Download Print this page

Raisecom ISCOM2600G-HI (A) Series Configuration Manual

Table Of Contents

page of 581

/ 581
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

www.raisecom.com

ISCOM2600G-HI (A) Series

Configuration Guide

(Rel_01)

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the ISCOM2600G-HI (A) Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Raisecom ISCOM2600G-HI (A) Series

Page 1 ISCOM2600G-HI (A) Series Configuration Guide (Rel_01)
Page 2 Website: http://www.raisecom.com Tel: 8610-82883305 Fax: 8610-82883056 Email: export@raisecom.com Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing, P.R.China Postal code: 100094 ----------------------------------------------------------------------------------------------------------------------------------------- Notice Copyright ©2018 Raisecom All rights reserved.
Page 3 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Preface Preface Objectives This document describes features supported by the ISCOM2600G-HI series switch, and related configurations, including basic configurations, basic principles and configuration procedures of Ethernet, ring network protection, reliability, security, and QoS, and related configuration examples.
Page 4 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Preface Symbol Description Provide additional information to emphasize or supplement important points of the main text. Indicate a tip that may help you solve a problem or save time. General conventions Convention Description Times New Roman Normal paragraphs are in Times New Roman.
Page 5 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Preface Change history Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions. Issue 01 (2018-05-14) Initial commercial release Raisecom Proprietary and Confidential Copyright © Raisecom Technology Co., Ltd.
Page 6: Table Of Contents
Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents Contents 1 Basic configurations ........................1 1.1 CLI ................................... 1 1.1.1 Introduction ............................. 1 1.1.2 Privileges ..............................2 1.1.3 Modes ..............................2 1.1.4 Shortcut keys ............................4 1.1.5 Acquiring help ............................6 1.1.6 Display information ..........................8 1.1.7 Command history ............................
Page 7 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 1.5.1 Introduction ............................27 1.5.2 Preparing for configurations ......................... 27 1.5.3 Automatically updating version and configurations ................28 1.5.4 Checking configurations ........................28 1.5.5 Maintenance ............................29 1.6 Time management ............................29 1.6.1 Introduction ............................29 1.6.2 Preparing for configurations .........................
Page 8 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 2 Ethernet ............................50 2.1 MAC address table ............................50 2.1.1 Introduction ............................50 2.1.2 Preparing for configurations ......................... 52 2.1.3 Default configurations of MAC address table ..................53 2.1.4 Configuring static MAC address ......................53 2.1.5 Configuring blackhole MAC address ....................
Page 9 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 2.4.5 Configuring selective QinQ ........................77 2.4.6 Configuring network-side interface to Trunk mode ................78 2.4.7 Configuring TPID ..........................78 2.4.8 Checking configurations ........................79 2.4.9 Example for configuring basic QinQ ....................79 2.4.10 Example for configuring selective QinQ ....................
Page 10 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 2.7.16 Configuring STP/RSTP/MSTP mode switching ................108 2.7.17 Configuring link type ........................109 2.7.18 Configuring root interface protection ....................109 2.7.19 Configuring interface loopguard ....................... 110 2.7.20 Configuring TC packet suppression ....................110 2.7.21 Checking configurations ........................
Page 11 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 2.12.4 Configuring global L2CP ........................131 2.12.5 Configuring L2CP profile ......................... 132 2.12.6 Configuring L2CP profile on interface ..................... 132 2.12.7 Checking configurations ........................133 2.12.8 Maintenance ............................133 2.12.9 Example for configuring L2CP ......................133 2.13 Voice VLAN ...............................
Page 12 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 3.3.8 Configuring ISF system software ......................163 3.4 Configuring ISF ............................164 3.4.1 Preparing for configurations ....................... 164 3.4.2 Default configurations of ISF......................164 3.4.3 Preconfiguration mode ........................164 3.4.4 Non-preconfiguration mode ........................ 165 3.5 Preconfiguring ISF in standalone mode .......................
Page 13 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 4.2.4 Creating ELPS pair ..........................200 4.2.5 Configuring ELPS fault detection mode ..................... 202 4.2.6 (Optional) configuring ELPS control ....................202 4.2.7 Checking configurations ........................203 4.2.8 Maintenance ............................203 4.2.9 Example for configuring 1:1 ELPS protection ..................204 5 IP services ...........................
Page 14 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 5.4.8 Maintenance ............................219 5.5 Static route ..............................220 5.5.1 Introduction ............................220 5.5.2 Preparing for configurations ....................... 220 5.5.3 Configuring static route ........................220 5.5.4 Configuring route mangement ......................221 5.5.5 Checking configurations ........................221 5.5.6 Example for configuring static route ....................
Page 15 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 6.1.7 Example for configuring DHCP Client ....................256 6.2 Zero-configuration ............................258 6.2.1 Introduction ............................258 6.2.2 Default configurations of zero-configuration ..................259 6.2.3 Preparing for configuration ......................... 259 6.2.4 Configuring DHCP Client ........................260 6.2.5 (Optional) configuring zero-configuration polling ................
Page 16 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 6.6.6 Configuring global DHCPv6 Relay ....................283 6.6.7 Configuring DHCPv6 Relay on VLAN interface ................284 6.6.8 (Optional) configuring DHCP Relay to support Option 82 ..............284 6.6.9 Checking configurations ........................284 6.6.10 Example for configuring DHCPv4 Relay ..................285 7 QoS ...............................
Page 17 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 7.5.3 Creating traffic class ........................... 303 7.5.4 Configuring traffic classification rules ....................303 7.5.5 Creating rate limiting rule and shapping rule ..................304 7.5.6 Creating traffic policy ......................... 305 7.5.7 Defining traffic policy mapping ......................305 7.5.8 Defining traffic policy operation ......................
Page 18 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 8.4.1 Introduction ............................335 8.4.2 Preparing for configurations ....................... 336 8.4.3 Default configurations of IGMP Querier .................... 336 8.4.4 Configuring IGMP Querier ......................... 337 8.4.5 Checking configurations ........................338 8.4.6 Example for configuring IGMP Snooping and IGMP Querier ............338 8.5 IGMP MVR ..............................
Page 19 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 9.1 Introduction ..............................362 9.2 EFM ................................364 9.2.1 Introduction ............................364 9.2.2 Preparing for configurations ....................... 364 9.2.3 Default configurations of EFM ......................364 9.2.4 Configuring basic functions of EFM ....................365 9.2.5 Configuring active functions of EFM ....................
Page 20 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 9.5.5 Checking configurations ........................396 10 Security............................397 10.1 ACL ................................397 10.1.1 Introduction ............................397 10.1.2 Preparing for configurations ......................398 10.1.3 Configuring MAC ACL ........................398 10.1.4 Configuring ACL period ........................401 10.1.5 Configuring filter ..........................
Page 21 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 10.5.1 Introduction ............................422 10.5.2 Preparing for configurations ......................422 10.5.3 Default configurations of TACACS+ ....................423 10.5.4 Configuring TACACS+ authorization....................423 10.5.5 Configuring TACACS+ authentication ..................... 423 10.5.6 Configuring TACACS+ accounting ....................424 10.5.7 Configuring TACACS+ authorization....................
Page 22 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 10.9.5 Configuring PPPoE+ packet information ..................447 10.9.6 Checking configurations ........................449 10.9.7 Maintenance ............................449 10.9.8 Example for configuring PPPoE+ ..................... 450 10.10 Configuring CPU protection ........................452 10.10.1 Preparing for configurations ......................452 10.10.2 Configuring global CPU CAR ......................
Page 23 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 11.4.4 Configuring UDLD ........................... 474 11.4.5 Checking configurations ........................474 11.5 mLACP............................... 475 11.5.1 Introduction ............................475 11.5.2 Preparing for configurations ......................476 11.5.3 Configuring ICCP channel ........................ 476 11.5.4 Configuring mLACP link aggregation ....................477 11.5.5 Checking configurations ........................
Page 24 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 12.3.7 Configuring LLDP alarm ........................505 12.3.8 Configuring TLV ..........................505 12.3.9 Checking configurations ........................505 12.3.10 Maintenance ............................ 506 12.3.11 Example for configuring LLDP ...................... 506 12.4 Optical module DDM ..........................509 12.4.1 Introduction ............................
Page 25 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Contents 12.9 Cable diagnosis ............................531 12.9.1 Introduction ............................531 12.9.2 Preparing for configurations ......................532 12.9.3 Configuring cable diagnosis ......................532 12.9.4 Checking configurations ........................532 12.10 Memory monitoring ..........................533 12.10.1 Preparing for configurations ......................533 12.10.2 Configuring memory monitoring ....................
Page 26 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Figures Figures Figure 1-1 Accessing device through PC connected with RJ45 Console interface ..........11 Figure 1-2 Configuring communication parameters in Hyper Terminal .............. 12 Figure 1-3 Networking with device as Telnet server .................... 13 Figure 1-4 Networking with device as Telnet client .....................
Page 27 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Figures Figure 2-20 Loop detection networking ......................119 Figure 2-21 Loop detection networking ......................123 Figure 2-22 Interface protection networking ...................... 126 Figure 2-23 Principles of port mirroring ......................127 Figure 2-24 Port mirroring networking ......................130 Figure 2-25 L2CP networking ..........................
Page 28 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Figures Figure 5-3 Principles of NDP address resolution ....................217 Figure 5-4 Configuring static route ........................222 Figure 5-5 Roles of broadcast interface......................233 Figure 5-6 OSPF area and router type ........................ 235 Figure 6-1 DHCP typical networking ......................... 252 Figure 6-2 Structure of DHCP packet ........................
Page 29 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Figures Figure 8-4 Operating of IGMP and Layer 2 multicast features ................325 Figure 8-5 IGMP Snooping networking ......................330 Figure 8-6 Ring network multicast networking ....................333 Figure 8-7 IGMP Snooping networking ......................338 Figure 8-8 IGMP MVR networking ........................
Page 30 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Figures Figure 11-6 Link-state tracking networking ....................... 472 Figure 11-7 Dual-homed application based on LACP ..................475 Figure 11-8 mLACP networking ........................479 Figure 12-1 Principles of SNMP ........................484 Figure 12-2 SNMPv3 authentication mechanism ....................487 Figure 12-3 SNMPv1/SNMPv2c networking ....................
Page 31 Raisecom ISCOM2600G-HI (A) Series Configuration Guide Tables Tables Table 1-1 Shortcut keys for display features ......................8 Table 2-1 Interface mode and packet processing....................58 Table 6-1 Fields of a DHCP packet ........................252 Table 6-2 Planned data ............................261 Table 6-3 Common DHCP options ........................
Page 32: Basic Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Basic configurations This chapter describes basic configurations and configuration procedures of the ISCOM2600G-HI series switch, and provides related configuration examples, including the following sections:   Accessing device  File management ...
Page 33: Privileges
Raisecom#config Raisecom(config)#  The CLI prompts that Raisecom is a default host name. You can modify it by using the hostname name command in privileged EXEC mode.  Commands executed in global configuration mode can also be executed in other modes.
Page 34 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations  You can use the exit or quit command to return to the upper command mode.  You can execute the end command to return to privileged EXEC mode from any modes but user EXEC mode and privileged EXEC mode.
Page 35: Shortcut Keys
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Mode Enter method Description Raisecom(config- MAC ACL In global configuration mode, enter the acl-mac)# configuration access-list acl-number command. In this command, acl-number ranges from 3000 to 3999. Raisecom(config- User ACL In global configuration mode, enter the...
Page 36 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Shortcut key Description Up Arrow (↑) Show the previous command if there is any command entered earlier; the displayed command does not change if the current command is the earliest one in history records.
Page 37: Acquiring Help
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Shortcut key Description Ctrl+X Delete all characters before the cursor (except the cursor location). Ctrl+Y Show history commands. Ctrl+Z Return to privileged EXEC mode from the current mode (except user EXEC mode).
Page 38 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations peer Configure NTP peer refclock-master Set local clock as reference clock server Configure NTP server  After you enter a keyword, press Space bar and enter a question mark (?), the value range and descriptions are displayed if the question mark (?) matches a parameter.
Page 39: Display Information
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations link-state-tracking Fault tracking link-trace Link trace  After you enter a partial command name and press Tab, the full form of the keyword is displayed if there is a unique match command. Otherwise, press Tab continuously to display different keywords and then you can select the required one.
Page 40: Command History
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations commands can output more information, and then you need to add filtering rules to filter out unnecessary information. The show command on the ISCOM2600G-HI series switch supports three kinds of filter modes: ...
Page 41: Logging Commands
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations  enable | disable form: be provided behind a command or in the middle of a command. The enable parameter is used to enable some feature or function while the disable parameter is used to disable some feature or function.
Page 42: Accessing Through Console Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations 1.2.2 Accessing through Console interface Introduction The Console interface is an interface which is commonly used to connect the network device with a PC running terminal emulation programs. You can use this interface to configure and manage local devices.
Page 43: Accessing Through Telnet
To modify the IP address, log in to the ISCOM2600G-HI series switch and configure it. Both the default user name and password are raisecom. In Telnet connection status, if you enter the password incorrectly for three 3 times, the Telnet connection will be automatically disconnected.
Page 44: Figure 1-3 Networking With Device As Telnet Server
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations ISCOM2600G-HI series switch on the network. You do not need to connect a PC to each ISCOM2600G-HI series switch. Telnet services provided by the ISCOM2600G-HI series switch are as below: ...
Page 45: Accessing Through Ssh
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations  Telnet Client: when you connect to the ISCOM2600G-HI series switch through the PC terminal emulation program or Telnet client program on a PC, then telnet other ISCOM2600G-HI series switch and configure/manage them. As shown in Figure 1-4, Switch A not only acts as Telnet server but also provides Telnet client service.
Page 46 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Function Default value SSH authentication timeout 600s Allowable failure times for SSH authentication SSH snooping port ID SSH session status Disable SSH version Configure SSH services for the ISCOM2600G-HI series switch as below.
Page 47: Managing Users
Console interface to the ISCOM2600G-HI series switch, enter the initial user name and password in HyperTerminal to log in and configure the ISCOM2600G-HI series switch. By default, both the user name and password are raisecom. If there is no privilege restriction, any remote user can log in to the ISCOM2600G-HI series switch through Telnet or access network by establishing a PPP (Point to Point Protocol) connection when service interfaces are configured with IP address.
Page 48 { complex | simple } mode of privileged users. Raisecom#logout Exit the system.  Besides the default user raisecom, you can create up to 9 local user accounts.  The login password is 8–16 characters, mandatorily including digits, lower-case letters, and upper-case letters. ...
Page 49: Configuring Http Server
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations 1.2.6 Configuring HTTP Server Enable SSH Server for the ISCOM2600G-HI series switch as below. You can log in to the ISCOM2600G-HI series switch through the Web interface. Step Command Description Raisecom#config Enter global configuration mode.
Page 50: Figure 1-5 User Management Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Figure 1-5 User management networking Configuration steps Step 1 Configure the user login authentication mode. Raisecom#user login local-user Step 2 Create a local user user1. Raisecom#user name user1 password simple aaAA123@ Step 3 Configure the user privilege.
Page 51: File Management
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Priority:10 Server:Local Login Status :offline Service type:console telnet ssh web lan-access User State :active User command control config: -------------------------------------------------------- Type:allow First keyword :minrror Use the newly-created user name user1 and password aaAA123@ to log in to the ISCOM2600G-HI series switch, and check whether the user privilege is correctly configured.
Page 52: Managing System Files
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations All the following steps are optional and in any sequence. Step Command Description Raisecom#upload bootstrap { ftp ip- (Optional) download the address user-name password file-name BootROM file through FTP or | tftp ip-address file-name | sftp TFTP.
Page 53 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations The configuration file has a suffix ".cfg", and can be opened by the text book program in Windows system. The contents are in the following format:  Be saved in the mode+command format.
Page 54: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description ipv4- Raisecom#upload command-log { ftp { (Optional) upload address |ipv6-address user-name password the command line file-name | tftp { ipv4-address |ipv6- logging file and address file-name ipv4-address | sftp {...
Page 55: Loading And Upgrade
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom#erase Delete a specified system file. If the file-name parameter is file-name not configured, this configuration will delete the startup backup- configuration file. config ] After a file is deleted through this command, it cannot be restored.
Page 56 Raisecom#reboot When the system successfully loads the big BootROM, and it displays "Press space to enter big boot menu", press Space bar to enter the interface starting with [raisecom]. The command list is displayed as below: BOOT ************************************************** t: Update system from tftp.
Page 57: Upgrading System Software Through Cli
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Operation Type "t" to upgrade system software to the ISCOM2600G-HI series switch. [Raisecom]:t ipaddr: 192.168.5.100 serverip: 192.168.5.1 filename: uImage Current system partiton info: Partition number Name Size ---------------------------------------------------- iscom2600_image 16320072...
Page 58: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom#download system-boot Download the system boot file through ipv4-address | ipv6- { ftp { FTP, SFTP, or TFTP. This command address user-name password supports the IPv6 address. file-name...
Page 59: Automatically Updating Version And Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations these packets, the DHCP client resolves Option 150 for the IP address of the TFTP server and resolves Option 67 for the name of the configuration file or system file according to naming conversions, resolves Option 17 for the file path.
Page 60: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Command Description Raisecom#show buffer-config Show information about the configuration file in the buffer. 1.5.5 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Raisecom(config)#clear buffer_config Clear the configuration file in the buffer.
Page 61 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Network Time Protocol (NTP) is a standard Internet protocol for time synchronization, used to synchronize time between the distributed time servers and clients. NTP transmits data based on UDP, using UDP port 123 and guaranteeing high precision (error around 10ms).
Page 62: Figure 1-6 Basic Principles Of Ntp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Figure 1-6 Basic principles of NTP The ISCOM2600G-HI series switch adopts multiple NTP working modes for time synchronization:  Client/Server mode In this mode, the client sends clock synchronization messages to different servers. The servers work in server mode automatically after receiving the synchronization message and sending response messages.
Page 63: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations SNTP Simple Network Time Protocol (SNTP) is used to synchronize the system time of the ISCOM2600G-HI series switch to the GMT and transmit the GMT to local time according to the system settings of time zone. When the SNTP client and server are in different time zones, the SNTP client will be synchronized to the GMT and then translated into the local time according to system settings of time zone.
Page 64 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations China Coast Time (CCT) is the standard time code. Several countries define their local time by reference to GMT by advancing or adjusting backward several hours on the basis of GMT and their longitudes or time zones. To be convenient, establish a series of standard time codes, including: ...
Page 65: Configuring Time And Time Zone
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations 1.6.4 Configuring time and time zone Configure the time and time zone for the ISCOM2600G-HI series switch as below. Step Command Description hour minute Raisecom#clock set Configure system time. second year month day Raisecom#clock timezone { + | - Configure the local time zone.
Page 66 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom(config)#ntp server (Optional) configure the IP address of the ipv4-address ipv6- NTP server for the client working in address } [ version version- server/client mode. number key-id ] [ keyid...
Page 67: Configuring Sntp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations 1.6.7 Configuring SNTP Configuring unicast feature of SNTP client Configure unicast feature of SNTP client for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config Configure the IP address of the SNTP unicast server.
Page 68: Figure 1-7 Ntp Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Figure 1-7 NTP networking Configuration steps Step 1 Configure Switch A. Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#ntp refclock-master Step 2 Configure Switch B. Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#ntp server 172.16.0.1 SwitchB(config)#ntp peer 172.16.0.3 Checking results ...
Page 69 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations NTP peer :0.0.0.0 NTP version NTP mode :ntpMaster Leap Poll Stratum Precision :2**-16 Reference clock :127.127.1.0 Reference time :00000000.00000000(Thu 1970-01-01,08:00:00) Current time :5333d6de.33428f00(Thu 2014-03-27,15:45:44.070) Root delay :0.000000 Root dispersion :0.000000 ...
Page 70: Interface Management
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations  Check Switch C. Use the show ntp status command to view configurations of Switch C. Raisecom#show ntp status Clock status : synchronized NTP peer : 172.16.0.2 NTP version : NTP mode :...
Page 71: Default Configurations Of Interface Management
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Cable connection Generally, the Ethernet cable can be categorized as the Medium Dependent Interface (MDI) cable and Medium Dependent Interface crossover (MDI-X) cable. MDI provides physical and electrical connection from terminal to network relay device while MDI-X provides connection between devices of the same type (terminal to terminal).
Page 72: Configuring Interface Rate Statistics
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface- configuration mode. number Raisecom(config)#interface Enter physical layer interface interface-type interface- configuration mode. number Raisecom(config- Configure the duplex mode of the gigaethernet1/1/port)#duple interface.
Page 73: Configuring Flow Control On Interfaces
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom(config- Clear statistics about the interface gigaethernet1/1/port)#clear rate. interface statistics 1.7.5 Configuring flow control on interfaces IEEE 802.3x is a flow control method for full duplex on the Ethernet data layer. When the client sends a request to the server, it will send the PAUSE frame to the server if there is system or network jam.
Page 74: Configuring Snmp Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom(config)#co (Optional) enable the Console interface. nsole open Use this command in non-Console command lines only. If you use the console close command to disable the Console interface, this will cause the ISCOM2600G-HI series switch to be out of control.
Page 75: Checking Configurations
The device name is within 64 characters in length, and supports special characters, such as " ", "\", "'", "<", ">", and "&". By default, the device name is Raisecom. The system supports changing device name to make users distinguish different devices on the network. Once the device name changes, it can be seen in terminal prompt.
Page 76: Task Scheduling
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom#writ Save configurations. Save configurations to the ISCOM2600G-HI series switch after configurations, and the new configurations will overwrite the original configurations. If new configurations are not saved, they will be lost after restarting, and the ISCOM2600G-HI series switch will continue to working with the original configurations.
Page 77: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations Step Command Description Raisecom#config Enter global configuration mode. list Raisecom(config)#schedule-list Create a scheduling list, number mm-dd-yyyy start date-time { and configure it. hh:mm:ss [ every { day | week } stop...
Page 78: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations 1.10.2 Preparing for configurations Scenario By configuring Watchdog, you can prevent the system program from endless loop due to uncertain fault, thus improving system stability. Prerequisite 1.10.3 Default configurations of Watchdog Default configurations of Watchdog are as below.
Page 79: Configuring Banner
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations You can configure the Banner of the ISCOM2600G-HI series switch as required. In addition, the ISCOM2600G-HI series switch provides the Banner switch. After Banner display is enabled, the configured Banner information appears when you log in to or exit the ISCOM2600G-HI series switch.
Page 80: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 1 Basic configurations 1.11.4 Checking configurations Use the following commands to check configurations. Command Description Raisecom#show Show Banner status and contents of the configured Banner. banner login Raisecom Proprietary and Confidential Copyright © Raisecom Technology Co., Ltd.
Page 81: Ethernet
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Ethernet This chapter describes basic principles and configuration procedures for Ethernet, and provides related configuration examples, including the following sections:  MAC address table  VLAN  PVLAN  QinQ  VLAN mapping ...
Page 82: Figure 2-1 Forwarding Packets According To The Mac Address Table
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet The ISCOM2600G-HI series switch supports showing MAC address information by device, interface, or VLAN. Forwarding modes of MAC addresses When forwarding packets, based on the information about MAC addresses, the ISCOM2600G-HI series switch adopts the following modes: ...
Page 83: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet static address entry manually can reduce the network broadcast flow, improve the security of the interface, and prevent entries from being lost after the system is reset.  Dynamic MAC address entry: the ISCOM2600G-HI series switch can add dynamic MAC address entries through MAC address learning.
Page 84: Default Configurations Of Mac Address Table
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet  For the interface with fixed static MAC address, you can disable MAC address learning to avoid other hosts visiting LAN data from the interface. Configure the aging time of dynamic MAC addresses to avoid saving excessive MAC address entries in the MAC address table and running out of MAC address table resources, and to achieve aging of dynamic MAC addresses.
Page 85: Filtering Unknown Multicast Packets
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.1.6 Filtering unknown multicast packets Filter unknown multicast packets for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#mac-address (Optional) filter unknown multicast drop-unknown { reserved- multicast packets.
Page 86: Enabling Suppression Of Mac Address Flapping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#mac-address Configure the aging time of MAC period aging-time { 0 | addresses. 2.1.10 Enabling suppression of MAC address flapping Enable suppression of MAC address flapping for the ISCOM2600G-HI series switch as below.
Page 87: Example For Configuring Mac Address Table
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Command Description mac- Raisecom(config)#clear mac-address [ Clear MAC addresses. address ]{ all | dynamic | blackhole | static } Clear MAC addresses of Raisecom(config)#clear mac-address{ all | vlan-id interface- a specified interface.
Page 88: Vlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom(config)#interface gigaethernet 1/1/2 Raisecom(config-gigaethernet1/1/2)#switchport mode access Raisecom(config-gigaethernet1/1/2)#switchport access vlan 10 Raisecom(config-gigaethernet1/1/2)#exit Step 2 Configure a static unicast MAC address 0001.0203.0405 on GE 1/1/2, which belongs to VLAN 10. Raisecom(config)#mac-address static unicast 0001.0203.0405 vlan 10 gigaethernet 1/1/2 Step 3 Configure the aging time to 500s.
Page 89: Figure 2-3 Vlan Partitions
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-3 VLAN partitions VLAN technique can partition a physical LAN into different broadcast domains logically. Hosts without intercommunication requirements can be isolated by VLAN, so VLAN partitions improve network security, and reduce broadcast flow and broadcast storm.
Page 90 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Interface Processing ingress packets Processing egress packets type Untagged Tagged packets packets   If the VLAN ID of the If the VLAN ID of the Trunk Add the packet is included in the...
Page 91: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet or discards the packet if the VLAN ID is not in the list of VLANs of which packets are allowed to pass by the interface. 2.2.2 Preparing for configurations Scenario The main function of VLAN is to partition logic network segments. There are 2 typical application modes: ...
Page 92: Configuring Vlan Attributes
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.2.4 Configuring VLAN attributes Configure VLAN attributes for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#create Create a VLAN. vlan-list vlan active The command can also be used to create VLANs in batches.
Page 93: Configuring Vlan On Trunk Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config- (Optional) configure the VLAN gigaethernet1/1/port)#switchport allowed to pass by the Access access egress-allowed vlan { all | interface. vlan-list [ add | remove ]  The interface allows Access VLAN packets to pass regardless of configuration for VLAN allowed by the Access interface.
Page 94: Configuring Vlan Based On Mac Address
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet  The system will create and activate the VLAN if no VLAN is created and activated in advance when configuring the Native VLAN.  The system configures the interface Trunk Native VLAN as default VLAN if you have deleted or blocked Native VLAN manually.
Page 95: Configuring Vlan Based On Ip Subnet
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Enable VLAN partitions based gigaethernet1/1/port)#ip-subnet-vlan on IP subnet. enable Raisecom(config- (Optional) configure priorities of gigaethernet1/1/port)#vlan MAC-VLAN and IP subnet precedence { mac-vlan | ip-subnet- VLAN.
Page 96: Example For Configuring Vlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Command Description Raisecom#show mac-vlan aging- Show the aging time of MAC VLANs. time Raisecom#show switchport Show VLAN configurations on the interface-type interface-number interface. Raisecom#show protocol-vlan all Show configurations of all protocol VLANs.
Page 97 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom#name SwitchA SwitchA#config SwitchA(config)#create vlan 10,20 active Configure Switch B. Raisecom#name SwitchB SwitchB#config SwitchB(config)#create vlan 10,20 active Step 2 Add GE 1/1/2 and GE 1/1/3 in Access mode on Switch B to VLAN 10, add GE 1/1/4 as Access mode to VLAN 20, configure GE 1/1/1 to Trunk mode, and allow VLAN 10 to pass.
Page 98 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Checking results Use the show vlan command to show VLAN configurations. Take Switch B for example. SwitchB#show vlan Switch Mode: -- VLAN Name State Status Priority Member-Ports ------------------------------------------------------------------------ Default active static --...
Page 99: Pvlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.3 PVLAN 2.3.1 Introduction Private VLAN (PVLAN) provides Layer 2 isolation between interfaces in a VLAN, and it is effective to distribute VLAN resources. PVLAN type VLANs are divided into two types: primary VLAN and secondary VLAN. The primary VLAN and secondary VLAN form a PVLAN domain.
Page 100: Configuring Pvlan Type
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Function Default value PVLAN mode on the interface Access mode 2.3.4 Configuring PVLAN type Configure the PVLAN type for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode.
Page 101: Configuring Pvlan Mode On Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.3.6 Configuring PVLAN mode on interface The VLAN of the ISCOM2600G-HI series switch supports Access and Trunk interface modes, and the PVLAN supports promiscuous interface mode and host interface mode.  The promiscuous interface mode and host interface mode can be configured with association or mapping which already exists.
Page 102: Checking Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config- Configure the mapping of the primary gigaethernet1/1/1)#switchport VLAN and secondary VLANs on the private-vlan mapping primary- promiscuous interface. vlan-id [ add | remove ] Use the no switchport private-vlan...
Page 103: Figure 2-5 Networking With Pvlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet  Connect PC 3 and PC 4 to isolated interfaces GE 1/1/1 and GE 1/1/2 respectively, and they can communicate with the promiscuous interface GE 1/1/1 only. Figure 2-5 Networking with PVLAN Configuration steps Step 1 Configure the PVLAN type.
Page 104 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom(config-gigaethernet1/1/5)#exit Step 3 Configure the host interface mode and association of the primary VLAN with the secondary VLAN on the host interface. Configuration on GE 1/1/1 and GE 1/1/2, GE 1/1/3 and GE 1/1/4 are identical. Take GE 1/1/1 and GE 1/1/3 for example.
Page 105 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Operational Mode: promiscuous Access Mode VLAN: 1 Administrative Access Egress VLANs: Operational Access Egress VLANs: 1 Trunk Native Mode VLAN: 1 Administrative Trunk Allowed VLANs: 1-4094 Operational Trunk Allowed VLANs: N/A Administrative Trunk Untagged VLANs:...
Page 106: Qinq
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.4 QinQ 2.4.1 Introduction QinQ (also known as Stacked VLAN or Double VLAN) technique is an extension to 802.1Q defined in IEEE 802.1ad standard. Basic QinQ Basic QinQ is a simple Layer 2 VPN tunnel technique, which encapsulates outer VLAN Tag for user private network packets at carrier access end, then the packet with double VLAN Tag traverse backbone network (public network) of the carrier.
Page 107: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet different outer Tags for users in different classes. On the public network, you can configure QoS policy according to outer Tag and configure data transmission priority flexibly to make users in different classes receive corresponding services.
Page 108: Configuring Selective Qinq
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Enable basic QinQ on the interface. gigaethernet1/1/port)#dot1q-tunnel The device supports this configuration on the LAG interface or in ISF mode.
Page 109: Configuring Network-Side Interface To Trunk Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config- (Optional) configure gigaethernet1/1/port)#switchport vlan- bidirectional selective QinQ, mapping both priority-tagged [ cos cos- and add outer VLAN rules. value outer-vlan ] add-outer [ cos The device supports this...
Page 110: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Configure the TPID of the outer tpid gigaethernet1/1/port)#tpid VLAN Tag on the interface. 2.4.8 Checking configurations Use the following commands to check configuration results.
Page 111: Figure 2-7 Basic Qinq Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-7 Basic QinQ networking Configuration steps Configure Switch A and Switch B. Configurations of Switch A are the same with those of Switch B. Take Switch A for example. Step 1 Create VLAN 100 and VLAN 1000, and activate them. TPID is 9100.
Page 112: Example For Configuring Selective Qinq
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Checking results Use the show dot1q-tunnel command to show QinQ configurations. Raisecom#show dot1q-tunnel Interface QinQ Status Outer TPID on port Cos override Vlan- map-miss -------------------------------------------------------- gigaethernet1/1/1 0x9100 disable gigaethernet1/1/2 Dot1q-tunnel 0x8100 disable 2.4.10 Example for configuring selective QinQ...
Page 113 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom#name SwitchA SwitchA#config SwitchA(config)#create vlan 100,101,102,200,201,202,1000,2000 active SwitchA(config)#interface gigaethernet 1/1/1 SwitchA(config-gigaethernet1/1/1)#switchport mode trunk SwitchA(config-gigaethernet1/1/1)#switchport trunk allowed vlan 1000,2000 SwitchA(config-gigaethernet1/1/1)#tpid 9100 SwitchA(config-gigaethernet1/1/1)#exit Step 2 Enable selective QinQ on GE 1/1/2. SwitchA(config)#interface gigaethernet 1/1/2...
Page 114: Vlan Mapping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet --------------------------- 2.5 VLAN mapping 2.5.1 Introduction VLAN mapping is used to replace the private VLAN Tag of Ethernet packets with carrier's VLAN Tag, making packets transmitted according to carrier's VLAN forwarding rules. When packets are sent to the peer private network from the ISP network, the VLAN Tag is restored to the original private VLAN Tag according to the same VLAN forwarding rules.
Page 115: Default Configurations Of Vlan Mapping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Prerequisite  Connect the interface.  Configure its physical parameters to make it Up.  Create VLANs. 2.5.3 Default configurations of VLAN mapping Default configurations of VLAN mapping are as below. Function...
Page 116: Example For Configuring Vlan Mapping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Command Description Raisecom#show vlan-mapping both interface Show configurations of interface-type interface-number VLAN mapping. Raisecom#show vlan-mapping interface Show configurations of interface-type interface-number both N:1 VLAN mapping on translate the interface. 2.5.6 Example for configuring VLAN mapping...
Page 117 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step 1 Create VLANs 100, 200, 1000, and 2008, and activate them. Raisecom#name SwitchA SwitchA#config SwitchA(config)#create vlan 100,200,1000,2008 active Step 2 Configure GE 1/1/1 to Trunk mode, allowing packets of VLAN 1000 and VLAN 2008 to pass.
Page 118: Stp/Rstp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Default cvlan: -- --------------------------- Original Outer VLANs: 100 Original Outer COS: Original Inner VLANs: -- Original Inner COS: Vlan mapping Mode: S-TRANS New Outer-VID: 1000 New Outer-COS: New Inner-VID: New Inner-COS: ---------------------------...
Page 119: Figure 2-11 Network Storm Due To Loopback
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-11 Network storm due to loopback Spanning Tree Protocol (STP) is compliant to IEEE 802.1d standard and used to remove data physical loop in data link layer in the LAN. The ISCOM2600G-HI series switch running STP can process Bridge Protocol Data Unit (BPDU) with each other for the election of root switch and selection of root port and designated port.
Page 120: Figure 2-12 Loop Networking With Stp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-12 Loop networking with STP Although STP can eliminate loop network and prevent broadcast storm well, its shortcomings are still gradually exposed with thorough application and development of network technology. The major disadvantage of STP is the slow convergence speed.
Page 121: Preparation For Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-13 Failure in forwarding VLAN packets due to RSTP 2.6.2 Preparation for configuration Networking situation In a big LAN, multiple devices are concatenated for accessing each other among hosts. They need to be enabled with STP to avoid loop among them, MAC address learning fault, and broadcast storm and network down caused by quick copy and transmission of data frame.
Page 122: Enabling Stp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Function Default value Forward Delay timer 2.6.4 Enabling STP Enable STP for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#spanning-tree Enable global STP. enable Raisecom(config)#spanning-tree mode Configure spanning tree mode.
Page 123: Configuring Edge Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#spanning-tree (Optional) configure the maximum value transit-limit transmission rate of the interface Raisecom(config)#spanning-tree (Optional) configure forward value forward-delay delay. Raisecom(config)#spanning-tree (Optional) configure the maximum value max-age age. 2.6.6 Configuring edge interface The edge interface indicates that the interface neither directly connects to any devices nor indirectly connects to any device through the network.
Page 124: Configuring Bpdu Filtering
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Configure the link type for gigaethernet1/1/port)#spanning-tree interface. link-type { auto | point-to-point | shared } 2.6.8 Configuring BPDU filtering...
Page 125: Configuring Mrstp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Manually restore interfaces that gigaethernet1/1/port)#no spanning- are shut down by BPDU Guard. tree bpduguard shutdown port When the edge interface is enabled with BPDU filtering and the device is enabled with BPDU Guard, BPDU Guard takes effect first.
Page 126: Example For Configuring Stp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.6.12 Example for configuring STP Networking requirements As shown in Figure 2-14, Switch A, Switch B, and Switch C form a ring network, so the loop must be eliminated in the situation of a physical link forming a ring. Enable STP on them, configure the priority of Switch A to 0, and path cost from Switch B to Switch A to 10.
Page 127 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step 2 Configure interface modes on three switches. Configure Switch A. SwitchA(config)#interface gigaethernet 1/1/1 SwitchA(config-gigaethernet1/1/1)#switchport mode trunk SwitchA(config-gigaethernet1/1/1)#exit SwitchA(config)#interface gigaethernet 1/1/2 SwitchA(config-gigaethernet1/1/2)#switchport mode trunk SwitchA(config-gigaethernet1/1/2)#exit Configure Switch B. SwitchB(config)#interface gigaethernet 1/1/1 SwitchB(config-gigaethernet1/1/1)#switchport mode trunk...
Page 128: Mstp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Checking results Use the show spanning-tree command to show bridge status. Take Switch A for example. SwitchA#show spanning-tree Spanning-tree admin state: enable Spanning-tree protocol mode: STP BridgeId: Mac 000E.5E7B.C557 Priority 0 Root: Mac 000E.5E7B.C557 Priority 0...
Page 129: Figure 2-15 Basic Concepts Of The Msti Network
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet MSTP protocol introduces Common Spanning Tree (CST) and Internal Spanning Tree (IST) concepts. CST refers to taking MST region as a whole to calculate and generating a spanning tree. IST refers to generating spanning tree in internal MST region.
Page 130: Figure 2-16 Msti Concepts
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-16 MSTI concepts Each VLAN can map to one MSTI; in other words, data of one VLAN can only be transmitted in one MSTI but one MSTI may correspond to several VLANs.
Page 131: Preparation For Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-17 Networking with multiple spanning trees instances in MST region Apply MSTP to the network as shown in Figure 2-17. After calculation, there are two spanning trees generated at last (two MST instances): ...
Page 132: Enabling Mstp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Function Default value Global MSTP status Disable Interface MSTP status Enable Maximum number of hops in the MST region MSTP priority of the device 32768 MSTP priority of the interface Path cost of the interface...
Page 133: Configuring Root/Backup Bridge
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet the configuration message whose number of hops is 0. The device exceeding the maximum number of hops cannot join spanning tree calculation, so the MST region scale is restricted. Configure MSTP region and its maximum number of hops for the ISCOM2600G-HI series switch as below.
Page 134: Configuring Interface Priority And System Priority
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#spanning-tree Configure the ISCOM2600G-HI instance-id [ instance ] root series switch as the root bridge or { primary | secondary } backup bridge of a STP instance.
Page 135: Configuring Network Diameter For Switch Network
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config- Configure the interface priority gigaethernet1/1/port)#spanning-tree for a STP instance. [ instance instance-id ] priority priority-value Raisecom(config- gigaethernet1/1/port)#exit Raisecom(config)#spanning-tree Configure the system priority for [ instance instance-id ] priority a STP instance.
Page 136: Configuring External Path Cost Of Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet  10 Mbit/s: 2000000  100 Mbit/s: 200000  1000 Mbit/s: 20000  10 Gbit/s: 2000 Configure the internal path cost for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode.
Page 137: Configuring Mstp Timer
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#spanning-tree Configure the maximum value transit-limit transmission rate on the interface. 2.7.12 Configuring MSTP timer  Hello Time: the ISCOM2600G-HI series switch sends the interval of bridge configurations (BPDU) regularly to check whether there is failure in detection link of the ISCOM2600G-HI series switch.
Page 138: Configuring Bpdu Filtering
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet The edge interface can change the interface status to forward quickly without any waiting time. You had better configure the Ethernet interface connected to user client as edge interface to make it quick to change to forward status.
Page 139: Configuring Stp/Rstp/Mstp Mode Switching
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet BPDU Guard provided by MSTP can prevent this type of attacks. After BPDU Guard is enabled, edge interfaces can avoid attacks from forged BPDU packets. After BPDU Guard is enabled, the switch will shut down the edge interfaces if they receive BPDUs and notify the NView NNM system of the case.
Page 140: Configuring Link Type
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#spanning-tree mode Configure the spanning tree { stp | rstp | mstp } mode. Raisecom(config- (Optional) forcibly configure the gigaethernet1/1/port)#spanning-tree interface to MSTP mode. mcheck 2.7.17 Configuring link type Two interfaces connected by a point-to-point link can quickly transit to forward status by transmitting synchronization packets.
Page 141: Configuring Interface Loopguard
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Enable/Disable root interface gigaethernet1/1/port)#spanning-tree protection. rootguard enable 2.7.19 Configuring interface loopguard The spanning tree has two functions: loopguard and link backup. Loopguard requires carving up the network topology into tree structure.
Page 142: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Configure TC packet gigaethernet1/1/port)#spanning-tree suppression. tc-rejection { enable | disable } 2.7.21 Checking configurations Use the following commands to check configuration results.
Page 143: Figure 2-18 Mstp Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-18 MSTP networking Configuration steps Step 1 Create VLAN 3 and VLAN 4 on Switch A, Switch B, and switch C respectively, and activate them. Configure Switch A. Raisecom#name SwitchA SwitchA#config SwitchA(config)#create vlan 3,4 active Configure Switch B.
Page 144 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet to pass in Trunk mode. Configure GE 1/1/3 and GE 1/3/4 on Switch B and Switch C to allow packets of VLAN 3 and VLAN 4 to pass in Access mode. Configure Switch A.
Page 145 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet SwitchA(config)#spanning-tree mode mstp SwitchA(config)#spanning-tree enable SwitchA(config)#spanning-tree region-configuration SwitchA(config-region)#name aaa SwitchA(config-region)#revision-level 0 SwitchA(config-region)#instance 3 vlan 3 SwitchA(config-region)#instance 4 vlan 4 Configure Switch B. SwitchB(config)#spanning-tree mode mstp SwitchB(config)#spanning-tree enable SwitchB(config)#spanning-tree region-configuration SwitchB(config-region)#name aaa SwitchB(config-region)#revision-level 0...
Page 146 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet ----------------------------------------------- Name: aaa Revision level: 0 Instances running: 3 Digest: 0X024E1CF7E14D5DBBD9F8E059D2C683AA Instance Vlans Mapped -------- ------------------------------ 1-2,5-4094 Use the show spanning-tree instance 3 command to show basic information about spanning tree instance 3.
Page 147: Mrstp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.8 MRSTP 2.8.1 Introduction RSTP aims to trims a bridged LAN to a logical single spanning tree. A tree network must have a root, so the concept of the root bridge is introduced. There is only one root bridge on the entire network while other devices are called leaf nodes.
Page 148: Default Configurations Of Mrstp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.8.3 Default configurations of MRSTP Default configurations of MRSTP are as below. Function Default value MRSTP process Interface MRSTP status Enable Device MRSTP priority 32768 Interface MRSTP priority Path cost of the interface...
Page 149: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#spanning-tree (Optional) configure the device as root {primary| secondary} the root device or secondary root device. Raisecom(config)#interface (Optional) configure the priority of interface-type interface-number the interface. Raisecom(config- gigaethernet1/1/port)#spanning- priority-value...
Page 150: Figure 2-20 Loop Detection Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet packet from other devices, which can be told by comparing the MAC address of the device and the MAC address carried in the packet. Loop types Common loop types include self-loop and inner loop.
Page 151: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet  Block: block the interface and send Trap.  Trap-only: send Trap only.  Shutdown: shut down the interface and send Trap. Loop detection modes The loop detection modes consist of port mode and VLAN mode: ...
Page 152: Configuring Loop Detection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Function Default value Loop detection status Disable Automatic recovery time for the blocked Infinite, namely, no automatic recovery interface Mode for processing detected loops trap-only Loop detection period Loop detection mode VLAN 2.9.4 Configuring loop detection...
Page 153: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.9.5 Checking configurations Use the following commands to check configuration results. Command Description Raisecom#show loopback-detection Show configurations and interface-type interface- [ statistics ] [ status of loop detection. number ] [ details ] 2.9.6 Maintenance...
Page 154: Figure 2-21 Loop Detection Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-21 Loop detection networking Configuration steps Step 1 Create VLAN 3, and add interfaces to VLAN 3. Raisecom#config Raisecom(config)#create vlan 3 active Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#switchport access vlan 3 Raisecom(config-gigaethernet1/1/1)#exit Raisecom(config)#interface gigaethernet 1/1/2...
Page 155: Interface Protection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Checking results Use the show loopback-detection command to show loop detection status. GE 1/1/2 is already blocked because of its greater interface ID, so the loop is eliminated. Raisecom#show loopback-detection Interface pktVlan detect-vlanlist...
Page 156: Configuring Interface Protection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.10.4 Configuring interface protection Interface protection is unrelated with the VLAN to which the interface belongs. Configure interface protection for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode.
Page 157: Example For Configuring Interface Protection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.10.7 Example for configuring interface protection Networking requirements As shown in Figure 2-22, to prevent PC 1 and PC 2 from interconnecting with each other and to enable them to interconnect with PC 3 respectively, enable interface protection on GE 1/1/1 and GE 1/1/2 on Switch A.
Page 158: Port Mirroring
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom#show switchport protect Port Protected State -------------------------- gigaethernet1/1/1 enable gigaethernet1/1/2 enable gigaethernet1/1/3 disable gigaethernet1/1/4 disable gigaethernet1/1/5 disable gigaethernet1/1/6 disable …… Check whether PC 1 and PC 2 can ping PC 3 successfully.
Page 159: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet When monitoring packets from the PC 1, you needs to assign GE 1/1/1 to connect to PC 1 as the mirror source port, enable port mirroring on the ingress port and assign GE 1/2/1 as monitor port to mirror packets to destination port.
Page 160: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Configure Description group- Raisecom(config)#mirror-group Configure the reflector interface interface-type reflector-port for the mirroring group. interface-number Raisecom(config)#interface Enter physical interface interface-type interface-number configuration mode. Raisecom(config- Configure the monitor port for gigaethernet1/1/port)#mirror-group mirroring.
Page 161: Figure 2-24 Port Mirroring Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-24 Port mirroring networking Configuration steps Enable port mirroring on the Switch. Raisecom#config Raisecom(config)#mirror-group 1 Raisecom(config)#interface gigaethernet 1/1/3 Raisecom(config-gigaethernet1/1/3)#mirror-group 1 monitor-port Raisecom(config-gigaethernet1/1/3)#exit Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#mirror-group 1 source-port ingress Checking results Use the show mirror command to show configurations of port mirroring.
Page 162: L2Cp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.12 L2CP 2.12.1 Introduction Metro Ethernet Forum (MEF) introduces service concepts, such as EPL, EVPL, EP-LAN, and EVP-LAN. Different service types have different processing modes for Layer 2 Control Protocol (L2CP) packets.
Page 163: Configuring L2Cp Profile
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config)#l2cp-process (Optional) configure the destination tunnel destination-address MAC address for transparently mac-address transmitted packets. 2.12.5 Configuring L2CP profile Configure the L2CP profile for the ISCOM2600G-HI series switch as below.
Page 164: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Applying a profile to an interface takes effect unless global L2CP is enabled. You can configure it but it will not take effect if global L2CP is disabled. 2.12.7 Checking configurations Use the following commands check configuration results.
Page 165: Figure 2-25 L2Cp Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-25 L2CP networking Configuration steps Configure Switch A and Switch B. Configurations of Switch A and Switch B are identical. Take Switch A for example. Step 1 Configure the switch name.
Page 166 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom(config-l2cp-proflie)#l2cp-process protocol elmi action peer Raisecom(config-l2cp-proflie)#exit Raisecom(config)#interface gigaethernet 1/1/2 Raisecom(config-gigaethernet1/1/2)#l2cp-process profile 2 Raisecom(config-gigaethernet1/1/2)#exit Checking results Use the show l2cp-profile command to show L2CP configurations. Raisecom#show l2cp-process profile Destination MAC Address for Encapsulated Packets: 0100.1234.1234...
Page 167: Voice Vlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Port ProfileID BpduType mac-address l2cp-process ------------------------------------------------------------------------- ----- GE1/1/1 0180.C200.0000 tunnel dot1x 0180.C200.0003 drop lacp 0180.C200.0002 drop 0180.C200.0002 drop 0100.0CCC.CCCC drop 0100.0CCC.CCCC drop pvst 0100.0CCC.CCCD drop lldp 0180.C200.000E drop elmi 0180.C200.0007 drop udld 0100.0CCC.CCCC...
Page 168: Figure 2-26 Networking For Ip Phone To Connect To Switch
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet  Flexible implementation: The voice VLAN supports safe mode and common mode in global configuration mode and automatic mode and manual mode on the interface, so it is flexible in implementation. You can combine these modes as required to meet users' requirements to the maximum extent.
Page 169: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Figure 2-27 Networking for IP phone to connect PC to the switch 2.13.2 Preparing for configurations Scenario The voice VLAN can transmit voice traffic. You can choose one of the following networking schemes according to whether voice packets are tagged or not: ...
Page 170: Configuring Qos Of Voice Vlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Function Default value Voice VLAN Disable Voice VLAN secure working mode Disable Voice VLAN common working mode Enable Automatic mode for the interface to join the voice VLAN Disable Manual mode for the interface to join the voice VLAN...
Page 171: Configuring Oui Address
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step Command Description Raisecom(config- Enable the voice VLAN. gigaethernet1/1/port)#vioce- After the voice VLAN is enabled, vlan vlan-id enable [ include- the device in include-untag mode untagged ] will add a voice VLAN Tag to...
Page 172: Example For Adding Interface To Voice Vlan And Configuring It To Work In Manual Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.13.8 Example for adding interface to voice VLAN and configuring it to work in manual mode Networking requirements GE 1/1/1 on the Switch connects the IP phone and PC to the Internet. It is required to concurrently forward and isolate voice traffic and data traffic.
Page 173: Example For Configuring Ip Phone To Access Voice Vlan Packets Through Lldp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Raisecom(config)#voice-vlan mac-address 0001.ED00.0000 FFFF.FF00.0000 Step 3 (Optional) by default, the interface modifies the CoS and DSCP of voice packets to 6 and 46 respectively. To modify them to other values, you should use the following command in the interface view before the voice VLAN is enabled on the interface.
Page 174: Figure 2-29 Configuring Ip Phone To Access Voice Vlan Packets Through Lldp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet GE 1/1/1 on the Switch connects the IP phone and PC to the Internet. It is required to concurrently forward and isolate voice traffic and data traffic. You can configure GE 1/1/1 as a Trunk interface, making the Native VLAN forward data traffic and voice VLAN forward voice traffic.
Page 175: Garp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Step 4 (Optional) by default, the interface modifies the CoS and DSCP of voice packets to 6 and 46 respectively. To modify them to other values, you should use the following command in the interface view before the voice VLAN is enabled on the interface.
Page 176 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet distinguishes them by the destination MAC address and transmits them to different GARP applications (such as GAVP) for processing. GARP messages GARP members exchange data by transmitting messages, including the following three types of messages: ...
Page 177: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet GVRP-supportive switches can send local VLAN registration information to other switches so that they have consistent VLAN registration information in the same VLAN. VLAN registration information sent by GVRP includes manually configured local static registration information and dynamic registration information from other switches.
Page 178: Default Configurations Of Garp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.14.3 Default configurations of GARP Default configurations of GARP are as below. Function Default value GARP Join timer 20 (in units of 10ms) GARP Leave timer 600 (in units of 10ms) GARP LeaveAll timer...
Page 179: Configuring Gvrp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.14.5 Configuring GVRP Configure GVRP for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#gvrp enable Enable global GVRP. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode.
Page 180: Example For Configuring Gvrp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet 2.14.7 Example for configuring GVRP Networking requirements As shown in Figure 2-31, to dynamically register, deregister, and update VLAN information between switches, configure GVRP on these switches. Detailed requirements are as below: ...
Page 181 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet SwitchB(config)#gvrp enable Configure Switch C. Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#create vlan 5-10 active SwitchC(config)#gvrp enable Configure Switch D. Raisecom#hostname SwitchD SwitchD#config SwitchD(config)#create vlan 15-20 active SwitchD(config)#gvrp enable Configure Switch E. Raisecom#hostname SwitchE SwitchE#config...
Page 182 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 2 Ethernet Checking results Use the show gvrp command to show GVRP configurations on the interface. Take Switch A for example. SwitchA#show gvrp gigaethernet 1/1/1 Port PortStatus RegMode LastPduOrigin FailedTimes PortRunStatus ------------------------------------------------------------------------- GE1/1/1 Enable Normal 0000.0000.0000...
Page 183: Isf
Configuration examples 3.1 Introduction ISF, a typical stack protocol, is a virtualization technology developed by Raisecom. It connects multiple devices and virtualizes them into one device after necessary configurations. In this case, it combines hardware and software processing capabilities of multiple devices, and implements coordinated working, uniform management, and uninterrupted maintenance of multiple devices.
Page 184: Isf Application
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 3.1.2 ISF application As shown in Figure 3-1, the master switch and backup switch form an ISF, so they appear as only one device, the ISF, for the upstream or downstream devices.
Page 185: Figure 3-2 Isf Visualization
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-2 ISF visualization Basic concepts of ISF are as below. Operating modes An ISF device supports two operating modes:  Standalone mode: it runs independently, unable to form an ISF with other devices.
Page 186: Figure 3-3 Isf Merge
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF When a switch runs in standalone mode, its default member ID is 1. When it joins the ISF but its member ID conflicts with that of an existing ISF member, it will fail to join the ISF. In this case, you should plan and configure member IDs uniformly to ensure uniqueness of ISF member IDs.
Page 187: Principles Of Isf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-4 ISF split ISF domain An ISF domain is a logical concept. To satisfy various networking applications, you can deploy multiple ISFs, distinguished by domain IDs and independent of each other, in a network.
Page 188: Figure 3-5 Chain Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-5 Chain networking Figure 3-6 Ring networking Chain networking: it has a lower physical location than the ring networking, so it is used when members are scattered. Raisecom Proprietary and Confidential...
Page 189: Figure 3-7 Isf Relay Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Ring networking: it is more reliable than the chain network because a fault in chain networking disconnects the ISF while a fault in ring networking produces chain networking from the ring networking without affecting ISF services.
Page 190: Isf Merge And Split
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Role election The process for determining a member device as the master or backup device is called role election, which occurs when the topology changes as below:  ISF is established. ...
Page 191: Isf Management And Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF device. The one that fails will be restarted (by default, automatic device restart upon ISF merge or ISF split is enabled) and then join the ISF as a backup device or slave device (due to lower priority or shorter running time).
Page 192: Mad
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF member devices receiving the message, according to the local ISF topology information table, will determine whether member device A is the master or slave device.  If member device A is the master device, its leave triggers role election and then its neighbor devices will update local ISF topology.
Page 193: Planning Number Of Isf Members
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-8 Flow for establishing the ISF environment 3.3.2 Planning number of ISF members After multiple member devices form an ISF, the sum of their switching capacity is the switching capacity of the ISF. Determine the number and model of ISF members according to access and uplink requirements for the network.
Page 194: Planning Roles And Ids Of Isf Members
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 3.3.3 Planning roles and IDs of ISF members Determining master device You can configure a device with a higher priority as required. In this way, it can be elected as the master among multiple devices when these devices form an ISF for the first time.
Page 195: Configuring Isf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 3.4 Configuring ISF There are two modes for configuring the ISF: preconfiguration mode and non- preconfiguration mode. In preconfiguration mode, an ISF member is restarted for only one time, so this mode is recommended.
Page 196: Non-Preconfiguration Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Task Description Configuring the member priority Optional Configuring the ISF mode Required Configuring the Configuring the reservation time for the bridge MAC Optional ISF in ISF mode address of the ISF Enabling restart upon ISF merge...
Page 197: Configuring Isf Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 3.5.1 Configuring ISF interface The ISF interface is a logical concept. After you create an ISF interface and bind it with a physical interface, the physical interface is an ISF physical interface which can be connected to another device through an ISF connection.
Page 198: Configuring Isf Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 3.5.3 Configuring ISF mode Configure the ISF mode for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#isf-mode isf Configure the ISF mode. Set successfully. The device will...
Page 199: Configuring Isf Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-9 Multi-ISF-domain networking Configure the ISF domain ID for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#isf unit Configure the domain ID. number domain-number domain 3.6.3 Configuring ISF interface...
Page 200: Configuring Member Id
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Step Command Description Raisecom(config)#interface isf- Enter ISF interface configuration interface-number port mode, and create an ISF interface. Raisecom(config-isf-port1/1/1)#isf Bind a physical interface with the interface-number port-group ISF interface. When a physical interface is bound with an ISF interface, services configured on the physical interface will be invalid.
Page 201: Configuring Member Priority
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF The new member ID takes effect after device restart. The ISF uses the member ID to uniquely identify member devices. Configurations of the ISF interface and member priority are related to the member ID, so modification of the member ID may cause configurations to change or loss.
Page 202: Configuring Mac Address Synchronization
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#isf Configure the ISF bridge MAC address to be mac-address permanent when the master device leaves the ISF. persistent always Raisecom(config)#isf Configure the reservation time for the ISF bridge...
Page 203: Configuring Mad
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF  If automatic device restart upon ISF merge is enabled, the system will automatically restart devices during ISF merge. Enable automatic device restart upon ISF merge for the ISCOM2600G-HI series switch as below.
Page 204: Figure 3-10 Bfd Mad Networking (Without Intermediate Device)
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF If there are only two member devices in an ISF, you can use an intermediate device or not to configure BFD MAD. As shown in Figure 3-10, there must be one BFD MAD link between any two member devices.
Page 205: Figure 3-11 Bfd Mad Networking (With Intermediate Device)
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-11 BFD MAD networking (with intermediate device) Configuring BFD MAD Configure BFD MAD as below: Step 1 Create a VLAN specially for BFD MAD (if an intermediate device is used for networking, you should also configure it with this step).
Page 206 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Step Command Description Raisecom#2(config)#interface Enter VLAN interface configuration vlan-id vlan mode. Raisecom#2(config-vlan2)#mad Enable MAD BFD. bfd enable Raisecom#2(config-vlan2)#mad Configure the MAD IP address of the ip-address ip address specified ISF among all ISFs.
Page 207: Figure 3-12 Clearing Mad Fault (Clearing Isf Link Fault)
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF To make a VLAN interface in a Recovery ISF continue to receive and send packets (such as using the VLAN interface for remote login), configure the VLAN interface and its corresponding Layer 2 Ethernet interface as reserved interfaces.
Page 208: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-13 Clearing MAD fault (ISF link fault and Active ISF fault) Restore service interfaces shut down due to MAD to normal status for the ISCOM2600G-HI series switch as below. Step Command...
Page 209: Configuration Examples
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 3.8 Configuration examples By default, the Ethernet interface, VLAN interface, and aggregation interface are in Down status. To configure these interfaces, use the undo shutdown command to make them Up. Take the ISCOM2624G-HI for example.
Page 210: Figure 3-14 Isf Networking (Bfd Mad Mode)
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Networking topology Figure 3-14 ISF networking (BFD MAD mode) Configuration steps Step 1 Configure switches in standalone mode. Configure Switch A. Configure the member ID to 1 and member priority to 12. Create ISF interface 2. Binding it with the physical interface Tengigabitethernet 1/1/25.
Page 211 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Configure Switch A to ISF mode. Raisecom#config Raisecom(config)#isf mode isf next unit is: 9, please input 'yes':yes This configuration will go into effect after reboot, Please input 'yes' to reboot:yes Will you change start-config ? please input 'yes' to change:yes...
Page 212: Example For Configuring Isf In Non-Preconfiguration Mode With Bfd Mad
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF 1970-01-01,08:10:05 System-4-SYSTEM_REBOOT:unit1: Change work Mode reboot ! Operation successfully Raisecom(config)# BOOTROM starting .. Step 2 Configure switches in ISF mode. Configure BFD MAD.  Configure Switch A. Create VLAN 3. Configure the MAD IP address. Enable BFD MAD on Switch A (with the member ID as 1).
Page 213: Figure 3-15 Isf Networking With Member Device Changing From Isf Mode To Standalone Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Configuration thought Disconnect the ISF link by manually removing the ISF cable or using CLI to shut down all ISF physical interfaces on the master device. This example takes CLI for example.
Page 214 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Raisecom#1(config)#interface tengigabitethernet 1/1/25 Raisecom#1(config-tengigabitethernet1/1/25)#exit Raisecom#1(config)#interface isf-port 1/1/1 Raisecom#1(config-isf-port1/1/1)#isf port-group tengigabitethernet 1/1/25 Raisecom#1(config-isf-port1/1/1)#exit Raisecom#1(config)#isf unit 1 priority 64 Raisecom#1(config)#exit Save running configurations to the startup configuration file. Raisecom#1#write Step 2 Configure Device B.
Page 215: Example For Switching Member Device From Isf Mode To Standalone Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Create VLAN 3. Configure the MAD IP address. Enable BFD MAD on Switch A (with the member ID as 1). Raisecom#1#config Raisecom#1(config)#create vlan 3 active Raisecom#1(config)#interface vlan 3 Raisecom#1(config-vlan3)#mad ip address 192.168.2.1 unit 1...
Page 216: Figure 3-16 Isf Networking (Bfd Mad Mode)
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Networking topology Figure 3-16 ISF networking (BFD MAD mode) Configuration steps Step 1 Determine the master device. Configure Switch A as below: Raisecom#1#show isf MODE:ISF mode ISF MAC:00:01:22:44:76:78 ---------------------------------------------- Isf-port1/1/1 Tengigabitethernet1/1/25 Number...
Page 217: Example For Configuring Four Devices To Form Isf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Step 3 Configure Switch A to standalone mode. Configure Switch A as below: Raisecom#1#config Raisecom#1#(config)#isf-mode single This config reboot go into effect, Please input 'yes' to reboot:yes Will you change start-config ? please input 'yes' to change:yes...
Page 218: Figure 3-17 Networking Topology Before Configuring Isf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Networking topology Figure 3-17 Networking topology before configuring ISF Raisecom Proprietary and Confidential Copyright © Raisecom Technology Co., Ltd.
Page 219: Figure 3-18 Networking Topology After Adding Switch A To Isf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Figure 3-18 Networking topology after adding Switch A to ISF Configuration thought  Configure the member ID, member priority, and ISF interface of these four member devices.  Configure ISF on them. Connect them according to the previous networking topology.
Page 220 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Raisecom(config-isf-port1/1/1)#exit Raisecom(config)#interface isf-port 1/1/2 Raisecom(config-isf-port1/1/2)#isf port-group tengigabitethernet 1/1/27 Raisecom(config-isf-port1/1/2)#exit Save running configurations to the startup configuration file. Raisecom#write Configure Switch A to ISF mode. Raisecom#config Raisecom(config)#isf mode isf next unit is: 1, are you sure ? please input 'yes':yes...
Page 221 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Configure Switch B to ISF mode. Raisecom#config Raisecom(config)#isf mode isf next unit is: 9, please input 'yes':yes This configuration will go into effect after reboot, Please input 'yes' to reboot:yes Will you change start-config ? please input 'yes' to change:yes...
Page 222 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 3 ISF Operation successfully BOOTROM starting .. After Switch C is restarted, it joins the ISF with Switch A and Switch B. Step 4 Configure Switch D. Configure the member ID of Switch D to 4 and member priority to 2.
Page 223: Ring Network Protection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Ring network protection This chapter describes basic principles and configuration procedures for ring network protection, including the following section:  G.8032  ELPS (G.8031) 4.1 G.8032 4.1.1 Introduction G.8032 Ethernet Ring Protection Switching (ERPS) is an APS protocol based on the ITU-T G.8032 recommendation.
Page 224: Default Configurations Of G.8032
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection G.8032 provides a mode for detecting faults based on physical interface status. The ISCOM2600G-HI series switch learns link fault quickly and switches services immediately, so this mode is suitable for detecting the fault between neighboring devices.
Page 225 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)#ethernet Create a protection ring and configure the ring-id ring-protection east node as the RPL Owner. interface-type interface- number port- | port-channel channel-number } west interface-type interface-...
Page 226: Configuring Erps Fault Detection Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)#ethernet (Optional) after the ring Guard timer is ring-id ring-protection configured, the failed node does not guard-time guard-time process APS packets during a period. In a bigger ring network, if the failed node...
Page 227: Optional) Creating G.8032 Tributary Ring
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)# ethernet ring- Configure the ERPS fault ring-id protection { east | west } detection mode to physical link failure-detect physical-link-or-cc or CC. In other words, the fault...
Page 228 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)#ethernet Create the tributary ring on the intersecting ring-id ring-protection node and configure the intersecting node as the { east | west } RPL Neighbour. interface-type interface-number...
Page 229: Optional) Configuring G.8032 Switching Control
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)#ethernet Enable the ring Propagate switch on the ring-id ring-protection intersecting node. propagate enable Because data of the tributary ring needs to be transmitted through the main ring, there is a MAC address table of the tributary ring on the main ring.
Page 230: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Command Description Raisecom#show ethernet ring- Show G.8032 ring statistics. protection statistics 4.1.9 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Raisecom(config)#clear ethernet ring- Clear statistics about the protection...
Page 231: Default Configurations Of Elps
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection detects a fault and switches the traffic. And the other end does not detect the fault and switch traffic. Therefore, both ends may receive the traffic through different lines. ...
Page 232 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)#ethernet Create an ELPS protection line and line-id line-protection configure the protection mode. working interface-type The protection group is in non-revertive interface-number vlan-list mode if you configure the non-revertive...
Page 233: Configuring Elps Fault Detection Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom(config)#ethernet (Optional) enable ELPS Trap to be line-protection trap enable reported to the NMS. By default, ELPS Trap to be reported to the NMS is disabled. Use the ethernet line-protection trap disable command to disable ELPS Trap.
Page 234: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#ethernet Lock protection switching. After this line-id line-protection configuration, the traffic is not switched to the lockout protection line even the working line fails.
Page 235: Example For Configuring 1:1 Elps Protection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection 4.2.9 Example for configuring 1:1 ELPS protection Networking requirements As shown in Figure 4-1, to improve link reliability between Switch A and Switch B, configure 1:1 ELPS on the two Switch devices and detect fault based on physical interface status. GE 1/1/1 and GE 1/1/2 belong to VLANs 100–200.
Page 236 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Step 2 Create a 1:1 mode ELPS pair. Configure Switch A. SwitchA(config)#ethernet line-protection 1 working gigaethernet 1/1/1 100-200 protection gigaethernet 1/1/2 100-200 one-to-one Configure Switch B. SwitchB(config)#ethernet line-protection 1 working gigaethernet 1/1/1 100-200 protection gigaethernet 1/1/2 100-200 one-to-one Step 3 Configure fault detection mode.
Page 237 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 4 Ring network protection Port: gigaethernet1/1/1 Vlanlist: 1 FaiureDetect:physical MAID: MdLevel: 0 LocalMep: 0 RemoteMep:0 State/LCK/M:Active/N/N Link State:failure Protection Entity Information: Port: gigaethernet1/1/2 Vlanlist: 1 FaiureDetect:physical MAID: MdLevel: 0 LocalMep: 0 RemoteMep:0 State/F/M:Standby/N/N Link State:failure...
Page 238: Ip Services
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services IP services This chapter describes basic principles and configuration procedures for IP services, and provides related configuration examples, including the following sections:  IP basis  Loopback interface   ...
Page 239: Configuring Ipv4 Adress Of Vlan Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Function Default value Management VLAN inner TPID 0x8100 Management VLAN inner VLAN Management VLAN CoS 5.1.4 Configuring IPv4 adress of VLAN interface Configure the IPv4 address of the VLAN interface for the ISCOM2600G-HI series switch as below.
Page 240: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config-vlan1)#ip Configure CoS of the cos-value management-traffic cos management VLAN. By default, it is 6. Raisecom(config-vlan1)#ip Configure the double-tagged management-traffic mode double- mode for management packets. vlan-id tagging [ inner-vlan...
Page 241 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Raisecom#config Raisecom(config)#create vlan 10 active Step 2 Configure Layer 3 interface on the ISCOM2600G-HI series switch, configure its IP address, and associate the interface with the VLAN. Raisecom(config)#interface VLAN 10 Raisecom(config-VLAN10)#ip address 192.168.1.2 255.255.255.0 Checking results Use the show vlan command to show mapping between the physical interface and VLAN.
Page 242: Loopback Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Success rate is 100 percent(5/5), round-trip (ms) min/avg/max = 0/0/0. 5.2 Loopback interface 5.2.1 Introduction The loopback interface is a virtual interface and can be classified into two types:  Loopback interface automatically created by the system: the IP address is fixed to 127.0.0.1.
Page 243: Configuring Interface Loopback
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config-loopback)#ip Configure the IP address of the ip-address ip-mask address loopback interface. Raisecom(config-loopback)#ipv6 Configure the IPv6 address of the ipv6-address address link-local loopback interface. Raisecom(config-loopback)#ipv6 ipv6-address/prefix- address length [ eui-64 ] 5.2.5 Configuring interface loopback...
Page 244: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Resolution Protocol (ARP) is applied to resolve IP address to MAC address and configure mapping between IP address and MAC address. The ARP address table contains the following two types: ...
Page 245: Configuring Static Arp Entries
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.3.4 Configuring static ARP entries  The IP address in static ARP entry must belong to the IP network segment of Layer 3 interface on the switch.  The static ARP entry needs to be added and deleted manually.
Page 246: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.3.2 Checking configurations Use the following commands to check configuration results. Command Description ip-address Raisecom#show arp [ Show information about entries in the interface-type interface ARP address table. interface-number | static ]...
Page 247: Figure 5-2 Configuring Arp Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Figure 5-2 Configuring ARP networking Configuration steps Add a static ARP entry. Raisecom#config Raisecom(config)#arp 192.168.1.10 0050.8d4b.fd1e Checking results Use the show arp command to show configurations of the ARP address table.
Page 248: Ndp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.4 NDP 5.4.1 Introduction Neighbor Discovery Protocol (NDP) is a neighbor discovery mechanism used on IPv6 devices in the same link. It is used to discover neighbors, obtain MAC addresses of neighbors, and maintain neighbor information.
Page 249: Default Configurations Of Ndp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Prerequisite  Connect interfaces.  Configure physical parameters to make interfaces Up at the physical layer.  Configure the IPv6 address of the Layer 3 interface. 5.4.3 Default configurations of NDP Default configurations of NDP are as below.
Page 250: Configuring Maximum Number Of Ndps Allowed To Be Learnt On Layer 3 Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.4.6 Configuring maximum number of NDPs allowed to be learnt on Layer 3 interface Configure the maximum number of NDPs allowed to be learnt on the Layer 3 interface for the ISCOM2600G-HI series switch as below.
Page 251: Static Route
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.5 Static route 5.5.1 Introduction A route is required for communication among different devices in one VLAN, or different VLANs. The route is used to transmit packets through network to destination, which adopts routing table for forwarding packets.
Page 252: Configuring Route Mangement
Show information about mask-address1 ip-address2 mask- routes between two IP address2 ] [ detail ] addresses. Raisecom#show { ip | ipv6 } route Show route statistics. summary ip-address Raisecom#show ip route Show information about a mask-address ] [ longer-prefixes ] Raisecom Proprietary and Confidential Copyright ©...
Page 253: Example For Configuring Static Route
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Item Description route to a destination. ipv6-address Raisecom#show ipv6 route { ipv6-address prefix-length Raisecom#show ip fib [ ip-address Show information about ip-address nexthop FIB entries. ipv6-address Raisecom#show ipv6 fib [ ipv6-address...
Page 254 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.4 SwitchA(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.4 Step 3 Configure the default gateway on Switch B. Raisecom#name SwitchB SwitchB#config SwitchB(config)#ip route 0.0.0.0 0.0.0.0 10.1.2.3 Step 4 Configure the default gateway on Switch C.
Page 255: Rip
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.6 RIP 5.6.1 Introduction Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP) based on distance-vector algorithm. Definition of distance RIP defines the distance as below:  The distance from a route to its directly connected network is 1.
Page 256 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services The information to be exchanged by the router is all information that it knows, namely, its routing table. Routers exchange routing information periodically (every 30s by default) and update their routing tables according to received routing information (or according to triggering conditions).
Page 257: Configuring Basic Rip Functions
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services  Split horizon: a route learned from one interface is not broadcasted to the interface.  Route poisoning: when the topology changes, the router marks an invalid route as possibly down status and assign an unreachable matrix for it.
Page 258: Redistributing External Routes
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config- Configure global RIP version ID. version-id rip)#version By default, global RIP version is not configured. In this case, interfaces which are configured with RIP but not configured with the RIP version in the Tx direction will send V1 packets.
Page 259: Configuring Rip Timer
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config- Configure the policy for redistributing RIP rip)#redistribute routes. { static | connected | isis | bgp | ospf } metric [ metric map-name [ route-map tag-value [ tag...
Page 260: Configuring Authentication
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config- Enable split horizon on the interface; in other words, the vlan1)#ip rip route learned from one interface will not be advertised split-horizon back to the interface again.
Page 261: Configuring Route Calculation
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config)#router rip Enable RIP, and enter RIP configuration mode. Raisecom(config-rip)#distribute-list Configure RIP ingress acl-number { ip-access-list | prefix- routing policy. list list-name | route-map rmap-name interface-type interface-number in [...
Page 262: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.6.11 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Rasiecom#clear rip database Clear information about RIP routing database. Rasiecom#clear rip statistics Clear RIP interface statistics. 5.7 OSPFv2 5.7.1 Introduction Open Shortest Path First (OSPF) is a dynamic route selection protocol based on link status.
Page 263 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services  Point-to-Point (P2P): when the data link layer protocol is PPP or High-Level Data Link Control (HDLC), OSPF takes network type as P2P by default. In such networks, OSPF sends protocol packets in multicast mode (multicast address: 224.0.0.5).
Page 264: Figure 5-5 Roles Of Broadcast Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Figure 5-5 Roles of broadcast interface  Only broadcast interfaces elect the DR. P2MP or P2P interfaces do not elect the  DR is a concept of a network segment and targeted for an interface on a router. A router may be a DR for an interface and a BDR or DR Other for another interface.
Page 265 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services LSA type OSPF describes link status, encrypts the information in LSA, and advertises LSA. There are 5 types of common LSAs:  Router LSA (Type1): generated by each router, used to describe link status and cost, and speeded in the originating area.
Page 266: Figure 5-6 Ospf Area And Router Type
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services OSPF divides an AS into different areas to solve the previous problem. An area logically contains some routers and is identified by the area ID. As shown in Figure 5-5, a route in an area maintains routing information of the area instead of the entire AS.
Page 267: Configuring Basic Functions Of Ospf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Backbone area After OSPF divides areas, not all areas are equal. A special area with area ID as 0 is called the backbone area. The backbone area transmits inter-area routes. Routing information from non- backbone area must be forwarded by the backbone area.
Page 268: Configuring Ospf Route Attributes
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config-router- Configure the network segment ip-address wild-card- ospf)#network included by the OSPF area. mask area area-id  If you manually configure the router-id by configuring optional parameters in the router ospf process-id [ router-id router-id ] command, the OSPF process will use the router-id by precedence.
Page 269 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services  After the routing cost is manually configured through the ip ospf cost command, the manually-configured routing cost takes effect.  If the routing cost is not configured manually but the link bandwidth reference value is configured, the routing cost is automatically configured based on link bandwidth reference value.
Page 270: Configuring Load Balancing
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.7.4 Configuring load balancing Configure load balancing for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#router Enable an OSPF process, and enter OSPF process-id...
Page 271: Optimizing Ospf Network
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Configuring OSPF NBMA network neighbor Configure the OSPF NBMA network neighbor for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter interface configuration mode.
Page 272 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config)#interface Enter interface configuration mode. interface-type interface- number Raisecom(config- Configure the OSPF neighbor dead interval. gigaethernet1/1/port)#ip By default, it is 4 times of Hello packet seconds ospf dead-interval delivery interval.
Page 273 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#router Enable an OSPF process and enter OSPF process-id ospf [ router-id configuration mode. router-id Raisecom(config-router- Configure the calculation delay and delay-time ospf)#timers spf interval of the OSPF route.
Page 274: Configuring Ospf Authentication Mode
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.7.7 Configuring OSPF authentication mode Configuring OSPF area authentication mode All routers in an area need to be configured with the identical area authentication mode (non- authentication, simple authentication, or MD5 authentication). The OSPF area has no authentication password but adopts the interface authentication password.
Page 275: Configuring Stub Area
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services 5.7.8 Configuring Stub area For the non-backbone area at the edge of Autonomous System (AS), you can configure the stub command on all routers in the area to configure the area to a Stub area. In this case, Type5 LSA, which is used to describe external routes of the AS, cannot be flooded in the Stub area.
Page 276 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#router Enable an OSPF process and enter OSPF process-id ospf configuration mode. router-id [ router-id Raisecom(config-router- Configure OSPF route redistribution polity. ospf)#redistribute By default, no external route is redistributed.
Page 277: Configuring Ospf Routing Policy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Configuring redistributed external route aggregation After the external route is redistributed, configure route aggregation on the ASBR. The ISCOM2600G-HI series switch just puts the aggregated route on the ASE LSA. This helps reduces the number of LSAs in the LSDB.
Page 278 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config)#ip prefix- Configure the IP prefix list. list-name list { permit | deny } ip-address mask-length ge-length [ ge ] [ le length Raisecom(config)#access-list Create an IP ACL, and enter ACL acl-number configuration mode.
Page 279 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom(config)#access-list Configure the IP ACL rule. acl-number At present, the ISCOM2600G-HI series switch just supports matching the address prefix information of the route by specifying the destination IP address and subnet mask.
Page 280: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#ip prefix-list Configure the IP prefix-list. list-name { permit | deny } You can use the no ip prefix-list address mask-length [ ge...
Page 281: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 5 IP services Command Description process-id Raisecom#show ip ospf [ Show OSPF statistics or neighbor statistics OSPF neighbor statistics. process-id Raisecom#show ip ospf [ Show OSPF ASBR summay-address external route aggregation information. 5.7.12 Maintenance Maintain the ISCOM2600G-HI series switch as below.
Page 282: Dhcp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP DHCP This chapter describes basic principles and configurations procedures of DHCP, and providing related configuration examples, including the following sections:  DHCP Client  Zero-configuration  DHCP Snooping  DHCP Options ...
Page 283: Figure 6-1 Dhcp Typical Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Figure 6-1 DHCP typical networking DHCP ensures rational allocation, avoid waste, and improve the utilization rate of IP addresses on the entire network. Figure 6-2 shows the structure of a DHCP packet. The DHCP packet is encapsulated in a UDP data packet.
Page 284 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Field Length Description Transaction ID The client chooses a number at random when starting a request, used to mark process of address request. Seconds Passing time for the DHCP client after starting DHCP request.
Page 285: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Figure 6-3 DHCP Client networking 6.1.2 Preparing for configurations Scenario As a DHCP client, the ISCOM2600G-HI series switch obtains the IP address from the DHCP server. The IP address assigned by the DHCP client is limited with a certain lease period when adopting dynamic assignment of IP addresses.
Page 286: Configuring Dhcp Client
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.1.4 Configuring DHCP Client Before a DHCP client applies for an IP address, you must create a VLAN, and add the interface of the IP address to the VLAN. Meanwhile you must configure the DHCP server, otherwise the interface will fail to obtain the IP address through DHCP.
Page 287: Checking Configurations
6.1.7 Example for configuring DHCP Client Networking requirements As shown in Figure 6-4, the Switch is used as a DHCP client, and the host name is raisecom. The Switch is connected to the DHCP server and NMS. The DHCP server should assign IP addresses to the SNMP interface on the Switch and make NMS manage the Switch.
Page 288: Figure 6-4 Dhcp Client Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Figure 6-4 DHCP Client networking Configuration steps Step 1 Configure the DHCP client. Raisecom#config Raisecom(config)#interface vlan 1 Raisecom(config-vlan1)#ip dhcp client hostname raisecom Step 2 Configure applying for IP address through DHCP. Raisecom(config-vlan1)#ip address dhcp server-ip 192.168.1.1 Checking results Use the show ip dhcp client command to show configurations of DHCP Client.
Page 289: Zero-Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Bootfile Filename: NTP Server IP Addr: Root Path: DHCP Client Mode: Normal Mode Interface : vlan10 Hostname: Raisecom Class-ID: Raisecom-ROS_5.2.1 Client-ID: Raisecom-000e5e112233-IF0 DHCP Client Is Disabled. Assigned IP Addr: 0.0.0.0 Subnet Mask: 0.0.0.0...
Page 290: Default Configurations Of Zero-Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Figure 6-5 Zero-configuration server networking By default, zero-configuration is enabled on the device. To disable it, configure the device to common client mode. 6.2.2 Default configurations of zero-configuration Default configurations of zero-configuration are as below.
Page 291: Configuring Dhcp Client
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP  Configure the interface connected to the zero-configuration server to be Up.  Configure the upstream switch to allow packets of a VLAN of the remote device to pass.  Out-of-band interface FE 1/0/1 supports obtaining the IP address through DHCP or zero- configuration.
Page 292: Example For Ipv6 Zero-Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.2.7 Example for IPv6 zero-configuration Networking requirements As shown in Figure 6-6, the DHCP Server program is installed on a virtual machine and bridged with the Network Interface Card (NIC) of the PC on which the TFTP Server program is installed.
Page 293 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP  Configure Switch A to connect it to the TFTP server. Configuration steps Establish a DHCPv6 server, configure the DHCPv6 address pool, and define Option 59 and Option 60. Step 1 Install the virtual machine program. For details, see virtual machine manuals.
Page 294: Figure 6-7 Configuring Dhcpv6 Address Pool And Prefix
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Figure 6-7 Configuring DHCPv6 address pool and prefix Use the TFTP program to establish the TFTP server environment which is used to issue the configuration file and system files to be issued to Switch B.
Page 295: Figure 6-8 Automatically Obtaining Files Through Zero-Configuration
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Configure Switch A. Step 8 Configure switches in standalone mode.  Configure Switch A. Configure GE 1/1/1 to Trunk mode, allowing packets of VLAN 10 to pass. Configure GE 1/1/2 to Access mode, accessing packets of VLAN 10.
Page 296: Dhcp Snooping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.3 DHCP Snooping 6.3.1 Introduction DHCP Snooping is a security feature of DHCP with the following functions:  Make the DHCP client obtain the IP address from a legal DHCP server. If a false DHCP server exists on the network, the DHCP client may obtain incorrect IP address and network configuration parameters, but cannot communicate normally.
Page 297: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP  When the ISCOM2600G-HI series switch receives a DHCP request packet, it processes packets according to Option field included or not, filling mode, and processing policy configured by user, then forwards the processed packet to DHCP server.
Page 298: Configure Dhcp Snooping To Support Option 82
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#ip dhcp snooping Enable global DHCP Snooping. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode or aggregation group configuration mode. Raisecom(config- (Optional) enable interface DHCP gigaethernet1/1/port)#ip dhcp Snooping.
Page 299: Configuring Dhcpv6 Snooping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.3.6 Configuring DHCPv6 Snooping Configure DHCPv6 Snooping for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#ipv6 dhcp Enable global DHCPv6 Snooping. snooping Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode.
Page 300: Example For Configuring Dhcp Snooping
DHCP clients to obtain the IP address from a legal DHCP server and support Option 82 to facilitate client management. You can configure padding information of about circuit ID sub-option to raisecom on GE 1/1/3, and padding information about remote ID sub-option to user01.
Page 301: Dhcp Options
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Raisecom(config)#interface gigaethernet 1/1/3 Raisecom(config-gigaethernet1/1/3)#ip dhcp information option circuit-id raisecom Checking results Use the show ip dhcp snooping command to show configurations of DHCP Snooping. Raisecom#show ip dhcp snooping DHCP Snooping: Enabled DHCP Option 82: Enabled...
Page 302 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Options Description IPv6 DHCP client flag option, used to specify interface information about DHCP clients IPv6 DHCP client flag option, used to specify device information about DHCP clients IP address lease option...
Page 303: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.4.2 Preparing for configurations Scenario Options 18, 37, 61, and 82 in DHCP Option are relay information options in DHCP packets. When request packets from DHCP clients reach the DHCP server, DHCP Relay or DHCP Snooping added Option field into request packets if request packets pass the DHCP relay device or DHCP snooping device is required.
Page 304: Configuring Dhcp Option 18 Over Ipv6
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Step Command Description Raisecom(config)#ip dhcp information option (Optional) configure the { attach-string | circuit-id format | attached string in Option circuit-id hex } string 82 of DHCP packets. Raisecom(config)#ip dhcp information option...
Page 305: Configuring Dhcp Option 37 Over Ipv6
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Step Command Description Raisecom(config)#ipv6 dhcp option interface- (Optional) configure ascii-string hex-string id { ascii | hex information about ipv6-address ipv6-address Option 18. interface-type Raisecom(config)#interface (Optional) configure interface-number information about Raisecom(config-gigaethernet1/1/port)#ipv6 Option 18 on the...
Page 306: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Step Command Description interface-type Raisecom(config)#interface (Optional) create user- interface-number defined Option Raisecom(config-gigaethernet1/1/port)#ipv6 information over IPv6 number ascii-string dhcp option { ascii on the interface. hex-string ipv6-address | ipv6-address 6.4.8 Checking configurations Use the following commands to check configuration results.
Page 307: Figure 6-11 Dhcp Server And Client Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP  The number of hosts on the network is greater than that of IP addresses, which makes it unable to assign a fixed IP address for each host and restricts the number of users connected to network simultaneously.
Page 308: Table 6-4 Fields Of A Dhcp Packet
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Table 6-4 Fields of a DHCP packet Field Length Description Packet type  1: a request packet  2: a reply packet Hardware type Hardware address type of a DHCP client Hardware length...
Page 309: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.5.2 Preparing for configurations Scenario When working as the DHCPv4 server, the ISCOM2600G-HI series switch can assign IP addresses to DHCPv4 clients. Prerequisite  Disable DHCPv4 Client on the ISCOM2600G-HI series switch.
Page 310: Enabling Dhcpv4 Server On Vlan Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.5.4 Enabling DHCPv4 Server on VLAN interface Enable DHCPv6 Server on the VLAN interface for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface vlan Enter VLAN interface configuration vlan-id mode.
Page 311: Example For Configuring Dhcpv4 Server
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Command Description Raisecom(config)#show ip Show configurations of DHCP Server. dhcp server Raisecom(config)#show ip Show assigned IPv4 addresses and clients dhcp server lease information. Raisecom(config)#show ip Show packet statistics on the DHCPv4 Server.
Page 312: Dhcp Relay
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Raisecom(config-pool)#exit Step 2 Configure interface DHCP Server. Raisecom(config)#interface vlan 1 Raisecom(config-vlan1)#ip address 172.31.1.1 255.255.255.0 Raisecom(config-vlan1)#ip dhcp server Checking results Use the show ip dhcp server command to show configurations of DHCP Server.
Page 313: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP DHCP Relay is introduced to solve this problem. It can provide relay service between DHCP clients and the DHCP server that are in different segments. It relays packets across segments to the DHCP server or clients.
Page 314: Configuring Global Dhcp Relay
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Function Default value Interface DHCPv6 Relay Disable 6.6.4 Configuring global DHCP Relay Configure global DHCP Relay for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#ip dhcp relay Enable global DHCP Relay.
Page 315: Configuring Dhcpv6 Relay On Vlan Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP 6.6.7 Configuring DHCPv6 Relay on VLAN interface Configure DHCPv6 Relay on the VLAN interface for forwarding packets for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode.
Page 316: Example For Configuring Dhcpv4 Relay
As shown in Figure 6-15, the switch works as the DHCP relay device. The host name is raisecom. The switch is connected to the DHCP server through a service interface. The DHCP server assigns IP addresses to clients so that the NMS can discover and manage these clients.
Page 317 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 6 DHCP Raisecom(config-gigaethernet1/1/1)#ip dhcp relay target-ip 10.0.0.1 Checking results Use the show ip dhcp relay command to show configurations of DHCP Relay. Raisecom#show ip dhcp relay Interface Status Target Address ----------------------------------------------------------- gigaethernet1/1/1 Enable 10.0.0.1 Raisecom Proprietary and Confidential Copyright ©...
Page 318: Qos
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS This chapter describes basic principles and configuration procedures for QoS, and provides related configuration examples, including the following sections:  Introduction  Configuring priority  Configuring congestion management  Configuring congestion avoidance ...
Page 319: Priority Trust
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS  Differentiated Services (DiffServ) Best-effort Best-effort service is the most basic and simplest service model on the Internet (IPv4 standard) based on storing and forwarding mechanism. In Best-effort service model, the application can send a number of packets at any time without being allowed in advance and notifying the network.
Page 320: Figure 7-1 Traffic Classification
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Figure 7-1 Traffic classification IP precedence and DSCP Figure 7-2 shows the structure of the IP packet header. The head contains an 8-bit ToS field. Defined by RFC 1122, IP priority (IP Precedence) uses the highest 3 bits (0–3) with value range of 0–7;...
Page 321: Traffic Policy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS The first 3 bits of the TCI field represent CoS, which ranges from 0 to 7, as shown in Figure 7-5. CoS is used to guarantee QoS on the Layer 2 network.
Page 322: Priority Mapping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Traffic statistics is not a QoS control measure, but can be used in combination with other QoS actions to improve network supervision. 7.1.5 Priority mapping Priority mapping refers to sending packets to different queues with different local priorities according to pre-configured mapping from external priority to local priority.
Page 323: Figure 7-6 Sp Scheduling
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS  SP: the ISCOM2600G-HI series switch strictly schedules packets in a descending order of priority. Packets with lower priority cannot be scheduled until packets with higher priority are scheduled, as shown in Figure 7-6.
Page 324: Congestion Avoidance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Figure 7-8 DRR scheduling  SP+WRR: a scheduling mode combining the SP scheduling and WRR scheduling. In this mode, queues on an interface are divided into 2 groups. You can specify the queues where SP scheduling/WRR scheduling is performed.
Page 325: Rate Limiting Based On Interface And Vlan
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS 7.1.8 Rate limiting based on interface and VLAN The ISCOM2600G-HI series switch supports rate limiting both based on traffic policy, interface, or VLAN ID. Similar to rate limiting based on traffic policy, the ISCOM2600G-HI series switch discards the excess traffic.
Page 326: Configuring Priority
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS 7.2 Configuring priority 7.2.1 Preparing for configurations Scenario You can choose to trust the priority carried by packets from an upstream device, or process packets with untrusted priority through the traffic class and traffic policy. After being configured to priority trust mode, the ISCOM2600G-HI series switch processes packets according to their priorities and provides services accordingly.
Page 327: Configuring Types Of Priorities Trusted By Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Table 7-4 Default mapping from DSCP to local priority DSCP 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 Local priority (green) (green) (green) (green) (green) (green) (green) (green) Table 7-5 Default mapping from ToS to local priority and color...
Page 328: Configuring Mapping From Dscp To Local Priority And Color
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description cos-value Raisecom(cos-to-pri)#cos (Optional) modify the profile of localpri-value to local-priority mapping from CoS to local priority [ color { green | red | yellow } ] and color. Raisecom(cos-to-pri)#exit...
Page 329: Configuring Cos Remarking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description dscp- Raisecom(dscp-mutation)#dscp (Optional) modify the DSCP value new dscp-value to new-dscp mutation profile. The profile used in this configuration is the same profile used by the mapping from DSCP to local priority.
Page 330: Configuring Congestion Management
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Command Description Raisecom#show mls qos mapping Show information about mapping from cos-to-local-priority [ default CoS to local priority and color profile. profile-id Raisecom#show mls qos mapping Show information about mapping from dscp-to-local-priority...
Page 331: Configuring Wrr Or Sp+Wrr Queue Scheduling
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Configure queue scheduling mode gigaethernet1/1/port)#mls qos as SP on the interface. queue scheduler sp 7.3.4 Configuring WRR or SP+WRR queue scheduling...
Page 332: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- (Optional) configure queue gigaethernet1/1/port)#mls qos bandwidth guarantee on the interface queue queue-id shaping cir and configure burst size. 7.3.7 Checking configurations Use the following commands to check configuration results.
Page 333: Configuring Sred
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS 7.4.3 Configuring SRED Configure SRED for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#mls qos sred Create a SRED profile, and enter profile-id profile SRED configuration mode.
Page 334: Default Configurations Of Traffic Classification And Traffic Policy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Prerequisite Enable global QoS. 7.5.2 Default configurations of traffic classification and traffic policy Default configurations of traffic classification and traffic policy are as below. Function Default value Traffic policy status Disable Traffic policy statistics status Disable 7.5.3 Creating traffic class...
Page 335: Creating Rate Limiting Rule And Shapping Rule
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom(config-cmap)#match (Optional) configure the traffic class dscp-value dscp based on DSCP rule. Raisecom(config)#policy-map (Optional) configure the traffic class policy-map-name based on traffic policy. Raisecom(config-pmap)#class- The traffic policy must have been...
Page 336: Creating Traffic Policy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom(traffic-policer)#drop- (Optional) configure the token color { red | yellow } bucket to discard packets with any color. Raisecom(traffic-policer)#recolor (Optional) configure packet { green-recolor { yellow | red } | recoloring.
Page 337: Defining Traffic Policy Operation
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom(config- Bind a traffic class with a traffic policy. The class- pmap)#class-map traffic policy is applied to the packets matching map-name the traffic class. At least one rule is required for the traffic class to be bount with a traffic policy, otherwise the binding will fail.
Page 338: Applying Traffic Policy To Interfaces
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom(config-pmap- (Optional) configure remarking rules under the cos- c)#set { cos traffic class, modify packet CoS, local priority, value | dscp dscp- inner VLAN, DSCP, IP precedence, and VLAN ID.
Page 339: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Command Description policy- Raisecom#show policy-map [ Show information about traffic map-name policy. policy- Raisecom#show policy-map [ Show information about the map-name class-map-name ] [ class traffic class in the traffic policy. Raisecom#show mls qos policer...
Page 340: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom(config- Configure rate limiting based on gigaethernet1/1/port)#rate-limit interface. { ingress | egress } cir cir-value cbs-value Raisecom(config)#rate-limit mode Configure the rate limiting mode. { l1 | l2 } ...
Page 341: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Bandwidth guarantee: bandwidth service based on interface or flow is implemented. – Bandwidth rate limiting does not support hierarchical bandwidth guarantee. Bandwidth guarantee The bandwidth guarantee function guarantees that the traffic entering the network is within the defined range, and it discards or schedules packets.
Page 342: Configuring Bandwidth Guarantee
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS 7.7.4 Configuring bandwidth guarantee Creating bandwidth guarantee profile Create a bandwidth guarantee profile for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. bwp-profile- Raisecom(config)#bandwidth-profile Create a...
Page 343: Configuring Hierarchical Bandwidth Guarantee
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#bandwidth-profile Create a bandwidth profile-id [ eir guarantee profile. ] [ color-aware ] interface-type Raisecom(config)#interface Apply the bandwidth interface-number guarantee profile on Raisecom(config- gigaethernet1/1/port)#bandwidth { ingress | interface+VLAN+CoS.
Page 344: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Configuring hierarchical VLAN bandwidth guarantee Create a hierarchical VLAN bandwidth guarantee for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#bandwidth-profile Create a bandwidth guarantee profile-id [ eir profile.
Page 345: Configuration Examples
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS 7.8 Configuration examples 7.8.1 Example for configuring congestion management Networking requirements As shown in Figure 7-9, the user use voice, video and data services. CoS of voice service is 5, CoS of video service is 4, and CoS of data service is 2. The local priorities for these three types of services are mapping 6, 5, and 2 respectively.
Page 346 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Step 3 Apply the profile for mapping from CoS to local priority on GE 1/1/2. SwitchA(config)#interface gigaethernet 1/1/2 SwitchA(config-gigaethernet1/1/2)#mls qos cos-to-local-priority 1 SwitchA(config-gigaethernet1/1/2)#quit Step 4 Conduct SP+WRR queue scheduling in the egress direction of GE 1/1/1.
Page 347: Example For Configuring Rate Limiting Based On Traffic Policy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Raisecom#show mls qos queue interface gigaethernet 1/1/1 gigaethernet1/1/1 Queue Weight(WRR) ------------------------- 7.8.2 Example for configuring rate limiting based on traffic policy Networking requirements As show in Figure 7-10, User A, User B, and User C respectively belong to VLAN 1, VLAN 2, and VLAN 3, and are connected to the ISCOM2600G-HI series switch by Switch A, Switch B, and Switch C.
Page 348 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Configuration steps Step 1 Create and configure the traffic class, and classify users by VLAN ID. Raisecom#config Raisecom(config)#class-map usera match-any Raisecom(config-cmap)#match vlan 1 Raisecom(config-cmap)#quit Raisecom(config)#class-map userb match-any Raisecom(config-cmap)#match vlan 2 Raisecom(config-cmap)#quit Raisecom(config)#class-map userc match-any...
Page 349 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Raisecom(config-pmap)#class-map userc Raisecom(config-pmap-c)#police userc Raisecom(config-pmap-c)#quit Raisecom(config-pmap)#quit Raisecom(config)#interface gigaethernet 1/1/3 Raisecom(config-gigaethernet1/1/3)#service-policy userc ingress 4 Raisecom(config-gigaethernet1/1/1)#exit Checking results Use the show class-map command to show configurations of traffic classification. Raisecom#show class-map usera Class Map match-any usera (id 0)(ref 1)
Page 350: Example For Configuring Rate Limiting Based On Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS police userc 7.8.3 Example for configuring rate limiting based on interface Networking requirements As shown in Figure 7-11, User A, User B, and User C are respectively connected to the ISCOM2600G-HI series switch by Switch A, Switch B, and Switch C.
Page 351 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 7 QoS Raisecom(config)#interface gigaethernet 1/1/3 Raisecom(config-gigaethernet1/1/3)#rate-limit ingress cir 30000 cbs 100 Raisecom(config-gigaethernet1/1/3)#exit Checking results Use the show rate-limit port-list command to show configurations of rate limiting based on interface. Raisecom(config)#show rate-limit interface Interface Direction Cir(kbps)
Page 352: Multicast
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Multicast This chapter describes basic principles and configuration procedures for multicast, and provides related configuration examples, including the following sections:  Multicast  Basic functions of Layer 2 multicast  IGMP Snooping ...
Page 353: Figure 8-1 Multicast Transmission Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast  Broadcast: the system sends information to all users regardless of whether they need or not, so any user will receive it. Through broadcast, the information source delivers information to all users in the segment, which fails to guarantee information security and paid service.
Page 354 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast  Training, cooperative operations communications, such as: distance education, telemedicine  Data warehousing and financial applications (stock)  Any other point-to-multipoint applications Basic concepts in multicast  Multicast group A multicast group refers to the recipient set using the same IP multicast address identification.
Page 355: Figure 8-2 Basic Concepts In Multicast
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-2 Basic concepts in multicast Multicast address To make multicast source and multicast group members communicate across the Internet, you need to provide network layer multicast address and link layer multicast address, namely, the IP multicast address and multicast MAC address.
Page 356: Figure 8-3 Mapping Between Ipv4 Multicast Address And Multicast Mac Address
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-3 Mapping between IPv4 multicast address and multicast MAC address The first 4 bits of IP multicast address are 1110, indicating multicast identification. In the last 28 bits, only 23 bits are mapped to the multicast MAC address, and the missing of 5 bits makes 32 IP multicast addresses mapped to the same multicast MAC address.
Page 357: Basic Functions Of Layer 2 Multicast
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast IGMP manages group members through interaction of IGMP packets between the host and multicast router. IGMP packets are encapsulated in IP packets, including Query packets, Report packets, and Leave packets. Basic functions of IGMP are as below: ...
Page 358 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Configurations of basic function take effect on IGMP Snooping or IGMP MVR concurrently. The concepts related to IGMP basic functions are as below. Multicast router interface The router interface can be learnt dynamically (learnt through IGMP query packets, on the...
Page 359: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.2.2 Preparing for configurations Scenario Basic functions of Layer 2 multicast provide common features of Layer 2 multicast, and must be used on the ISCOM2600G-HI series switch enabled with IGMP Snooping or IGMP MVR.
Page 360: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom(config- (Optional) configure immediate leave. gigaethernet1/1/port)#igmp If immediate leave is disabled on the immediate-leave vlan vlan-list downlink interface, the router interface, after receiving a Leave packet, will calculate the aging time...
Page 361: Igmp Snooping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.3 IGMP Snooping 8.3.1 Introduction IGMP Snooping is a multicast constraining mechanism running on Layer 2 devices, used for managing and controlling multicast groups, and implementing Layer 2 multicast. IGMP Snooping allows the ISCOM2600G-HI series switch to monitor IGMP sessions between the host and multicast router.
Page 362: Default Configurations Of Igmp Snooping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast  Create VLANs.  Add related interfaces to the VLANs. 8.3.3 Default configurations of IGMP Snooping Default configurations of IGMP Snooping are as below. Function Default value Global IGMP Snooping status Disable...
Page 363: Example For Applying Multicast On Ring Network
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Command Description Raisecom#show igmp snooping [ vlan Show configurations of IGMP vlan-id vlan-list | member vlan Snooping. mrouter vlan-priority ] Raisecom#show igmp snooping member Show information about multicast interface-type interface-number group members of IGMP...
Page 364: Figure 8-6 Ring Network Multicast Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-6 Ring network multicast networking Configuration steps Step 1 Enable STP, create a VLAN, and add interfaces to the VLAN. Configure Switch A. SwitchA#config SwitchA(config)#spanning-tree enable SwitchA(config)#spanning-tree mode stp SwitchA(config)#interface gigaethernet 1/1/1...
Page 365 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast SwitchB(config-gigaethernet1/1/1)switchport mode trunk SwitchB(config-gigaethernet1/1/1)#switchport trunk native vlan 200 SwitchB(config-gigaethernet1/1/1)#exit SwitchB(config)#interface gigaethernet 1/1/2 SwitchB(config-gigaethernet1/1/2)#switchport mode trunk SwitchB(config-gigaethernet1/1/2)#switchport trunk native vlan 200 Configure Switch C. SwitchC#config SwitchC(config)#spanning-tree enable SwitchC(config)#spanning-tree mode stp SwitchC(config)#interface gigaethernet 1/1/1...
Page 366: Igmp Querier
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Checking results Disconnect any link in the ring, and check whether the multicast flow can be received normally. 8.4 IGMP Querier 8.4.1 Introduction MVR Querier is an MVR protocol proxy mechanism. It runs on Layer 2 devices to assist in managing and controlling multicast groups.
Page 367: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast  Source IP address of Query packets sent by IGMP Querier IGMP querier sends the source IP address of Query packets. By default, the IP address of IP interface 0 is used. If the IP address is not configured, 0.0.0.0 is used. When receiving Query packets with IP address of 0.0.0.0, some hosts take it illegal and do not respond.
Page 368: Configuring Igmp Querier
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Function Default value IGMP Querier status Disable IGMP packet suppression status Disable Source IP address for IGMP Querier to send Use the IP address of IP address 0. packets If IP interface 0 is not configured, use 0.0.0.0.
Page 369: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.4.5 Checking configurations Use the following commands to check configuration results. Command Description Raisecom#show igmp querier Show configurations of IGMP Querier. 8.4.6 Example for configuring IGMP Snooping and IGMP Querier Networking requirements As shown in Figure 8-7, GE 1/1/1 on the switch is connected to the multicast router;...
Page 370 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Raisecom#config Raisecom(config)#create vlan 10 active Raisecom(config)#interface gigaethernet 1/1/2 Raisecom(config-gigaethernet1/1/2)#switchport mode trunk Raisecom(config-gigaethernet1/1/2)#switchport trunk native vlan 10 Raisecom(config-gigaethernet1/1/2)#exit Raisecom(config)#interface gigaethernet 1/1/3 Raisecom(config-gigaethernet1/1/3)#switchport access vlan 10 Raisecom(config-gigaethernet1/1/3)#exit Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#switchport access vlan 10 Raisecom(config-gigaethernet1/1/1)#exit Step 2 Enable IGMP Snooping.
Page 371: Igmp Mvr
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Use the following command to show configurations of IGMP Querier. Raisecom#show igmp querier Global IGMP querier configuration: ---------------------------------- Querier Status : Enable Querier Source Ip : 192.168.1.2 Query Interval(s) :125 Query Max Response Interval(s) :10...
Page 372: Default Configurations Of Igmp Mvr
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-8 IGMP MVR networking Prerequisite  Disable multicast VLAN copy.  Create VLANs.  Add related interfaces to the VLANs. 8.5.3 Default configurations of IGMP MVR Default configurations of MVR are as below.
Page 373: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom(config)#igmp mvr Configure the group address set for vlan-id mcast-vlan group multicast VLAN. start-ip-address end-ip- address ] | any } After IGMP MVR is enabled, you need to configure multicast VLAN and bind group address set.
Page 374: Example For Configuring Igmp Mvr
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.5.6 Example for configuring IGMP MVR Networking requirements As shown in Figure 8-9, GE 1/1/1 on Switch A connects with the multicast router, and GE 1/1/2 and GE 1/1/3 connect with users in different VLANs to receive data from multicast addresses 234.5.6.7 and 225.1.1.1.
Page 375 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Raisecom(config-gigaethernet1/1/3)#switchport mode trunk Raisecom(config-gigaethernet1/1/3)#switchport trunk native vlan 3 Raisecom(config-gigaethernet1/1/3)#switchport trunk untagged vlan 12,13 Raisecom(config-gigaethernet1/1/3)#exit Step 2 Configure IGMP MVR on Switch A. Raisecom(config)#igmp mvr Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#igmp mvr Raisecom(config-gigaethernet1/1/1)#igmp mvr user-vlan 13...
Page 376: Igmp Filtering
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.6 IGMP filtering 8.6.1 Introduction To control user access, you can configure IGMP filtering. IGMP filtering includes limiting the range of accessible multicast groups by using the filtering profile and limiting the maximum number of multicast groups.
Page 377: Default Configurations Of Igmp Filtering
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.6.3 Default configurations of IGMP filtering Default configurations of IGMP filtering are as below. Function Default value Global IGMP filtering Disable IGMP filtering profile Profile IGMP filtering profile action Refuse No maximum group limit, the largest group...
Page 378: Configuring Maximum Number Of Multicast Groups
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom(config-igmp-profile)#exit Enter physical layer interface Raisecom(config)#interface configuration mode or LAG interface-type interface-number configuration mode. Raisecom(config- Configure IGMP Profile filtering gigaethernet1/1/port)#igmp filter profile to physical interface or profile profile-number [ vlan interface+VLAN.
Page 379: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom(config- (Optional) configure the action over gigaethernet1/1/port)#igmp maximum number of multicast groups in filter max-groups action physical interface or interface+VLAN. { drop | replace } [ vlan vlan-list Raisecom(config-port-...
Page 380: Figure 8-10 Applying Igmp Filtering On Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-10 Applying IGMP filtering on interface Configuration steps Step 1 Create VLANs, and add interfaces to VLANs. Raisecom#config Raisecom(config)#create vlan 3,12,13 active Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#switchport mode trunk Raisecom(config-gigaethernet1/1/1)#switchport trunk native vlan 12...
Page 381: Multicast Vlan Copy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Raisecom(config)#interface gigaethernet 1/1/2 Raisecom(config-gigaethernet1/1/2)#igmp mvr Raisecom(config-tengigabitethernet1/1/2)#igmp mvr user-vlan 13 Raisecom(config-gigaethernet1/1/2)#exit Raisecom(config)#igmp mvr mcast-vlan 3 group any Step 3 Configure the IGMP filtering profile. Raisecom(config)#igmp filter profile 1 Raisecom(config-igmp-profile)#permit Raisecom(config-igmp-profile)#range 1 234.5.6.7 234.5.6.10 Raisecom(config-igmp-profile)#exit Step 4 Configure the STB to apply the IGMP filtering profile.
Page 382: Figure 8-11 Data Transmission Of Igmp Mvr
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast After multicast VLAN copy is enabled, the upper layer device copies multicast data in the multicast VLAN, instead of copying multicast data for each user VLAN, thus saving bandwidth. The system searches for the egress interface according to the multicast VLAN and multicast group address, and copies multicast data for each user VLAN on the egress interface.
Page 383: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-12 Data transmission of multicast VLAN copy The ISCOM2600G-HI series switch can be configured with 1–10 multicast VLANs and at least one multicast VLAN and corresponding group address set. It supports up to 1024 multicast groups.
Page 384: Default Configurations Of Multicast Vlan Copy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Figure 8-13 Multicast VLAN copy networking Prerequisite Create VLANs, and add related interfaces to VLANs. 8.7.3 Default configurations of multicast VLAN copy Default configurations of multicast VLAN copy are as below. Function...
Page 385: Configuring Static Multicast Members Of Vlan Copy
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#igmp Enable global multicast VLAN copy. vlan-copy Raisecom(config)#igmp Configure the group address set of the multicast vlan-copy mcast-vlan VLAN. vlan-id group start-ip end-ip | any }...
Page 386: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type interface- configuration mode. number Raisecom(config- Configure the customer VLAN of gigaethernet1/1/port)#igmp multicast VLAN copy. vlan-id vlan-copy user-vlan 8.7.7 Checking configurations Use the following commands to check configuration results.
Page 387: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast  MLDv2: defined by RFC3810, derived from IGMPv3 MLDv1 is used to manage IPv6 multicast group members through the querying and response mechanism. Based on MLDv1, MLDv2:  Additionally support filtering IPv6 multicast sources. When a host joins an IPv6 multicast group, it can request to receive or deny messages from a specified IPv6 multicast source.
Page 388: Configuring Mld Snooping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#mld mrouter Create a multicast router interface on the vlan-id interface-type vlan specified VLAN. interface-number Raisecom(config)#mld ring Enable MLD ring network forwarding nterface-type interface- on the interface.
Page 389: Configuring Mld Querier
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Step Command Description Raisecom(config)#mld snooping vlan (Optional) enable MLD vlan-list Snooping in all VLANs. vlan-id Raisecom(config)#vlan (Optional) configure the static Raisecom(config-vlan)#mld snooping member of MLD Snooping in static ip-address interface-type VLAN mode.
Page 390: Configuring Mld Filtering
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast 8.8.7 Configuring MLD filtering Enable global MLD filtering Enable global MLD filtering for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#mld Enable global MLD filtering.
Page 391: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast By using the mld filter profile profile-number command in interface configuration mode, you can apply a created MLD profile to the specified interface. A MLD profile can be applied to multiple interfaces, but only one MLD profile can be applied to one interface.
Page 392: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 8 Multicast Command Description Raisecom#show mld snooping [ vlan Show configurations of MLD vlan Snooping. Raisecom#show mld snooping member Show information about multicast interface-type interface-number group members of MLD | vlan vlan Snooping. Raisecom#show mld snooping member...
Page 393: Oam
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM This chapter describes basic principles and configuration procedures for OAM and provide related configuration examples, including the following sections:  Introduction   CFM (IEEE 802.1ag/ITU-Y.1731)   9.1 Introduction Initially, Ethernet is designed for LAN. Operation, Administration and Maintenance (OAM) is weak because of its small size and a NE-level administrative system.
Page 394 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM OAM discovery The Ethernet OAM connection process is the OAM discovery phase, where an OAM entity discovers a remote OAM entity and establishes a session with it. This phase is initiated by an OAM entity that is in active mode. One ends informs the other of its Ethernet OAM configurations and Ethernet OAM capabilities supported by the local node by exchanging OAM PDU.
Page 395: Efm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM OAM loopback occurs only after the Ethernet OAM connection is established. When connected, the active OAM entity initiates the OAM loopback command, and the peer OAM entity responds to the command. When the peer OAM entity is in loopback mode, all packets except OAM PDU will be retraced.
Page 396: Configuring Basic Functions Of Efm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Function Default value Remote OAM event alarm Disable EFM remote loopback status Not response Monitor window of errored frame event Monitor threshold of errored event 1 errored frame Monitor window of errored frame period event...
Page 397: Configuring Active Functions Of Efm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config- Enable interface OAM. gigaethernet1/1/1)#oam enable 9.2.5 Configuring active functions of EFM The active function of EFM OAM can be configured only when the ISCOM2600G-HI series switch is in active mode.
Page 398: Configuring Efm Passive Function
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Configuring peer OAM event alarm Configure the peer OAM event alarm for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface- configuration mode.
Page 399 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface- configuration mode. number Raisecom(config- Configure the Layer 2 physical gigaethernet1/1/1)#oam interface to ignore or process EFM loopback { ignore | process } remote loopback.
Page 400: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM (Optional) configuring OAM fault indication OAM fault indication is used by the local device to inform the peer device of local abnormalities, such as link fault, power failure, abnormal temperature, which cause faulty link and device restart.
Page 401: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Command Description Raisecom#show oam loopback Show configurations of link interface-number [ gigaethernet monitoring and fault indication of EFM OAM. Raisecom#show oam notify Show statistics on EFM OAM interface-number [ gigaethernet packets. Raisecom#show oam peer event...
Page 402: Figure 9-2 Mds At Different Levels
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM CFM concepts CFM consists of following components:  Maintenance Domain (MD), also called Maintenance Entity Group (MEG), is a network that runs CFM. It defines network range of OAM management. MD has a level property, with 8 levels (level 0 to level 7).
Page 403: Figure 9-3 Mep And Mip
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Figure 9-3 MEP and MIP  As shown in Figure 9-3, the MIP is the internal node of a service instance, which is automatically created by the device. MIP cannot actively send CFM packets but can process and response to LinkTrace Message (LTM) and LoopBack Message (LBM) packets.
Page 404: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM When receiving an AIS frame, the MEP must inhibit alarms for all peer MEPs regardless of connectivity, because this frame does not include information about MEPs that are at the same level with the failed MEP. With AIS, the device can inhibit the alarm at the client level when the server layer (sub-layer) fails.
Page 405: Configuring Basic Functions Of Cfm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config)#ether Enable global CFM. net cfm enable By default, this function is disabled. Use the ethernet cfm disable command to disable this function. Raisecom(config)#inter Enter physical layer interface configuration mode.
Page 406: Configuring Cfm Fault Detection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config- Configure VLAN mapping based on the service service)#service instance. vlan-list vlan- The VLAN list contains up to 32 VLANs. If you do list [ primary- not use the primary-vlan parameter to specify the...
Page 407 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config)#ethe (Optional) configure the hold time of errored rnet cfm errors CCMs. Fault information reported by all MEPs is archive-hold-time saved on the ISCOM2600G-HI series switch. minute By default, the hold time of errored CCMs is 100min.
Page 408: Configuring Fault Acknowledgement
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config- (Optional) configure the customer VLAN of CFM service)#service OAM packets. This configuration is required in cvlan vlan-id the QinQ networking environment only. By default, CFM OAM packets do not carry C- Tag.
Page 409: Configuring Cfm Fault Location
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description destination MEP ID specified, CFM Raisecom(config- cannot finish the Ping operation unless it service)#ping ethernet finds the MAC address of the destination multicast [ size packet- size time MEP based on the MEP ID.
Page 410: Configuring Alarm Indication Signal
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config)#ether (Optional) configure the traceroute cache size. net cfm traceroute You can configure the traceroute cache size when cache size size the traceroute cache is enabled. By default, the traceroute cache size is 100. The data are not saved when the traceroute cache is disabled.
Page 411: Configuring Ethernet Locked Signal
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config- Configure the AIS delivery period. service)#service ais By default, the period for sending AIS is 1s. period { 1 | 60 } Raisecom(config- Configure the level of the customer layer MD to service)#service ais which AIS is sent.
Page 412: Configuring Ethernet Csf
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config- Enable alarm suppression. service)#service suppress- By default, this function is enabled. alarms enable mep { mep-id | all } 9.3.10 Configuring Ethernet CSF Configure the Ethernet Client Signal Fail (CSF) for the ISCOM2600G-HI series switch as below.
Page 413: Example For Configuring Cfm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Command Description Raisecom#show ethernet cfm Show CFM global configurations. Raisecom#show ethernet cfm domain Show configurations of MD and level [ level service instance. Raisecom#show ethernet cfm errors Show information about the level [ level CCM errors in the database.
Page 414: Figure 9-4 Cfm Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Figure 9-4 CFM networking Configuration steps Step 1 Add interfaces to the VLAN. Configure Switch A. Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#create vlan 100 active SwitchA(config)#interface gigaethernet 1/1/1 SwitchA(config-gigaethernet1/1/1)#switchport access vlan 100 SwitchA(config-gigaethernet1/1/1)#exit SwitchA(config)#interface gigaethernet 1/1/2...
Page 415 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM SwitchC(config-gigaethernet1/1/2)#switch access vlan 100 SwitchC(config-gigaethernet1/1/2)#exit SwitchC(config)#interface gigaethernet 1/1/1 SwitchC(config-gigaethernet1/1/1)#switchport mode trunk SwitchC(config-gigaethernet1/1/1)#exit Step 2 Configure CFM fault detection. Configure Switch A. SwitchA(config)#ethernet cfm domain level 3 SwitchA(config)#service ma1 level 3 SwitchA(config-service)#service vlan-list 100...
Page 416: Sla
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Sending 5 ethernet cfm loopback messages to 000e.5e03.688d, timeout is 2.5 seconds: !!!!! Success rate is 100 percent (5/5). Ping statistics from 000e.5e03.688d: Received loopback replys:< 5/0/0 > (Total/Out of order/Error) Ping successfully.
Page 417: Figure 9-5 Sla Test Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM SLA is a technology for detecting network performance and gathering network statistics in real time, such as the responding time, network jitter, delay, and packet loss rate. SLA principle SLA implements the end-to-end test, involving two ends: ...
Page 418: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM As a dynamic concept, it is a procedure from sending a detection packet to receiving the packet. According to the definition of the operation, one operation test can contain multiple detections (one test contains only one detection for the Echo operation).
Page 419: Default Configurations Of Sla
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM is for service packets of the UNI interface. For Down MEP, the statistics result is for service packets of the NNI interface.  Packet loss ratio is for service packets, so SLA protocol packets should not be discarded.
Page 420: Configuring Sla Scheduling
 The private TLV is exclusively used by Raisecom devices. When you pad the SLA operation with the private TLV, you can configure the SLA operation as required and schedule it. When you do not pad the SLA operation with the private TLV, you...
Page 421: Configuring Maintenance Window
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description oper-num Raisecom(config)#sla (Optional) configure the packet loss { loss-rate-threshold | delay- rate threshold, delay threshold, or threshold | jitter-threshold } jitter threshold. { current | average } [ ds | sd...
Page 422: Enabling Alarms
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description oper- Raisecom(config)#sla Configure the threshold in the SLA availability-threshold availability test. [ sd | ds ] threshold oper- Raisecom(config)#sla Enable SLA availability threshold alarm or { availability-trap | SLA availability threshold change alarm.
Page 423: Example For Configuring Sla
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM 9.4.12 Example for configuring SLA Networking requirements As shown in Figure 9-6, SLA is deployed on the Switch, and is periodically scheduled to test the network performance between Switch A and Switch C.
Page 424: Bfd
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Service Vlan ID: Customer Vlan ID: MD Level: Remote DEST MAC: 000e.5e00.0001 Transmit Interval(msec): 1000 Frame Number: Pdu Size(octets): Avail Flr Threshold(0.001%): 50000 Avail Consec interval: Avail consecutive high flr: Schedule Life(sec):...
Page 425: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Application types of BFD The ISCOM2600G-HI series switch supports the following BFD applications:  BFD based on IP link: establish a BFD session on the IP link and use the BFD detection mechanism to detect faults rapidly.
Page 426: Configuring Bfd Session Parameters
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config)#bfd trap (Optional) enable BFD Trap. { enable | disable } By default, it is disabled. 9.5.4 Configuring BFD session parameters Configure BFD session parameters for the ISCOM2600G-HI series switch as below.
Page 427: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 9 OAM Step Command Description Raisecom(config-bfd- Configure the local detection multiple of the BFD session)#detect- session. multiplier By default, it is 3. multiplier Raisecom(config-bfd- Configure the remote identifier of the BFD session. session)#remote By default, the remote identifier is displayed as 0,...
Page 428: Security
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Security This chapter describes basic principles and configuration procedures for security, and provides related configuration examples, including the following sections.   Port security MAC  Dynamic ARP inspection  RADIUS ...
Page 429: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.1.2 Preparing for configurations Scenario ACL can help a network device recognize filter data packets. The device recognizes special objects and then permits/denies packets to pass according to the configured policy. ACL is divided into the following types: ...
Page 430 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description acl- Raisecom(config)#access-list Create an ACL, and enter ACL number acl-name [ name configuration mode.  When the ACL number is 1000–1999, this configuration enters basic IP ACL configuration mode.
Page 431 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config-acl-ip-ext)# rule rule-id ] { deny | permit } { tcp | udp } { source-ip-address source-ip- mask source-port | any } [ ] [ range minimum source port maximum source...
Page 432: Configuring Acl Period
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config-acl-ipv6)#rule (Optional) configure the rule-id ] { deny | permit } matching rule for MAP ACL. protocol-id | ipv6 | icmpv6 } source-ipv6-address/prefix | any } destination- ipv6-address/prefix dscp-value...
Page 433: Configuring Filter
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description interface-type Raisecom(config)#interface interface-number time-range-name time-range hour minute seconds hour minute seconds weekday-list | sun | mon | tue | wed | thu Create a period for | fri | sat | off-day | working-day | daily } applying ACL rules.
Page 434: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.1.7 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Raisecom(config)#clear filter statistics interface Clear statistics on interface-type interface-number vlan-id | vlan ACL filter acl-number { egress | ingress } [ access-list configurations.
Page 435: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  When sticky learning is enabled, all dynamic secure MAC addresses learnt from an interface will be converted to sticky secure MAC addresses.  When sticky learning is disabled, all sticky secure MAC addresses on an interface will be converted to dynamic secure MAC addresses.
Page 436: Configuring Basic Functions Of Port Security Mac
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Function Default value Aging type of dynamic secure MAC address Absolute Restoration time of port security MAC Disable, namely, no restoration Dynamic secure MAC sticky learning Disable Port secure MAC Trap Disable...
Page 437: Configuring Static Secure Mac Address
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config)#port-security (Optional) configure the second recovery-time restoration time of port security MAC. When secure MAC violation policy is in Shutdown mode, you can use this command to re-enable this interface which is shut down due to violating port security MAC.
Page 438: Configuring Sticky Secure Mac Address
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config- (Optional) enable port dynamic gigaethernet1/1/port)#switchport security MAC learning. port-security Raisecom(config- (Optional) enable port security gigaethernet1/1/port)#switchport MAC Trap. port-security trap enable Raisecom(config- (Optional) configure the period for gigaethernet1/1/port)#switchport sending Traps for port security...
Page 439: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security After sticky secure MAC address learning is enabled, the dynamic secure MAC address will be converted to the sticky secure MAC address; the manually configured sticky secure MAC address will take effect.
Page 440: Figure 10-1 Port Security Mac Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Figure 10-1 Port security MAC networking Configuration steps Step 1 Configure the secure MAC address on GE 1/1/1. Raisecom#config Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#switchport port-security Raisecom(config-gigaethernet1/1/1)#switchport port-security maximum 3 Raisecom(config-gigaethernet1/1/1)#switchport port-security mac-address 0000.0000.0001 vlan 1...
Page 441: Dynamic Arp Inspection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Raisecom(config-gigaethernet1/1/3)#switchport port-security mac-address sticky 0000.0000.0002 vlan 1 Raisecom(config-gigaethernet1/1/3)#switchport port-security mac-address sticky Raisecom(config-gigaethernet1/1/3)#switchport port-security violation shutdown Checking results Use the show port-security command to show configurations of port security MAC. Raisecom#show port-security Port security aging time:10 (mins)
Page 442: Figure 10-2 Principles Of Dynamic Arp Inspection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security There are 2 modes for dynamic ARP inspection:  Static binding mode: configure the binding manually.  Dynamic binding mode: in cooperation with the DHCP snooping to generate dynamic binding. When DHCP Snooping entry is changed, the dynamic ARP inspection will also update dynamic binding entry synchronously.
Page 443: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  The system provides auto-recovery and supports configuring the recovery time. The interfaces, where the number of received ARP packets is greater than the threshold, will recover to normal Rx/Tx status automatically after the recovery time expires.
Page 444: Configuring Static Binding Of Dynamic Arp Inspection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config- Configure the interface as a trusted gigaethernet1/1/port)#ip interface. Use the no ip arp-inspection arp-inspection trust trust command to configure the interface to an untrusted interface; in other words, the interface does not trust the ARP packet.
Page 445: Configuring Rate Limiting On Arp Packets On Interface
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config)#ip arp- Configure ARP entry conversion. inspection binding dhcp-snooping { auto-update | static } Raisecom(config)#ip arp- Configure protection VLAN of vlan-list inspection vlan dynamic ARP inspection. 10.3.8 Configuring rate limiting on ARP packets on interface Configure rate limiting on ARP packets on the interface for the ISCOM2600G-HI series switch as below.
Page 446: Figure 10-3 Configuring Dynamic Arp Inspection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  Other interfaces allow ARP packets complying with dynamic binding learnt by DHCP Snooping to pass.  Configure rate limiting on ARP packets on downlink GE 1/1/2. The rate threshold is configured to 20 pps and recovery time for rate limiting is configured to 15s.
Page 447 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Raisecom(config)#interface gigaethernet 1/1/2 Raisecom(config-gigaethernet1/1/2)#ip arp-rate-limit rate 20 Raisecom(config-gigaethernet1/1/2)#exit Checking results Use the show ip arp-inspection command to show configurations of interface trust status and static/dynamic ARP binding. Raisecom#show ip arp-inspection Static Config ARP Inspection: Enable...
Page 448: Radius
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Raisecom#show ip arp-rate-limit Port Rate(Num/Sec) --------------------------------------------- gigaethernet1/1/1 gigaethernet1/1/2 gigaethernet1/1/3 gigaethernet1/1/4 gigaethernet1/1/5 gigaethernet1/1/6 gigaethernet1/1/7 gigaethernet1/1/8 gigaethernet1/1/9 10.4 RADIUS 10.4.1 Introduction Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol that provides centralized authentication of remote access users. RADIUS uses UDP as the transmission protocol (port 1812 and port 1813) which has a good instantaneity;...
Page 449: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.4.2 Preparing for configurations Scenario You can deploy the RADIUS server on the network to conduct authentication and accounting to control users to access to the ISCOM2600G-HI series switch and network. The ISCOM2600G-HI series switch can be used as agent of the RADIUS server, which authorizes user to access according to feedback from RADIUS.
Page 450: Configuring Radius Accounting
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom#radius backup key Configure the shared key for the backup word RADIUS authentication server. Raisecom#radius backup Configure the backup RADIUS word encrypt-key authentication server to encrypt data in cyphertext mode.
Page 451: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom#aaa accounting Configure the period for sending Account- minute update Update packets. If it is configured to 0, no Account-Update packet will be sent. The RADIUS accounting server can...
Page 452: Figure 10-4 Radius Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Figure 10-4 RADIUS networking Configuration steps Step 1 Configure authentication for login user through RADIUS. Raisecom#radius 192.168.1.1 Raisecom#radius-key raisecom Raisecom#user login radius-user Step 2 Configure accounting for login user through RADIUS. Raisecom#aaa accounting login enable Raisecom#radius accounting-server 192.168.1.1...
Page 453: Tacacs
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Backup accounting server IP: port:1813 Accounting server key: orMCKszV2X38 Backup Accounting server Key: Accounting fail policy: offline Accounting NAS IP address: Use the show aaa command to show RADIUS accounting. Raisecom#show aaa...
Page 454: Default Configurations Of Tacacs
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.5.3 Default configurations of TACACS+ Default configurations of TACACS+ are as below. Function Default value TACACS+ function Disable Login mode local-user IP address of the TACACS+ authentication server 0.0.0.0, shown as "--"...
Page 455: Configuring Tacacs+ Accounting
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom#enable login Configure the authentication mode for a user { local-tacacs | tacacs- to enter privileged EXEC mode to local [ server-no- TACACS+. response ] | tacacs-user } Raisecom#radius response-...
Page 456: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Command Description Raisecom#show Show configurations of the TACACS+ authentication server. tacacs-server Raisecom#show Show configurations of TACACS+ accounting. 10.5.9 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Raisecom#clear tacacs statistics Clear TACACS+ statistics.
Page 457: Storm Control
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Raisecom#user login tacacs-user Raisecom#enable login local-tacacs Checking results Use the show tacacs-server command to show TACACS+ configurations. Raisecom#show tacacs-server Server Address : 192.168.1.1 Port: -- Backup Server Address : -- Port: --...
Page 458: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  Broadcast packets: packets of which the destination MAC is a broadcast address. If these packets are excessive in a period, broadcast storm may occur. Principles of storm control Storm control allows an interface to filter broadcast packets received by the interface. After storm control is enabled, when the number of received broadcast packets reaches the pre- configured threshold, the interface will automatically discard the received packets.
Page 459: Configuring Storm Control
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Function Default value Action for storm control on the interface Discarding packets Restoration period of the interface 300s Strom control Trap Disable 10.6.4 Configuring storm control Storm control and VLAN-based rate limiting are exclusive. We do not recommend enabling them on the same interface concurrently.
Page 460: Configuring Dlf Packet Forwarding
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  Storm control supports only one rate limiting mode at a time. When you change the rate limiting mode of one type of packets, the ISCOM2600G-HI series switch will prompt you that the change of the rate limiting mode will cause the mode of other two types of packets to change to the same mode.
Page 461: Figure 10-6 Storm Control Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security To restrict impacts on Switch A caused by broadcast storm, you need to configure storm control on Switch A to control broadcast packets from user networks 1 and 2, with the threshold of 640 pps.
Page 462: 431
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.7 802.1x 10.7.1 Introduction 802.1x, based on IEEE 802.1x, is a VLAN-based network access control technology. It is used to solve authentication and security problems for LAN users. It is used to authenticate and control access devices at the physical later of the network device.
Page 463 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 802.1x authentication procedure The 802.1x system supports finishing authentication procedure between the RADIUS server through EAP relay and EAP termination.  EAP relay The supplicant and the authentication server exchange information through the Extensible Authentication Protocol (EAP) packet while the supplicant and the authenticator exchange information through the EAP over LAN (EAPoL) packets.
Page 464: Preparing For Configruations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  Reauth-period: re-authorization t timer. After the period is exceeded, the ISCOM2600G- HI series switch re-initiates authorization.  Quiet-period: quiet timer. When user authorization fails, the ISCOM2600G-HI series switch needs to keep quiet for a period. After the period is exceeded, the ISCOM2600G- HI series switch re-initiates authorization.
Page 465: Configuring Basic Functions Of 802.1X
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Function Default value Authentication method Portbased Re-authentication Disable 802.1x re-authentication timer 3600s 802.1x quiet timer Transmission timeout timer Supplicant authorization timeout timer 10.7.4 Configuring basic functions of 802.1x  802.1x and STP are exclusive on the same interface. You cannot enable them concurrently.
Page 466: Configuring 802.1X Re-Authentication
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config- Enable or disable 802.1x handshake gigaethernet1/1/port)#dot1x on the interface. keepalive { enable | disable } Raisecom(config- Configure the maximum number of gigaethernet1/1/port)#dot1x max- users allowed to be authenticated by...
Page 467: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config- Configure the time of the quiet gigaethernet1/1/port)#dot1x timer. timer quiet-period second Raisecom(config- Configure the time of the supplicant gigaethernet1/1/port)#dot1x authorization timeout timer. supp-timeout timer supp-timeout Raisecom(config- Configure the time of the gigaethernet1/1/port)#dot1x authentication server timeout timer.
Page 468: Example For Configuring 802.1X
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.7.9 Example for configuring 802.1x Networking requirements As shown in Figure 10-8, the network administrator configures 802.1x to control the PC to access the Internet.  For the switch: the IP address is 10.10.0.1, the mask is 255.255.0.0, and default gateway is 10.10.0.2.
Page 469: Ip Source Guard
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step 3 (Optional) configure interface authorization mode to auto. By default, authentication is required and thus does not need to be configured. Raisecom(config-gigaethernet1/1/1)#dot1x auth-control auto Step 4 Enable reauthentication, and configure the timer to 600s.
Page 470: Figure 10-9 Principles Of Ip Source Guard
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security IP Source Guard binding entry IP Source Guard is used to match packet characteristics, including source IP address, source MAC address, and VLAN tags, and can support the interface to be combined with the following characteristics (hereinafter referred to as binding entries): ...
Page 471: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security permitted to forward normally. Otherwise, the user is an attacker and the IP packets are discarded. 10.8.2 Preparing for configurations Scenario There are often some IP source spoofing attacks on the network. For example, the attacker forges legal users to send IP packets to the server, or the attacker forges the source IP address of another user to communicate.
Page 472: Configuring Ip Source Guard Binding
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security 10.8.5 Configuring IP Source Guard binding Configuring IP Source Guard static binding Configure IP Source Guard static binding for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode.
Page 473: Configuring Priority And Rate Limit Of Ip Source Guard
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#ip Enable IP Source Guard dynamic binding. verify source dhcp- snooping Raisecom(config)#ip Translate the dynamic binding to the static source binding dhcp- binding. snooping static Raisecom(config)#ip (Optional) enable auto-translation.
Page 474: Figure 10-10 Configuring Ip Source Guard
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security  The Switch permits all IP packets on GE 1/1/1 to pass.  GE 1/1/2 permits those IP packets to pass, of which the IP address is 10.10.10.1, the subnet mask is 255.255.255.0, and the status meets the dynamic binding learnt by DHCP Snooping.
Page 475: Pppoe
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Checking results Use the show ip source binding command to show configurations of the static binding table. Raisecom#show ip source binding History Max Entry Num: 1 Current Entry Num: 1 Ip Address...
Page 476: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security server cannot match with the configured one, authentication will fail. This helps prevent illegal users from stealing accounts of other legal users for accessing the network. The PPPoE protocol adopts Client/Server mode, as shown in Figure 10-11. The Switch acts as a relay agent.
Page 477: Default Configurations Of Pppoe
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Prerequisite 10.9.3 Default configurations of PPPoE+ Default configurations of I PPPoE+ are as below. Function Default value Global PPPoE Disable Interface PPPoE Disable Padding mode of Circuit ID Switch Circuit ID information...
Page 478: Configuring Pppoe+ Packet Information
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config)#pppoeagent enable Enable global PPPoE+. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- Enable interface PPPoE+. gigaethernet1/1/1)#pppoeagent enable Configuring PPPoE trusted interface The PPPoE trusted interface can be used to prevent PPPoE server from being cheated and avoid security problems because PPPoE packets are forwarded to other non-service interfaces.
Page 479 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Configuring Circuit ID The Circuit ID has 2 padding modes: Switch mode and ONU mode. By default, Switch mode is adopted. In ONU mode, the Circuit ID has a fixed format. The following commands are used to configure the padding contents of the Circuit ID in Switch mode.
Page 480: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type interface-number configuration mode. Raisecom(config- (Optional) configure PPPoE+ gigaethernet1/1/1)#pppoeagent Remote ID to be padded with the remote-id { client-mac | switch- MAC address.
Page 481: Example For Configuring Pppoe
 Configure the attached string of Circuit ID to raisecom, padding information about Circuit ID on GE 1/1/1 to user01, padding information about Circuit ID on GE 1/1/2 to the MAC address of Client 2, in ASCII format.
Page 482 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Raisecom(config)#pppoeagent circuit-id attach-string raisecom Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#pppoeagent circuit-id user01 Raisecom(config-gigaethernet1/1/1)#exit Raisecom(config)#interface gigaethernet 1/1/2 Raisecom(config-gigaethernet1/1/2)#pppoeagent remote-id client-mac Raisecom(config-gigaethernet1/1/2)#pppoeagent remote-id format ascii Raisecom(config-gigaethernet1/1/2)#exit Step 3 Enable Tag overwriting on GE 1/1/1 and GE 1/1/2.
Page 483: Configuring Cpu Protection
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Overwrite :disable Format-rules :binary Remote-ID :switch-mac Circuit-ID :%default% Port :gigaethernet1/1/3 State :disable Overwrite :disable Format-rules :binary 10.10 Configuring CPU protection 10.10.1 Preparing for configurations Scenario When the ISCOM2600G-HI series switch receives massive attacking packets in a short period, the CPU will run with full load and the CPU utilization rate will reach 100%.
Page 484: Maintenance
10.10.4 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Raisecom(config)#clear cpu-protect car { arp | bpdu | Clear global CPU dhcp | global | icmp | igmp | lldp | mld | stp } CAR statistics. statistics 10.11 Configuring anti-ARP attack...
Page 485: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 10 Security Step Command Description Raisecom(config-vlan1)#arp Enable the device to learn ARP learning strict enable entries requested by itself. Raisecom(config-vlan1)#arp check- Enable the check of ARP destination destination-ip enable IP address. Raisecom(config-vlan1)#arp filter Configure ARP filtering.
Page 486: Reliability
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Reliability This chapter describes basic principles and configuration procedures for reliability, and provides related configuration examples, including the following sections:  Link aggregation  Interface backup  Link-state tracking  UDLD ...
Page 487: Figure 11-1 Dual-Homed Application Based On Lacp
Sometimes, the DHD does not want or is incapable of running any loop detection protocols. To provide more choices, Raisecom realizes Multi-Chassis Link Aggregation Control Protocol (mLACP) to select paths for the DHD.
Page 488: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Links that connect the DHD are configured to the same Link Aggregation Group (LAG). Interface selection and link aggregation are implemented through LACP. In this case, the two PEs in the same LAG appear to be in one Inter-Chassis Group (ICG).
Page 489: Configuring Static Lacp Link Aggregation
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Step Command Description Raisecom(config-port- (Optional) configure the maximum or channel1)#{ max-active | minimum number of active links in min-active } links value LACP LAG. threshold By default, the maximum number is 8 while the minimum is 1.
Page 490: Configuring Manual Master/Slave Link Aggregation
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Step Command Description Raisecom(config-port- Configure the wait time on the interface. channel1)#lacp wait- timer time Raisecom(config-port- Return to global configuration mode. channel1)#exit Raisecom(config)#inte Enter Layer 2 physical interface configuration interface-type rface mode.
Page 491: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Step Command Description Raisecom(config-port- Configure the active interface of the channel1)#master-port LAG. interface-type interface- number Raisecom(config-port- Configure the restoration mode and channel1)#restore-mode wait-to-restore time of the LAG. { non-revertive | revertive By default, the restoration mode is non-...
Page 492: Example For Configuring Static Lacp Link Aggregation
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability 11.1.7 Example for configuring static LACP link aggregation Networking requirements As shown in Figure 11-2, to improve link reliability between Switch A and Switch B, you can configure static LACP link aggregation. That is to add GE 1/1/1 and GE 1/1/2 to one LAG;...
Page 493 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability SwitchB(config-gigaethernet1/1/1)#port-channel 1 SwitchB(config)#interface port-channel 1 SwitchB(config-port-channel1)#mode lacp SwitchB(config-port-channel1)#max-active links 1 SwitchB(config-gigaethernet1/1/1)#exit SwitchB(config)#interface gigaethernet 1/1/2 SwitchB(config-gigaethernet1/1/2)#port-channel 1 SwitchB(config-gigaethernet1/1/2)#exit Checking results Use the show port-channel command to show global configurations of the static LACP link aggregation on Switch A.
Page 494: Interface Backup
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device in Active mode P - Device in Passive mode MP - MLACP Peer Port Interface...
Page 495: Figure 11-3 Principles Of Interface Backup
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Figure 11-3 Principles of interface backup As shown in Figure 11-3, GE 1/1/1 and GE 1/1/2 on Switch A are connected to their uplink devices respectively. The interface forwarding states are shown as below: ...
Page 496: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Figure 11-4 Networking with interface backup in different VLANs In different VLANs, the forwarding status is shown as below:  Under normal conditions, configure Switch A in VLANs 100–150.  In VLANs 100–150, GE 1/1/1 is the primary interface and GE 1/1/2 is the backup interface.
Page 497: Optional) Configuring Fs On Interfaces
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#interface Enter physical layer interface interface-type primary- configuration mode or LAG interface-number configuration mode. Raisecom(config- Configure the interface backup gigaethernet1/1/port)# port group. backup interface-type backup-...
Page 498: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Step Command Description Raisecom(config)#interface Enter physical layer interface interface-type primary- configuration mode or LAG interface-number configuration mode. Raisecom(config- Configure FS on the interface. gigaethernet1/1/port)#port Use the no port backup [ interface-type backup [...
Page 499: Figure 11-5 Interface Backup Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Figure 11-5 Interface backup networking Configuration steps Step 1 Create VLANs 100–400, and add GE 1/1/1 and GE 1/1/2 to these VLANs. Raisecom#config Raisecom(config)#create vlan 100-200 active Raisecom(config)#interface gigaethernet 1/1/1 Raisecom(config-gigaethernet1/1/1)#switchport mode trunk...
Page 500 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Raisecom(config-gigaethernet1/1/2)#port backup gigaethernet 1/1/1 vlanlist 151-200 Checking results Use the show port backup group command to show status of interface backup under normal or faulty conditions. When both GE 1/1/1 and GE 1/1/2 are Forward, GE 1/1/1 forwards traffic of VLANs 100–...
Page 501: Link-State Tracking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability 11.3 Link-state tracking 11.3.1 Introduction Link-state tracking is used to provide interface linkage scheme for specific application and it can extend range of link backup. By monitoring uplinks and synchronizing downlinks, add uplink and downlink interfaces to a link-state group.
Page 502: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#link-state- Create the link-state group and group-number tracking group enable link-state tracking. Raisecom(config)#link-state- Configure the mode for processing group-number tracking group fault on the link-state interface.
Page 503: Example For Configuring Link-State Tracking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability 11.3.6 Example for configuring link-state tracking Networking requirements As shown in Figure 11-6, to improve network reliability, Link 1 and Link 2 of Switch B are connected to Switch A and Switch C respectively. Link 1 is the active link and Link 2 is the standby link.
Page 504 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Create link-state group 1. Add LAG interfaces to the link-state group. Raisecom(config)#link-state-tracking group 1 Raisecom(config)#interface port-channel 1 Raisecom(config-port-channel1)#link-state-tracking group 1 upstream Raisecom(config-port-channel1)#exit Add downlink interface GE 1/1/3 to the link-state group. Raisecom(config)#interface gigaethernet 1/1/3 Raisecom(config-gigaethernet1/1/3)#link-state-tracking group 1 downstream Step 2 Configure link-state tracking on Switch C.
Page 505: Udld
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability 11.4 UDLD 11.4.1 Introduction UniDirectional Link Detection (UDLD) is used to monitor configurations of the physical connection by the fiber or Ethernet cable. When a unidirectional link (transmitting data in only one direction) is present, UDLD can detect it, shut down the corresponding interface, and send a Trap.
Page 506: Mlacp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Command Description Raisecom#show uldp Show UDLD configurations. 11.5 mLACP 11.5.1 Introduction A loop may occur when a device has two uplink Points of Access (PoAs), which means that the device is a Dual Home Device (DHD). Sometimes, the DHD is incapable of running any loop detection protocols.
Page 507: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability PoA active and the local PoA standby. When faults at the local PoA are cleared, the system will perform fault recovery, reselecting the local PoA as the active one. 11.5.2 Preparing for configurations Scenario Create an ICCP channel on the PoA.
Page 508: Configuring Mlacp Link Aggregation
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability 11.5.4 Configuring mLACP link aggregation Configure mLACP link aggregation for the ISCOM2600G-HI series switch as below. Step Configuration Description Raisecom#config Enter global configuration mode. Raisecom(config)#mlacp- Create an ICG and enter ICG configuration...
Page 509: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Command Description Raisecom#show mlacp-group Check the mLACP configurations and group-id running status. 11.5.6 Maintenance Maintain the ISCOM2600G-HI series switch as below. Command Description Clear statistics on packets received by or Rasiecom(config)#clear iccp...
Page 510: Figure 11-8 Mlacp Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Figure 11-8 mLACP networking Configuration steps Step 1 Configure a LAG. Add GE 1/1/1, GE 1/1/2, GE 1/1/3, and GE 1/1/4 on the DHD to the LAG and enable priority pre-emption of the LAG.
Page 511 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Configure a LAG for Switch 2. Add GE 1/1/1 and GE 1/1/2 on Switch 2 to the LAG and enable priority pre-emption of the LAG. Switch2#config Switch2(config)#interface port-channel 1 Switch2(config-port-channel1)#mode lacp Switch2(config-port-channel1)#max-active links 2...
Page 512 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Switch2(config-iccp)#member-ip 10.110.3.1 Switch2(config-iccp)#iccp enable Switch2(config-iccp)#exit Switch2(config)#mlacp-group 1 Switch2(config-ic-group)#iccp-channel 1 Switch2(config-ic-group)#port-channel 1 Switch2(config-ic-group)#mlacp slave Switch2(config-ic-group)#restore-mode revertive restore-delay 20 Switch2(config-ic-group)#exit Checking results Use the following command to show LACP configurations of the DHD. DHD#show port-channel 1...
Page 513 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 11 Reliability Switch2#show mlacp-group 1 mlacp group System information: MAC address running : 000E.5E11.2233 System priority running : 20000 Configuration information: Local information Peer information system mac: 000E.5E11.2233 000E.5E55.0001 System priority: 32768 20000 Port-channel:...
Page 514: System Management
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management System management This chapter describes basic principles and configuration procedures for system management and maintenance, and provides related configuration examples, including the following sections:  SNMP  RMON  LLDP ...
Page 515: Figure 12-1 Principles Of Snmp
NView NNM system communicate through SNMP packets sent through UDP. Figure 12-1 shows the SNMP principle. Figure 12-1 Principles of SNMP The Raisecom NView NNM system can provide friendly Human Machine Interface (HMI) to facilitate network management. The following functions can be implemented through it: ...
Page 516: Preparing For Configurations
(OID) for identification. SNMP protocol packets can access network devices by checking the nodes in MIB tree directory. The ISCOM2600G-HI series switch supports standard MIB and Raisecom-customized MIB. 12.1.2 Preparing for configurations Scenario To log in to the ISCOM2600G-HI series switch through NMS, configure SNMP basic functions for the ISCOM2600G-HI series switch in advance.
Page 517: Configuring Basic Functions Of Snmpv1/Snmpv2C
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Function Default value SNMP user none, md5nopriv, shapriv, md5priv, and shanopriv users (default) Mapping relationship between Index GroupName UserName SecModel SNMP user and access group ----------------------------------------------------------- initialnone none initial md5priv initial...
Page 518: Configuring Basic Functions Of Snmpv3
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#snmp- Create community name and configure the server community corresponding view and authority. Use default name [ view view- view internet if view view-name option is empty. name ] { ro | rw } 12.1.5 Configuring basic functions of SNMPv3...
Page 519: Configuring Ip Address Authentication By Snmp Server
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#snmp-server view (Optional) create SNMP view name oid-tree mask ] { excluded view and configure MIB | included } variable range. Raisecom(config)#snmp-server user Create users and configure user...
Page 520: Configuring Trap
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#snmp- (Optional) configure the logo and contact contact server contact method of the administrator. For example, configure the E-mail to the logo and contact method of the administrator.
Page 521: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.1.9 Checking configurations Use the following commands to check configuration results. Command Description Raisecom#show Show SNMP access group configurations. snmp access Raisecom#show Show SNMP community configurations. snmp community Raisecom#show Show SNMP basic configurations, including the local...
Page 522 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Configuration steps Step 1 Configure the IP address of the ISCOM2600G-HI series switch. Raisecom#config Raisecom(config)#interface vlan 1 Raisecom(config-vlan1)#ip address 20.0.0.10 255.255.255.0 Raisecom(config-vlan1)#exit Step 2 Configure SNMPv1/SNMPv2c views. Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 included Step 3 Configure SNMPv1/SNMPv2c community.
Page 523: Example For Configuring Snmpv3 And Trap
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management View Name: mib2 OID Tree: 1.3.6.1.2.1 Mask: Type: include … Use the show snmp community command to show community configurations. Raisecom#show snmp community Index Community Name View Name Permission ------------------------------------------------------------ private...
Page 524 Create access view mib2, including all MIB variables under 1.3.6.1.x.1. Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 1.1.1.1.0.1 included Create user guestuser1, and use md5 authentication algorithm. The password is raisecom. Raisecom(config)#snmp-server user guestuser1 authentication md5 raisecom Create a guest group access group. The security mode is usm, security level is authentication without encryption, and readable view name is mib2.
Page 525: Rmon
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Raisecom#show snmp access … Index: Group: guestgroup Security Model: usm Security Level: authnopriv Context Prefix: -- Context Match: exact Read View: mib2 Write View: Notify View: internet … Use the show snmp group command to show mapping between users and access groups.
Page 526: Figure 12-5 Rmon Networking
SNMP and the exchange data information about RMON Agent. The Raisecom ISCOM2600G-HI series switch is embedded with RMON. As shown in Figure 12-5, the ISCOM2600G-HI series switch implements RMON Agent function. Through this...
Page 527: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.2.2 Preparing for configurations Scenario RMON helps monitor and account network traffics. Compared with SNMP, RMON is a more high-efficient monitoring method. After you specifying the alarm threshold, the ISCOM2600G-HI series switch actively sends alarms when the threshold is exceeded without obtaining variable information.
Page 528: Configuring Rmon Historical Statistics
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.2.5 Configuring RMON historical statistics Configure RMON historical statistics for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. interface- Raisecom(config)#rmon history Enable RMON type interface-list...
Page 529: Configuring Rmon Event Group
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description alarm-id mibvar Raisecom(config)#rmon alarm Add alarm instances period [ interval ] { absolute | delta } to the RMON alarm rising-threshold rising-value rising- group and configure event-id falling-value ] falling-threshold related parameters.
Page 530: Example For Configuring Rmon Alarm Group
The owner of logs is system. Raisecom#config Raisecom(config)#rmon statistics gigaethernet 1/1/1 Raisecom(config)#rmon event 1 log description High-ifOutErrors owner system Step 2 Create an alarm item with index ID 10, used to monitor MIB variables 1.3.6.1.2.1.2.2.1.20.1 every 20s. If the variable increases by more than 15, the Trap alarm will be triggered. The owner of alarm message is also system.
Page 531: Lldp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Checking results Use the show rmon alarms command to check whether there is information about event group events on the ISCOM2600G-HI series switch. Raisecom#show rmon alarms Alarm group information: Alarm 10 is active, owned by system Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds...
Page 532: Figure 12-7 Structure Of A Lldpdu
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management LLDP packet The LLDP packet is used to encapsulate LLDPDU Ethernet packet in data unit and transmitted by multicast. LLDPDU is the data unit of LLDP. The device encapsulates local information in TLV before forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in Ethernet data for transmission.
Page 533: Table 12-2 Ieee 802.1 Organization-Defined Tlvs
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Table 12-2 IEEE 802.1 organization-defined TLVs Type Description Port VLAN ID TLV VLAN ID on the interface Port And Protocol VLAN ID TLV Protocol VLAN ID on the interface VLAN Name TLV...
Page 534: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management  Hold-multiplier refers to the aging coefficient of device information in neighbor node. 12.3.2 Preparing for configurations Scenario When you obtain connection information between devices through NView NNM system for topology discovery, the ISCOM2600G-HI series switch needs to enable LLDP, notify their information to the neighbours mutually, and store neighbour information to facilitate the NView NNM system queries.
Page 535: Enabling Interface Lldp
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#lldp Enable global LLDP. enable 12.3.5 Enabling interface LLDP Enable interface LLDP for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode.
Page 536: Configuring Lldp Alarm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.3.7 Configuring LLDP alarm When the network changes, you need to enable LLDP alarm notification function to send topology update alarm to the NView NNM system immediately. Configure the LLDP alarm for the ISCOM2600G-HI series switch as below.
Page 537: Maintenance
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Command Description Raisecom#show lldp remote Show information about the LLDP interface-type interface- neighbor. number ] [ detail ] Raisecom#show lldp statistic Show statistics about LLDP packets. interface-type interface- number Raisecom#show lldp tlv-select...
Page 538: Figure 12-9 Lldp Networking
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Figure 12-9 LLDP networking Configuration steps Step 1 Enable global LLDP and LLDP alarm. Configure Switch A. Raisecom#name SwitchA SwitchA#config SwitchA(config)#lldp enable Configure Switch B. Raisecom#name SwitchB SwitchB#config SwitchB(config)#lldp enable Step 2 Configure the management IP address.
Page 539 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Configure Switch B. SwitchB(config)#create vlan 1024 active SwitchB(config)#interface gigaethernet 1/1/1 SwitchB(config-gigaethernet1/1/1)#switchport access vlan 1024 SwitchB(config)#interface vlan 1024 SwitchB(config-vlan1)#ip address 10.10.10.2 255.255.255.0 SwitchB(config-vlan1)#exit Step 3 Configure LLDP attributes. Configure Switch A. SwitchA(config)#lldp message-transmission interval 60...
Page 540: Optical Module Ddm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management …… SwitchB#show lldp local config System configuration: ------------------------------------------------------------------ LLDP enable status: enable (default is disabled) LldpMsgTxInterval: (default is 30s) LldpMsgTxHoldMultiplier: (default is 4) LldpReinitDelay: (default is 2s) LldpTxDelay: (default is 2s)
Page 541: Preparing For Configurations
Prerequisite The optical module used on the ISCOM2600G-HI series switch should be a Raisecom- certified one. If you use an optical module of other vendors, problems of unstable services, failure in supporting DDM, or incorrect DDM information will happen.
Page 542: Enabling Optical Module Ddm Trap
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#inter Enter physical layer interface configuration interface-type face mode. interface-number Raisecom(config- Enable interface optical module DDM. gigaethernet1/1/port)# Only when global optical DDM is enabled, the transceiver ddm enable...
Page 543: System Log
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Command Description Raisecom#show transceiver Show the information when the optical threshold-violations module parameters exceed the thresholds. interface-type interface- list Raisecom(config)#show Show brief information about optical transceiver ddm brief module DDM. 12.5 System log 12.5.1 Introduction...
Page 544: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management The severity of output information can be manually configured. When you send information according to the configured severity, you can just send the information whose severity is less than or equal to that of the configured information. For...
Page 545: Configuring Basic Information Of System Log
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.5.4 Configuring basic information of system log Configure basic information of system log for the ISCOM2600G-HI series switch as below. Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#l (Optional) enable system log.
Page 546 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#logging console (Optional) output system log-level | alerts | critical | logs to the console. debugging | emergencies | errors | informational | notifications | warnings | distriminator...
Page 547: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#logging history (Optional) configure the log size size history list size. log- Raisecom(config)#logging trap [ (Optional) enable translating level | alerts | critical | specified logs in the history debugging | emergencies | errors | list to Traps.
Page 548: Figure 12-10 Networking Of Outputting System Log To Log Host
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Figure 12-10 Networking of outputting system log to log host Configuration steps Step 1 Configure the IP address of the ISCOM2600G-HI series switch. Raisecom#config Raisecom(config)#interface vlan 1 Raisecom(config-vlan1)#ip address 20.0.0.6 255.0.0.0 Raisecom(config-vlan1)#exit Step 2 Configure the system log to be output to the log host.
Page 549: Alarm Management
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Max number of log server: Current log server number: Target Address Level Facility Sent Drop Discriminator ------------------------------------------------------------------------- -------------- 20.0.0.168 warnings(4) local7 12.6 Alarm management 12.6.1 Introduction Alarm means when a fault is generated on the ISCOM2600G-HI series switch or some working condition changes, the system will generate alarm according to different faults.
Page 550: Table 12-5 Alarm Fields
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management  Device alarm: refer to alarms caused by failure of physical resources, including power, fan, processor, clock, Rx/Tx interfaces, and other hardware. Alarm output There are three alarm output modes: ...
Page 551 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Level Description Syslog Major (4) This alarm has affected the service quality and 2 (Critical) requires immediate troubleshooting. Restore the device or source service quality if they decline; or take measures immediately during working hours to restore all performances.
Page 552 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management When the alarm monitoring is enabled, the alarm module will receive alarms − generated by modules, and process them according to the configurations of the alarm module, such as recording alarm in alarm buffer, or recording system logs.
Page 553: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Use configured storage mode to deal with new generated alarm when the alarm in device alarm table is full.  Clearing alarms Clear the current alarm, which means deleting current alarms from the current alarm table.
Page 554 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#alarm auto-report Enable alarm auto-reporting alarm-restype alarm-restype-value of a specified alarm source. enable Raisecom(config)#alarm auto-report Enable alarm auto-reporting alarm-type type enable of a specified alarm type. Raisecom(config)#alarm auto-report...
Page 555: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom(config)#alarm syslog (Optional) enable alarms to be enable output to system logs. By default, it is disabled. Raisecom(config)#exit (Optional) show information Raisecom#show alarm active about current alarms. module_name...
Page 556 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management  Temperature beyond threshold alarm  Flash monitoring alarm There are several ways to notify users when an alarm is generated. The alarm event output methods are as below:  Save to the device hardware environment monitoring alarm buffer.
Page 557: Table 12-7 Trap Information
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Hardware environmental monitoring alarm can be recorded in the current hardware environment monitoring alarm table and hardware environment monitoring history alarm table automatically without configuring manually.  Trap output Alarms are output to the NMS in Trap mode.
Page 558: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.7.2 Preparing for configurations Scenario Hardware environment monitoring provides environment monitoring for the devices, through which you can monitor the fault. When device operation environment is abnormal, this function will record hardware environment monitoring alarm list, generate system log, or send Trap and other alarms to notify taking corresponding measures and preventing fault.
Page 559: Configuring Temperature Monitoring Alarm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management  When enabling global hardware environment monitoring alarm Syslog output, alarm event can generate Syslog only when Syslog output under alarm event is also enabled.  When enabling global hardware environment monitoring alarm sending Trap, alarm event can send Trap only when Trap output under alarm event is also enabled.
Page 560: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom#conf Enter global configuration mode. Raisecom(conf Clear alarms manually. ig)#clear alarm Use this command to clear all alarms in current alarm list and generate an all-alarm alarm in history alarm list.
Page 561: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management It can be used to view the operational status of all tasks and the detailed running status information about assigned tasks. It can be used to view history utilization of CPU in each period.
Page 562: Configuring Cpu Monitoring Alarm
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom#show process dead Show information about dead tasks. range Raisecom#show process pid Show information about the specified task. 12.8.5 Configuring CPU monitoring alarm Configure CPU monitoring alarm for the ISCOM2600G-HI series switch as below.
Page 563: Preparing For Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.9.2 Preparing for configurations Scenario After cable diagnosis is enabled, you can learn the running status of cables, locate and clear faults, if any, in time. Prerequisite 12.9.3 Configuring cable diagnosis Configure cable diagnosis for the ISCOM2600G-HI series switch as below.
Page 564: Memory Monitoring
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.10 Memory monitoring 12.10.1 Preparing for configurations Scenario Memory monitoring enables you to learn the memory utilization in real time, and provides memory utilization threshold alarms, thus facilitating you to locate and clear potential risks and help network administrator to locate faults.
Page 565: Ping
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.11 Ping 12.11.1 Introduction Packet Internet Groper (PING) derives from the sonar location operation, which is used to detect whether the network is normally connected. Ping is achieved with ICMP echo packets.
Page 566: Traceroute
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management 12.12 Traceroute 12.12.1 Introduction Similar with Ping, Traceroute is a commonly-used maintenance method in network management. Traceroute is often used to test the network nodes of packets from sender to destination, detect whether the network connection is reachable, and analyze network fault...
Page 567: Performance Statistics
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description name Raisecom#traceroute [ vrf (Optional) test the connectivity ip-address first [ firstttl of the IPv4 network and view [ maxttl ] [ port port nodes passed by the packet by...
Page 568: Checking Configurations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 12 System management Step Command Description Raisecom#config Enter global configuration mode. Raisecom(config)#performance Configure the number of data blocks saved statistics interval buckets in the Flash for performance statistics in buckets-number different statistics period mode.
Page 569: Appendix
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix Appendix This chapter list terms, acronyms, and abbreviations involved in this document, including the following sections:  Terms  Acronyms and abbreviations 13.1 Terms A series of ordered rules composed of permit | deny sentences. These...
Page 570 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix CHAP is a widely supported authentication method in which a representation of the user's password, rather than the password itself, is sent during the authentication process. With CHAP, the remote access server sends a challenge to the remote access client. The remote access...
Page 571 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix Generic Framing Procedure (GFP) is a generic mapping technology. It can group variable-length or fixed-length data for unified adaption, encapsulation making data services transmitted through multiple high-speed physical transmission channels. The cable to connect the device to ground, usually a yellow/green coaxial cable.
Page 572 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix Link Aggregation A protocol used for realizing link dynamic aggregation. The LACPDU is Control used to exchange information with the peer device. Protocol (LACP) Link-state tracking provides an interface linkage scheme, extending the range of link backup.
Page 573 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix PVLAN adopts Layer 2 isolation technology. Only the upper VLAN is Private VLAN visible globally. The lower VLANs are isolated from each other. If you (PVLAN) partition each interface of the switch or IP DSLAM device into a lower VLAN, all interfaces are isolated from each other.
Page 574: Acronyms And Abbreviations
Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix Spanning Tree STP can be used to eliminate network loops and back up link data. It Protocol blocks loops in logic to prevent broadcast storms. When the unblocked (STP) link fails, the blocked link is re-activated to act as the backup link.
Page 575 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix BITS Building Integrated Timing Supply System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Base Transceiver Station Committed Access Rate Channel Associated Signaling Committed Burst Size Customer Edge CHAP Challenge Handshake Authentication Protocol...
Page 576 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix Extensible Authentication Protocol EAPoL EAP over LAN Ethernet in the First Mile Electro Magnetic Compatibility Electro Magnetic Interference Electro Magnetic Susceptibility ERPS Ethernet Ring Protection Switching Electro Static Discharge Ethernet Virtual Connection...
Page 577 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix IETF Internet Engineering Task Force IGMP Internet Group Management Protocol Internet Protocol IS-IS Intermediate System to Intermediate System Routing Protocol Internet Service Provider ITU-T International Telecommunications Union - Telecommunication Standardization Sector LACP...
Page 578 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix Operation, Administration and Management Ordinary Clock Optical Distribution Frame Object Identifiers Option 82 DHCP Relay Agent Information Option OSPF Open Shortest Path First P2MP Point to Multipoint Point-to-Point PADI PPPoE Active Discovery Initiation...
Page 579 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix RMON Remote Network Monitoring RNDP Raisecom Neighbor Discover Protocol Raisecom Operating System Ring Protection Link RRPS Raisecom Ring Protection Switching RSTP Rapid Spanning Tree Protocol RSVP Resource Reservation Protocol RTDP Raisecom Topology Discover Protocol...
Page 580 Raisecom ISCOM2600G-HI (A) Series Configuration Guide 13 Appendix User Datagram Protocol User Network Interface User-Based Security Model VLAN Virtual Local Area Network VRRP Virtual Router Redundancy Protocol Wide Area Network Weight Round Robin Raisecom Proprietary and Confidential Copyright © Raisecom Technology Co., Ltd.
Page 581 Address Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing, P.R.China Postal code: 100094 Tel: +86-10-82883305 Fax: 8610-82883056 http://www.raisecom.com Email: export@raisecom.com...

Save PDF