is better
path, or the entry is a new route entry, the router adds the entry into its routing table.

4. Routing Information Exchange Periodically


After routing table update, the router sends its routing table periodically to neighbor routers.
This message is called RIP message or update message. By default, the Corecess S5 System
sends the update message every 30 seconds.

13-106 Corecess S5 System With GPON User's Guide


Configuration RIP

RIP Timer

RIP uses numerous timers to regulate its performance. These include a routing-update timer, a
route-timeout timer, and a route-flush timer.

The following table lists the timers used for RIP:

Table 13-43 Timers for RIP

Timer Description
Interval between periodic routing updates. Generally, it is set to 30 seconds, with a small
Update random amount of time added whenever the timer is reset. This is done to help prevent
Timer congestion, which could result from all routers simultaneously attempting to update
their neighbors.
Interval in seconds during which routing information regarding better paths is suppressed.
It should be at least three times the value of update. A route enters into a holddown state
Holddown when an update packet is received that indicates the route is unreachable. The route is
Timer marked inaccessible and advertised as unreachable. However, the route is still used for
forwarding packets. When holddown expires, routes advertised by other sources are
accepted and the route is no longer inaccessible. The default is 180 seconds.
Amount of time in seconds that must pass before the route is removed from the routing
Flush table; the interval specified should be greater than the invalid value. If it is less than this
Timer sum, the proper holddown interval cannot elapse, which results in a new route being
accepted before the holddown interval expires. The default is 240 seconds.

Configuring Routing Protocol 13-107


Configuration RIP

Split Horizon and Triggered Update

The Split Horizon and the Triggered Update prevent the routing loop.

Router A Router B Router C

10.1.1.0

For example, the router A is connected to the network of 10.1.1.0 as above. The router B is
connected to the network of 10.1.1.0 through the router A, and the router C is connected to the
network of 10.1.1.0 through the router A and the router B.

Let’s assume that the link between the router A and the network of 10.1.1.0 is disconnected.
When the router A detects link disconnection, the router A removes this route entry from its
routing table. But, the router B does not realize the link disconnection and sends its routing
table to the router A using the update message. The router A finds the route entry of 10.1.1.0
from the received routing entry and increases metric value of the route entry, then adds the
route entry into its routing table. After that, the router B also receives the route entry of 10.1.1.0
from the router C and increases the metric value of the route entry, then adds the route entry
into its routing table. The router B sends its routing entry to the router A. If this situation is
continued, although the routers cannot actually reach to the network of 10.1.1.0, the routers
increase the metric values and update their routing table. Finally, the entry of 10.1.1.0 becomes
the invalid route when the metric value is 16, and the network becomes unreachable destination.

The above situation is called routing loop, and the routing loop is solved when the metric value
of route entry is 16. There are two solutions to solve the routing loop.

First solution is that the router does not allow information, which is transmitted by itself, to be
transmitted to other routers. If this solution is used in the above network, because network
information of 10.1.1.0 is transmitted through the router A to the router B, the router B transmits
the rest information to router A except the route entry of 10.1.1.0 network. This solution is
called split horizon. Split horizon with poisoned reverse, which is similar to split horizon, sets
the metric value to 16 instead of removing the entry.

Second solution, triggered update, is that the router transmits changed information
immediately to other routers when the router receives new routing information or detects
change of existing routing information by a physical cause. If this solution is used in the above
network, when the router A detects the link disconnection, the router informs the router B
immediately that the network of 10.1.1.0 is unreachable.

13-108 Corecess S5 System With GPON User's Guide


Configuration RIP

Configuring RIP

RIP Configuration Procedure

The configuration procedure of RIP routing protocol is as follows:

1. Enabling RIP
Enable RIP in the Corecess S5 System.

2. Configuring RIP Parameter


Configure RIP parameters such as distance, default metric, external route metric, passive
interface, timer and version.

3. Configuring RIP Interface Parameter


Configure RIP interface parameter such as authentication, version and split horizon.

4. Display RIP Configuration Information


Display RIP configuration information of the Corecess S5 System.

Enable RIP

By default, RIP is disabled in the Corecess S5 System. To enable RIP, use the router rip
command in Configure configuration mode.

# configure terminal
(config)# router rip
(config-router)#

After enabling RIP in the Corecess S5 System, specify network in that RIP is operated. To
operate RIP on the specified network, use the network command in RIP configuration mode.

Command Description
 <network-address> IP address of the network of directly
network
connected networks.
<network-address>/<M>
 <M> Subnet mask of network

The Corecess S5 System can only exchange RIP update messages with neighbor routers through
interfaces of the network that is specified using the network command.

Configuring Routing Protocol 13-109


Configuration RIP

The following example shows how to enable RIP on the network of 128.9.0.0/24 and
192.31.7.0/24.

(config-router)# network 128.9.0.0/24


(config-router)# network 192.31.7.0/24
(config-router)#

Configuring RIP Parameters

The Corecess S5 System provides the following RIP parameters.

Table 13-44 RIP Parameters

Parameter Description
Distance Specify administrative distance value of the RIP route.
Specify default metric values that are applied when redistributing all routing
Default metric
entries to RIP networks.
Set the specified interface not to transmit RIP routing information to other
Passive Interface
routers.
Distribute list Filter routes that are matched with condition of the specified access list
Change metric values of RIP route entries that are matched with condition of the
Offset list
specified access list.
Timer Specify RIP timer (update, holddown, flush) values.
RIP version Specify RIP protocol version.

This section describes how to configure RIP parameters.

Setting Distance
Distance is a value that is used for comparing routes of different routing protocols that have the
same destination. The default value of the distance is 120 in the Corecess S5 System.

Lower distance value is higher priority. To change the specified RIP distance value for topology
property or redistribution, use the distance command in RIP configuration mode.

Command Description
 <distance> Distance of RIP route (1 ~ 255)
distance <distance>  <ip-address> IP address of the network or router
[<ip-address>/<M>  <M> Subnet mask
[<access-list-number>]]  <access-list-number> Access list number to apply to the
received routing information (500 ~ 999)

The following example shows how to set the RIP route distance of 192.16.10.3 to 100 on the

13-110 Corecess S5 System With GPON User's Guide


Configuration RIP

network of 192.16.10.0.

(config)# router rip


(config-router)# network 192.16.10.0/32
(config-router)# distance 100 192.16.10.3/32
(config-router)#

Specifying Passive Interface


The passive interface is an interface that receives RIP routing information from connected
neighbor routers, but does not transmit its routing information. The passive interface is used for
filtering routing information.

To specify the passive interface, use the passive-interface command in RIP configuration
mode.

Command Description
 loopback id Specify the loopback interface that is used as the
passive-interface
passive interface.
{loopback id
 <loopback-id> Loopback interface ID that is set to the passive
<loopback-id>|
interface (1 ~ 32).
port gigabitethernet
 port Specify the port that is set to the passive interface.
<slot>/<port>|
 <slot>/<port> Slot of the port/Number of the port
vlan id <vlan-id>|
 vlan Specify the VLAN interface that is set to the passive interface.
vlan name
 <vlan-id> VLAN interface ID (1 ~ 4094)
<vlan-name>}
 <vlan-name> VLAN interface name

The following example shows how to specify the 1/1 port as the passive interface.

(config)# router rip


(config-router)# passive-interface port vlan id 1

Configuring Routing Protocol 13-111


Configuration RIP

Setting Metric Value


In the Corecess S5 System, different metric values can be applied depending on types of routing
protocol or the condition of the route map when route entries that received from different types
of routing protocols are distributed to RIP networks.

When external routes are distributed to RIP, metric values of external router are change to other
values that can be used in RIP network. It is because concept of metric is different between RIP
and other protocols.

There are two methods to change metric values of external routers to metric values of RIP
network.

 Apply the same metric value without types of routing protocols

 Apply different metric values without types of routing protocols or condition of route map

Apply the same metric value without types of routing protocols


In the Corecess S5 System, the same metric value can be applied to all external route entries
from other types of routing protocol when redistributing external entries to RIP networks. This
metric is called the default metric. The default metric can solve the redistribution problem
which routes have inappropriate metric values. Whenever the metric does not be changed, the
proper default metric is provided.

To specify the default metric, use the default-metric command in RIP configuration mode.

Command Description
default-metric <number>  <number> default metric value (0 ~ 16)

The following example shows how to set the default metric value of RIP to 10:

(config-router)# default-metric 10
(config-router)#

13-112 Corecess S5 System With GPON User's Guide


Configuration RIP

Apply different metric values without types of routing protocols or condition of route
map
In the Corecess S5 System, different metric values can be applied to external route entries from
other types of routing protocol when redistributing external entries to RIP networks.

To apply different values to external routes that are redistributed depending on types of routing
protocol or condition of route map, use the redistribute command in RIP configuration mode.

Command Description
redistribute <protocol>
 <protocol> Type of route to redistribute
[metric <metric>]
 <metric> Cost of the route entry (1 ~ 16)
[route-map <route-map-
 <route-map-name> Name of route map
name>]

In the following network, if you set each router (RTA, RTB, RTC) of the RIP network to receive
routing information from OSPF network, use the following commands.

RTA, RTB, RTC


(config)# router rip
(config-router)# passive-interface vlan id 51
(config-router)# passive-interface vlan id 52
(config-router)# redistribute ospf metric 10
(config-router)# exit
(config)# router ospf
(config-router)# redistribute rip
(config-router)#

Configuring Routing Protocol 13-113


Configuration RIP

Filtering Route
To filter routes that are matched with particular condition of access list, use the distribute-
list command in RIP configuration mode.

Command Description
distribute-list  <access-list-num> Number of the access list to apply (500 ~ 999)
<access-list-num>  in Filter route that are matched with the specified condition of access
{in | out} {port list when receiving routing information.
gigabitethernet  out Filter route that are matched with the specified condition of access
<slot>/<port>| list when transmitting routing information.
vlan id <vlan-id>|  <slot>/<port> slot number/port number
vlan name  <vlan-id> VLAN interface ID to apply access list (1 ~ 4094)
<vlan-name>}  <vlan-name> VLAN interface name to apply access list

The following example shows how to filter routes that are matched with condition of access list
500 in routing information from which port 5/1 of the system receives.

(config)# access-list 500 permit 172.16.40.0/24


(config)# router rip
(config-router)# distribute-list 500 in vlan id 51
(config-router)#

The following example shows how to filter routes that are matched with condition of access list
500 in routing information to which port 5/1 of the system transmits.

(config)# router rip


(config-router)# distribute-list 500 out vlan id 51
(config-router)#

Apply Offset list to Rout Metric Value


An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned
via RIP.

To define an offset list, use the offset-list command in RIP configuration mode.

Command Description
offset-list  <access-list-num> Access list number to apply (500 ~ 999).
<access-list-num>  in Applies the access list to incoming metrics.
{in | out} <offset>  out Applies the access list to outgoing metrics.
[port gigabitethernet  <offset> Positive offset to be applied to metrics for networks
<slot>/<port>| matching the access list. If the offset is 0, no action is taken.
vlan id <vlan-id>|  <slot>/<port> Slot number/port number of the port.
vlan name  <vlan-id> Id of the VLAN to which the offset-list is applied.

13-114 Corecess S5 System With GPON User's Guide


Configuration RIP

<vlan-name>]  <vlan-name> Name of the VLAN to which the offset-list is


applied.

The following example shows how to add 10 to metric value of route entries that are matched
with condition of access list 21 when transmitting routing information through all interfaces.

# configure terminal
(config)# router rip
(config-router)# offset-list 21 out 10

The following example shows how to add 5 to metric value of route entries that are matched
with condition of access list 22 when receiving routing information from port 5/1 of the system.

# configure terminal
(config)# router rip
(config-router)# offset-list 22 in 5 vlan id 51

Setting Timer
Routing protocols use several timers that determine such variables as the frequency of routing
updates, the length of time before a route becomes invalid, and other parameters. You can
adjust these timers to tune routing protocol performance to better suit your internetwork needs.
You can make the following timer adjustments:

Table 13-45 RIP Timers

Timer Function Default


Time in seconds between updates (The rate at which routing updates are 30
Update timer
sent). seconds
Holddown 180
The interval of time (in seconds) after which a route is declared invalid.
timer seconds
The amount of time (in seconds) that must pass before a route is removed 120
Flush timer
from the routing table. seconds

Configuring Routing Protocol 13-115


Configuration RIP

To change values of RIP timers, use the timers basic command in RIP configuration mode.

Command Description

 <update> Update timer value (1-4294967295 seconds)


timers basic <update>
 <holddown> Hold down timer value (1-4294967295 seconds)
<holddown> <flush>
 <flush> Flush timer value (1-4294967295 seconds)

The following example shows how to set the timers.

# configure terminal
(config)# router rip
(config-router)# timers basic 30 100 50

Specifying RIP Version


The Corecess S5 System supports both RIPv1 and RIPv2. The RIPv2 supports authentication
and CIDR including features of RIPv1. By default, RIPv2 is operated in the Corecess S5 System.
If connected neighbor routers use RIPv1, RIP version of the router should be changed to RIPv1.

To change RIP version of all interfaces that are defined in the router, use the version
command in RIP configuration mode.

Command Description

version <version>  <version> RIP version (1, 2)

The following example shows how to set RIPv1 to all interfaces.

# configure terminal
(config)# router rip
(config-router)# version 1
(config-router)#

13-116 Corecess S5 System With GPON User's Guide


Configuration RIP

Configuring RIP Equal Cost Multipath Routing

RIP ECMP Routing supports multiple equal-cost paths between routers, and distributes the
traffics among the possible paths. Maximum 4 links can working with one ECMP link and the
traffic can be shared on a basis of IP address destination session.

The following example show how RIP routers execute load balancing by the Equal Cost
Multipath Routing Protocol.

Displaying RIP Configuration Information


This section describes how to display various RIP configuration information.

Display RIP Routing Table

To display RIP routing tables, use the show ip rip command in Privileged mode.

# show ip rip
Codes: R - RIP, C - connected, O - OSPF, B - BGP, S - static
(n) - normal, (s) - static, (d) - default, (r) - redistribute,
(i) - interface

Network Next Hop Metric From Time


R 10.10.10.0/24 210.126.40.2 1 210.126.40.2 02:32
R 20.20.20.0/24 210.126.40.2 2 210.126.40.2 02:32
B 30.30.30.0/24 0
O 40.40.40.0/24 0 01:47
R 210.126.10.0/24 210.126.40.2 1 210.126.40.2 02:32
B 210.126.30.0/24 0
C 210.126.40.0/24 0

Configuring Routing Protocol 13-117


Configuration RIP

When executing the show ip rip command, the following information is displayed.

Table 13-46 show ip rip Field Description

Field Description

Entry code, destination network address or host ip address / bit number of subnet mask
Types of entry code are as follows:
Network
R : RIP Entry C : Connected Entry
O : OSPF Entry B : BGP S : Static Entry

IP address of the next system that is used when forwarding a packet to the destination
Next
network. If the router connects directly to the destination, ‘0.0.0.0’ is displayed.

Metric Metric value of path (number of hop)

From IP address of the interface that transmits the route entry.

Remain time to remove the path. Holddown timer value is displayed for the first time.
Time Then, after holddown timer value becomes zero, flush timer value is displayed. After even
flush timer value becomes zero, the path is removed from the routing table.

13-118 Corecess S5 System With GPON User's Guide


Configuration RIP

Display RIP Interface Information

To display RIP configuration information for all interfaces that are defined in the system, use
the show ip rip interface command in Privileged mode.

# show ip rip interface


management is up, line protocol is up
RIP is not enabled on this interface
vlan53 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
35.35.35.1/24
#

When executing the show ip rip interface command, the following information is
displayed.

Table 13-47 show ip rip interface Field Description

Field Description

Interface Display interface name and state


Routing
Enable routing protocol of the interface
Protocol
Passive
Configuring status of the Passive interface on the interface
interface
Split
Configuring status of Splitter horizon and Poisoned Reversed
horizon
IP interface
IP address and subnet mask of interface
address

Display RIP Version Information

To display the current RIP version, use the show ip protocols command in Privileged
mode.

# show ip protocols

Routing Protocol is "rip"


Sending updates every 30 seconds with +/-50%, next due in 10 seconds

Configuring Routing Protocol 13-119


Configuration RIP

Timeout after 180 seconds, garbage collect after 120 seconds


Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing:
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
vlan53 2 2
vlan41 2 2
Routing for Networks:
25.25.25.0/24
35.35.35.0/24
Routing Information Sources:
Gateway Distance Last Update Bad Packets Bad Routes
25.25.25.4 120 00:00:27 0 0
35.35.35.4 120 00:00:27 0 0
Distance: (default is 120)

RIP Commands

The following RIP commands are provided in the Corecess S5 System.

Table 13-48 RIP Commands

Command Description
default-
Allow the router to advertise RIP default route information to neighbor
information
routers
originate
Specify default metric values that are applied when redistributing all routing
default-metric
entries to RIP networks.
distance Specify administrative distance value of the RIP route.
distribute-list Filter routes that are matched with condition of the specified access list
network Specify the network to operate RIP routing protocol.
Change metric values of RIP route entries that are matched with condition of
offset-list
the specified access list.
Set the specified interface not to transmit RIP routing information to other
passive-interface
routers.
Redistribute routing information of other routing protocols to routing
redistribute
information of RIP network.
route Add a RIP static route.
timers basic Specify RIP timer (update, holddown, flush) values.
version Specify RIP protocol version.
ip rip
authentication key- Enable authentication process for RIPv2, and define keys for interfaces.
chain
ip rip
authentication Specify authentication method for RIPv2 packets.
mode
ip rip authentic-
Specify authentication string for RIPv2 packets.
cation string
ip rip receive Specify RIP version of packets from which the interface receives.

13-120 Corecess S5 System With GPON User's Guide


Configuration RIP

version
ip rip send
Specify RIP version of packets to which the interface transmits.
version
clear ip rip Reset information that is learnt from RIP.
Configuration for the purpose of load balancing for the traffic with Equal Cost
equal-cost-multipath
Multipath Routing
show ip protocols Display IP protocol information that is operating in the system.
show ip rip Display the contents of RIP routing table.
show ip rip Display RIP configuration information for all interfaces that are defined in
interface the system.

Configuring Routing Protocol 13-121


Edition: 0006
Distribution: 12/2012

Chapter 14 Configuring LACP

This chapter describes how to configure a trunking group by using LACP (Link Aggregation Control
Protocol).
Port Trunking Overview

Port Trunking Overview


In the System, several physical links can be configured to single logical link to connect backbone
devices that request high bandwidth or to connect networks that bottle neck of traffic might
occur. This feature is called port trunking or link aggregation, and the group of port in the same
trunk is called trunk group. The one logical port supports the same amount of bandwidth as the
total amount of bandwidth that adds each physical port.

For example, the maximum bandwidth of the port that connects the system A and the system B
is 1Gbps, but the amount of data that receives and transmits between two systems can exceed
1Gbps. Port trunking can be used in the case. Several ports act as single port, so it can be easily
managed by VLAN, STP and IGMP. Port trunking also effects stability of the system. Even if
some ports that are included in a trunking group are not operating normally, communication
can be continued by rest ports.

In the System, port trunking can be implemented by 802.ad link aggregation, and 802.3ad link
aggregation uses LACP (Link Aggregation Control Protocol). LACP allows ports that have the
same link aggregation key value to configure themselves into a trunking group.

14-2 Corecess S5 System With GPON User's Guide


Port Trunking Overview

Notes for LACP Trunk Configuration


When configuring and connecting the LACP trunk on the System, be aware of the following:

 You can configure up to 128 trunking groups on the System.

 You can configure up to 8 ports in a trunking group.

 If you do not use STP, you should complete port trunking configuration to prevent loops
before connecting network cables between systems.

 All trunk group members (ports) should have the same media type (10/100Base-T, 100FX, or
Gigabit)

 All trunk group members (ports) should be set to the same port speed, duplex mode, and
operation mode.

 All trunk group members (ports) should be set to the full-duplex mode.

 If LACP operation mode is set to active on a port that is located in the end of a trunk, trunk is
set automatically.

 STP, IGMP and QoS are configured for all trunks.

 Configured trunking groups by LACP can be connected without a vendor of devices.

 The inter-LIM port can be assigned a trunk group.

QoS of Trunk Group


When QoS is configured, a trunk group acts as single port. Instead, the maximum bandwidth
that is the same as total bandwidth of ports can be specified to the trunk group. QoS
configuration that was configured to ports before aggregation is not applied after aggregation.
If ports are released from the trunk group, previous QoS configuration is applied to ports again.

When a QoS trunk is specified, the aggregated ID of the trunk group is used. The aggregated ID
is decided by the following rules.
For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, the lowest port (1/1) is decided to the
aggregated ID.

Configuring LACP 14-3


Configuring LACP Trunk

Configuring LACP Trunk


This section describes how to configure LACP trunk on the System.

The configuration procedure of LACP trunk is as follows:

1. Setting LACP key and operation mode

2. Setting LACP partner Key

Setting LACP Key and Operation Mode


Link aggregation support is disabled by default. You can enable link aggregation on the System
by assigning the LACP admin key and by setting the LACP mode.

LACP Key
LACP key is used to identify the trunk in which the port is included. All ports that are in the
single trunk have the same key value.

LACP Operation Mode


You can enable the feature on an individual port basis, in active, passive, or passive manual
mode.

 Active mode (Default)


When you set LACP operation mode to active, the System can exchange standard LACP
Protocol Data Unit (LACPDU) messages to negotiate trunk group configuration with the
port on the other side of the link. In addition, the System port actively sends LACPDU
messages on the link to search for a link aggregation partner at the other end of the link, and
can initiate an LACPDU exchange to negotiate link aggregation parameters with an
appropriately configured remote port.

 Passive mode
When you enable a port for passive link aggregation, the System port can exchange
LACPDU messages with the port at the remote end of the link, but the System port cannot
search for a link aggregation port or initiate negotiation of an aggregate link. Thus, the port
at the remote end of the link must initiate the LACPDU exchange.

 Manual mode

14-4 Corecess S5 System With GPON User's Guide


Configuring LACP Trunk

When you enable a port for manual link aggregation, you can manually configure aggregate
links containing multiple ports

To configuring a dynamic LACP trunk, one end of ports should be configured to LACP active
mode and the other end of ports should be configured to LACP active or LACP passive mode.

Switch A Switch B

Port X : LACP mode : Active Port X : LACP mode : Active

Port Y : LACP mode : Active Port Y : LACP mode : Passive

To configure a trunk manually, both ends of the ports should be configured to LACP manual
mode.

Switch A Switch B

Port X : LACP Mode : Manual Port X : LACP Mode : Manual

To assign the LACP key and set LACP operation mode, use the following commands:

Table 14-1 Setting LACP Operation Mode

Command Description
configure terminal 1. Enter Global configuration mode.
2. Assign LACP key and specify the LACP operation mode for the
specific ports.
 <key-num> LACP key value(1 ~ 65535)
lacp key <key-num>  <slot>/<port> Slot/Port number
port gigabitethernet  active Enable active mode. Aggregation link is created, channels
<slot>/<port> mode are initialized in active mode. If the remote LACP mode is active of
{active | passive | passive, aggregation link is created.
manual}  passive Enable passive mode. Channels are not initialized in
passive mode, but LACP packets can be processed.
 manual Enable manual mode. Aggregation link can be
configured without LACP in manual mode.
lacp : Change LACP parameter
actor-timeout : LACP_timeout
short : short
lacp actor-timeout
long : long
(short|long) port port
fastethernet : FastEthernet port type
type WORD
gigabitethernet : GigabitEthernet port type
epon : Ethernet PON port type
tengigabitethernet : 10G Ethernet port type

Configuring LACP 14-5


Configuring LACP Trunk

WORD : Port(s) ranges (ex. 1/1-2,2/4)


end 3. Return to Privileged mode.
show lacp port
gigabitethernet 4. Verify LACP configuration.
<slot>/<port>
show : Show running system information
lacp : LACP information
show lacp aggregator
aggregator : specify aggregator
: lag identifier
show : Show running system information
lacp : LACP information
show lacp lag all
lag : specify link aggregation group
all : all lags
The following example shows how to assign 10 of LACP key to the Gigabit Ethernet port 1/3
and how to set the LACP operation mode to active.

# configure terminal
(config)# lacp key 10 port gigabitethernet 1/3 mode active
(config)# end
# show lacp port gigabitethernet 1/3

Link State: down


Port Index: 769
Oper Mode: Active
Actor Port Admin Key: 10
Actor Admin State: 0x07

Partner Port Admin Key: 769


Partner Admin State: 0x06
# write memory
Building Configuration...
[OK]
#

14-6 Corecess S5 System With GPON User's Guide


Configuring LACP Trunk

LACP Configuration Example


This section describes how to configure two physical links to single logical link using the
System.

System A

Trunk Group
 Port : 5/1-4 on System A
5/1-4 on System B
 LACP admin key : 33
System B

System A
The following shows how to configure the LACP trunk on the System A:

System A# configure terminal


System A(config)# lacp key 33 port gigabitethernet 1/3-4 mode active
System A(config)# end
System A# write memory
Building Configuration...
[OK]
System A#

System B
The following shows how to configure the LACP trunk on the System B:

System B# configure terminal


System B(config)# lacp key 33 port gigabitethernet 1/3-4 mode passive
System B(config)# end
System B# write memory
Building Configuration...
[OK]
System B#

Configuring LACP 14-7


LACP System Distribution

LACP System Distribution

The system supports hardware-based link aggregation(trunking). Up to eight ports can be


bundled into a single logical port; 128 such trunk groups are supported. This provides for
increased bandwidth and redundancy.

When a packet is L2 switched or L3 routed to a trunk group, the actual port selection is made
based on one of six criteria:

Filed Description

SA Mac src Only

DA Mac dst Only

SA XOR DA(exclusive-OR of SA and DA) Mac Only

SIP Ip src Only

DIP Ip dst Only

SIP XOR DIP Ip Only

In all cases, three bit(the LSBs) are used to index into a trunk table to choose one of eight
possible ports. SIP and DIP criteria are used for Ipv4 packets; for other packets the selection falls
back to criteria based on the equivalent MAC address.

Broadcast, Multicast, and DLF packets are sent to a single port in a trunk group. Several
registers are provided to control which port is used for each type of traffic. A mechanism is
provided to control distribution of unknown multicast packets over trunk ports. This is
accomplished by using the FFP to filter on a destination port = 0x1d and the least significant 3
bits of the Destination MAC address. Then set up 8 corresponding IRULES with ACTION bit 16
set and use the CLASSIFICATION_TAG field to indicate which trunk ports are allowed to
receive the packet. THE CLASSIFICATION_TAG is ANDed with the port bitmap is this
scenario.

LACP system distribution commands are as follows;

Node Command Help

system : System Setting


system lacp distribution (all | ip | ip-src |
config ip-dst | mac | mac-src | mac-dst | session lacp : Lacp Hashing
| ip-mac | ip-session | mac-session) distribution : Distribution

all : All

14-8 Corecess S5 System With GPON User's Guide


LACP System Distribution

ip : Ip Only

ip-dst : Ip dst Only

ip-mac : Ip & Mac

ip-session : Ip & Session

ip-src : Ip src Only

mac : Mac Only

mac-dst : Mac dst Only

mac-session : Mac & Session

mac-src : Mac src Only

session : Session Only

localhost(config)# system lacp distribution


ip Ip Only
ip-dst Ip dst Only
ip-src Ip src Only
mac Mac Only
mac-dst Mac dst Only
mac-src Mac src Only -SA
localhost(config)# system lacp distribution

Configuring LACP 14-9


Edition: 0006
Distribution: 12/2012

Chapter 15 Configuring STP/RSTP/MSTP


This chapter describes how to configure STP (Spanning Tree Protocol)/RSTP (Rapid Spanning Tree
Protocol)/ MSTP(Multi STP) on the System.
Understanding STP and RSTP

Understanding STP and RSTP


STP Overview

Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can
be transmitted through other paths even if one of paths cannot be used on the network. But,
loops might occur on the network. If a loop is occurs between two nodes, when packets are
broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can
be congested, then the network becomes instable.

In the following network configuration, there are two paths from Switch A to Switch C. One of
the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B.
A loop is formed in this network because multiple active paths exist between Switch A and
Switch C. In this network, end stations might receive duplicate messages. For example, if Switch
A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A
broadcast the packets again.

Switch A

Path 1 Path 2

Path 3

Switch B Switch C

STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are
existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop,
the spanning-tree port priority and path cost settings determine which interface is put in the
forwarding state and which is put in the blocking state. Spanning tree forces redundant data
paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only
transmitted through paths of non-blocking state.

15-2 Corecess S5 System With GPON User's Guide


Understanding STP and RSTP

If the path 3 is blocked in the network configuration mentioned previously, you can have a
loop-free path between Switch A and Switch C as follows:
Switch A

Path 2
(Forwarding)
Path 1
(Forwarding)

Path 3
Switch B (Blocking) Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at
regular intervals. The switches do not forward these frames, but use the frames to construct a
loop-free path.

If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree
algorithm recalculates the spanning-tree topology and activates the standby path.

Configuring STP/RSTP/MSTP 15-3


Understanding STP and RSTP

BDPU(Bridge Data Protocol Unit)


Spanning tree consists of a root switch, designated switches, root port, and designated ports.
The root switch is the logical center of the spanning-tree topology in a switched network. A
designated switch is a switch used to forward packets from that LAN to the root switch. A root
port is a forwarding port elected for the spanning-tree topology. A designated port is a
forwarding port elected for every switched LAN segment.

Root Switch

Root Port Root Port

Designated Designated
Switch Switch

Designated Port

Designated
Switch

When the switches in a network are powered up, each function operates as the root switch.
Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and
compute the spanning-tree topology. Each configuration BPDU contains this information:

- Unique bridge ID of the switch that the sending switch identifies as the root switch
- Spanning-tree path cost to the root
- Bridge ID of the sending switch
- Aging time of BPDU
- Interface ID that transmits BPDU
- Spanning tree timer values (Hello, Forward delay, Max-age)

Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-
byte bridge ID; the two most-significant bytes are used for the switch priority, and the
remaining six bytes are derived from the switch MAC address. The switch with the highest
switch priority (the lowest numerical priority value) is elected as the root switch. If all switches
are configured with the default priority (32768), the switch with the lowest MAC address in the
VLAN becomes the root switch.

15-4 Corecess S5 System With GPON User's Guide


Understanding STP and RSTP

Path cost determines the selection of the root port and designated switch. The port that provides
the best path (lowest cost) when the switch forwards packets to the root switch is called the root
port. The switch that provides the lowest path cost when forwarding packets from that LAN to
the root switch is called the designated switch. The port through which the designated switch is
attached to the LAN is called the designated port.

A root port is selected for each switch (except the root switch). This port provides the best path
(lowest cost) when the switch forwards packets to the root switch.

BPDU has three spanning-tree timers (hello, forward delay, max age). The following table
describes the timers that affect the entire spanning-tree performance:

Table 15-1 STP Timers

Timer Description
When this timer expires, the interface sends out a Hello message to the neighboring
Hello timer
nodes.
Forward delay Determines how long each of the listening and learning states last before the
timer interface begins forwarding.
Determines the amount of time the switch stores protocol information received on an
Max age timer
interface.

Configuring STP/RSTP/MSTP 15-5


Understanding STP and RSTP

Spanning-Tree Port States


Each port on the switch using spanning tree exists in one of these states:
• Blocking: The port does not participate in frame forwarding. (Default state)
• Listening: The first transitional state after the blocking state when the spanning tree
determines that the port should participate in frame forwarding.
• Learning: The port prepares to participate in frame forwarding.
• Forwarding: The port forwards frames.
• Disabled: The port is not participating in spanning tree because of a shutdown port, no link on
the port, or no spanning-tree instance running on the port.

The following picture shows process of five port states.

Blocking State

BPDU Transmission

Listening State 리스닝 상태


Disabled State
Forward delay (Listening State)

Learning State
Forward delay

Forwarding State

A port that STP is operating always starts at the blocking state. When a switch is initialized, the
switch assumes that the switch is the root switch and transmits BPDU to connected devices
through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive
BPDU become the listening state.

Ports of the listening state exchange BPDUs with other devices and select the root switch. Then,
after forward delay time is passed, the listening state becomes the learning state.

15-6 Corecess S5 System With GPON User's Guide


Understanding STP and RSTP

Ports of the learning state learn MAC addresses to transmit frames. Then, after forward delay
time is passed, the learning state becomes the forwarding state. Frames that are received before
ports become the forwarding state are discarded. After the forwarding, received frames are
transmitted through ports.

Ports of the disabled state do not participate in the spanning tree. These ports neither transmit
or receive BPDUs and do not transmit frames.

Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected
network as the root of the spanning tree. The algorithm calculates the best loop-free path
through a switched Layer 2 network by assigning a role to each port based on the role of the
port in the active topology.

When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost
settings determine which interface is put in the forwarding state and which is put in the
blocking state. The port priority value represents the location of an interface in the network
topology and how well it is located to pass traffic. The path cost value represents media speed.

Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment
in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates
the spanning-tree topology and activates the standby path.

Configuring STP/RSTP/MSTP 15-7


Understanding STP and RSTP

RSTP (Rapid Spanning Tree Protocol)


While STP is enabled, and BPDU is spread, topology is changed continuously on other parts of
the network. It takes a lot of time that the changed topology is applied to spanning tree. RSTP
802.1W improve disadvantage of STP.

The key difference between STP and RSTP is the transition states of a port. STP moves a port
from the blocking state to the forwarding state after the listening and the learning state. RSTP
reduces the transition steps by moving directly a port from the blocking state to the forwarding
state. This allows rapid reconfiguration capability when the topology has changed.

Port State of RSTP


There are three port states - discarding, learning, forwarding - in RSTP 802.1W. The learning
state and the forwarding state are the same as the states of STP, and the discarding state
includes the disable state, the blocking state and the listening state of STP. The following table
provides a comparison of STP and RSTP port states.

Table 15-2 Comparison of STP and RSTP port states

STP RSTP Is Port Included in the Is port learning


Operational Status
Port State Port State Active Topology? MAC Addresses?

Blocking Discarding Enabled No No

Listening Discarding Enabled No No

Learning Learning Enabled No Yes

Forwarding Forwarding Enabled Yes Yes

Disabled Discarding Disabled No No

15-8 Corecess S5 System With GPON User's Guide


Understanding STP and RSTP

Default STP Configuration


By default, RSTP is enabled on all VLANs of the System. The following table shows the default
STP configuration.

Table 15-3 Default STP Configuration

Feature Default Setting

VLAN STP State RSTP is enabled by default on all VLANs.

Port STP State Disabled

VLAN ID (Switch priority) 32768

Spanning-tree port priory 128

10Mbps 2,000,000

Spanning-tree port 100Mbps 200,000


cost 1Gbps 20,000

10Gbps 2,000

Encoding method for port cost 32 bit (1 ~ 200,000,000)

Hello time 2 seconds

Timer Forward delay 15 seconds

Max age 20 seconds

Admin Edge Disabled

STP Version RSTP version 2

Configuring STP/RSTP/MSTP 15-9


Configuring STP

Configuring STP
This section describes how to configure spanning-tree features on the System.

Procedures for STP Configuration


You can configure the following STP features on the System:

 Enable STP on a Port VLAN

 Enabling or Disabling STP on a port

 Configuring the bridge priority

 Configuring the path cost

 Configuring STP encoding

 Configuring the port priority

 Setting spanning tree timers (Hello time, Max age, Forward delay)

Enabling STP on a Port VLAN


You can enable or disable STP on a Port VLAN basis. RSTP is enabled by default on the default
Port VLAN and on all newly created Port VLANs. By default, RSTP is enabled in the System. To
operate STP, enable STP first, then set protocol version to STP.

To operate STP, use the following commands.

Table 15-4 Enabling STP on a VLAN

Command Description
configure terminal 1. Enter Global configuration mode.
2. Enable STP on the specified Port VLAN.
stp vlan id <vlan-id>
 <vlan-id> Port VLAN ID (1 ~ 4094)
stp protocol-version
3. Set spanning tree protocol to STP.
stp vlan id <vlan-
 <vlan-id> Port VLAN ID (1 ~ 4094)
id>
end 4. Enter Privileged mode.
show stp vlan {all |
5. Verify STP configuration.
id <vlan-id>}

15-10 Corecess S5 System With GPON User's Guide


Configuring STP

The following example shows how to enable STP on a Port VLAN:

# configure terminal
(config)# stp vlan id 1
(config)# stp protocol-version stp vlan id 1
(config)# end
# show stp vlan id 1

VLAN ID: 1
Protocol Operation: enabled
STP version: stpCompatible(0)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001020000DB
Time since topology change: 1539(s)
.
.
.
#

Disable STP only if you are sure there are no loops in the network topology . When STP is
disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance. To disable STP on a Port VLAN basis,
enter the no stp vlan command in Global configuration mode. The following example
shows how to disable STP on the Port VLAN whose ID is 1:

(config)# no stp vlan id 1


(config)#

If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.

Configuring STP/RSTP/MSTP 15-11


Configuring STP

Enabling or Disabling STP on a Port


If you enable STP on only a VLAN, the change does not affects all ports belong to the Port
VLAN. you should enable STP both on a port and on a Port VLAN. 메모 [a5]: 윤장식

설명이 잘못된것 같아서


To enable STP on a port, use the following commands.
수정하였습니다. 국문에서도
Table 15-5 Enabling STP on a port
이상이 없는지 확인해주세요.
Command Description
configure terminal 1. Enter Global configuration mode.
Port gigabitethernet 2. Enable STP on the specified Ethernet port.
<slot>/<port> stp  <slot>/<port> Slot/port number of the port
STP설정은 Port와
end 3. Return to Privileged mode. VLAN양쪽에서 Enable이
show stp port <port-
4. Verify STP configuration.
type> <slot>/<port> 되어있어야 동작합니다.

The following example enables STP on the port 1/3 and 1/4:

(config)# port gigabitethernet 1/3 stp


(config)# port gigabitethernet 1/4 stp
(config)# end
# show stp port gigabitethernet 1/4
Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port Number(logical): 257
Port Priority: 0x08
.
.

To disable STP on a specific port, enter the no port command in Global configuration mode.
The following example disables STP on the Gigabit Ethernet port 1/3 ~ 1/4:

(config)# no port gigabitethernet 1/3-4 stp


메모 [zwyi6]: Stp 뒤로
(config)#

15-12 Corecess S5 System With GPON User's Guide


Configuring STP

Configuring the Bridge Priority


You can configure the bridge priority for individual Port VLANs. Bridge Priority is used to
choose the root bridge in a spanning tree. The default bridge priority for all Port VLANs on the
System is ‘32768’. The bridge with the lowest value has the highest priority and is the root. To
make the switch the root bridge, set the bridge priority to the lowest value. If you change the
bridge priority, the spanning tree for the Port VLAN is reconfigured.

To change the bridge priority of a Port VLAN, use the following commands.

Table 15-6 Setting the Bridge ID

Command Description
configure terminal 1. Enter Global configuration mode.

stp bridge-priority 2. Set the bridge ID for a specific Port VLAN.


<priority> vlan id  <priority> Priority of the bridge (0 ~ 65535)
<vlan-id>  <vlan-id> Port VLAN ID (1 ~ 4094)

end 3. Return to Privileged mode.

show stp vlan id


4. Verify the configuration result.
<vlan-id>

The following example shows how to set bridge ID for a Port VLAN to 3000 (hexa-decimal :
0x0BB8):

# configure terminal
(config)# stp bridge-priority 3000 vlan id 2
(config)# end
# show stp vlan id 2
VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x0BB8( 3000)-0001AB0DEF11
Time since topology change: 16(s)
Topology changes: 2
Designated Root BridgeID: 0x8000(32768)-0001AB0DEF11
Root Path Cost: 0
.
.
#

Configuring STP/RSTP/MSTP 15-13


Configuring STP

To restore the bridge priority for a Port VLAN to the default priority (32768, hexa decimal :
0x8000), enter the no stp bridge-priority command.

(config)# no stp bridge-priority vlan id 2


(config)# end
# show stp vlan id 2

VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000(32768)-0090A3000004
Time since topology change: 7363(s)
Topology changes: 0
.
.
.
#

Configuring the Path Cost


When spanning tree is configured, if there are over two paths, lower cost of the path is selected.
By default, path cost of a port is decided by physical link speed as follows:

 Ethernet link (10Mbps): 100

 Fast Ethernet link (100Mbps): 19

 Gigabit Ethernet link (1Gbps): 4

If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.

To configure the path cost for the specified port, use the following commands.

Table 15-7 Configuring the path cost

Command Description
configure terminal 1. Enter Global configuration mode.
port <port-type> 2. Set the path cost for a specific port..
gigabitethernet  <slot>/<port> slot/port number of a port

15-14 Corecess S5 System With GPON User's Guide


Configuring STP

pathcost <path-cost>  <path-cost> path cost of a port (1 ~ 65525).


end 3. Return to Privileged mode.
show stp port <port-
4. Verify the configuration result.
type> <slot>/<port>

The following example shows how to set the path cost for the Gigabit Ethernet port 1/3 to 10:

(config)# port gigabitethernet 1/3 pathcost 10


(config)# end
# show stp port gigabitethernet 1/3

Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Port Number(logical): 129
Port Priority: 0x8
Designated Root BridgeID: 0x8000-004455CCDD00
Designated Path Cost: 10
Designated BridgeID: 0x8000-0090A3040000
Designated PortID: 0x8018
AdminEdge: false
OperEdge: false
AdminPointToPoint: auto(2)
OperPointToPoint: true
#

Recommendation: We recommend that you set the path cost as follows according to the
running STP protocol version and the media speed of the port:

Port Speed Range


10Mbps 50~ 600
100Mbps 10 ~ 60
1Gbps 3 ~ 10
10Gbps 1~5

Configuring STP/RSTP/MSTP 15-15


Configuring STP

Configuring STP Encoding


While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits
(1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. You cannot
configure the STP encoding mode for individual Port VLANs and the change affects to all
spanning trees.

Table 15-8 Configuring STP encoding mode

Command Description

configure terminal 1. Enter Global configuration mode.

stp pathcost-encoding
2. Configure the type of STP encoding mode.
stp8021d1998

end 3. Return to Privileged mode.

show stp vlan id


4. Verify the configuration result.
<vlan-id>

The following example shows how to configure the type of STP encoding mode to 16 bits:

(config)# stp pathcost-encoding stp8021d1998


(config)# end
# show stp vlan id 1

VLAN ID: 1
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 16bit
BridgeID: 0x8000-0090A3000003
.
.
#

15-16 Corecess S5 System With GPON User's Guide


Configuring STP

Configuring the Port Priority


If all ports have the same path cost, spanning tree uses the port priority when selecting a port to
put into the forwarding state. You can assign higher priority values (lower numerical values) to
ports that you want selected first, and lower priority values (higher numerical values) that you
want selected last.

To configure priority of the specified port, use the following commands.

Table 15-9 Configuring the port priority

Command Description

configure terminal 1. Enter Global configuration mode.

port gigabitethernet 2. Set priority of a port.


<slot>/<port>  <slot>/<port> slot number/port number
priority <priority>  <priority> Priority of a port (0 ~ 15).

end 3. Return to Privileged mode.

show stp port <port-


4. Verify the configuration result.
type> <slot>/<port>

The following example shows how to configure the port priority of the Gigabit Ethernet port
1/3 to ‘1’:

(config)# port gigabitethernet 1/3 priority 1


(config)# end
# show stp port gigabitethernet 1/3

Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Port Number(logical): 129
Port Priority: 0x1
Designated Root BridgeID: 0x8000-004455CCDD00
Designated Path Cost: 200000
Designated BridgeID: 0x8000-0090A3040000
.
.

Configuring STP/RSTP/MSTP 15-17


Configuring STP

Setting Spanning Tree Timers


BPDU contains spanning tree timers (hello, forward delay, and max-age timers) that affect the
performance of the entire spanning tree. By default, the following values are set to the timers:

 Hello Timer: 2 seconds


 Max age Timer : 20 seconds
 Forward delay Timer : 15 seconds

You can set spanning tree timers for individual Port VLANs. To set STP timers for a specified
Port VLAN, use the following commands.

Table 15-10 Setting spanning tree timers

Command Description

configure terminal 1. Enter Global configuration mode.

2. Set STP hello timer for the specified VLAN.


stp hello-time <value>
 <value> STP Hello Time (1 ~ 10 seconds)
vlan id <vlan-id>
 <vlan-id> Port VLAN ID (1 ~ 4094)

3. Set STP max age timer for the specified VLAN


stp max-age <value>
vlan id <vlan-id>  <value> STP Max Age time (6 ~ 40 seconds)
 <vlan-id> Port VLAN ID (1 ~ 4094)
4. Set STP forward delay timer for the specified VLAN.
stp forward-delay <value>
 <value> STP forward delay time (4 ~ 30 seconds)
vlan id <vlan-id>
 <vlan-id> Port VLAN ID (1 ~ 4094)

end 5. Return to Privileged mode.

show stp vlan id


6. Verify the configuration result.
<vlan-id>

The following example shows how to set spanning tree timers for a Port VLAN:

(config)# stp hello-time 5 vlan id 2


(config)# end
# show stp vlan id 2

VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001AB0DEF11

15-18 Corecess S5 System With GPON User's Guide


Configuring STP

Time since topology change: 106(s)


Topology changes: 2
Designated Root BridgeID: 0x8000-0001AB0DEF11
Root Path Cost: 0
Root Port Number(logical): 0
MaxAge: 20(s)
HelloTime: 2(s)
ForwardDelay: 15(s)
Bridge MaxAge: 20(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 15(s)
.
.
#

To return the STP hello timer value to the default value, use the no stp hello-time
command in Global configuration mode.

(config)# no stp hello-time vlan id 2


(config)#

The following example shows how to set the STP forward delay timer to 20 seconds for the
Port VLAN that ID is 2.

(config)# stp forward-delay 20 vlan id 2


(config)# end
# show stp vlan id 2

VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
.
.
ForwardDelay: 15(s)
Bridge MaxAge: 20(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 20(s)
.
.
#

Configuring STP/RSTP/MSTP 15-19


Configuring STP

To return the STP forward delay timer value to the default value, use the no stp forward-
time command in Global configuration mode.

(config)# no stp hello-delay vlan id 2


(config)#

The following example shows how to set the STP max age timer to 30 seconds for the specified
Port VLAN that ID is 2.

(config)# stp max-age 30 vlan id 2


(config)# end
# show stp vlan id 2

VLAN ID: 2
Protocol Operation: enabled
Root Bridge: yes
STP version: rstp(2)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001AB0DEF11
Time since topology change: 106(s)
Topology changes: 2
Designated Root BridgeID: 0x8000-0001AB0DEF11
Root Path Cost: 0
Root Port Number(logical): 0
MaxAge: 20(s)
HelloTime: 2(s)
ForwardDelay: 15(s)
Bridge MaxAge: 30(s)
Bridge HelloTime: 5(s)
Bridge ForwardDelay: 20(s)
.
.
#

To return STP max age timer value to the default value, use the no stp max-age command in
Global configuration mode.

(config)# no stp max-age vlan id 2


(config)#

15-20 Corecess S5 System With GPON User's Guide


Configure RSTP

Configure RSTP
This section describes how to configure RSTP on the System.

Configuration Procedure of RSTP


The following procedures are described in the previous section (commonly used with STP).

 Enabling STP on a port VLAN

 Enabling or Disabling STP on a port

 Configuring the bridge priority

 Configuring the port priority

 Configuring Spanning Tree Timers

The following procedures describe how to configure RSTP.

 Configuring spanning tree protocol type

 Configuring the path cost

 Configuring RSTP encoding

 Configuring edge port

Configuring STP/RSTP/MSTP 15-21


Configure RSTP

Configuring Spanning Tree Protocol Type


The System supports both 802.1D STP and 802.1W RSTP. By default, spanning tree protocol that
is operating on a Port VLAN is 802.1W RSTP. For compatible of other device or other reasons,
you can set STP to operate on a particular VLAN.

To set spanning tree protocol to STP on a particular VLAN, use the following commands.

Table 15-11 Configuring Spanning Tree Protocol Type

Command Description

configure terminal 1. Enter Global configuration mode.

stp protocol-version
2. Set spanning tree protocol to STP on the specified VALN.
rstp vlan id <vlan-
 <vlan-id> VLAN ID (1 ~ 4094)
id>

end 3. Return to Privileged mode.

show stp vlan id


4. Verify the configuration result.
<vlan-id>

The following example shows how to set spanning tree protocol to STP on the Port VLAN
whose ID is 1:

(config)# stp protocol-version stp vlan id 1


(config)# end
# show stp vlan id 1
VLAN ID: 1
Protocol Operation: enabled
Root Bridge: yes
STP version: stpCompatible(0)
Pathcost Encoding: 32bit
BridgeID: 0x8000-0001AB0DEF11
.
.
.

Note: RSTP is automatically compatible with STP. The equipment in which RSTP is operating
sends STP BPDU instead of RSTP BPDU afterwards once the STP BPDU is received from a
connected device. Therefore, it isn’t necessary to execute the stp protocol-version stp
command in case RSTP is activated at VLAN.

15-22 Corecess S5 System With GPON User's Guide


Configure RSTP

Configuring the Path Cost


When spanning tree is configured, if there are over two paths, lower cost of the path is selected.
By default, path cost of a port is decided by physical link speed as follows:

 Ethernet link (10Mbps): 2,000,000

 Fast Ethernet link (100Mbps): 200,000 메모 [a7]: 윤장식

20만으로 정정
 Gigabit Ethernet link (1Gbps): 20,000

If you want to rarely use a port that is high speed because of a lack of stability or other reasons,
you specify high path cost of the port.

To configure the path cost for the specified port, use the following commands.

Table 15-12 Configuring the path cost

Command Description

configure terminal 1. Enter Global configuration mode.

port gigabitethernet 2. Set the path cost for a specific port..


<slot>/<port>  <slot>/<port> slot/port number of a port
pathcost <path-cost>  <path-cost> path cost of a port (1 ~ 65525).

end 3. Return to Privileged mode.

show stp port


gigabitethernet 4. Verify the configuration result.
<slot>/<port>

The following example shows how to set the path cost for the Gigabit Ethernet port 1/3 to 20000:

(config)# port gigabitethernet 1/3 pathcost 20000


(config)# end
# show stp port gigabitethernet 1/3

Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: RootPort
Mother BridgeID: 0x8000-0090A3000003
Port Number(logical): 129
Port Priority: 0x8

Configuring STP/RSTP/MSTP 15-23


Configure RSTP

Designated Root BridgeID: 0x8000-004455CCDD00


Designated Path Cost: 20000
Designated BridgeID: 0x8000-0090A3040000
Designated PortID: 0x8018
AdminEdge: false
OperEdge: false
AdminPointToPoint: auto(2)
OperPointToPoint: true
#

Recommendation: We recommend that you set the path cost as follows according to the
running RSTP protocol version and the media speed of the port:

Port Speed Range


10Mbps 200000 ~ 20000000
100Mbps 20000 ~ 2000000
1Gbps 2000 ~ 200000
10Gbps 200 ~ 20000

15-24 Corecess S5 System With GPON User's Guide


Configure RSTP

Configuring RSTP Encoding


While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits
(1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. By default,
RSTP is enabled, so path cost of 32 bits are used in the System, but encoding of path cost can
generally be changed to 16 bits for STP compatible. To change path cost to 16 bits, refer table 15-
8 Configuring STP encoding mode. You cannot configure the STP encoding mode for individual
Port VLANs and the change affects to all spanning trees.

To change path cost of 16 bits to path cost of 32 bits again, use the following commands.

Table 15-13 Configuring RSTP encoding mode

Command Description

configure terminal 1. Enter Global configuration mode.

stp pathcost-encoding
2. Configure the type of RSTP encoding mode.
stp8021t2001

end 3. Return to Privileged mode.

show stp vlan id


4. Verify the configuration result.
<vlan-id>

The following example shows how to configure the type of STP encoding mode to 32 bits:

(config)# stp pathcost-encoding stp8021t2001


(config)#

Configuring an Edge Port


The System allows ports that are configured as Edge ports to be present in an RSTP topology.
STP edge ports are bridge ports that do not need STP enabled, where loop protection is not
needed out of that port or an STP neighbor does not exist out of that port.

Edge ports assume designated port roles. Port flapping does not cause any topology change
events on Edge ports since RSTP does not consider Edge ports in the spanning tree calculations.

However, if any incoming BPDU is received from a previously configured Edge port, RSTP
automatically makes the port as a non-edge port. This is extremely important to ensure a loop
free Layer 2 operation since a non-edge port is part of the active RSTP topology.

Configuring STP/RSTP/MSTP 15-25


Configure RSTP

To configure an edge port, use the following commands:

Table 15-14 Configuring an Edge Port

Command Description

configure terminal 1. Enter Global configuration mode.

port gigabitethernet 2. Configures a port as an Edge port.


<slot>/<port> bridge-  <slot>/<port> The slot number and port number of the
edge-assumption port
메모 [zwyi8]:
end 3. Return to Privileged mode.
show stp port <port-type>
4. Verify the configuration result.
<slot>/<port>

The following example shows how to configure the Gigabit Ethernet port 1/3 as an Edge port:

(config)# port gigabitethernet 1/3 bridge-edge-assumption


(config)# end

# show stp port gigabitethernet 1/3


Link State: up
Protocol Operation: enabled
Pathcost Encoding: 32bit
Port State: forwarding(5)
Port Role: DesignatedPort
Mother BridgeID: 0x8000-0001AB0DEF11
Port Number(logical): 1
Port Priority: 0x8
Designated Root BridgeID: 0x8000-0001A

B0DEF11
Designated Path Cost: 200000
Designated BridgeID: 0x8000-0001AB0DEF11
Designated PortID: 0x8001
AdminEdge: true
OperEdge: true
AdminPointToPoint: auto(2)
OperPointToPoint: true
.
.
#

15-26 Corecess S5 System With GPON User's Guide


Configure RSTP

Configuring Self-loop-detection
Table 15-15 Configuring STP self-loop-detection

Node Command Help

stp : Spanning Tree Protocol information


self-loop-detection : Self-Loop-Detection
action : violation action
stp self-loop-detection action
config logging : logging
(logging|blocking) vlan id
blocking : blocking
vlan : Virtual Lan
id : id
: Vlan Id
Default: 30 sec
stp : Spanning Tree Protocol information
self-loop-detection : Self-Loop-Detection
stp self-loop-detection blocking- blocking-time : blocking Time
config
time vlan id : blocking time(sec)
vlan : Virtual Lan
id : id
: Vlan Id

Configuring STP/RSTP/MSTP 15-27


Configure RSTP

STP and RSTP Configuration Commands


The following table lists the commands for configuring STP or RSTP on the System:

Table 15-16 STP and RSTP Configuration Commands

Command Description
port pathcost Sets the spanning-tree port path cost for the specified port.
port priority Sets the spanning-tree port priority for the specified port.
Enables or disables STP(Spanning Tree Protocol) on the specified
port stp
Ethernet port.
show stp port Displays spanning-tree information for the specified port.
Displays spanning-tree information for the specified VLAN
show stp vlan
interface.
port gigabitethernet 1/3
Configures a port as an Edge port.
bridge-edge-assumption 메모 [zwyi9]: 수정
stp bridge-priority Sets the bridge ID for a VLAN.
stp forward-delay Sets the bridge forward delay for a VLAN.
stp hello-time Sets the bridge hello time for a VLAN.
stp max-age Sets the bridge maximum aging time for a VLAN.
stp pathcost-encoding Configures the type of Spanning Tree Protocol encoding mode.
Configure the type of Spanning Tree Protocol mode to run for a
stp protocol-version
specific VLAN.
stp vlan Enables the spanning tree algorithm for a specific VLAN.
stp self-loop-detection Sets the self-loop-detection for a VLAN.

15-28 Corecess S5 System With GPON User's Guide


Configure MSTP(Multiple Spanning Tree Protocol)

Configure MSTP(Multiple Spanning Tree Protocol)


This section describes how to configure MSTP on the System.

 MSTP (Multiple spanning Tree Protocol)

 CST (Common Spanning Tree)

 PVST (Per Vlan Spanning Tree)

 MST ( Multiple Spanning Tree)

 CIST (Common Internal Spanning Tree)

 MSTI (Multiple Spanning Tree Instance)

 MSTP
MST Region A CST Root Switch MST Region B

IST Backup IST Backup

IST Master IST Master

IST IST

MSTI CST MSTI


Name : A Name : B
Operation per Operation per
Revision : 1 Revision : 2
Instance Instance
Vlan 100 – 200 : Instance 1 Vlan 600 – 700 : Instance 1
Vlan 201 – 300 : Instance 2 Vlan 701 – 800 : Instance 2
Vlan 301
Vlan 401
– 400
– 500
: Instance 3
: Instance 4
CIST Vlan 801 – 900 : Instance 3
Vlan 901 – 1000 : Instance 4

Configuring STP/RSTP/MSTP 15-29


Configure MSTP(Multiple Spanning Tree Protocol)

Configuration the Procedure of MSTP


The following procedure shows how to configure MSTP.

1. Select stp protocol-version


[config] stp protocol-version mstp

2. Creating mstp region name.


[config] mstp region-name WORD

3. Setting mstp revision


[config] mstp revision <0-65535>

4. Setting mstp msti id and tagging


[config] mstp msti-add msti-id <1-15> tag WORD
[config] mstp msti-delete msti-id <1-15>

Table 15-17 MSTP Configuration Commands

Node Command Help

mstp : Change MSTP parameter


config mstp bridge-priority <0-65535>
bridge-priority : bridge priority
<0-65535> : bridge priority value

mstp : Change MSTP parameter


msti-add : Multiple Spanning Tree Instance
mstp msti-add msti-id <1-15> msti-id : MST Instance ID
config
tag WORD <1-15> : Add MST Instance
tag : vlan tag id
WORD : 802.1q vlan tag id range(eg. 110-
200,300-350,...)

mstp : Change MSTP parameter


config mstp msti-delete msti-id <1-15> msti-delete : Delete MST Instance
msti-id : Multiple Spanning Tree Instance
<1-15> : MST Instance ID

15-30 Corecess S5 System With GPON User's Guide


Configure MSTP(Multiple Spanning Tree Protocol)

mstp : Change MSTP parameter


mstp msti-id <1-15> bridge- msti-id : Multiple Spanning Tree Instance
config
priority <0-61440> <1-15> : MST Instance ID
bridge-priority : bridge priority
<0-61440> : bridge priority value

mstp : Change MSTP parameter


config mstp region-name WORD
region-name : MSTP Region Name
WORD : Region Name String

mstp : Change MSTP parameter


config mstp revision <0-65535>
revision : MSTP Region
<0-65535> : MSTP Revision value

Table 15-18 Showing MSTP Information

Node Command Help

show : Show running system information


en show running-config mstp
running-config : Current operating configuration
mstp : STP

show : Show the property


en show mstp
mstp : Show Multiple Spanning-Tree Protocol
information

show : Show the property


mstp : Show Multiple Spanning-Tree Protocol
en show mstp msti-id <1-15>
information
msti-id : Multiple Spanning Tree Instance
<1-15> : MST Instance ID

show : Show the property


show mstp port mstp : Show spanning-tree information
(fastethernet|gigabitethernet
en port : Port
|epon|gpon|tengigabitethernet
|gpon|vdsl) WORD fastethernet : FastEthernet port type
gigabitethernet : Gigabit Ethernet port type
epon : Ethernet PON port type

Configuring STP/RSTP/MSTP 15-31


Configure MSTP(Multiple Spanning Tree Protocol)

gpon : Gigabit PON port type


tengigabitethernet : 10G Ethernet port type
gpon : GPON port type
vdsl : VDSL port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)

show : Show the property


mstp : Show spanning-tree information
port : Port
fastethernet : FastEthernet port type
gigabitethernet : Gigabit Ethernet port type
show mstp port
(fastethernet|gigabitethernet epon : Ethernet PON port type
en |epon|gpon|tengigabitethernet gpon : Gigabit PON port type
|gpon|vdsl) WORD msti-id <1-
15> tengigabitethernet : 10G Ethernet port type
gpon : GPON port type
vdsl : VDSL port type
WORD : Port(s) ranges (ex. 1/1-2,2/4)
mst-id : Multiple Spanning Tree Information

<0-64> : MST ID(0-64)

15-32 Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Chapter 16 Configuring VRRP

This Chapter describes how to configure VRRP (Virtual Router Redundancy Protocol) on the Corecess S5
System.
Configuring VRRP

Configuring VRRP
This section overviews VRRP (Virtual Router Redundancy Protocol) and describes how to
configure VRRP on the Corecess S5 System.

VRRP (Virtual Router Redundancy Protocol) Overview


VRRP is a protocol that provides redundancy to routers within a LAN. VRRP allows you to
provide alternate router paths for a host without changing the IP address or MAC address by
which the host knows its gateway.

The VRRP router controlling the IP addresses associated with a virtual router is called the
Master. The Master forwards packets on behalf of these IP addresses. VRRP supports one IP
address for each virtual router. VRRP provides redundant gateways without any changes to the
host's configuration while supporting standard based routing protocols. As a result, any of the
virtual router's IP addresses on a LAN can then be used as the default first hope router by end
host.

The following figure shows a basic VRRP configuration uses a single VRID (VRID 1):

Subnet 2

RTA RTB
(Master) (Backup)

Interface address: 10.0.0.1/8 Interface address: 10.0.0.2/8


VRID 1 address: 10.0.0.1 VRID 1 address: 10.0.0.1

VRID 1
10.0.0.1

Default
Subnet 1 gateway:

16-2 Corecess S5 System With GPON User's Guide


Configuring VRRP

Because RTA is the address owner, it serves as the master. RTB is the backup. The three end
hosts on subnet 1 are configured to use 10.0.0.1/8 as the default router. IP address 10.0.0.1 is
associated with VRID 1.

As shown in this example, if RTA becomes unavailable, RTB takes over VRID 1 and its
associated IP addresses. Packets sent to IP destinations outside the 10.x.x.x subnet using 10.0.0.1
as the router are then forwarded by RTB. Even though RTB assumes RTA's forwarding
responsibilities, it never processes any packet with destination address (DA) 10.0.0.1. When
RTA becomes active again, it takes over as the master and RTB reverts to backup.

Configuring VRRP 16-3


Configuring VRRP

Configuring VRRP
This section describes how to configure VRRP on the Corecess S5 System.

Configuration Rules for VRRP

When configuring VRRP on the Corecess S5 System, consider the following contents.

 The interfaces of all routers in a VRID must be in the same IP sub-net.

 The IP addresses associated with the VRID must already be configured on the router that will be
the Master router.

 The IP addresses associated with the VRID must be on only one router

 The VRRP advertisement interval must be set to the same value on both the Master and Backups
for the VRID.

VRRP Configuration Task List

To configure VRRP, perform the following tasks:

1. Configuring IP interfaces

2. Creating a virtual router

3. Configuring IP address and operation mode for the virtual router

4. Setting priority for the virtual router (Optional)

5. Setting the time interval for the advertisement packet. (Optional)

6. Setting priority for the virtual router (Optional)

7. Setting authentication mode of the VRRP router. (Optional)

8. Enabling the virtual router

16-4 Corecess S5 System With GPON User's Guide


Configuring VRRP

Configuring the IP Interface

Before you configure VRRP, you must configure an IP interface and assign a primary IP address
and subnet mask. To configure an IP interface and IP address, use the following commands:

Table 16-1 Configuring the IP interface

Command Description
configure terminal 1. Enter Global configuration mode.

interface vlan {id <vlan- 2. Enter Interface configuration mode.


id> | name <vlan-name>}  <vlan-id> VLAN ID (1 ~ 4094)
 <vlan-name> VLAN name
3. Assigns IP address and subnet mask to the VLAN interface.
ip address <ip-address/<M>  <ip-address> IP address for the VLAN interface
 <M> Subnet mask
end 4. Return to Privileged mode.
show interface 5. Verify the IP interface configuration.

The following example shows how to configure the VLAN interface and assign a primary IP
address and subnet mask:

(config)# interface vlan id 1


(config-if)# ip address 10.0.0.1/8
(config-if)# end
# show interface
Interface management
index 0 kernel index 2 metric 1 mtu 1514 <BROADCAST,MULTICAST>
HWaddr: 00:90:a3:27:48:3c
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
Interface vlan1
index 17 kernel index 5 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:90:ac:0b:00:02
inet 10.0.0.1/8 broadcast 10.255.255.255
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 0, bytes 0, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0

Configuring VRRP 16-5


Configuring VRRP

Creating a Virtual Router

To create a VRRP virtual router on the Corecess S5 System, use the following command:

Table 16-2 Creating a virtual router

Command Description
configure terminal 1. Enter Global configuration mode.

router vrrp 2. Create a VRRP virtual router and enter VRRP configuration mode.
<virtual-  <virtual-router-id>: The identifier of the virtual router to create.
router-id> (1 ~ 255)
end 3. Return to Privileged mode.
show vrrp 4. Verify the VRRP virtual router configuration.

The following example creates a virtual router with an identifier (VRID) of 1 and enters VRRP
configuration mode:

# configure terminal
(config)# router vrrp 1
(config-vrrp)# end
# show vrrp
VrId <1>
State is Initialize
Virtual IP is unset
Interface is unset
Priority is unset
Advertisement interval is unset
Preempt mode is TRUE
#

Note: To remove a virtual router, use the no router vrrp command.

16-6 Corecess S5 System With GPON User's Guide


Configuring VRRP

Configuring the IP Address and Operation Mode

After creating a virtual router, specify the IP address and operation mode for the virtual router.
If the operation mode for the virtual router is master, you should specify the IP address for the
Master router to the real IP address configured on the Master router.

To configure the IP address and operation mode for the virtual router, use the virtual-ip
command in VRRP configuration mode:

Command Description

virtual-ip  <ip-address>: IP address for the VRRP virtual router


<ip-address> {master  master: Specifies the virtual router as the Master router.
| backup}  backup: Specifies the virtual router as the Backup router.

The following example configures the IP address for the Master router to the IP address 10.0.0.1
of the default VLAN interface:

(config-vrrp)# virtual-ip 10.0.0.1 master


(config-vrrp)#

Setting Priority for the Virtual Router

The priority for the virtual router is used to elect the Master router. If two backup routers have
the same priority, the router that has the highest primary address becomes the master.

The default value for the Master is 255 and the default value for the Backups is 100. To
configure priority for the virtual router, use the priority command in VRRP configuration
mode.

Command Description

priority <priority>  <priority>: Priority value of the VRRP router. The range is 1 ~ 255.

The following example sets the priority for the virtual router to 254:

(config)# router vrrp 1


(config-vrrp)# priority 254
(config-vrrp)#

Configuring VRRP 16-7


Configuring VRRP

Setting the Time Interval for the Advertisement Packet

VRRP Advertisement packet is transmits periodically to advertise operation status of a router.

The advertisement interval must be the same across the set of VRRP routers that are associated
with a single VRID. Backup routers must have the same advertisement interval as the Master
router.

The default VRRP advertisement interval is 1 second. To configure the VRRP advertisement
interval time, use the advertisement-interval command in VRRP configuration mode.

Command Description

advertisement-interval  <seconds>: VRRP advertisement period in seconds (1 ~ 10


<seconds> seconds)

The following example Sets the interval time between sending advertisement packets to 5
seconds:

(config)# router vrrp 1


(config-vrrp)# advertisement-interval 5
(config-vrrp)#

Preempting the Master Virtual Router

Even if the master router has already been decided, if there is a backup router that has higher
priority, preempt mode decides whether the backup router should be specified as a master
router.

By default, preemption is enabled. To configure preemption, use the preempt-mode


command in VRRP configuration mode:

Command Description

 true If there is a backup router that has higher priority, the backup router is
preempt-mode specified as a master router.
{true | false}  false Even if there is a backup router that has higher priority, the backup
router cannot be specified as a master router.

16-8 Corecess S5 System With GPON User's Guide


Configuring VRRP

The following example shows how to set the preempt mode to false:

(config-vrrp)# preempt-mode false


(config-vrrp)#

Configuring Authentication for the Virtual Router

The Corecess S5 System supports the following authentication types:

 None : Transmit/receive VRRP packets without authentication.

 Simple Password : Authenticate using the specified characters (authentication key). When a
VRRP packet is transmitted and received, compare the authentication key and VRRP packet
key. If the VRRP packet has no key, or the authentication key does not match with the VRRP
packet key, the VRRP packet is discarded.

The Corecess S5 System uses Simple Password by default. To set the authentication type and
(optionally) an authentication key to be used by a VRRP virtual router, use the following
commands in Interface configuration mode:

Command Description

ip vrrp authentication  <auth-mode> : VRRP authentication mode


mode <auth-mode> - text : Simple text password.

ip vrrp authentication  <key> : The authentication key to use when sending and
string <key> receiving VRRP packets. (1 ~ 8 character)

The following example shows how to specify simple password for VRRP authentication on the
default VLAN interface whose ID is 1.

(config)# interface vlan_id 1


(config-if)# ip vrrp authentication mode text
(config-if)# ip vrrp authentication string corecess
(config-if)#

Note: To disable authentication, use the no ip vrrp authentication command in


Interface configuration mode.

Configuring VRRP 16-9


Configuring VRRP

Enabling the Virtual Router

After configure all VRRP parameters, enable the virtual router on the interface owns the IP
address of the virtual router as follows:

Table 16-3 Enabling the virtual router

Command Description
interface vlan
{id <vlan-id> | 1. Enter Interface configuration mode.
name {vlan-  <vlan-id>: VLAN ID (1 ~ 4094)
name>}  <vlan-name>: VLAN name
ip vrrp
2. Enable a specific VRRP instance on the VLAN interface.
<virtual-
 <virtual-router-id>: Virtual router ID (1 ~ 255)
roiter-id>
exit 3. Return to Privileged mode.
router vrrp 4. Verify the virtual router configuration.

The following example enables the VRRP instance 1 on the VLAN interface:

(config)# interface vlan id 1


(config-if)# ip vrrp 1
(config-if)# end
# show vrrp
VrId <1>
State is Shutdown
Virtual IP is 10.0.0.1 (IP owner)
Interface is vlan1
Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
#

Setup VRRP tracking interface

When Uplink interface of VRRP master router becomes down due to failure, VRRP backup
router should be enabled to converted to new VRRP master. For this, monitor Up/Down
function of Uplink interface by setting VRRP Track function on Uplink interface.
VRRP tracking interface sets VRRP Virtual Router Id on Uplink Interface to monitor failure, and
when interface is down, sets Priority Delta value to be decreased. When relevant interface of
VRRP master router is down, decrease priority value as much as Priority Delta value, and when
priority value of VRRP backup router is higher than mater router, backup router is converted to
new VRRP master router.

16-10 Corecess S5 System With GPON User's Guide


Configuring VRRP

VRRP Tracking interface is Enabled by following commands

Command Description

interface vlan 1. Enter Interface configuration mode


{id <vlan-id> | name {vlan-  <vlan-id> VLAN ID (1 ~ 4094)
name>}  <vlan-name> Name of VLAN
2. Enable Tracking of VRRP assigned in Uplink interface.
ip vrrp <virtual-router-id>  <virtual-router-id> ID of virtual router(1 ~ 255)
tracking decrement <1-253>  <1-253> Priority Delta

exit 3. Return to Privileged mode


show vrrp 4. Check virtual router configuration

The followings are examples of activating Tracking interface on VRRP virtual router.
(config)# interface vlan id 1
(config-if)# ip vrrp 1 tracking decrement 50
(config-if)# end
# show vrrp
VrId <1>
State is Shutdown
Virtual IP is 10.0.0.1 (IP owner)
Interface is vlan1
Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
Tracking Interface vlan10, Priority Delta 50, Status UP

#
The following are example of releasing setup of VRRP Tracking interface.
(config)# interface vlan id 1
(config-if)# no ip vrrp 1 tracking
(config-if)# end

Configuring VRRP 16-11


Configuring VRRP

VRRP Configuration Example

Internet Internet

RTA RTB
(Master) (Backup)
Interface: VRRP_1 (VLAN Interface: VRRP_2 (VLAN
GE 5/1 GE 5/1
ID:2) ID:3)

VRID: 1 VRID: 1
IP address: 192.53.5.1 IP address: 192.53.5.1
Priority: 255 Priority: 100

Default
gateway:

RTA
(config)# vlan id 2 name VRRP_1
(config)# vlan id 2 port gigabitethernet 5/1
(config)# interface vlan id 2
(config-if)# ip address 192.53.5.1/32
(config-if)# exit
(config)# router vrrp 1
(config-vrrp)# virtual-ip 192.53.5.1 master
(config-vrrp)# exit
(config)# interface vlan id 2
(config-if)# ip vrrp 1
(config-if)# end
# show vrrp
VrId <1>
State is Master
Virtual IP is 192.53.5.1 (IP owner)
Interface is vlan2

16-12 Corecess S5 System With GPON User's Guide


Configuring VRRP

Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
#

RTB
(config)# vlan id 3 name VRRP_2
(config)# vlan id 3 port gigabitethernet 5/1
(config)# interface vlan id 3
(config-if)# ip address 192.53.5.3/32
(config-if)# exit
(config)# router vrrp 1
(config-vrrp)# virtual-ip 192.53.5.1 backup
(config-vrrp)# exit
(config)# interface vlan id 3
(config-if)# ip vrrp 1
(config-if)# end
# show vrrp 1
VrId <1>
State is Backup
Virtual IP is 192.53.5.1 (Not IP owner)
Interface is vlan3
Priority is 100
Advertisement interval is 1 sec
Preempt mode is TRUE
#

Configuring VRRP 16-13


Displaying VRRP Configuration Information

Displaying VRRP Configuration Information


This section describes how to display the VRRP configuration information on the Corecess S5
System.

Displaying VRRP Configuration Information


To display the VRRP configuration information, use the show vrrp command in Privileged
mode. The following example displays configured VRRP information:

# show vrrp 1
VrId <1>
State is Master
Virtual IP is 192.53.5.1 (IP owner)
Interface is vlan2
Priority is 255
Advertisement interval is 1 sec
Preempt mode is TRUE
Tracking Interface vlan10, Priority Delta 50, Status UP
#

The following table describes the fields in the show vrrp command output:

Table 16-4 show vrrp Field Description

Field Description
The VRID configured on this interface. If multiple VRIDs are configured on
VrId
the interface, information for each VRID is listed in a separate row.
The VRRP state for the VRID. The state can be one of the following:
State - Backup: This switch is a Backup for the VRID.
- Master: This switch is the Master for the VRID.
Virtual IP The virtual IP address that is being backed up by the VRID.
The interface on which VRRP is configured. If VRRP is configured on
Interface
multiple interfaces, information for each interface is listed separately.
Priority The current VRRP priority for the VRID (0 ~ 255)
Advertisement interval VRRP advertisement packet interval (1 ~ 10 seconds)
preempt mode Indicates whether to preemption is enabled or not.
Tracking Interface Tracking interface of virtual router

16-14 Corecess S5 System With GPON User's Guide


Displaying VRRP Configuration Information

VRRP Commands
The following table lists the commands for configuring VRRP on the Corecess S5 System and
displaying VRRP configuration:

Table 16-5 VRRP Commands

Command Description

advertisement-interval Configures the VRRP advertisement interval time.

clear ip vrrp Clears VRRP configuration.

ip vrrp Configures a VRRP virtual router on an interface.

ip vrrp authentication
Configures the authentication type for a virtual router interface.
mode

ip vrrp authentication Sets the authentication key or password to be used by a VRRP


string virtual router.

preempt-mode Configures preemption for a virtual router.

priority Configures priority for a virtual router.

router vrrp Creates a VRRP virtual router and enter VRRP configuration mode.

shutdown Shutdowns a VRRP router.

show vrrp Displays VRRP information.

virtual-ip Configures the IP address and operation mode for a virtual router
ip vrrp tracking
Enable Tracking interface of VRRP virtual router
decrement

Configuring VRRP 16-15


Edition: 0006
Distribution: 12/2012

Chapter 17 Configuring AAA


This chapter describes how to configure AAA(Authentication Authorization Accounting).
RADIUS Management

RADIUS Management
Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization,
and accounting) protocol for controlling access to network resources by Server/Client method.
Corecess product series support RADIUS server and Proxy Server functions for Dot1x and
PPPoE Authentication Service.

RADIUS Server Registration


RADIUS Servers divide by two types as follows;

 Authentication Server: Authentication/Authorization


 Accounting Server: Accounting

You can register server with the following commands.

localhost(config)# radius auth-server ip 192.168.10.1 key corecess realm


corecess
localhost(config)# radius acct-server ip 192.168.10.2 key corecess realm
corecess

As following, you can confirm that servers are registered.

localhost# show radius config


RADIUS Configuration.
==========================
Query time-out = 5
Max. # of retries = 5
<Authentication Server>
= 192.168.10.1 corecess @corecess
<Accounting Server>
= 192.168.10.2 corecess @corecess
==========================

17-2 Corecess S5 System With GPON User's Guide


RADIUS Management

RADIUS Client Configuration


Equipment must set following parameters to act by RADIUS Client.

 NAS-IP-Address: IP Address of equipment(representative)

Above parameters can set as follows;

localhost(config)# radius nas-ip 192.168.1.254

RADIUS Accounting Configuration


The Accounting about subscriber consists according to RADIUS Accounting standard.
When each subscriber's connection is created, it send Accounting-Start packet to server and
when connection is ended, it send Accounting-Stop packet. Also, it can send Interim packet that
report in the midst of subscriber's connection is continued to do optional.

Accounting start

If do Accounting, you must enable function in relevant interface. You must execute command at
interface node as follows.

localhost(config-if)# aaa accounting

If disable function, you use following command.

localhost(config-if)# no aaa accounting

Configuring AAA 17-3


RADIUS Management

Interim-Report

Interim Report's execution availability and setting of time frame can do separatively in each
interface.
If you do following setting, it send Interim-Report to Accounting server every 5 minutes.

localhost(config-if)# aaa accounting interim-report 300

If disable function, you use following command.

localhost(config-if)# no aaa accounting interim-report

Framed-IP-Address

Subscriber can send attaching Internet Protocol Address that subscriber is using on accounting
packet when offer L3 service.

locahost(config)# radius accounting framed-ip-addr

If disable function, you use following command.

locahost(config)# no radius accounting framed-ip-addr

Nas-Port/Nas-Port-Type

Service Manager recognizes each subscriber of interface and apply setting of the interface to
subscriber. These point businessman can configure account to unique policy by interface.
The present subscriber attaches interface and type of relevant interface on Service Manager's
accounting packet to help this.

localhost(config)# radius accounting nas-port


localhost(config)# radius accounting nas-port-type vlan 90

If disable function, you use following command.

locahost(config)# no radius accounting nas-port

17-4 Corecess S5 System With GPON User's Guide


RADIUS Management

RADIUS Proxy Server Registration


Service Manager provides service that is preceded such as that offer each interface RADIUS
Proxy Server function.

 Integration of Wireless Terminals


 Web Authentication

Enable RADIUS Proxy Server

Each interface executes unique RADIUS Proxy Server. This time, relevant interface is Enabled
state and L3 interface that have Internet Protocol Address.

You can set as follows;

localhost(config-if)# radius-proxy port 1812

Displaying current configuration


localhost# show running-config service-manager
!
!
interface management
!
interface vlan id 1
!
interface vlan id 200
radius-proxy port 1812
!

Configuring AAA 17-5


RADIUS Management

Parameters

* Shared Secret
Each Proxy RADIUS Server processes RADIUS Client's Request that have unique Key and have
Key that agree. Each interface has independent Key and can keep the best security state.

localhost(config-if)# radius-proxy key corecess

* realm-stripping
RADIUS Proxy Server finds server to do Forwarding using Realm that is included in Request's
User-name field that arrive. This time, you can remove request's user-name field realm that do
forwarding.

localhost(config-if)# radius-proxy realm-stripping

* Access List
Service Manager supports that register Access List by RADIUS Proxy Server of each interface
and elutriate packet to control illegal RADIUS Client's access.

localhost(config)# access-list 99 permit 192.168.123.0 0.0.0.255


localhost(config)# access-list 99 deny any
localhost(config)# interface vlan id 200
localhost(config-if)# radius-proxy list 99 in

17-6 Corecess S5 System With GPON User's Guide


TACACS Management

TACACS Management
Configuring TACACS Management.
TACACS allows a remote access server to communicate with an authentication server in order
to determine if the user has access to the network. The following commands in table are
configuration commands for managing TACACS.

Node Command Help

aaa : IP information

tacacs : TACACS+
aaa tacacs source-interface source-interface : Select an interface to configure
config
loopback id <1-32>
loopback : Loopback Interface

id : Loopback Interface ID

<1-32> : Loopback Interface Index

aaa : AAA information

tacacs-server : TACACS server


config aaa tacacs-server host A.B.C.D
host : Server ip

A.B.C.D : Server ip address

aaa : AAA information

tacacs-server : TACACS server


config aaa tacacs-server key WORD
key : Encrypt key

WORD : Key string

aaa : AAA information


aaa tacacs-server nas-ip
config tacacs-server : TACACS server
A.B.C.D nas-ip : NAS-IP for both NAS IP and Source IP
address of tacacs request packet
A.B.C.D : NAS-IP address

Configuring AAA 17-7


TACACS Management

Disabling TACACS Management Configuration.

You can disable TACAS management configuration with the following commands.

[config] no aaa tacacs-server host A.B.C.D


[config] no aaa tacacs-server key
[config] no aaa tacacs-server nas-ip
[config] no ip tacacs source-interface

Accounting

[config]aaa accounting (system|exec|connection) (default|NAME) (start-


stop|start-only|none) group tacacs+

Authentication

[config] aaa authentication login (default|NAME) group tacacs+


[config] aaa authentication login (default|NAME) group tacacs+ local
[config] aaa authentication login (default|NAME) local group tacacs+

Authorization

[config] aaa authorization exec (default|NAME) group tacacs+


[config] aaa authorization exec (default|NAME) group tacacs+ none
[config] aaa authorization network (default|NAME) group tacacs+
[config] aaa authorization network (default|NAME) group tacacs+ none

Showing TACACS Management Information.

[en] show aaa tacacs-server

17-8 Corecess S5 System With GPON User's Guide


802.1X(dot1x)

802.1X(dot1x)

All the setting of 802.1X of Corecess products is on interfaces each. It means that each of
interfaces gives us specific services. The 802.1X of Corecess products does not support the port-
based authentication that certifies a specific port, but also supports mac-based authentication
that certifies subscribers each.

The 802.1X of Corecess products can be configured per interfaces independently.


The type of interfaces for configuring 802.1X is as follows;

 L2 Ethernet Interface: VLAN interface

 L3 IP Interface: No L3 tunnel interface of IP GRE, IP-in-IP

Setting Port trust-mode


Before set 802.1X in interface, you set relevant Port's trust-mode by untrusted as following to
intercept communication that do not receive authentication in Port to use service.

localhost(config)# port gigabitethernet 3/1 trust-mode untrusted


localhost(config)#

The interface 802.1X setting supports 2 CLI command.

 dot1x port-based : Setting 802.1X as port-based authentication

 dot1x mac-based : Setting 802.1X as mac-based authentication

localhost#
localhost# configure terminal
localhost(config)# interface vlan id 100
localhost(config-if)# dot1x port-based
localhost(config-if)# end

Configuring AAA 17-9


802.1X(dot1x)

Displaying current configuration

localhost# show dot1x interface


vlan100
L2 Address: 0:90:a3:0:0:3
quietPeriod = 60
reAuthMax = 2
txPeriod = 30
keyTxEnabled = Disabled
reAuthPeriod = 3600
reAuthEnabled = Enabled

localhost#

Configuring AAA about 802.1X


* Back-end Authentication Server
Corecess 802.1X takes charge IEEE 802.1X's Supplicant. You must specify back-end's
Authentication Server for correct action of Authenticator. Corecess 802.1X supports present
RADIUS by Authentication Server.

You can specify back-end Authentication Server using following CLI commands.

localhost# configure terminal


localhost(config)# interface vlan id 100
localhost(config-if)# aaa authentication dot1x radius
localhost(config-if)# end

* RADIUS
Configuring back-end Radius of 802.1X is as follows;

 nas-ip setting : Nas-ip of equipment for communication with radius server setting .

 auth-server setting : Authentication server for authentication setting .

 acct-server setting : Accounting server for accounting setting .

localhost# configure terminal

17-10 Corecess S5 System With GPON User's Guide


802.1X(dot1x)

localhost(config)# radius nas-ip 10.1.1.254


localhost(config)# radius auth-server ip 20.1.1.7 key "aaa" realm "com"
localhost(config)# radius auth-server ip 20.1.1.8 key "aaa" realm "com"

Parameters

 Re-authentication

IEEE 802.1X can request re-authentication about single subscriber.

Setting of Re-authentication is as follows;

localhost(config-if)# dot1x reauthentication


vlan100) Reauthentication Enabled
localhost(config-if)# dot1x timeout re-authperiod 1800
vlan100) Reauthentication Period = 1800
localhost(config-if)# dot1x max-reauth 5
vlan100) Maximum number of Reauthentication = 5

Whenever re-authperiod does expire, Corecess 802.1X sends EAP-Request Identity frame to
subscriber and re-authentication does beginning (trigger). Once re-authentication beside such
periodic re-authentication is available. Administrator can do as receive authentication newly
using following command when catch abnormal operation from specification subscriber.

localhost# configure terminal


localhost(config)# dot1x re-authenticate a:b:c:d:e:f

Subscriber at the same time that command is executed changes and begins authentication newly
by state (unauthorized) that authentication does not become.

Configuring AAA 17-11


802.1X(dot1x)

* MAC Control
Corecess 802.1X does access control by subscriber unit that physical port unit is not with that is
described to white paper. This time, about specification subscriber, you can do fixed setting
(Authorized/Unauthorized).

localhost# conf t
localhost(config)# inter vl id 100
localhost(config-if)# dot1x mac-control force-authorized a:b:c:d:e:f
localhost(config-if)# dot1x mac-control force-unauthorized 0:0:ff:ee:aa

While subscriber a:b:c:d:e:f becomes in authentication success state at the same time connection,
0:0:ff:ee:aa is impossible authentication. These setting can be terminated through following CLI
command. Relevant subscriber passes through general IEEE 802.1X authentication procedure
and receive authentication since the terminated moment.

localhost(config-if)# dot1x mac-control auto 0:0:ff:ee:aa

* Quiet Period & Tx Period

The Quiet Period and the Tx Period do following function by FSM parameter of IEEE 802.1X.

Parameter Description
Subscriber who fail in authentication cannot begin new authentication during Quiet
Quiet Period
Period interval.
After send EAP-Response, think that subscriber disappears in case there does not exist
Tx Period
when sent as Tx Period.

Setting of each parameter is as follows;

localhost(config-if)# dot1x timeout quiet-period 120


localhost(config-if)# dot1x timeout tx-period 60

17-12 Corecess S5 System With GPON User's Guide


802.1X(dot1x)

Status
Corecess 802.1X supplies following state information to administrator.

 interface setting information

 session(subscriber) information

 statistics information

localhost# show dot1x interface


vlan100
L2 Address: 0:90:a3:0:0:3
quietPeriod = 60
reAuthMax = 2
txPeriod = 30
keyTxEnabled = Disabled
reAuthPeriod = 3600
reAuthEnabled = Enabled

localhost# show dot1x session

802.1X Session
----------------------------------------------------------------------
0a:0b:0c:0d:0e:0f(static entry)
Identity:
Interface: vlan100
FORCE_AUTHORIZED
REAUTH_INITIALIZE

localhost# show dot1x statistics

EAPoL
=============================
Received = 0
Sent = 1
EAPoL Success = 1
EAPoL Fail = 0

Configuring AAA 17-13


802.1X(dot1x)

EAPoL Start = 0
EAPoL Log-off = 0
EAPoL Resp/ID = 0
EAPoL Req/ID = 0
EAPoL Invalid = 0
Length Error = 0
Last Version = 0
Last Source MAC= 00:00:00:00:00:00

Back-end
=============================
Received = 0
Sent = 0
Timeout = 0

Node Command Description


show running-config dot1x Displays the current configuration of 802.1X
Displays the 802.1X-enabled interface and
show dot1x interface
configurations
Enable show dot1x session Lists the 802.1X Supplicants and their status
show dot1x statististics Displays packet counts involved in 802.1X
debug dot1x
(event|packet|error|fatal|all) Turns on the debug flag

Triggers the reauthentication of the 802.1X


dot1x re-authenticate
Config
A:B:C:D:E:F supplicant whose ethernet address is
A:B:C:D:E:F
(no) dot1x port-based Enable/Disables port-based dot1x
(no) dot1x mac-based Enable/Disables mac-based dot1x
Enable/Disables reauthentication feature of
(no) dot1x reauthentication
IEEE 802.1X
dot1x timeout re-authperiod Re-authenticates the subscriber every chosen
<60-86400> seconds
Interface
Sets the subscriber's authentication status.
dot1x mac-control (auto|force- force-authorized and force-unauthorized
authorized|force-unauthorized) statically set the subscriber's status. auto,
A:B:C:D:E:F
however, removes the statical setting of the
subscriber
dot1x max-reauth <1-10> Limits the maximum number of

17-14 Corecess S5 System With GPON User's Guide


802.1X(dot1x)

reauthentication per a subscriber. by


multiplying the max-reauth and the re-
authperiod, it is possible to know the
maximum life time of each subscriber session
dot1x timeout quiet-period <0- during quiet-period, any packet from the
300> subscriber is ignored
802.1X Authenticator changes the status of the
dot1x timeout tx-period <1-
300> subscriber when tx-period expires since its last
packet sent

Configuring AAA 17-15


Edition: 0006
Distribution: 12/2012

Chapter 18 Redundancy Configuration

This chapter explains how to Redundancy in Corecess S5 system


Redundancy Configurating

Redundancy Configurating
This clause introduces the ‘Redundancy’ provided from Corecess S5 System, and reviews how
to configure redundancy.

Corecess S5 System supports various redundancies such as POWERE, FAN, Control Module,
SLS(Seed Light Source),EPON LineCard and others.

The Control Module Redundancy of Corecess S5 System redundates the two Control Modules
between No.9 slot (A-Side SCM) and No.10 slot (B-Side SCM) of S5 in order that the cutoff of
service may not be minimized in case a Control Module fails.

To secure more stable service, the redundancy of Epon LineCard redundates two Epon
Linecards (or two Epon Ports) so that the cutoff of service may be minimized in case an Epon
LineCard (or two Epon Ports) fails.

Moreover S5 System Support the redundancy. with two SLS devices and WDM module
cards(GW-16GF) for WDM-PON Service.

System Resources(cont.)
 Power Modules: 2:1 Protection
 2 DC modules : 1 (operational) + 1 (stand-by)

 SCM -208G: 1-to-1 Redundancy


 SCM 0 (Slot A) : SCM 1 (Slot B)

 SCM Uplink Modules:


 Uplink Ports of SCM 0 : Uplink Ports of SCM 1

 2 * 10-Gigabit Ethernet Ports : (Optional)

 4 * 1G SFP Ports :

 4* 1G TX Ports :

18-2 Corecess S5 System With GPON User's Guide


Redundancy Configurating

Power Features - DC
 Electrical Specification
 Input Range: DC-40V ~ -72V

 Rating: DC -48V

 Power Consumption: MAX 320[VA]

 Function
 Redundant power line : load sharing

 Remote and visual monitoring of power condition 1+1 2:1


DCProtection
Power module
 Power RUN/FAIL LED is exist

 Checking terminals of output voltage are exist

 Power On/Off: Circuit breaker

 Protection
 Reversed connection of input power line

 Surge(IEC61000-4-5)

 Mechanical specification
 Input terminals: FG, RTN, -48VDC

 Wiring: Front access

Redundancy Configuration 18-3


Redundancy Configurating

Power Features – AC
 Electrical Specification
 Input Range: AC90V ~ 264V

 Rating: AC 100V ~ 240V

 Frequency : 50/60Hz

 PFC Circuit included

 Power Consumption: MAX480[W]

 Function 2:1
1+1 ACProtection
Power module
 Redundant power module : load sharing

 Remote and visual monitoring of power condition

 Power RUN/FAIL LED is exist

 Checking terminals of output voltage are exist

 Power On/Off: Switch

 Protection
 Input over current

 Surge(IEC61000-4-5)

 Output OCP,OVP, Short

 Mechanical specification
 Input terminals: AC inlet socket

 Wiring: Front access

18-4 Corecess S5 System With GPON User's Guide


Redundancy Configurating

Epon Redundancy

Epon LineCard Redundancy Setting

The following instructions are used to manage the redundancy of Epon LineCard.

Table 18-1 Epon LineCard Redundancy Setting

Command Description
configure terminal 1. Global configuration mode is set in
redundancy epon- 2. This instruction Enables the redundancy of new Epon LineCard.
module <active slot> Line Card Number to provide the present service
<active slot> <standby slot> Line Card number to be used as the
<standby slot> backup of <active slot>

show redundancy This instruction checks the list of redundated Epon LineCards and those
epon-module state.

redundancy epon-
module ※ Active/Standby roles of two Epon LineCards are changed with each
<active slot> other.
<standby slot> switch

The followings are the examples of execution.


localhost# con t
localhost(config)# redundancy epon-module 1 6
localhost(config)# exit
localhost# show redundancy epon-module

Epon Module Redundancy Table


active state standby state
------------------------------------------------------------
1 insert,up 6 insert,up,optic-disable

localhost# con t
localhost(config)# redundancy epon-module 1 6 switch
localhost(config)# exit
localhost# show redundancy epon-module

Epon Module Redundancy Table


active state standby state

Redundancy Configuration 18-5


Redundancy Configurating

------------------------------------------------------------
6 insert,up 1 insert,up,optic-disable
localhost# con t
localhost(config)# no redundancy epon-module 6 1
localhost(config)# exit
localhost# show redundancy epon-module

Epon Module Redundancy Table


active state standby state
------------------------------------------------------------

localhost#

Epon Port Redundancy Setting

The following are used to manage the redundancy of Epon Port. It is basically identical to the
redundancy of Epon LineCard. The two ports on the same Epon LineCard can be redundated as
well as the redundancy between different Epon LineCards can be possible.

The following instructions set the redundancy of Epon Port.

Table 18-2 Epon Port Redundancy Setting

Command Description
configure terminal Global Configuration Mode is set in.
This instruction Enables the redundancy of new Epon Port.
port epon
<active slot/port> Epon Port number to provide the present
<active slot/port>
service
redundancy
<standby slot/port> Epon Port number to be used as
<standby slot/port>
the backup of <active slot/port>
port epon WORD Switching redundancy epon port.
redundancy WORD
switch
redundancy epon-port Switching delay time setting<0-65535>sec.
switch_delay <0- Disabling command:
65535> no redundancy epon-port switch_delay.

show redundancy 3. This instruction checks the list of redundated Epon LineCards and
epon-port those state.

port epon
<active slot/port> ※ Active/Standby roles of two Epon LineCards are changed with each
redundancy other.
<standby slot/port>

18-6 Corecess S5 System With GPON User's Guide


Redundancy Configurating

Caution: When you execute ‘no port epon WORD redundancy WORD’ command, It
stop transmitting signal to ONT.

The followings are the examples of execution.


localhost# config terminal
localhost(config)# port epon 6/1 redundancy 6/2
localhost(config)# exit
localhost# show redundancy epon-port

Epon port Redundancy Table


active state standby state
------------------------------------------------------------
6/1 insert,up 6/2 insert,up,optic-disable

localhost# con t
localhost(config)# port epon 6/1 redundancy 6/2 switch
localhost(config)# exit
localhost# show redundancy epon-port

Epon port Redundancy Table


active state standby state
------------------------------------------------------------
6/2 insert,up 6/1 insert,up,optic-disable

localhost# con t
localhost(config)# no port epon 6/2 redundancy 6/1
localhost(config)# exit
localhost# show redundancy epon-port

Epon port Redundancy Table


active state standby state
------------------------------------------------------------

Redundancy Configuration 18-7


Redundancy of Routing Protocol

Redundancy of Routing Protocol


It’s necessary for routing protocol duplication to forward non-stop packet in case of switchover.

The redundant SCM transmits the data(Protocol) to the Stand-by through the RR(Record replay)
when the data of active routing table is updated. And standby SCM updates the routing table
with it. According to this process, RIB of Active-standby SCM continues to make a
synchronization. After a switchover, the new active SCM routing protocol gets the routing table
of local RIB module through the graceful-restart process and makes a synchronization with a
neighbor router through the routing state machine.

You have to configure graceful restart each routing protocol for the redundancy.

1. Configuring RIP Routing Redundancy

As RIP graceful-restart does not need the complex negotiation mechanism with each neighbor,
it’s more simple than OSPF or BGF. It’s not necessary to configure an additional helper mode
router.

The next is the command of graceful restart configuration for RIP redundancy.

Command Description
[no] rip restart
2. Set rip graceful restart configuration
grace-period <1-
 <1-65535> grace period (seconds)
65535>

The next example is to run rip graceful-restart

localhost# con t
localhost(config)# rip restart grace-period 120
localhost(config)# exit

18-8 Corecess S5 System With GPON User's Guide


Redundancy of Routing Protocol

Receiving Mode
RIP configuration
router rip
network 3.3.3.0/24
network 30.30.30.0/24
network 40.40.40.0/24
!
rip restart grace-period 180 2:1 Spliter
!

Restarting Mode
RIP configuration
Active Standby
RIP RIP
router rip
network 3.3.3.0/24
network 10.10.10.0/24
network 20.20.20.0/24
!
rip restart grace-period 180
!

FIB FIB

S511

2. Configuring OSPF Routing Redundancy

The next is the command of graceful restart configuration for OSPF redundancy.

 Restarting Mode

As restarting mode is to configure to the system that the routing protocol restarts, you have to configure
the redundant S5 system to restarting mode.

 Helper Mode

The router, the neighbor of the restarting router system must be configured to helper mode. In other
words, the router system connected with the uplink of S5 have to support the graceful restart helper mode.
While a restarting router restarts, a helper router does not routing information during the grace-period.
And it’s a role to flood the routing information to the neighbor router continuously

Command Description
configure terminal 1. Enter Global configuration mode.

Redundancy Configuration 18-9


Redundancy of Routing Protocol

[no] ospf restart grace- 2. Set Setospf to restarting mode.


period <1-1800> <1-1800> grace period (seconds)
[no] ospf restart helper
3. Set not running to ospf helper mode.
never
4. Set max grace period that wait restart of neighbor
[no] ospf restart max-grace-
router.
period <1-1800>
<1-1800> grace period (seconds)

The following example shows how to configure ospf restarting mode:


localhost# con t
localhost(config)# ospf restart grace-period 120
localhost(config)# exit

Example 1) The following example shows how not to run ospf helper mode.
localhost# con t
localhost(config)# ospf restart helper never
localhost(config)# exit

Example 2) This following example show hot to run ospf helper mode.
localhost# con t
localhost(config)# ospf restart helper max-grace-period 120
localhost(config)# exit

Helper Mode
OSPF configuration
ospf restart helper max-grace-period 180
!
router ospf
network 3.3.3.0/24 area 0
network 30.30.30.0/24 area 0
network 40.40.40.0/24 area 0
2:1 Spliter
!

Restarting Mode
OSPF configuration
Active Standby
ospf restart grace-period 180
OSPF OSPF
!
router ospf
network 3.3.3.0/24 area 0
network 10.10.10.0/24 area 0
network 20.20.20.0/24 area 0
!

FIB FIB

S511

18-10 Corecess S5 System With GPON User's Guide


Redundancy of Routing Protocol

3. Configuring BGP Routing Redundancy

The next is the command of graceful restart configuration for BGP redundancy .

Command Description
configure terminal 1. Enter Global configuration mode.

[no] router bgp 2. Enter bgp router configuration mode.


<1-65535> <1-65535> : AS number
[no] bgp graceful-
3. Set the restart-time of bgp graceful-restart.(default: 120sec)
restart restart-time
<1-3600> : Delay value (seconds)
<1-3600>
[no] bgp graceful- 4. After near router run graceful restart,You set maximum time to
restart stalepath- keep path. (default : 360sec)
time <1-3600> <1-1800> : stalepath-time (seconds)
[no] neighbor A.B.C.D
5. enable / disable the graceful-restart of each neighbor.
capability graceful-
 A.B.C.D : neighbor address
restart

The following example shows how not to run bgp graceful-restart

restarting side (10.10.0.24) :


localhost# con t
localhost(config)# router bgp 11
localhost(config)# bgp graceful-restart restart-time 150
localhost(config)# neighbor 10.10.0.32 remote-as 33
localhost(config)# neighbor 10.10.0.32 capability graceful-restart
localhost(config)# end

receiving side (10.10.0.32) :


localhost# con t
localhost(config)# router bgp 33
localhost(config)# bgp graceful-restart restart-time 150
localhost(config)# neighbor 10.10.0.24 remote-as 11
localhost(config)# neighbor 10.10.0.24 capability graceful-restart
localhost(config)# end

Redundancy Configuration 18-11


Redundancy of Routing Protocol

Receiving Mode
BGP configuration
router bgp 200
bgp graceful-restart restart-time 180
network 3.3.3.0/24
network 30.30.30.0/24
network 40.40.40.0/24
neighbor 3.3.3.1 remote-as 100
neighbor 3.3.3.1 capability graceful-restart 2:1 Spliter
!

Restarting Mode
BGP configuration
router bgp 100
Active Standby bgp graceful-restart restart-time 180
BGP BGP network 3.3.3.0/24
network 10.10.10.0/24
network 20.20.20.0/24
neighbor 3.3.3.2 remote-as 200
neighbor 3.3.3.2 capability graceful-restart
!

FIB FIB

S511

4. Configuring IS-IS Routing Redundancy


The next is the command of graceful restart configuration for IS-IS redundancy.

Command Description
configure terminal 1. Enter Global configuration mode.
[no] isis restart
2. Set isis to restarting mode.
grace-period <1-
<1-65535> : grace period (seconds)
65535>
[no] isis restart
3. Set isis to helper mode.
helper
interface vlan id <1-
4. Enter interface configuration mode.
4094>
5. Set hello-interval value of restart progress.
[no] isis restart-
<1-65535> : hello-interval value (seconds)
hello-interval <1-
level-1 : level-1 IIHs
65535>
level-2 : level-2 IIHs

The following example shows how to set is restarting mode.


localhost# con t
localhost(config)# isis restart grace-period 120
localhost(config)# interface vlan id 20
localhost(config-if)# isis restart-hello-interval 120
localhost(config-if)# end
localhost#
The following example shows how to set isis helper mode.

18-12 Corecess S5 System With GPON User's Guide


Redundancy of Routing Protocol

localhost# con t
localhost(config)# isis restart helper
localhost(config)# exit

Helper Mode
IS-IS configuration

isis restart helper


!
interface vlan id 20
ip address 20.20.20.2/16
ip router isis
!
router isis
net 49.0001.0200.2002.0002.00 2:1 Spliter
!

Active Standby
IS-IS IS-IS

Restarting Mode
IS-IS configuration
isis restart grace-period 180
!
inteface vlan id 20
FIB FIB ip address 20.20.20.1/16
ip router isis
isis restart-hello-interval 180
!
router isis
net 49.0001.0200.2002.0001.00
!
S511

Redundancy Configuration 18-13


Redundant Configuration Information Outputting

Redundant Configuration Information Outputting


This clause explains how to output redundant information and the information to be outputted
in case the order is executed.

Redundant Configuration Information Outputting


Command Description
show system The state information of redundancy is shown

show system redundancy The state information of redundancy is shown

To output the configuration information of redundancy, show system or show system


redundancy should be executed in Privileged mode. The followings are the examples of
execution.

localhost# show system


System Information
-----------------------------------------------------------------------------
CoreCMR(Control Module Redundancy)
side : B(M1)
local status : active
remote status : standby
mode : hot-startup

Subscriver/Service Interface Board(s)


SIB [ 2] Unequipped
SIB [ 3] Normal
SIB [ 4] Unequipped
SIB [ 5] Unequipped
SIB [ 6] Unequipped
SIB [ 7] Unequipped
SIB [ 8] Unequipped
SIB [ 9] Unequipped
SIB [ 10] Unequipped
SIB [ 11] Unequipped
SIB [ 12] Unequipped
SIB [ 13] Unequipped
SIB [ 14] Unequipped
SIB [ 15] Unequipped
SIB [ 16] Unequipped
SIB [ 17] Unequipped
SIB [ 18] Normal

18-14 Corecess S5 System With GPON User's Guide


Redundant Configuration Information Outputting

SIB [ 19] Normal

FAN [ 1] Normal
FAN [ 2] Normal
FAN [ 3] Normal
FAN [ 4] Normal
FAN [ 5] Normal
FAN [ 6] Normal
FAN [ 7] Normal
FAN [ 8] Normal

Auxiliary Information
-----------------------------------------------------------------------------
Fan (`C(`F)) -
Max/Min Threshold : 33/ 25 ( 91/ 77)
Temperature (`C(`F)) -
Current Temperature : 42 (107 )
Max/Min Threshold : 90/ 80 (194/176)
-----------------------------------------------------------------------------
MIB-II: System Group
Contact: support@corecess.com
Name: Corecess S5
Location: Corecess Inc.
Descr: Switched Router
ObjectID(36): 1,3,6,1,4,1,2971,50,46

localhost#

localhost# show system redundancy

My Side Info.
------------------------------------------------------
State ................................... Active
Version ................................. $Revision: 1.1 $

Other Side Info.


------------------------------------------------------
State ................................... Standby
Board ................................... Equipped

Redundancy Configuration 18-15


Instructions of Redundancy

Instructions of Redundancy
The following table shows sorts of the instructions, related with the redundancy supported
from Corecess S5 System, and their functions.

Table 18-3 Sorts and Functions of Redundancy Instructions

Command Description
system redundancy mode This instruction sets redundancy mode.
This instruction converts Standby Control Module into new
system redundancy switchover
Active.
system redundancy uplink port This instruction Enables the redundancy of uplink port.

reset system This instruction reboots system.

reset control-module This instruction reboots just the related Control Module.

reset standby This instruction reboots Standby control module.


This instruction shows the file list of
show standby flash
Standby Module.
This instruction copies the configuration information file of
copy flash config standby
Active module into standby.

copy flash image standby This instruction copies the software image file of Active
module into standby.

copy standby factory-default This instruction initializes the configuration information of


startup-config Standby module.

copy standby flash config This instruction saves the configuration information of
startup—config Standby module into startup-config.

copy standby startup-config flash This instruction saves startup-config of Standby module into
config new configuration information file.
This instruction deletes the configuration information file of
delete standby flash config
Standby module.
delete standby flash image This instruction deletes the software image file of Standby
module
This instruction applies new software image of Standby
update standby flash image
module.
show system redundancy This instruction check the state information of redundancy.
show system redundancy mode This instruction checks the setup of redundancy mode.
This instruction checks the state information of redundant
show system redundancy uplink
uplink.
This instruction checks the state information of redundant
show system redundancy uplink
uplink.

18-16 Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Appendix A Product Specifications

Appendix A describes the specifications of the Corecess S5 System.


Hardware Specifications

Hardware Specifications
Table A-1 Corecess S5 System hardware specifications

Item Specification
Switching Fabric

 Switching throughput : 208Gbps full-duplex (SCM-B208G)


 MAC address : Maximum 16K (Layer 2)
 Unicast route : Maximum 8K (Layer 3)
 Multicast route : Maximum 4K (Multicast routing)

Memory

Hardware  Main memory : 256MB (DDR SDRAM)


 Boot ROM : 512KB (EEPROM)
 Flash memory : 128MB

System Dimension and Weight


 Size : 483 x 303 x 240mm (W x H x D)
 Weight : S5 – Chassis with pan: 10.0kg
Power module
-S5-PPA600: 1.85Kg
-S5-PPD600: 1.20Kg
SCM Module
 SCM-B208G : 8 Gigabit Ethernet Uplink Port (SFP)
4 10G Ethernet Uplink Port (XFP)
One Console Port (RJ-45)
Module One Ethernet Management Port (RJ-45)
Configuration LIM Module
 LIM-GP8P: 8 ports of Gigabit PON
 LIM-D8GF: 8 Gigabit Ethernet Port
 LIM-D8GT: 8 Gigabit Ethernet Port
 LIM-GW16GF: 1 Core Fiber Optical Link, 2 Seed Light Ports(1 Redundancy Port)
DC Power Supply (Default specification)

 Input Voltage : -48VDC


 Input Voltage Range : -42.5V ~ -56.5V

AC Power Supply (External )


Power  Frequency : 50/60Hz
 Input Voltage : 100 ~ 240VAC
 Input Voltage Range : 88 ~ 264VAC

Power Redundancy

 Two power supply installation available

Operational
Temperature
Environment

A-2 Corecess S5 System With GPON User's Guide


Hardware Specifications

 Operating Range: Commercial version: 0℃ ~ 50℃


Extended commercial version: - 20℃ ~ 60℃
Hardened version: - 40℃ ~ 65℃
 Storage Range : -40 ~ 80°C
Humidity

 Operating Range : 10 ~ 95% (40°C, non-condensing)


 Storage Range : 10 ~ 95% (65°C, non-condensing)
Rack Installation Kit

 Four binder-head screws

Cables
Packages  Console Cable (RJ-45 – DB-9)
 DC Power Cable (5m)

Manual

 User Reference Manual

Product Specifications A-3


Software Specifications

Software Specifications
Table A-2 Corecess S5 System software specifications

Item Specification

VLAN Function
 Support Port based VLAN, IEEE 802.1q tagged VLAN and overlap VLAN (Maximum
4,096)
 Support Spanning Tree and Multicast per VLAN
Link aggregation Function

 IEEE 802.3ad Link aggregation


 Support the maximum 16 of aggregation Groups

Routing Function

 Static
 RIP
 OSPF
 IS-IS
 BGP4
 VRRP

Multicasting Function

 IGMP v2.0
 IGMP snooping
 PIM-SM/DM
Function
 DVMRP

QoS Function

 Multi Field packet classification


 Rate-Limiting : Support the maximum 2,048 of flow (Minimum 6Kbps)
 DiffServ: Support the maximum 2,048 of flow
 802.1p CoS Marking, Reclassification
 TOS Marking, Reclassification
 DSCP Marking, Reclassification
 Scheduling: SP (Strict Priority), WFQ (Weighted Fair Queuing)

Security Function

 Access List
 MAC Filtering
 DHCP Filtering
 NetBIOS Filtering

Internet Access Function

 DHCP (Dynamic Host Control Protocol)


 DHCP Server and Relay
 NTP (Network Time Protocol)

A-4 Corecess S5 System With GPON User's Guide


Software Specifications

Management Function

 Console
- Local : RJ-45 Console Port (Out-band)
- Remote : Telnet and Web based Console (In-band)
 CLI (In-band, Out-band)
 NMS (ViewlinX Manager/EMS)
 Port mirroring
Function
 SNMP v1/v2c
 RMON
- Group 1 (Statistics), Group 2 (History), Group 3 (Alarm), Group 9 (Events)
- Extended RMON
 System log file (configuration log)
 Remote software upgrade (FTP/TFTP)
 System fan status monitoring and control
 RFC 768 UDP
 RFC 791 IP
 RFC 792 ICMP
 RFC 826 ARP
 RFC 768 UDP
 RFC 783 TFTPv2
 RFC 793 TCP
 RFC 826 ARP
 RFC 854 Telnet
 RFC 927 TACACS+
 RFC 951 BOOTP
 RFC 1058 RIP v1
 RFC 1075 DVMRP
 RFC 1112 Host Extensions for IP Multicasting
 RFC 1157 SNMPv1
 RFC 1165 NTP
IETF  RFC 1195 IS-IS
Standard  RFC 1245 OSPF Protocol Analysis
 RFC 1246 Experience with the OSPF Protocol
 RFC 1256 ICMP Router Discover Message
 RFC 1265 BGP Protocol Analysis
 RFC 1266 Experience with the BGP Protocol
 RFC 1349 Type of Service in the Internet Protocol Suite
 RFC 1403 BGP OSPF Interaction
 RFC 1519 CIDR: an Address Assignment and Aggregation Strategy
 RFC 1541 DHCP(Dynamic Host Configuration Protocol)
 RFC 1542 Clarifications and Extensions for the Bootstrap Protocol
 RFC 1583 OSPF v2
 RFC 1587 OSPF NSSA Option
 RFC 1656 BGP v4
 RFC 1657 Definitions of Managed Objects for BGP-4 using SMIv2
 RFC 1723 RIP v2
 RFC 1745 BGP-4/IDRP for IP and OSPF Interaction
 RFC 1765 OSPF Database Overflow

Product Specifications A-5


Software Specifications

 RFC 1771 BGP-4


 RFC 1772 Application of BGP in the Internet
 RFC 1773 Experience with the BGP-4 Protocol
 RFC 1774 BGP-4 Protocol Analysis
 RFC 2453 RIPv2
 RFC 2519 A Framework for Inter-Domain Route Aggregation
 RFC 2573 SNMP Applications
 RFC 2796 BGP Route Reflection Alternative to full mesh IBGP
 RFC 2842 Capabilities Advertisement with BGP-4
 RFC 2858 Multi-protocol Extensions for BGP-4
 RFC 2865 Remote Authentication Dial In User Service (RADIUS)
 RFC 2866 RADIUS Accounting
 RFC 2918 Route Refresh Capability for BGP-4
 RFC 3046 DHCP Relay agent
 RFC 3065 Autonomous System Confederations for BGP
 RFC 3137 OSPF Stub Router Advertisement
IETF
 RFC 3195 Syslog
Standard
 RFC 1793 Extending OSPF to Support Demand Circuits
 RFC 1812 Router Requirements
 RFC 1901 SNMP v2
 RFC 1966 BGP Route Reflection Alternative to full mesh IBGP
 RFC 1997 BGP Communities Attribute
 RFC 1998 BGP Community Attribute in Multi-home Routing
 RFC 2082 RIP-2 MD5 Authentication
 RFC 2131 DHCP
 RFC 2178 OSPF
 RFC 2236 Internet Group Management Protocol, Version 2
 RFC 2328 OSPFv2
 RFC 2338 VRRP
 RFC 2362 PIM-SM
 RFC 2370 OSPF Opaque LSA Option
 RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option
 RFC 2439 BGP Flap Damping
 CORECESS-BASIC-MIB
 CORECESS-SMI
 CORECESS S5 MIB
 RFC 1213 MIB-II
 RFC 1253 OSPF-MIB
 RFC 1354 IP Forwarding MIB
 RFC 1493 BRIDGE-MIB
 RFC 1657 BGP4-MIB
MIB  RFC 1724 RIP v2 MIB
 RFC 1850 OSPF2 MIB
 RFC 1757 RMON-MIB
 RFC 1907 SNMPv2-MIB
 RFC 2011 IP-MIB
 RFC 2012 UDP-MIB
 RFC 2096 IP-FORWARD-MIB
 RFC 2863 IF-MIB
 RFC 2328 OSPF-MIB

A-6 Corecess S5 System With GPON User's Guide


Optical Splitter Specifications

Optical Splitter Specifications


Table A-3 Corecess 4500 Optical Splitter Specification

Item Specification
Number of
32
Branched
 Average : 17.0 dB
Insertion  Maximum : 18.0 dB
Loss  Uniformity : ≤ 1.9 dB
 PDL : ≤ 0.3 dB
Return
Optical > 55dB
Loss
Specification
Directivity > 55dB
Operating
wavelengt 1.26 ~ 1.60 um
h
 Input : Diameter 250μm
Pigtails  Output : Ribbon fiber
 Average length: 1M

Temperature
 Operating Range: Commercial Version: 0℃ ~ 50℃
Extended Commercial Version: - 20℃ ~ 60℃
Environment Hardened version: - 40℃ ~ 65℃
 Storage Range : -40 ~ 80°C
Humidity

 Operating Range : 0 ~ 100% (40°C, non-condensing)

Product Specifications A-7


Edition: 0006
Distribution: 12/2012

Appendix B Connector and Cable Specifications

Appendix B describes the specifications of the ports on the Corecess S5 System. In addition, the kinds and
specifications of cables needed for the connection of each port.
Connector Specifications

Connector Specifications
RJ-45 Connector

10/100/1000Base-T Port

10/100/1000Base-T port on the SCM,LIM module has an 8-pin RJ-45 connector. The
cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1 connectors at both ends.

Pin configuration of 10/100/1000Base-T port is as follows:

Table B-1 Pin Configuration of 10/100/1000Base-T Port

Pin Signal Pin Signal

1 Tx, Rx+ (1 pair) 5 Tx, Rx+ (3 pair)

2 Tx, Rx- (1 pair) 6 Tx, Rx- (2 pair)

3 Tx, Rx+ (2 pair) 7 Tx, Rx+ (4 pair)

4 Tx, Rx- (3 pair) 8 Tx, Rx- (4 pair)

Ethernet Management Port

Ethernet Management port on the SCM module has an 8-pin RJ-45 connector. The cable
used for connecting Ethernet Management port is twisted-pair cable with RJ-45
8 1 connectors at both ends.

Pin configuration of Ethernet Management port is as follows:

Table B-2 Pin Configuration of Ethernet Management Port

Pin Signal

1 Rx+

2 Rx-

3 Tx+

6 Tx-

B-2 Corecess S5 System With GPON User's Guide


Connector Specifications

Console Port for SCM-B208G


1 8 Console port on the SCM-B208G module has an 8-pin RJ-45 connector. The cable used
for connecting console port is serial cable with an RJ-45 connector and a DB-9 at
each end.

Pin configuration of Console port is as follows:

Table B-3 Pin Configuration of Console Port

Pin Signal

3 Tx

4 GND

5 GND

6 Rx

LC Connector

1000Base-SX/LX/LH/ZX Transceiver

In the case that 1000BASE-SX/LX/LH/ZX optical transceiver is applied to


the optical port for GbE, the receiving and transmitting wavelength is the same and
Duplex LC connector is to be used.

Connector and Cable Specifications B-3


Connector Specifications

SC Connector

1000Base-PX and 1000Base-BX Transceiver

In the case that 1000BASE-PX optical transceiver is applied to the optical port
for EPON and 1000BASE-BX optical transceiver is to the optical port for GbE, the
receiving and transmitting wavelength are 1310/1490 nm in each. In that case,

blue-colored SC connector is generally used.

Caution : When it comes to optical connection vulnerable to reflection, green-colored


connector is generally used.
- Video overlay optical connection
- Connection of WDM multiplexed or dimultiplexed port

B-4 Corecess S5 System With GPON User's Guide


Cable Specifications

Cable Specifications
Twisted Pair Cable
The Ethernet Management port and 10/100/1000Base-T port on The SCM-208G module are
connected by using twisted pair cables with RJ-45 connectors at both ends.

There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP
(shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45
connectors at both ends.

According to the speed of devices to be connected: Category-3, 4, 5,


5+, 6

The category of twisted pair cable to be used is determined by the speed of the devices to be
connected to RJ-45 port. In case of connecting with a device that operates at 10Mbps, category 3
and 4 cable is used. In case of connecting with a device that operates at 100Mbps, category 5
cable is used. In case of connecting with a device that operates at 1000Mbps, category 5+ or
category 6 cable is used.

According to the kinds of devices to be connected: Straight-through,


Crossover

Either straight-through cable or crossover cable is used according to the kinds of devices to be
connected to RJ-45 port. In case the device to be connected is such terminal (MDI) as PC
equipped with NIC (Network Interface Card), straight-through cable is used. On the other hand,
crossover cable is used for connecting the ports of network devices (MDI-X) such as hub or
switch.

Connector and Cable Specifications B-5


Cable Specifications

Fiber Optic Cable


The system modules with fiber optic ports are connected using fiber optic cables as follows:

Table B-4 System Modules with Fiber Optic Ports Duplex LC Fiber Optic Cable

Fiber Optic
Module Connector Interface Wave Length(nm)
Cable
1000Base-SX Multi-mode  Rx/Tx : 850nm

1000Base-LX Single mode  Rx/Tx : 1310nm


SCM-B208G Duplex LC 10GBASE-SR Multi-mode  Rx/Tx : 850nm

10GBASE-LR Single mode  Rx/Tx : 1310nm

10GBASE-ER Single mode  Rx/Tx : 1550nm

1000Base-SX Multi-mode  Rx/Tx : 850nm


LIM-D4(8)GF Duplex LC
1000Base-LX Single mode  Rx/Tx : 1310nm
LIM-EP8G-2.5  Rx : 1310nm
1000Base-PX
LIM-EP4G Simplex SC/PC Single mode
LIM-GP8P GPON  Tx : 1490nm

GW-PON
LIM-GW16GF Simplex SC/APC Single mode  Rx/Tx:1535~1560nm
(16CH GbE)

B-6 Corecess S5 System With GPON User's Guide


Cable Specifications

Multi Mode Fiber(MMF)

The orange-colored multi-mode fiber(MMF) is used for the 1000Base-SX transceiver in the
transporting distance less than 550m.

Orange

Single Mode Fiber(SMF)

The yellow-colored single-mode fiber(SMF) is used for the 1000Base-LX/ZX/BX/PX transceiver


in the transporting distance more than 550m.

Single Mode Fiber(SMF) LC Connector


Yellow

Single Mode Fiber(SMF) SC Connector

Connector and Cable Specifications B-7


Cable Specifications

Console Cable SCM-B208G


Console cable is used to connect the console port to a console terminal (ASCII terminals or PCs
equipped with terminal emulation programs). Console cable has an RJ-45 connector and a DB-9
connector at each ends.

Console Port DB-9 Connector

Note: Before connecting the console port, ensure that console terminal is configured as
follows:

Baud rate Data bit Parity Stop bit Flow control


9600 8 None 1 None

B-8 Corecess S5 System With GPON User's Guide


Edition: 0006
Distribution: 12/2012

Appendix C Maintaining

This chapter describes how to maintain the Corecess S5 System.

Caution: Before you install the Corecess S5 system, read ‘Chapter3 Before Installation’.
‘Chapter 3’ contains important safety information you should know before working with the
system.
Replacing Module

Replacing Module
If a module installed in a slot has a problem, the module can replace new one. This section
describes how to replace SCM modules and LIM modules on the Corecess S5 System.

Location of Module Installation


There are five slots in the chassis of the Corecess S5 System, and types of module are as follows:

Example: S5-CH
Corecess S511

SCM Slot (9,10)

LIM Slot (1 ~ 8)

Corecess S506
SCM Slot (5)

LIM Slot(1 ~ 4)

Caution : Be careful not to install modules into the wrong slots when you replace several
modules. Be sure
to confirm module location before installation.

18-2 Corecess S5 System With GPON User's Guide


Replacing Module

Required Tool
If you replace modules installed in the Corecess S5 System, the following tools are required.
Before replacing modules, prepare the tools.

 A screwdriver
 Electrostatic discharge (ESD) grounding strap

Replacing Modules
The replacing procedure of installed module in the Corecess S5 System is as follows:

Note: Since the Corecess S5 System provides the hot-swap functions, the system power
doesn’t have to be turned off.

Warning: Do NOT put your fingers into slots if the system is not turned off. You might
receive an electric shock by the back-plain or power supply.

1. Execute the write memory command in the Telnet session which is connected to the
Corecess S5 System to store current system configuration in the backup configuration file.

2. Disconnect cables that are connected to the replaced module.

3. Loosen two screws on the replaced module using a screwdriver.

4. Push the ejector levers on the both side of the module to release locked state, then pull the
ejector levers outward and extract the module carefully from the chassis.

5. Prepare a module that is to be installed. Place the module to the guide rail that is located in
the both sides of the slot. Then, insert the module carefully until it gets installed in the
connector of the back plane.

6. Push the ejector levers inward, then the module installed completely with the connector of
back plane.

7. Fasten the module firmly by tightening the two screws using a screwdriver.

8. If the module is installed successfully, the Run LED on the module is turned on with green.

Maintaining 18-3
Replacing Fan Tray

Replacing Fan Tray


Fan tray installed in the Corecess S5 System chassis has cooling fans. The cooling fan extracts
heat that is generated into the system and flows cool air into the system.

The replacing procedure of fan tray is as follows:

Caution: Do NOT operate the system when you replace the fan tray. If the fan tray is not
operating, the system can be damaged by the overheat.

1. Check the Fan LED on the system fan tray. The Fan LED is turned on with red when the
fan tray has a problem.

2. Loosen a screw on the front of the fan tray using a screwdriver.

3. Grasp the handle of the fan tray and gently pull it.

4. Prepare new fan tray. Slide the new fan tray into the chassis until the rear of the fan tray
plugs into the corresponding connector on the back-panel.

5. Fasten the fan tray firmly by tightening the screw using a screwdriver.

6. If the fan tray is installed successfully, the LED on the fan tray is turned on with green.

18-4 Corecess S5 System With GPON User's Guide


Cleaning Fan Filter

Cleaning Fan Filter


In the Corecess S5 System, a fan filter that can be reused are installed. If the fan filter is dirty or
clogged by dust, cool air cannot be flowed into the system chassis through the fan filter. The
system can be overheated as the result. Therefore, please check fan filter state once a month -
depends on the site environment, and clean the fan filter.

The following procedure describes how to clean the fan filter in the Corecess S5 System.

1. Grasp the handle of the fan filter, and gently pull it forward until the fan filter is
separated from the chassis. At this time, be sure not to scatter dust of the fan filter.

2. Check the fan filter state. If there is a lot of dust or dirty in the fan filter, remove dust
with a vacuum machine or wash the fan filter with a neutral detergent. When you clean
the fan filter with water, install spare fan filter in the chassis.

3. If you wash the fan filter with a neutral detergent, dry the fan filter in cool place over
eight hours.

4. After cleaning, insert the fan filter into the slot of the chassis.

Maintaining 18-5

You might also like