Manuel d'utilisation / d'entretien du produit S223 du fabricant Siemens
Aller à la page of 381
User Manual SURP ASS hiD 6615 S223/S323 R1.5 UMN:CLI A50010-Y3-C150-2-7619.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 2 A50010-Y3-C150-2-7619 Important Notice on Product Safety Elevated voltages are inevitably presen t at specific points in thi s electrical equipment. Some of the parts may also have elevated operating t emperatures.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 3 Reason for Up date Summary: System softwa re upgrade added Det ails: Chapter/Section Reason for Update 1 1 System software u.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 4 A50010-Y3-C150-2-7619 This document consist s of a tot al 381 pa ges. All pages are issue 2. Content s 1 Introduction .................................................................
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 5 4.2.2 Authentication Interface ..................................................................................... 50 4.2.3 Primary Authentic ation Method ..................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 6 A50010-Y3-C150-2-7619 4.5.4 Applying Def ault V alue...................................................................................... 70 4.5.5 Displaying 802.1x Configuration ...
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 7 6.3.2 IP ICMP Sour ce-Routing ................................................................................... 97 6.3.3 T racing Packet Route ..............................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 8 A50010-Y3-C150-2-7619 7.3.3 Basic TL V ........................................................................................................ 123 7.3.4 LLDP Message ................
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 9 7.6.3.1 Scheduling Algorithm ....................................................................................... 147 7.6.3.2 Qos Weight ...................................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 10 A50010-Y3-C150-2-7619 8.1 VLAN .............................................................................................................. 178 8.1.1 Port-Based VLAN ..............
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 1 1 8.3.5.9 Displaying Conf iguration ................................................................................. 216 8.3.6 Configuring PVSTP/PVRSTP ......................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 12 A50010-Y3-C150-2-7619 8.8.1.16 DHCP Packet S tatistics .................................................................................. 245 8.8.1.17 Displaying DHCP Pool Configuration .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 13 8.9.3.2 RM Node ......................................................................................................... 268 8.9.3.3 Port of ER P domain ....................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 14 A50010-Y3-C150-2-7619 9.2.5.5 Mrouter Port .................................................................................................... 294 9.2.5.6 Multicast TC N Floodi ng .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 15 10.1.1 Basic Config uration ......................................................................................... 318 10.1.1.1 Configuration T ype of BGP ................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 16 A50010-Y3-C150-2-7619 10.2.12 External Routes to OSPF Network ................................................................. 353 10.2.13 OSPF Distance ............................
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 17 Illustrations Fig. 2.1 Network S tructure wi th hiD 6615 S223/S323 ................................................. 23 Fig. 3.1 Software mode structure .....................
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 18 A50010-Y3-C150-2-7619 Fig. 8.38 Ring Recovery ............................................................................................. 267 Fig. 8.39 Example of S tacking .......
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 19 T ables T ab. 1.1 Overview of Chapters ..................................................................................... 20 T ab. 1.2 Command Notation of Guide Book .....
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 20 A50010-Y3-C150-2-7619 1 Introduction 1.1 Audience This manual is intended for SURP ASS hiD 6615 S223/S323 single-board Fast Ethernet switch operators a nd maintenance person nel for providers of Ethernet services.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 21 1.3 Document Convention This guide uses the followi ng conventions to convey instructions and inform ation. Information This information symbol provides u seful in formation when using commands to config ure and means reader t ake note.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 22 A50010-Y3-C150-2-7619 1.6 GPL/LGPL W arranty and Liability Exclusion The Siemens product, SURP ASS hiD 6615, contains both pr oprietary sof tware and “Open Source Software”.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 23 2 System Overview SURP ASS hiD 6615 L3 switch is typical Layer 3 switch intended to construct large-scale network, which provid es aggregated fun ction of upgraded LAN network consisted of typi- cal Ethernet switch.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 24 A50010-Y3-C150-2-7619 2.1 System Features Main features of hiD 6615 S 223/S323, having Fast Ethernet swit ch and Layer 3 switchin g function which support s both Ethernet switching an d IP routing, are follow .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 25 DHCP The hiD 6615 S223/S32 3 support s DHCP (Dynam ic Host Co ntrol Prot ocol) Server that automatically assigns IP address to client s acce ssed to network.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 26 A50010-Y3-C150-2-7619 RADIUS and T ACACS+ hiD 6615 S223/S323 support s client a uthenticat ion protocol, that is RADI US(Remote Au- thentication Dial-In User Service) and T ACA CS+(T erminal Access Controller Access Con- trol System Plus).
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 27 3 Command Line Interface (CLI) This chapter descri bes how to use the Comm and Line Interface (CLI ) which is used to configure the hiD 6615 S223/S323 syste m. • Command Mode • Useful T ip s 3.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 28 A50010-Y3-C150-2-7619 Fig. 3.1 shows hiD 6615 S 323 software mode structure briefly .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 29 3.1.1 Privileged EXEC V i ew Mode When you log in to the switch, the CLI will start with Privileged EXEC V iew mo d e t h at is a read-only mode. In this m ode, you can see a system co nfiguration and information with several com mands.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 30 A50010-Y3-C150-2-7619 T ab. 3.3 shows a couple of important main commands of Global Configuration mode. Command Description access-list Configures policy to limit routing information on the standard of AS.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 31 T ab. 3.4 shows a couple of main commands of Bridge Configuration mode. Command Description auto-reset Configures the system for automatic rebooting dhcp-server-filt er Configures packet filtering of DHCP server .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 32 A50010-Y3-C150-2-7619 3.1.6 DHCP Configuration Mode T o open DHCP Config uration mode, use the command, ip dhcp pool POOL , on Global Configuration mode as follow . Then the prompt is changed from SWITCH(config)# to SWITCH(config -dhcp[POOL ])#.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 33 3.1.8 Interface Configuration Mode T o open Interface Configuration mode, enter the command, interface INTERF ACE , on Global Configuration mode, and then t he prompt is change d from SWITCH(config)# to SWITCH(config-if)#.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 34 A50010-Y3-C150-2-7619 3.1.10 Router Conf iguration Mode T o open Router Configuration mode, use the following command. The system prompt is changed from SWITCH(config)# to SWI TCH(config-router)#.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 35 3.1.12 Route-Map Configuration Mode T o open Route-map Configuration mode, use the following command. The p rompt is changed from SWITCH(config)# to SWI TCH(config-route-map)#.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 36 A50010-Y3-C150-2-7619 3.2 Useful T ip s This section provides useful function s for user ’s convenien ce while using CLI commands.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 37 Command Mode Description show list Shows available commands of the current mode. show cli All Shows available commands of the current mode with tree structure. The following is an exam ple of displaying list of available commands of Privileged EXEC Enable mode.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 38 A50010-Y3-C150-2-7619 After using th ese commands in o rder: show clock → configure terminal → interface 1 → exit , press the arrow key < ↑ > and then you will see the com mands from latest one: exit → interface 1 → con figure terminal → sho w clock .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 39 3.2.5 Exit Current Command Mode T o exit to the previous command mode, use the following comman d. Command Mode Description exit Exits to the previous command mode. end All Exits to Privileged EXEC enable mode.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 40 A50010-Y3-C150-2-7619 4 System Connection and IP Address 4.1 System Connection After inst alling swit ch, the hiD 6615 S223/S323 is supposed to examine that each po rt is rightly connected to netwo rk and management PC .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 41 4.1.2 Password for Pr ivileged EXEC Mode Y ou can configure a password to enhan ce the security for Privileged EXEC Enable mode. T o configure a password for Privileged EXEC Enable mode, use the followin g command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 42 A50010-Y3-C150-2-7619 T o disable password encryption, use the following co mmand. Command Mode Description no service password-encryption Global Disables password encryption. 4.1.3 Changing Login Password T o configure a pa ssword for created account, use the following co mmand.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 43 T o delete the created account, use the following com mand. Command Mode Description user del NAME Global Delete the created account. T o display the created account, use the following com mand.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 44 A50010-Y3-C150-2-7619 Command Mode Description privilege rmon-alarm level <0-15> { COMMAND | all } privilege rmon-event le vel <0-15> { COMMAND | all } Uses the specific command of RMON Configu ration mode in the level.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 45 T o delete a configured security level, use the following command. Command Mode Description no privilege Deletes all configured security levels.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 46 A50010-Y3-C150-2-7619 T o display a configured security level, use the following command. Command Mode Description show privilege Shows a configured security level. show privilege now View Enable Global Shows a security level of current mode.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 47 leged EXEC Enable mode; however as level 1, it is possible to use n ot only the com- mands in level 1 but also t ime configuration comman ds in Privileged EXEC Enable mode and accessing commands to Global Configuration mode.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 48 A50010-Y3-C150-2-7619 4.1.7 Auto Log-out For security reasons of the hiD 6615 S223/S323, i f no command is entere d within the configured inactivity time, the user is a uto matically logged out of the system.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 49 4.1.8.2 Auto System Rebooting The hiD 6615 S223/S323 reboot s the system according to user’s configuration. There are two basises for system rebooting. The se are CPU and memo ry .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 50 A50010-Y3-C150-2-7619 4.2.1 Authentication Method T o set the system authentication me thod, use the following comm and. Command Mode Description login { local | remote } { radius | t acacs | host | all } enable Set the system authentication method.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 51 4.2.4 RADIUS Server 4.2.4.1 RADIUS Server for Sys tem Authentication T o add/delete the RADIUS server for system authentication, use the following command. Command Mode Description login radius server A.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 52 A50010-Y3-C150-2-7619 4.2.4.4 Frequency of Retrans mit If there is no response from RADIUS serv er , the hiD 6615 S223/S323 is supposed to re - transmit an authentication request. T o set the frequency of retransmitting an authentica- tion request, use the following command .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 53 T o specify a timeout value, use the following command . Command Mode Description login t acacs timeout <1 -100> Global S pecifies a timeout value. 1-100: waiting-time for the response (default: 3) 4.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 54 A50010-Y3-C150-2-7619 4.2.6 Accounting Mode The hiD 6615 S223/S323 provides the account ing function of AAA (Authentication, Au- thorization, and Accounting). Accounting is the process of measuring the reso urce s a user has consumed.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 55 4.2.8 Sample Configuration [Sample Configuration 1] C onfiguration RADIUS server The following is an example of configuri ng authorization method in SURP ASS hiD 6615.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 56 A50010-Y3-C150-2-7619 [Sample Configuration 2] C onfiguration T ACACS+ server The following is an example of config uring autho rization method as T ACACS+.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 57 place with TCP/IP through SNMP or telnet, it requires IP address. Y ou can enable interface to communica te wi th switch in.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 58 A50010-Y3-C150-2-7619 4.3.3 Assigning IP Addres s to Network Interface After enabling interface, you need to assign IP address. T o assign IP address to specified network interface, u se the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 59 The following is an exampl e of configuring st at ic rout e to reach three destinations, which are not directly connected. SWITCH(config)# ip route 100.1.1.0/24 10.1.1.2 SWITCH(config)# ip route 200.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 60 A50010-Y3-C150-2-7619 4.3.7 Displaying Interface T o display interface st atus and config uration, use the following co mmand. Command Mode Description show interface [ INTER F ACE ] Enable Global Interface Shows interface status and configuration.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 61 4.4 SSH (Secure Shell) Network security is getting more import ant according to using network has bee n general- ized between users. However , typical FTP and telnet service has weakness for security .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 62 A50010-Y3-C150-2-7619 4.4.1.5 Assigning Specific Authentication Key After enablin g ssh server , each client will upload generated key . The ssh se rver can as- sign specific key among the uploaded keys from several client s.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 63 T o configure authentication key in the hi D 6615 S223/S323, use the following command. Command Mode Description ssh keygen { rsa1 | rsa | dsa } Global Configures authentication key .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 64 A50010-Y3-C150-2-7619 4.5 802.1x Authentication T o enhance security and porta bility of netwo rk management, there are two ways of au- thentication based on MA C address and port -ba sed authenticati on which restrict client s attempting to access to port.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 65 4.5.1 802.1x Authentication 4.5.1.1 Enabling 802.1x T o configure 802.1x, the user should enable 802. 1x daemon first. In orde r to enable 802.1x daemon, use the following com mand.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 66 A50010-Y3-C150-2-7619 After default serve r is designated, all re quests sta rt from the RADIUS server . If there’s n o response from default server agai n, the authentic ation reque st is tried for RADIUS se rver designated as next one.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 67 4.5.1.4 Authentication Port After configuring 802.1x authenticatio n mode, you should select the authenticati on port. Command Mode Description dot1x nas-port PORTS Designates 802.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 68 A50010-Y3-C150-2-7619 4.5.1.7 Configuring Number of Request to RADIUS Server After 802.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 69 Command Mode Description dot1x reauth-enable PORTS Enables 802.1x re-authentication.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 70 A50010-Y3-C150-2-7619 the following command. Command Mode Description dot1x reauthenticate PORTS Global Implement re-authentication regardless of the config- ured time interval. 4.5.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 71 4.5.7 Sample Configuration The following is to show the co nfiguration af ter configuring pot nu mber 4 as the authenti- cation port and registering IP address of aut hentication po rt and in formation of RADIUS server .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 72 A50010-Y3-C150-2-7619 PortAuthed |.......................................... MacEnable |...m...................................... MacAuthed |...u....................................
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 73 5 Port Configuration It is possible for user to configure ba sic envir onment such a s auto-negotiate, transmit rate, and flow control of the hiD 6615 S223/S323 port. Al so, it includes instru ctions how to con- figure port mirroring and port as b asic.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 74 A50010-Y3-C150-2-7619 Command Mode Description port medium PORT { sf p | rj45 } Bridge Selects port type (Default: RJ45) T o view the configuration of switch port type, use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 75 5.2.2 Auto-negotiation Auto-negotiation is a mech anism that take s co ntrol of the cable when a connecti on is es- tablished to a netwo rk device.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 76 A50010-Y3-C150-2-7619 SWITCH(bridge)# show port 1 ------------------------------------------------------------------- NO TYPE PVID .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 77 T o configure flow control of the Et hernet port, use the following command. Command Mode Description port flow-control PORTS { on | off } Bridge Configures flow control for a specified port, enter the port number .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 78 A50010-Y3-C150-2-7619 5.2.7 T raffic St atistics 5.2.7.1 The Packet s St atistics T o display traffic stati stic of each port o r interface with MIB or RM ON MIB data defined, use the following commands.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 79 Otherwise, to clear all recorded st atistics of port and initiate, use the following command. Command Mode Description clear port statistics { POR TS | all } Enable Global Bridge Clears all recorded port statistics.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 80 A50010-Y3-C150-2-7619 5.2.8 Port St atus T o display a port status, use the followin g command. Command Mode Description show port PORTS Sho ws configured state of port, enter the port number .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 81 Fig. 5.2 Port Mirroring T o configure port mirroring, designate mirrore d port s and monitor po rt. Then enable po rt mirroring function. Monitor port should be connected to the watch program installed PC.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 82 A50010-Y3-C150-2-7619 Ste p 4 T o delete and modify the configur ation, use the following command . Command Mode Description mirror disable Deactivate monitoring. mirror del PORTS [ ingress | egress ] Bridge Delete a port from the mirrored ports.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 83 6 System Environment 6.1 Environment Configuration Y ou can configure a system environme nt of the hiD 6615 S223/S323 with .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 84 A50010-Y3-C150-2-7619 The following is an example of setting system time and date as 10:20pm, July 4 th, 2005. SWITCH# clock 06 Mar 2006 10:20 Mon, 6 Mar 2006 10:20:00 GMT+0000 SWITCH# 6.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 85 T o display a configured NTP , use the following command. Command Mode Description show ntp Enable Global Shows a configured NTP function. The following is an example of configuring 203.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 86 A50010-Y3-C150-2-7619 always correct and there won't be any subsequent time jump s af ter the initial correction. Unlike NTP , SNTP usually uses just on e Ethernet T ime Serve r to calculate the time and then it "jumps" the syste m time to the ca lculated time.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 87 6.1.8 Login Banner It is possible to set system login and log-out banne r . Administrator can leave a message to other users with this banner . T o set system login and log-out banne r , use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 88 A50010-Y3-C150-2-7619 Command Mode Description no dns Global Deletes DNS server and domain name. 6.1.10 Fan Operation In hiD 6615 S223/S323, it is po ssible to cont rol fan operation.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 89 T o show a configured threshold of CPU load, use the followin g command. Command Mode Description show cpuload All Shows a configured threshold of CPU load. 6.1.12.2 Port T raffic T o set a threshold of port traf fic, use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 90 A50010-Y3-C150-2-7619 6.1.12.4 System T emperature T o set a threshold of system tem perature, use the followin g command. Command Mode Description threshold temp VA L U E VA L U E Sets a threshold of system temperature in the unit of centigrade (°C).
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 91 6.1.14 Assigning IP Address of FTP Client Serveral IP a ddresses can be assign ed on hiD 6615 S223/S323. But user can specify one source I P address connecting FTP server wh en the switch is a client.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 92 A50010-Y3-C150-2-7619 The following is an example to display a configu ration of syslog. SWITCH# show running-config syslog ! syslog start syslog output info local volatile syslog output info local non-volatile ! SWITCH# 6.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 93 T o back up a system configuration file us ing FTP or TFTP , use the following command. Command Mode Description copy { ft p | tft p } confi g upload { FILE-NAME | startup-config } Uploads a file to ftp or f ttp server with a name config- ured by user .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 94 A50010-Y3-C150-2-7619 After restorin g a default configuration, you need to restart the system to initiate. The following is an example of restori ng a default co nfiguration of the system.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 95 The following is the basic informatio n to operate ping test. Items Description Protocol [ip] Supports ping test. Default is IP . T arget IP address Sends ICMP echo message by inputting IP address or host name of destination in order to check network status with relative.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 96 A50010-Y3-C150-2-7619 The following is the information to use pi ng test for multiple IP addresse s. Items Description Source address or interface Designates the address where the relative device should respond in source ip address.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 97 6.3.2 IP ICMP Source-Routing If you implement PING test to verify the stat u s of network connection, icmp request ar- rives at the final destination as the clos est rout e according to the routing theory .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 98 A50010-Y3-C150-2-7619 T o perform ping test as the route which the manager designate d, use the following step s. Ste p 1 Enable IP so urce-routing function from the equipme nt connected to PC which the PING test is going to be performed.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 99 The following is an example of traci ng p acket route sent to 10.2.2.20. SWITCH# traceroute 10.2.2.20 traceroute to 10.2.2.20 (10.2.2.20), 30 hops max, 38 byte packets 1 10.2.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 100 A50010-Y3-C150-2-7619 6.3.6 Configuring Ageing time SURP ASS hiD 6615 records MAC T able to prevent Broadcast pa ckets from transmitting. And unnecessary MAC address that do es not response during specified time is deleted from the MAC table automatically .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 101 6.3.9 System Memory Information T o display a system memory status, use the followin g command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 102 A50010-Y3-C150-2-7619 The following is an example of displaying information of the runnin g processes. SWITCH# show process USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND admin 1 0.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 103 configure one of two as def ault OS what user want s. In hiD 6615 S223/S323, a system image saved in os1 is configured as def ault OS by default. T o desgnate a default OS, use the following comm and.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 104 A50010-Y3-C150-2-7619 7 Network Management 7.1 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) sy ste m is consisted of three part s: SNMP manager , a managed device and S NMP agent.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 105 T o display a configured SNMP commu nity , use the following command. Command Mode Description show snmp communit y Enable Global Shows a created SNMP community . The following is an example of creating 2 SNMP communities.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 106 A50010-Y3-C150-2-7619 7.1.3 SNMP Com2sec SNMP v2 authori zes the host to access the agent according to the identity of the host and community name. The command, com 2sec , specifies the mapping from the identity of the host and community name to securi ty name.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 107 7.1.5 SNMP View Record Y ou can create an SNMP view reco rd to limit access to MIB object s with object identity (OID) by an SNMP mana ger . T o configure an SNMP view record, use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 108 A50010-Y3-C150-2-7619 T o display a granted an SNMP group to access a specifi c SNMP view record, use the fol- lowing command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 109 7.1.8.1 SNMP T rap Host T o set an SNMP trap ho st, use the following command. Command Mode Description snmp trap-host IP-ADDRESS [ COMMUNITY ] snmp trap2-host IP-ADDRESS [ COMMUNITY ] S pecifies IP address of an SNMP trap host.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 1 10 A50010-Y3-C150-2-7619 7.1.8.3 Enabling SNMP T rap The system provides vari ous kind of SNMP trap, but it may inef ficiently work if all these trap messages are sent very frequently .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 1 1 1 snmp trap dhcp-lease Configures the system to send SNMP trap when no more IP address that can be assigned in the subnet of DHCP server is left. snmp trap fan Configures the system to send SNMP trap when the fan begins to operate or stops.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 1 12 A50010-Y3-C150-2-7619 7.1.8.5 Displaying SNMP T rap T o display a configuration of SNMP trap, use the following command. Command Mode Description show snmp trap Enable Global Shows a configuration of SNMP trap.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 1 13 7.1.9.2 Default Alarm Severity T o configure a priority of alarm, use the following com mand. Command Mode Description snmp alarm-severit y default { critical | major | minor | wa rn ing | intermediate } Global Configures the priority of alarm.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 1 14 A50010-Y3-C150-2-7619 7.1.9.4 Generic Alarm Severity T o configure generic alarm severity , use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 1 15 If you want to delete a configured alarm severity , use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 1 16 A50010-Y3-C150-2-7619 Command Mode Description snmp alarm-severity adva-if-tr ans-fault { criti- cal | major | minor | warn i n g | intermediate } Sends alarm notification with the sever- ity when ADV A informs to fail to transmit the packet s.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 1 17 Command Mode Description snmp alarm-severit y erp-domain-reach-fail { critical | major | minor | wa rn in g | intermedi- .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 1 18 A50010-Y3-C150-2-7619 T o display a configured severity of alarm, use the following comm ands. Command Mode Description show snmp alarm-se verity Enable Global Shows a configured severity of alarm.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 1 19 7.2 Operation, Administration and Maintenance (OAM) In the enterprise, Ethernet links and n etworks have been manag ed via Simple Network Management Protocol (SNMP).
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 120 A50010-Y3-C150-2-7619 7.2.2 Local OAM Mode T o configure Local OAM, use the following com mand. Command Mode Description oam local mode { acti ve | p assive } PORTS Bridge Configures the mode of local OAM.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 121 T o display the information of peer host us ing OAM function, use the following comm and.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 122 A50010-Y3-C150-2-7619 The following is to configure to enable OAM loopback functio n through 25 port of the switch and operate on ce.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 123 7.3 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) is t he functio n of transmitting data for network management for the switches connected in LAN according to IEEE 802.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 124 A50010-Y3-C150-2-7619 In hiD 6615 S223/S323, t he administrator can enable and di sable basic TL V by selecting it. T o enable basic TL V by selecting it, use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 125 7.3.6 Displaying LLDP Configuration T o display LLDP configuration, use the following com mand. Command Mode Description show lldp config POR TS Shows LLDP configuration. show lldp remote POR TS Show statistics for remote entries.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 126 A50010-Y3-C150-2-7619 7.4 Remote Monitoring (RMON) Remote Monitoring (RMON) is a funct ion to monitor communication st atus of devices connected to Ethernet at remote place.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 127 want to list available commands. The following is an example of listing available commands on RMON Configuration mode.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 128 A50010-Y3-C150-2-7619 1 sec is the minimum time which can be sel ected. But the minimum sampling interval currently is 30 sec, i.e., all intervals w ill be round up to a multiple of 30 seconds.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 129 7.4.2 RMON Alarm There are two ways to compare with the th reshold: absolute co mpari son and delt a com- par ison .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 130 A50010-Y3-C150-2-7619 7.4.2.2 Object of Sample Inquiry User needs object value used for sample inquiry to pro vide RMON Alarm. The following is rule of object for sample inquiry . T o assign object used for sample inquiry , use the follow- ing command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 131 7.4.2.5 Lower Bound of Threshold If you need to occur alarm when object used for sample inquiry is less than lower bound of threshold, you should configure lower boun d of threshold.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 132 A50010-Y3-C150-2-7619 T o configure interval of sample inquiry for RMON al arm, use the following comm and. Command Mode Description sample-interval <0-65535> RMON Configures interval of sample inquiry .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 133 T o configure community for trap messag e transmission, use the following comm and. Command Mode Description community NAME RMON Configures password for trap message transmission right.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 134 A50010-Y3-C150-2-7619 Command Mode Description active RMON Activates RMON event. 7.4.3.6 Deleting Configuration of RMON Event Before changing the configuration of RM ON event, you should delete RMON event of the number and configure it again.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 135 7.5 Syslog The syslog is a function that allows the network el ement to generate the event notification and forward it to the event message collector like a syslog serve r .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 136 A50010-Y3-C150-2-7619 Syslog Output Lev el with a Priority T o set a user-defined syslog output level with a priority , use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 137 The following is an examp le of configuring syslog messag e to send all logs higher than notice to remote host 10.1.1.1 and confi gurin g local1.info to transmit to console.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 138 A50010-Y3-C150-2-7619 7.5.4 Debug Message for Remote T e rminal T o display a syslog debug message to a remote terminal, use the f ollowing command. Command Mode Description terminal monitor Enables a terminal monitor function.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 139 7.6 Rule and QoS The hiD 6615 S223/S323 p rovides rule and QoS feature for traf fic management. The rule classifies incoming traf fic, and then processe s the traf fic according to user-defined poli- cies.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 140 A50010-Y3-C150-2-7619 • Scheduling Algorithm T o handle overloading of traf fics, you need to configure diff erently processing orders of graphic by using schedul ing algorith m.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 141 7.6.2.3 Packet Classification After configuring a p acket classification fo r a rule, then configure ho w to process the packet s. T o specify a packet-classifying p attern, use the following comman d.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 142 A50010-Y3-C150-2-7619 Command Mode Description ip { A.B.C.D | A.B.C.D/M | any } { A.B.C.D | A.B.C.D/M | any } icmp Classifies an IP protocol (ICMP): A.B.C.D: source/destination IP address A.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 143 7.6.2.4 Rule Action T o specify a rule action ( match ) for the packet s matching conf igu red classify ing pat terns, use the following command . Command Mode Description match den y Denies a packet.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 144 A50010-Y3-C150-2-7619 T o delete a specified rule action ( match ), use the following comm and.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 145 T o delete a specified rule action ( no-match ), use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 146 A50010-Y3-C150-2-7619 7.6.2.7 Displaying Rule The following command ca n be used to show a certain rule by it s name, all rules of a cer- tain type, or all rules at once sorte d by rule type.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 147 7.6.3.1 Scheduling Algorithm T o process incoming packet s by the queue scheduler , the hiD 6615 S223/S323 provides the scheduling algorithm as S trict Priority Queuing (SP), Weighted Round Ro bin (WRR) and Weighte d Fair Queuing (WFQ).
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 148 A50010-Y3-C150-2-7619 Fig. 7.2 Weighted Fai r Queuing Strict Priority Queuing (SP) SPQ processes first more import ant dat a than the others.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 149 T o select a packet sche duling mode, use the following comm and. Command Mode Description qos scheduling-mod e { sp | wr .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 150 A50010-Y3-C150-2-7619 T o define an 802.1p priory-to-queue map for 8 queues, use the foll owing command. Command Mode Description qos map <0-7> <0-3> Global Priority to queue number mapping, priorit y value (0-7) according to 802.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 151 7.6.4.1 Rule Creation For the hiD 6615 S223/S323, you need to open Admin Access Rule Configurati on mode first. After opening Admin Access Rule Configuration mode, the prom pt changes from SWITCH(config)# to SWITCH(c onfig-admin-rule[NAME])#.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 152 A50010-Y3-C150-2-7619 7.6.4.3 Packet Classification After configuring a p acket classification fo r a rule, then configure ho w to process the packet s. T o specify a packet-classifying p attern, use the following comman d.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 153 7.6.4.4 Rule Action T o specify a rule action ( match ) for the packet s matching conf igu red classify ing pat terns, use the following command . Command Mode Description match den y Denies a packet.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 154 A50010-Y3-C150-2-7619 execution of comm and, apply . That is, if several rules being di ff erent only in one value should be created, then only the one changed value need s to be entered again.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 155 7.7 NetBIOS Filtering NetBIOS (Network Basic Input/Output System) is a program that allows application s on different com puters to communicate within a local a rea network (LAN).
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 156 A50010-Y3-C150-2-7619 The following is an example of configuri ng NetBIOS filtering in port 1~5 and showing it. SWITCH(bridge)# netbios-filter 1-5 SWITCH(bridge)# show netbios-filter o:enable .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 157 Command Mode Description max-hosts POR TS <1-16> Limits the number of connection to a port by setting maximum host: PORTS: enter the port number . 1-16: enter the maximum MAC number .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 158 A50010-Y3-C150-2-7619 T o configure max new host s, use the following comm and. Command Mode Description max-new-hosts PORTS MAX- MAC-NU MBER The number of MAC address that can be learned on the port for a second.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 159 Step 2 Set the maximum number of secure MAC add ress for the port. Command Mode Description port security PORT S maximu m <1-16384> Bridge Sets a maximum number of secure MAC address for the port.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 160 A50010-Y3-C150-2-7619 T o display the configuration of port securi ty , use the following command. Command Mode Description show port security [ PORTS ] Bridge Shows port security on the port.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 161 T o disable the configuration of port secure aging, use the following comm and. Command Mode Description no port security PORTS aging static Disables aging for only statistically configured secure addresses.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 162 A50010-Y3-C150-2-7619 T o remove registered dynamic MAC addresses from the MAC table, use the followin g command. Command Mode Description clear mac Clears dynamic MAC addresses. clear mac NAME Clears dy namic MAC addresses.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 163 7.12 MAC Filtering It is possible to forward frame to MAC address of destination. Without specific perform- ance degradation, maximum 4,096 MA C addres ses can be registered.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 164 A50010-Y3-C150-2-7619 Command Mode Description mac-filter add MACADDR { deny | permit } Bridge Allows or blocks packet which brings configured mac address to specified port. V ariable MAC-ADDRESS is composed of twelve di gits number in Hexa decimal.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 165 Sample Configuration The latest policy is recorded as numb er 1. The following is an exa mple of permitting MAC address 00:02:a5:74:9b:17 and 00:01:a7 :70:01:d2 and showing t able of filter policy .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 166 A50010-Y3-C150-2-7619 7.13.1.1 Registering ARP T able The content s of ARP t able are automatica lly registered whe n MAC address co rresponds to MAC address is founded.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 167 7.13.2 ARP Alias Although clients are join ed in same client switch, it may be impossible to communicate between client s for their private securi ty .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 168 A50010-Y3-C150-2-7619 Y ou can configure the switch to perform additional checks on the destination MAC ad- dress, the sender and t arget IP address and the source MAC address.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 169 7.13.4 Gratuitous ARP Gratuitous ARP is a broadcast pa cket like an ARP request. It cont aining IP address and MAC address of gateway , and the network is ac cessible even thoug h IP ad dresses of specific host’ s gateway are r epeatedly assigned to the other .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 170 A50010-Y3-C150-2-7619 Ty p e V a l u e Ty p e V a l u e ICMP_ECHOREPL Y 0 ICMP_DEST_UNREACH 3 ICMP_SOURCE_QUENCH 4 ICMP_REDIRECT 5.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 171 T o configure interval to transmit ICMP me ssage, the administrator should configure th e type of message and the interval time. Use the following command, to configu re the interval for transmit ICMP message.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 172 A50010-Y3-C150-2-7619 T o configure the limited ICMP transmi ssion time, use the following command. Command Mode Description ip icmp interval rate-limit IN- TERV AL Global Configures a limited ICMP transmission time.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 173 The following is an example for configu ring ICMP Redire ct Message and checking the configuration. SWITCH(config)# show running-config (omitted) interface 1 ip address 222.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 174 A50010-Y3-C150-2-7619 help prevent that hackers can find impossible con nections. T o configure not to send the message that informs TCP conne ction can not be done, u se the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 175 7.16.1.1 Packet Dump by Protocol Y ou can see packets about BOOTPS, DHCP , ARP and ICMP using the following com- mand. Command Mode Description debug packet { interface IN TER- FA C E | port PORTS } protocol { bootps | dhcp | arp | icmp } { src- ip A.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 176 A50010-Y3-C150-2-7619 T ab. 7.4 shows the options for packet dump. Option Description -a Change Network & Broadcast address to name.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 177 7.16.2 Debug Packet Dump The hiD 6615 S223/S323 provide s network d ebugging functio n to prevent system over- head for unknown p acket inflow . Monitoring pr ocess checks CP U load per 5 seconds.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 178 A50010-Y3-C150-2-7619 8 System Main Functions 8.1 VLAN The first step in setting up your bri dging netwo rk is to define VLAN on your switch. VLAN is a bridged network th at is logically segment ed by cu stomer or function.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 179 8.1.1 Port-Based VLAN The simplest implicit mappi ng rule is known as port -based VLAN. A frame is assigned t o a VLAN based solely on th e switch port on which the frame arrives.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 180 A50010-Y3-C150-2-7619 8.1.1.1 Creating VLAN T o configure VLAN on user’s network, use the following com mand. Command Mode Description vlan create VLANS Bridge Creates new VLAN by assigning VLAN ID: VLANS: enter the number of VLAN ID (f rom 1 to 4094).
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 181 8.1.1.5 Displaying VLAN T o display a configuration of VLAN, use the following command. Command Mode Description show vlan [ VLANS ] Enable Global Bridge Shows the configuration for specific VLAN, enter VLAN ID.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 182 A50010-Y3-C150-2-7619 Command Mode Description vlan macbase MAC-ADDRESS <1-4094> Configure VLAN based on MAC address no vlan macbase MAC- ADDRESS Bridge Clears configured VLAN based on MAC address.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 183 Advantages Disadvant ages VLAN association rules only need to be applied once. T ags can onl y be interpreted by VLAN aware devices. Only edge switches need to know the VLAN as- sociation rules.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 184 A50010-Y3-C150-2-7619 8.1.8 QinQ QinQ or Double T agging is one way for tunneling bet ween networks TU TU TT T U U T T T VLAN 200 .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 185 able of carrying double-t agged traf fic. A trunk po rt is always connecte d to another trunk port on a different switch. Switchin g shall be performed between trunk port s and tunnel s ports and b etween dif ferent trunk port s.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 186 A50010-Y3-C150-2-7619 • DT and HT LS cannot be configured at the same time. (If switch shoul d operate as DT , HTSL has to be disabled.) • TPID value of all ports on switch is sam e.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 187 isolation. If you want to configure Priv ate VLAN on the hiD 6615 S223/S323 switch, refer to Port Isolation configuration. 8.1.9.1 Port Isolation The Port Isolation feature is a m ethod that re strict s L2 switchin g between isolated port s in a VLAN.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 188 A50010-Y3-C150-2-7619 Fig. 8.5 In Case External Packets Enter und er Layer 2 environment (1 ) T o transmit the untagged pa cket from uplink port to subs criber , a new VLAN should be created including all subscribe r ports an d uplink port s.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 189 8.1.10 VLAN T ranslation VLAN T ranslation is simpl y an action of Rule. This function is to translate the value of specific VLAN ID which classified by Rule. The switch makes T ag adding PVID on Untagge d packet s, and use T agged Packet as it is.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 190 A50010-Y3-C150-2-7619 | 1 2 3 4 Na me( VID| FID) |123456789012345678901234567890123456789012 ----------------------------------------------------------------- default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2( 2| 2) |.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 191 --------------------------------------------------------------- | 1 2 3 4 Eth ertype | VID |123456789012345678901234567890123456789012 --------------------------------------------------------------- 0x0800 5 .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 192 A50010-Y3-C150-2-7619 default b r2 br3 br 4 Outer Network Uplink Port SWITCH(bridge)# vlan create br2 SWITCH(bridge)# vlan create .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 193 Bandwidth with 1 port Enlarged bandwid th with many ports A logical port that can be made by aggregating a number of the ports. Fig. 8.7 Link Aggregation The hiD 6615 S223/S323 supports t wo kinds of link aggre gation as port trunk an d LACP .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 194 A50010-Y3-C150-2-7619 enter . It is decided with Source IP address, De stination IP address, Source MAC address, Destination Mac address and the u ser could get info rmation of packet s to deci ded packet route.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 195 • Configuring LA CP • Packet Route • Operating Mode of Member Port • Priority of Switch • Identifying Member Port s within LACP • BPDU T ransmissi on Rate • Key value of Member Port • Priority • Displaying LACP Configuration 8.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 196 A50010-Y3-C150-2-7619 • dstip : Destination IP address • dstmac: Destination MAC address • srcdstip: Runs by reference to bo.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 197 8.2.2.4 Identifying Member Ports within LACP The port configured as member port is bas i cally configured to aggregate to LACP .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 198 A50010-Y3-C150-2-7619 T o delete key value of configured memb er port, use the following command. Command Mode Description no lacp port admin-ke y POR TS Bridge Deletes key value of select ed member port, select the member port number .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 199 8.2.2.9 Displaying LACP Configuration T o display a configured LACP , use the following command. Command Mode Description show lacp aggregat or Shows the information of aggregated port.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 200 A50010-Y3-C150-2-7619 8.3 S p anning-T ree Protocol (STP) LAN, which is composed of double-path like to ken ri ng, has the advantage that it is pos- sible to access in case of d isconnection with on e path .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 201 Meanwhile, RSTP (Rapid S panning-T ree Proto col) defined in IEEE 802.1w innovate re- duces the time of network convergence on ST P (S panning-T ree Protocol). It is easy and fast to configure new protocol.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 202 A50010-Y3-C150-2-7619 After configuring STP , these switches exchange their information. The priority of SWITCH A is 8, the priority of SWITCH B is 9 and the priority of SWITCH C is 10.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 203 Designated Port and Root Port A Root Port is the port in the active topology that provides connectivity from the Desig- nated Switch toward the root.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 204 A50010-Y3-C150-2-7619 Port St ates Each port on a switch can be in one of five states.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 205 8.3.2 RSTP Operation STP or RST P is configu red on network where Loop can be created. However , RSTP is more rapidly progressed than STP at the st age of reaching to the last topology .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 206 A50010-Y3-C150-2-7619 BPDU Policy 802.1d forwards BPDU following Hello-time inst alled in root switch and the other switch except root switch its own BPDU only when rece iving BPDU from root switch.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 207 Switch B Switch C BPDU Flow ROOT Switch D 1. New link created 2. Transmit BPDU at listening state 3. Block to prevent loop Switch A Fig. 8.16 Convergence of 802.1d Network This is very an epochal way of preventing a loop.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 208 A50010-Y3-C150-2-7619 SWITCH A negotiates with root through BPDU. T o make link between SWITCH A and root, port state of non-e dge designated port of SWITCH is ch anged to blocking.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 209 It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However , 802.1w does not need any configured time to negotiate between switche s to make for- warding state of specific port.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 210 A50010-Y3-C150-2-7619 Operation Here explains how STP/MSTP differently operat es on the LAN. Suppose to configure 1 00 of VLAN from Switch A to B, C. In case of STP , there’s only a STP on all of VLAN and it does not provide multiple inst ances.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 21 1 In CST , A and B are the switches operating with STP and C, D and, E are those operating with MSTP . First, in CST , CIST is establishe d to decide CST Root . After CST root is de- cided, the closest switch to CST root is decided a s IST root of the region.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 212 A50010-Y3-C150-2-7619 8.3.5 Configuring STP/RSTP/MSTP T o configure STP and RSTP , use the following steps. Step 1 Decide STP mode using the stp force -v ersion { stp | rstp } comm and.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 213 T ransmit Rate Path-c ost 4M 250 10M 100 100M 19 1G 4 10G 2 Ta b . 8 . 2 STP Path-cost T ransmit Rate Path-c ost 4M 20,000,000 10M 2,000,000 100M 200,000 1G 20,000 10G 2,000 Ta b .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 214 A50010-Y3-C150-2-7619 8.3.5.5 MST Region If MSTP is est ablished in the hiD 661 5 S223/S 323, decid e which MST region the switch is going to belong to by configuring MST configur ation ID.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 215 8.3.5.6 MSTP Pro tocol MSTP protocol has a backward comp atibility . MSTP is comp atible with STP and RSTP . If some other bridge runs with STP mode and send BPDU version o f STP or RSTP , MSTP automatically changes to STP mode.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 216 A50010-Y3-C150-2-7619 T o delete the edge port mode, use the following com mand. Command Mode Description no stp edge-por t PORTS Bridge Deletes port edge mode: PORTS: select the port number .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 217 8.3.6 Configuring PVSTP/PVRSTP STP and RSPT are designed with on e VLAN in the network.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 218 A50010-Y3-C150-2-7619 8.3.6.2 Root Switch In order establish PVSTP , PVRSTP function, firs t of all, Root switch should be decided. Each switch has its own B ridge ID and Root switch on same LAN is deci ded by comp ar- ing their Bridge ID.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 219 8.3.7 Root Guard The standard STP does n ot allow the administrator to enforce the position of the root bridge, as any bridge in the network with lowe r bridge ID will t ake the role of the root bridge.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 220 A50010-Y3-C150-2-7619 T o clear configured Restart ing Protocol Migration, use the following comm and. Command Mode Description stp clear-detect ed-protocol PORTS Bridge Configures restarting pr otocol migration function.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 221 T o clear configured hello-time, use the following com mand. Command Mode Description no stp mst hello-time Returns to the default hello time value of STP , RSTP and MSTP .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 222 A50010-Y3-C150-2-7619 T o delete a configured max age, use the following command. Command Mode Description no stp mst max-age Returns to the default max-age value of STP , RSTP and MSTP .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 223 T o configure BPDU guard in the swit ch, perform the following procedure. Step 1 Configure the specific port as edge-po rt. Command Mode Description stp edge-port PORTS Configures the port as Edge port.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 224 A50010-Y3-C150-2-7619 T o enable/disable self loop detection, use the followin g command. Command Mode Description self-loop-detec t { enable | di s- able } Bridge Enables/disables self loop detection function.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 225 8.3.10 Sample Configuration Backup Route When you design layer 2 network, you must consider backup route for st able STP net- work. This is to prevent net work corruption when just one additiona l path exit s.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 226 A50010-Y3-C150-2-7619 MSTP Confi guration Router VLAN 101 ~ 200 MST Region 1 Instance 1 VLAN 111~120 Instance 2 VLAN 121~130 Insta.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 227 8.4 V irtual Router Redu ndancy Protocol (VRRP) Virtual ro uter redundancy proto col (VRRP) is co nfiguring V irtual router (VRRP Group) consisted of VRRP routers to prevent netwo rk failure ca used by one dedicated router .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 228 A50010-Y3-C150-2-7619 8.4.1 Configuring VRRP T o configure the hiD 6615 S323 as device in V irtual Router , use the following command on Global Configuration mode. Then you can co nfigure VRRP by opening VRRP Configu- ration mode.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 229 8.4.1.2 Access to Associated IP Address If you configure the function of accessing As sociated IP addre ss, you can access to As- sociated IP address by the command s such as ping.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 230 A50010-Y3-C150-2-7619 The following is an exampl e of configuring Ma ster Router and Backup Ro uter by comp ar- ing their Priorities: V irtual Routers, Layer 3 SWITCH 1 – 101 and Layer 3 SWITCH 2 – 102.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 231 <Layer 3 SWITCH1: IP address - 10.0.0.1/24> SWTICH1(config)# router vrrp default 1 SWITCH1(config-router)# associate 10.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 232 A50010-Y3-C150-2-7619 Internet Master Router 1 IP : 10.0.0.3/24 Default Gateway : 10.0.0.5/24 Backup Router 1 IP : 10.0.0.2/24 Backup Router 2 IP : 10.0.0.1/24 Virtual Router Associate IP : 10.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 233 T o configure an authentication password for se curity of V irtual Router , use the following command on VRRP configuration mode. Command Mode Description authentication c lear_text P ASSWORD Configures an authentication password.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 234 A50010-Y3-C150-2-7619 Also, to make Preempt “enable” as default setting, use the followi ng command on VRRP configuration mode. Command Mode Description no preempt VRRP Deletes the former configuration of Preempt to enable it.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 235 8.5.1 Configuring Rate Limit T o set a port bandwidth, use the following com mand. Command Mode Description rate PORTS RA TE [ egress | in- gress ] Sets port bandwidth. If you input egress or ingress, you can configure outgoing packet or incoming packet.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 236 A50010-Y3-C150-2-7619 8.6 Flood Guard Flood-guard limit s number of packet s, how many p acket s can be transmitted , in config- ured bandwid th, whereas Rate limit co ntrols pa ckets thro ugh configuring wi dth of band- width, which p ackets p ass through.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 237 8.6.2 Sample Configuration The following is an example of showing the c onfiguration af ter limiting the number of packet s transmitted to the port number 1 as 10,0 00.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 238 A50010-Y3-C150-2-7619 8.8 Dynamic Host Configuration Protocol (DHCP) Dynamic host configuratio n protocol (DHCP) is a TCP/IP st andard for si mplifying the ad- ministrative management of IP address conf iguration by automat ing address config ura- tion for network client s.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 239 The hiD 6615 S223/S323 flexibly provide s the functions as the DHCP server or DHCP re- lay agent according to your DHCP configuration.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 240 A50010-Y3-C150-2-7619 8.8.1.1 DHCP Pool Creation The DHCP pool is a grou p of IP addresse s that will be assigned to DHCP client s by DHCP serve r .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 241 The following is an example for specifying the ran ge of IP addresses. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 242 A50010-Y3-C150-2-7619 The following is an example of setting default and ma ximum IP lease time. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 243 8.8.1.8 Domain Name T o set a domain name, use the following comm and. Command Mode Description domain-name DOMAIN Sets a domain name. no domain-name DHCP Pool Deletes a specified domain name.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 244 A50010-Y3-C150-2-7619 T o select a recognition method of DHCP clients, use t he following command. Command Mode Description ip dhcp database-key { clie nt-id | hardware-address } Global Selects a recognition method of DHCP client s 8.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 245 T o display a list of valid or invalid (blocked) IP addresses, use the following com mand. Command Mode Description show ip dhcp authoriz ed-arp val id Shows a list of valid IP addresses.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 246 A50010-Y3-C150-2-7619 The following is an example of displaying DHCP p acket statistics.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 247 8.8.2 DHCP Address Allocation with Option 82 The DHCP server provided by the hiD 6615 S223/S323 can assign dynamic I P addresse s based on DHCP option 82 information sent by the DHCP relay agent.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 248 A50010-Y3-C150-2-7619 T o delete specified option 82 informatio n for IP assignment, use th e following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 249 8.8.3 DHCP Lease Dat abase 8.8.3.1 DHCP Database Agent The hiD 6615 S223/S32 3 provides a feature t hat al lows to a DHCP server automatically saves a DHCP lease database o n a DHCP dat abase agent.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 250 A50010-Y3-C150-2-7619 8.8.3.3 Deleting DHCP Lease Dat abase T o delete a DHCP lea se database, u se the following command. Command Mode Description clear ip dhcp leasedb A.B.C.D/M Deletes a DHCP lease database a specified subnet.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 251 Before configuring DHCP server or relay , you need to use the service dhcp command first to activate the DHCP function in the system. 8.8.4.1 Packet Forwarding Address A DHCP client send s DHCP_DISCOVER messa ge to a DHCP server .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 252 A50010-Y3-C150-2-7619 T o enable the smart relay agent forwarding, use the following command. Command Mode Description ip dhcp smart-relay Enables a smart rela y . no ip dhcp sma rt-relay Global Disables a smart relay .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 253 Client Identifier S poofing By using the agent-supplied remote ID opti on, the u ntrusted and as-yet unst andardi zed client identifier field need not be used by the DHCP server .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 254 A50010-Y3-C150-2-7619 T o specify a remote ID, use the following command. Command Mode Description syst em-rem ote-id hex HEXSTRING syst em-rem ote-id ip A.B.C.D syst em-rem ote-id text STRING Option 82 S pecifies a remote ID.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 255 If you specify the def ault trust policy as deny , the DHCP pack et that carries the informa- tion you specifies below will be permitted, and vice versa. T rusted Remote ID T o specify a trusted remote ID, use the followin g command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 256 A50010-Y3-C150-2-7619 8.8.6 DHCP Client An interface of the hiD 6615 S223/S323 can be configured as a DHCP client, whi ch can obtain an IP address from a DHCP server .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 257 8.8.6.5 IP Lease T ime T o specify IP lease time that is requeste d to a DHCP serve r , use the following command. Command Mode Description ip dhcp client lease <120-21474 83637> Specifies I P lease time in the unit of second (default: 3600).
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 258 A50010-Y3-C150-2-7619 8.8.7 DHCP Snooping For enhanced security , the hiD 6615 S223/S323 provides the DHCP snoop ing feature. The DHCP snoopi ng filters unt rusted DHCP messages and maint ains a DHCP snooping binding tabl e.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 259 8.8.7.3 DHCP Rate Limit T o set the number of DHCP packet per se co nd (pp s) that an interface can re ceive, use the following command. Command Mode Description ip dhcp snooping limit-rat e PORTS <1-255> Sets a rate limit for DHCP p ackets.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 260 A50010-Y3-C150-2-7619 8.8.7.6 DHCP Snooping Dat abase Agent When DHCP snooping is enable d, the system uses the DHCP snooping bi nding dat abase to store information about untrusted interfac es.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 261 The DHCP snooping dat abase agent should be TFTP server . 8.8.7.7 Displaying DHCP Snooping Configuration T o display DHCP snooping table, use the followi ng command. Command Mode Description show ip dhcp snoo ping Shows a DHCP snooping configuration.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 262 A50010-Y3-C150-2-7619 T o enable IP source guard, DHCP snooping nee ds to be enabled. T o enable IP source guard with a source IP address filtering on a port, use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 263 8.8.9 DHCP Filtering 8.8.9.1 DHCP Packet Filtering For the hiD 6615 S223/S323, it is possible to block t he specific client with MAC address. If the blocked MAC address by administrato r request s IP add ress, the serve r does not assign IP .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 264 A50010-Y3-C150-2-7619 DHCP Server A Client 1 Client 2 To prevent IP assignment from client 3, DHCP filteri ng is needed for the po.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 265 8.9 Ethernet Ring Protection (ERP) The ERP is a Siemens pro tection protocol and procedure to protect Ethernet ring topolo- gies. It is a fast failure detection and recovery so that it decreases the time to prevent Loop under 50ms.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 266 A50010-Y3-C150-2-7619 Normal Node Normal Node Normal Node RM Node P S 1. Secondary port of RM node is changed as unblocking state 2. Send Link Down Message 2. Send Link Down Message Fig.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 267 3. Unblock the port recovered from Link Failure 2. Send RM Link Up mes sage Normal Node Normal Node Normal Node RM Node P S 2. Send RM Link Up message 1. Block RM Node of secondary port Fig.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 268 A50010-Y3-C150-2-7619 8.9.3.2 RM Node T o configure RM Node, use the following command. Command Mode Description erp rmnode DOMAIN-ID Configures RM node of ERP node mode. no erp rmnode DOMAIN-ID Bridge Configures ERP node mode as normal node.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 269 8.9.3.6 Manual Switch to Secondary T o configure Manual Switch to Secondary , use the following com mand. Command Mode Description erp ms-s DOMAIN-ID Bridge Configures ERP manual switch to secondary T o disable Manual Switch to Secondary , use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 270 A50010-Y3-C150-2-7619 T o return ERP T est Packet Interval as Default, use the following co mmand. Command Mode Description no erp test-packet-interval DO- MAIN-ID Bridge Configures ERP test pa cket interval as default value 8.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 271 A switch, which is supposed to manage the other switches in stacki ng is named as Ma s- ter switch and the other switches ma naged by Master switch a re named as Slave switch.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 272 A50010-Y3-C150-2-7619 8.10.3 Disabling S t acking T o disable stacking, use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 273 open Interface configuration mode of VLAN to regi ster as a switch group for sta cking. The following is an example of configuring Interfa ce of switch group as 1. SWITCH_A# configure terminal SWITCH_A(config)# interface 1 SWITCH_A(interface)# ip address 192.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 274 A50010-Y3-C150-2-7619 [Sample Configuration 2] Accessing from Master Switch to Slave Switch The following is an example of accessin g to Slave switch from Master switch configured in [Sample Configuration 1].
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 275 Command Mode Description no storm-control { broadcast | multicast | dlf } [ PORTS ] Bridge Disables broadcast, multicast, or DLF storm control respectively . T o display a configuration of storm control, use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 276 A50010-Y3-C150-2-7619 port02 : 2200/ 1518 port03 : 2200/ 1518 port04 : 2200/ 1518 port05 : 2200/ 1518 port06 : 2200/ 1518 port07 : 2200/ 1518 port08 : 2200/ 1518 port09 : 2200/ 1518 port10 : 2200/ 1518 port11 : 1518/ 1518 port12 : 1518/ 1518 SWITCH(bridge)# 8.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 277 The following is an example of configura tion to mtu size as 100. SWITCH(config-if)# mtu 100 SWITCH(config-if)# show running-config interface 1 ! interface default mtu 100 bandwidth 1m ip address 10.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 278 A50010-Y3-C150-2-7619 9 IP Multicast T raditional IP network pro vided unicast transmission a host to se nd packet s to a singl e host or broadcast transmission. But multicast provides grou p transmission a host to send packet s to a group of all h osts.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 279 ing and PIM-SM should be configured at the same tim e. hiX 5430 More than one port on same interf ace Layer 3 Netw or k Multicast Server PIM-SM Set-top Box Set-top Box Multicast data IGMP Join/Leave message IGMP Snooping Fig.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 280 A50010-Y3-C150-2-7619 9.1.3 Clearing MRIB Information Clearing T ot al or Partial Group Entry of MRIB If you use the clear ip mroute comma nd, the MRIB clears the m ulticast route entries in its multicast route t able, and removes the entrie s from the multicast forwarder .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 281 9.1.4 Displaying MRIB Information T o display MRIB information, use the following command s Command Mode Description show .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 282 A50010-Y3-C150-2-7619 9.1.7 Multicast Aging L2 and L3 Join information about Multicast Group used to apply on the chip set without Multicast S tream, which makes dissatisfaction for Maximum Multicast Entry .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 283 9.2 Internet Group Manage ment Protocol (IGMP) Internet Group Management Protocol (IGMP) is use d by hosts a nd routers that support multicasting. All the systems on a network ca n know which ho sts belon g to which multi- cast group s.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 284 A50010-Y3-C150-2-7619 9.2.1.2 Removing IGMP Entry T o clear IGMP interface entries, use the followin g command. Command Mode Description clear ip igmp interface INTE R- FA C E Clears IGMP interface entries on an interface.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 285 IGMP cache, but the swit ch is not a member . Therefo re it can support fast switching. T o configure IGMP static Join, use the f ollowing comm and. Command Mode Description ip igmp static-group A.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 286 A50010-Y3-C150-2-7619 querier for the interface af ter the pr evious querie r has stopped querying. Command Mode Description ip igmp querier-timeout <60-300> Configures the IGMP queier timeout.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 287 9.2.2.4 IGMP v2 Fast Leave In IGMP version 2, you can minimize the leave latency of IGMP membe rships. This com- mand is used when only one re ceiver host is connected to each interface.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 288 A50010-Y3-C150-2-7619 9.2.3 L2 MFIB Occasionally , unknown multicast traffic is flooded because a MA C address has timed out or has not been learned by the switch. T o guarantee that no multicast traffic is flooded to the port, use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 289 Step 3 Enable IGMP snooping on a VLAN interface. Command Mode Description ip igmp snooping vlan VLANS Global Enables IGMP snooping on a VLAN interface. VLANS: 1-4094 Step 4 Return to Privileged EXEC Enable mode using the exit command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 290 A50010-Y3-C150-2-7619 Multicast Packet Multicast Router hiX 5430 1. Request th e Multicast Packet 2. Transmit the Multicast packet to the port that sen d jo in massage Multicast Join request Multicast P acket Fig.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 291 T o disable IGMP snooping fast-leave, use the followin g command. Command Mode Description no ip igmp snooping immedia te- leav e Deletes the fast-leave. no ip igmp snooping vlan VLAN- ID immed iate- leave Global Deletes the fast-leave on a VLAN interface.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 292 A50010-Y3-C150-2-7619 The Query Interval of IGMP v2 Snooping Querier T o configure a query interval of the querier , use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 293 T o display IGMP query parameter , use the following command. Command Mode Description show ip igmp snooping [ vl a n VLANS ] querier [ detail ] Enable Global Bridge V erifies that the IGMP snooping querier is enabled.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 294 A50010-Y3-C150-2-7619 9.2.5.4 IGMP v2 Snooping Report Method When IGMP report suppression is enabl ed, the switch forwards only one IGMP report pe r multicast router query . When report suppressi on is disa bled, all IGMP report s are for- warded to the multicast routers.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 295 T o disable the port where multicast router is connected, use the following com mand.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 296 A50010-Y3-C150-2-7619 T o flood multicast traffic when TC N packet is re ceived, use the following comm and. Command Mode Description ip igmp snooping tc n flood Designates the port where multicast router is con- nected to on the system.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 297 9.2.6 IGMP v3 S nooping This chapter consist s of these sections • IGMP Snoopi ng V ersion • Join Host Management • Immediate Block 9.2.6.1 IGMP Snooping V ersion The report s sent to the multicast router are s ent based on the version of that interface.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 298 A50010-Y3-C150-2-7619 T o display a configuration, use the following command. Command Mode Description show ip igmp snooping explicit- tracking { vlan VLANS | port PORTS | group A.B.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 299 9.2.7.1 Enabling MVR T o use the MVR, enable the MVR function with the following comm and. Command Mode Description mvr Enables MVR on the system. no mvr Global Disables MVR on the system.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 300 A50010-Y3-C150-2-7619 T o delete the statically configured MVR group address, use the following comm and. Command Mode Description no mvr vlan VLAN helper Global Deletes a MVR group address.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 301 dropped, and the port is n ot allowed to receive IP multica st traffic from that group. If the filtering action permits a ccess to the multicas t gro up, the IGMP report from the port is forwarded for normal processi ng.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 302 A50010-Y3-C150-2-7619 9.2.8.4 Applying IGMP Profile to the Filter Port T o apply the configured IGMP Profile to the filter port, use the following comman d. Command Mode Description ip igmp filter port PORT S profile <1-2147483647> Global Configures IGMP profile.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 303 9.2.9 Displaying IGMP Snooping T able T o display an IGMP snooping t able, use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 304 A50010-Y3-C150-2-7619 1. Multicast packet transmitted to RP (Rendezvous Point) A B C D E F 2. Ask RP for multicast packet 3. RP transmits multicast packet for the request RP 2. Ask RP for multicast packet 3.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 305 9.3.1.1 PIM-SM and Passive Mode Y ou need to open Interface Configuration mode of specified interface for a ctivating PIM- SM on Ethernet interface. T o open Interface Configuration mode, use the following com- mand.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 306 A50010-Y3-C150-2-7619 the DR. 9.3.1.3 Filters of Neighbor in PIM Enable filtering of neighbors on the interface.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 307 9.3.1.5 PIM Debug T o activate PIM-SM debugging, use the following command. Command Mode Description debug pim { all | event s | nexthop | mib | mfc | nsm | packet [ in | out ] | st ate | timer } Activates PIM debugging.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 308 A50010-Y3-C150-2-7619 priority , becomes BSR among them. If there are routers, which have same pri ority , then one router , which has the highest IP address, becom es BSR. It is possible to configure t he following mess ages, which are inclu ded in candidate-BSR message.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 309 decide which IP address to be used as candidate-R P . This command is used to st atically configure the RP address f or multicast groups. T o configure IP address to be used in candidate-RP , use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 310 A50010-Y3-C150-2-7619 9.3.4.3 KA T (Keep Alive T ime) of RP Y ou can configure KA T for (S, G) state s at RP to monitor PIM Register packet s, overridi ng the generic KA T timer value.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 31 1 T o configure the registration suppression time, use the following co mmand. Command Mode Description ip pim register-suppr ession <1-65535> Configures the time of registration suppression.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 312 A50010-Y3-C150-2-7619 sage in response. It is normally the loopback interface addres s, but can also be other physical addresse s. This address mu st be adver tised by uni cast routing protocols on the DR.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 313 9.3.7 PIM Join/Prune Interoperability T o configure the TX interval of PIM/Join/Prune Message, use the following com mand. Command Mode Description ip pim message-inter val <1-65535> Configures Join/Prune timer value.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 314 A50010-Y3-C150-2-7619 When the Register message is tran smitted, the range of Checksum in header conforms to header pa rt as RFC st andard, b ut whole pa cket is included in the range of checksum in case of Cisco router .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 315 9.3.9 PIM-SSM Group T o define the Source S pecific Multicast (SSM ) range of IP multicast addresses, use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 316 A50010-Y3-C150-2-7619 T o display the PIM Snooping configuration, use the following command. Command Mode Description show ip pim snoopi ng Sho ws the PIM snooping configuration such as en- able/disable status and the enabled VLANs.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 317 10 IP Routing Protocol Routing functionalities such as RIP , OSPF , BGP and PIM-SM are only available for hi D 6615 S323.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 318 A50010-Y3-C150-2-7619 10.1.1 Basic Configuration 10.1.1.1 Configuration T ype of BGP When configuring BGP , you can select BGP configuration type between st andard BGP and ZebOS BGP for the hiD 6615 S323.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 319 Ste p 2 T o specify a network to operate with BGP , use the following command. Command Mode Description network A.B.C.D/M network A.B.C.D mask NET- MASK Router Adds BGP network to operate.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 320 A50010-Y3-C150-2-7619 10.1.2.1 Summary of Path Aggregation combines the characteristics of several dif ferent routes and advert ises a sin- gle route. In the example of 2 route s info rmation of 172.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 321 10.1.2.3 Multi-Exit Discriminator (MED) During the best-path sel ection proces s, the switch comp ares weight, local preference an d as-path in turn among the simila r param eters of BGP routers.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 322 A50010-Y3-C150-2-7619 T o ignore AS-path for sele cting the best path, use the followin g command. Command Mode Description bgp bestpath as-path ignore Ignores the information of AS-path as a factor in the algorithm for choosing the best route.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 323 T o compare MED values on the exchange of path information betwee n Confederation Peers, use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 324 A50010-Y3-C150-2-7619 • Rest art T ime It’s the waiting time for the resta rting of Neighboring router’s BGP process. Resta rt time allows BGP pro cess time to rest art and implement the intern al connection (The session).
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 325 10.1.4 BGP Neighbor T o assign IP address or peer group na me for BGP Neig hboring router within specifie d AS number , use the following command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 326 A50010-Y3-C150-2-7619 T o create a BGP Peer Group, use the following command. Command Mode Description neighbor NAME peer-group Create a BGP peer group. NAME: peer group name no neighbor NAME peer-group Router Delete the BGP peer group created before.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 327 T o disable the exchange information with a specified route r or peer group, use the follow- ing command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 328 A50010-Y3-C150-2-7619 T o reset the sessions of all peers and initialize the details of ro ute configurations, use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 329 Command Mode Description clear ip bgp <1-65535> soft [ in | out ] clear ip bgp <1-65535> ipv4 { unicast | mult.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 330 A50010-Y3-C150-2-7619 See Section 10.1.5.1 when you configu re the detail p arameters. T o reset the sessions of BGP router co nnected to external AS an d initialize the detail s of route configurations, use the following co mmand.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 331 Command Mode Description clear ip bgp peer-group GROUP out clear ip bgp peer-group GROUP ipv4 { unicast | multicast } out Resets the session for all members of specified peer group.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 332 A50010-Y3-C150-2-7619 Command Mode Description show ip bgp neighbor s NEIGHBOR-IP recei ved-routes show ip bgp ipv4 { unicast | mu.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 333 10.2 Open Shortest Path First (OSPF) Open shortest path first (OSPF) is an interi or gate way protocol developed by the OSPF working group of Internet Engineering T ask Fo rce (IETF).
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 334 A50010-Y3-C150-2-7619 Step1 Open Router Configuration mode from G lobal Configu ration mode. Command Mode Description router ospf [<1-65535>] Opens Rout er Configuration mode with enabling OSPF .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 335 Ste p 3 Use the network command to specify a network to operate with OSPF . There are two ways to show network information co nfigurations. Firstly , show s IP address with bitmask like “10.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 336 A50010-Y3-C150-2-7619 10.2.4.1 Authentication T ype Authentication encodes communications amo ng the routers. This function is for security of information in OSPF router . T o configure authentication of OSPF router for security , use the following command.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 337 T o configure an authentication key which is based on MD5 encoding, use the following command. Command Mode Description ip ospf message-digest-ke y <1- 255> md5 KEY [ active ] ip ospf message-digest-ke y <1- 255> md5 [ active ] ip ospf A.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 338 A50010-Y3-C150-2-7619 T o delete a configured interface cost for OSPF , use the following command. Command Mode Description no ip ospf cost no ip ospf A.B.C.D cost Interface Deletes a configured an interface cost for OSPF .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 339 T ransmit dela y is considering of the configuratio n for LSA transmission time. The interval explained as above must be consi stent across all routers in an att ached net- work.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 340 A50010-Y3-C150-2-7619 10.2.4.6 OSPF Maximum T ransmission Unit (MTU) Router verifies MTU when DD (Dat abase De scription) is exchanging among the route rs on OSPF networks. Basically , OSPF network can not be organized if there are dif ferent sizes of MTUs between routers.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 341 T o delete a configured priority of OSPF router , use the following co mmand. Command Mode Description no ip ospf priority no ip ospf A.B.C.D priority Interface Deletes a configured priority of OSPF router .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 342 A50010-Y3-C150-2-7619 T o delete a configured router communicated by non-b roadcast type, use the following command. Command Mode Description no neighbor A.B.C.D cos t [<1-65535>] no neighbor A.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 343 10.2.6.2 Default Cost of Area The default cost of Area is configured only in ABR. ABR function is for delivering t he summary default route to stub area or NSSA, in that ca ses the default cost of area must be required.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 344 A50010-Y3-C150-2-7619 10.2.6.4 Not So Stubby Area (NSSA) NSSA (Not So S tubby Area) is stub Area whic h can transmit the routing information to Area by ASBR. On the other hand, S tub Area cannot transmit the routing information to area.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 345 T o configure NSSA with one option, use the followin g command. Command Mode Description area <0-4294967295> nssa de.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 346 A50010-Y3-C150-2-7619 10.2.6.5 Area Range In case of OSPF belon gs to several Areas, Area routing information can b e shown in one routing path. Like as ab ove, various routing informa tion of Area can be comb ined and summarized to transmit to out side.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 347 10.2.6.7 Stub Area S tub Area is that ABR is connected to Backbone Area. If it is assigned as S tub Area, ABR will notify the default path to S tub Area and other routing protocol information will not transmit to S tub Area.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 348 A50010-Y3-C150-2-7619 In this time, if there is no answer from receiver for c onfigured time, the ro uter trans- mits LSA ag ain.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 349 T o delete a configured virtual link, use the following command. Command Mode Description no area <0-4294967295> virtual-link A.B.C.D authentication [ message- digest | null ] no area <0-4294967295> virtual-link A.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 350 A50010-Y3-C150-2-7619 T o configure the Graceful Restart, use the following command. Command Mode Description cap ability restart { graceful | reliable-graceful | signaling } Configures the Graceful Restart.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 351 T o release the configuration, use the following comm and. Command Mode Description no ospf rest art grace-period <1-1800> ospf rest art helper never no ospf rest art helper max-grace-period <1- 1800> Global Releases t he configuration.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 352 A50010-Y3-C150-2-7619 • route-map T ransmit s specific routing informatio n to assign ed route which has MAP-NAME. The detail op tions for default route configuratio n are classified in 4 as above, and those configurations can be sele cted more than 2 options without orde r.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 353 T o configure the period of finding, use the following command. Command Mode Description timers spf SPF-DELA Y SPF- HOLD Router Configures the period of finding in the unit of second.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 354 A50010-Y3-C150-2-7619 The following example shows h ow to configure it with more than 2 option s: • redistribute { bgp | conne c.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 355 The following example shows h ow to configure the dist ance with more than 2 o ptions: • dist ance osp f external <1-.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 356 A50010-Y3-C150-2-7619 10.2.16 Blocking Routing Information The hiD 6615 S323 can classify and restrict t he routing information. T o configure this function, sort the specific routing information in acce ss-list first, and block the routing in- formation in access-list.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 357 10.2.18.1 Displaying OSPF Protocol Information Y ou can verify several information about OSPF protocol. T o display the information about OSPF protocol, use the following com mand.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 358 A50010-Y3-C150-2-7619 T o display the interface information of OSPF , use the following command. Command Mode Description show ip ospf interface [ INTERF ACE ] Enable Global Shows the interface information of OSPF .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 359 10.2.18.2 Displaying Debugging Information The hiD 6615 S323 use s debug command to find the reason of problem. Use t he follow- ing command. Command Mode Description debug ospf all Shows all the debugging information.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 360 A50010-Y3-C150-2-7619 10.2.18.4 Maximum Process of LSA The hiD 6615 S323 can configures maximum nu mber of LSA to process. LSA is classified as internal route LSA and external route L SA, maximum number of LSA can configure on each class.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 361 10.3 Routing Information Protocol (RIP) Routing Information Protocol (RIP), as it is more commonly used than any other Routing Protocols, for use in small, homogene ous networks.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 362 A50010-Y3-C150-2-7619 Step 2 Configure the network to operate as RIP . Command Mode Description network { A.B.C.D/M | INTER- FA C E } Establishes the network to operate as RIP . A.B.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 363 Command Mode Description neighbor A.B.C.D Configures a neighbor router to exchange routing in- formation. A.B.C.D: neighbor address no neighbor A.B.C.D Router Deletes the neighbor router .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 364 A50010-Y3-C150-2-7619 Command Mode Description ip rip receive version 1 Receives RIP v1 type p acket only from the interface. ip rip receive version 2 Receives RIP v2 type p acket only from the interface.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 365 Command Mode Description redistribute { kernel | connected | static | osp f | bgp } redistribute { kernel | connected | st.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 366 A50010-Y3-C150-2-7619 Command Mode Description match interface INTERF ACE T ransmit s the information to specified interface only . INTERF ACE: interface name match ip address {<1-199> | <1300-2699> | N AME } T ransmits the information matched with access-list.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 367 10.3.7 Administrative Dist ance Administrative distance is a measure of the tr ustworthiness of the sour ce of the routing in- formation.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 368 A50010-Y3-C150-2-7619 10.3.9.1 Filtering Access List and Prefix List The hiD 6615 S323 switch is able to permit and deny condition s that you can use to filter inbound or outbound rout es by access-list or prefix-list.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 369 T o add the value of routing metrics, use the following command. Command Mode Description offset-list ACCESS-LIST { in | out } <0-16> [ INTERF ACE ] Router Add an offset to incoming or outgoing metrics to r outes learned via RIP .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 370 A50010-Y3-C150-2-7619 T o adjust the timers, use the following command. Command Mode Description timers basic UPDA TE TIMEOUT GARBAGE Adjusts RIP network timers. no timers basic UPDA TE TIME- OUT GARBAGE Router Restores the default timers.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 371 T o configure RIP authentication, use the following command. Command Mode Description ip rip authentication key-chain NAME Enables authentication for RIP v2 p ackets and to spec- ify the set of keys that can be used on an interface.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 372 A50010-Y3-C150-2-7619 command. Command Mode Description recv-bu f fer size <8196- 2147483647> Sets the UDP Buf fer size value for using RIP .
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 373 11 System Sof tware Upgrade For the system enhancem ent and sta bility , new system software m ay be released. Using this software, the hiD 6615 S223/323 can be upgraded without any hardware ch ange.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 374 A50010-Y3-C150-2-7619 ############################################################################## ############################################################################## ############################################################ 13661792 bytes download OK.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 375 Ste p 2 T o enable the MGMT interface to communicate with TFTP server , you need to configure a proper IP address, subnet mask and gateway on the interface. T o configure an IP address, use the followin g command.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 376 A50010-Y3-C150-2-7619 Ste p 3 Download the new system sof tware via TFTP using the following command. Command Mode Description load { os1 | os2 } A.B.C.D FIL E- NAME Boot Downloads the system software.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 377 Ste p 4 Reboot the system with the new system software u sing the following command. Command Mode Description reboot [ os1 | os2 ] Boot Reboots the system with specified system sof tware.
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 378 A50010-Y3-C150-2-7619 Ste p 4 Exit the FTP client using the followin g command. Command Mode Description exit FTP Exits the FTP client. T o reflect the downloaded system sof tware, the system must rest art using the reload command! For more inform ation, see Section 4.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 379 12 Abbreviations ACL Access Control List ARP Address Resolution Protocol BGP Border Gateway Protocol CBS Committed Burs t .
U M N : C L I U s e r M a n u a l SURPASS hiD 6615 S223/S323 R1.5 380 A50010-Y3-C150-2-7619 IETF Internet Engineering T ask Force IGMP Internet Group Management Protocol IP Internet Protocol IRL Input.
User Manual UMN:CLI SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 381 STP S panning T ree Protocol SW Software TCP T ransmission Control Protocol TDM T ime Division Multiplexing TFTP T rivial .
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Siemens S223 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Siemens S223 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Siemens S223, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Siemens S223 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Siemens S223, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Siemens S223.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Siemens S223. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Siemens S223 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.