stcs5024 layer 3 routing switch configuration guide · stcs5024 full gigabit layer 3 switch user...

158
STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司 www.stephen-tele.com --------------- STCS5024ST 24 Port Gigabit SFP+4 Port Gigabit Tx Layer 3 routing switch --------------- STCS5024TF 24 Port Gigabit TX + 4 Port Gigabit SFP Layer 3 routing switch STCS5024 Series Gigabit Layer 3 Routing Switches User Guide (Version: 1.0.1) Stephen Technologies Co.,Limted All Rights Reserved

Upload: others

Post on 25-Mar-2020

8 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

--------------- STCS5024ST 24 Port Gigabit SFP+4 Port Gigabit Tx Layer 3 routing switch

--------------- STCS5024TF 24 Port Gigabit TX + 4 Port Gigabit SFP Layer 3 routing switch

STCS5024 Series Gigabit Layer 3 Routing Switches User Guide (Version: 1.0.1)

Stephen Technologies Co.,Limted

All Rights Reserved

Page 2: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

PREFACE

Release Notes

This manual applies to STCS5024 Series Routing Switch.

Related Manuals

The related manuals are listed in the following table.

� 《STCS5024 Series Routing Switches Installation Guide Manu》

� 《STCS5024 Series Routing Switches Configuration Guide Manu》

Intended Audience

The manual is intended for the following readers:

� Network engineers

� Network administrators

� Customers who are familiar with network fundamentals

Conventions

The manual uses the following conventions:

I. General conventions

Convention Description

Arial Normal paragraphs are in Arial.

Arial Narrow Warnings, Cautions, Notes and Tips are in Arial Narrow.

Univers-Condensed Bold Headings are in Univers-CondensedBold.

Courier New Terminal Display is in Courier New.

Page 3: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

II. Command conventions

Convention

Description

Univers-CondensedBold The keywords of a command line are in

Univers-CondensedBold.

Univers-CondensedBold Command arguments are in Univers-CondensedBold.

[ ]

Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by

vertical bars. One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.

III. GUI conventions

Convention

Description

< >

Button names are inside angle brackets. For example, click the <OK> button.

[ ]

Window names, menu items, data table and field names are inside square brackets. For

example, pop up the [New User] window.

/

Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

IV. Keyboard operation

Page 4: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

Format

Description

<Key>

Press the key with the key name inside angle brackets. For example, <Enter>, <Tab>,

<Backspace>, or <A>.

<Key1+Key2>

Press the keys concurrently. For example, <Ctrl+Alt+A>

means the three keys should be pressed concurrently.

<Key1, Key2>

Press the keys in turn. For example, <Alt, A> means the two

keys should be pressed in turn.

V. Mouse operation

Action

Description

Click

Press the left button or right button quickly (left button bydefault).

Double

Click

Press the left button twice continuously and quickly.

Drag

Press and hold the left button and drag it to a certain position.

VI. Symbols

Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation.

They are

defined as follows:

Caution: Means reader be extremely careful during the operation.

����Note: Means a complementary description.

Page 5: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

1 Product Overview .............................................................................. - 1 -

1.1 Product Overview ............................................................................... - 1 - 1.2 Function Features ............................................................................... - 1 -

2 Logging in Switch ............................................................................... - 3 -

2.1 Setting up Configuration Environment via the Console Port .............. - 3 - 2.2 Setting up Configuration Environment through Telnet ...................... - 5 -

2.2.1 Connecting a PC to the Switch through Telnet .................................. - 5 - 2.2.2 Telneting a Switch through another Switch ....................................... - 6 -

3 Command Line Interface ................................................................... - 7 -

3.1 Command Line Interface .................................................................... - 7 - 3.2 Command Line configure mode ......................................................... - 8 - 3.3 Features and Functions of Command Line ......................................... - 9 -

3.3.1 Online Help of Command Line ............................................................ - 9 - 3.3.2 Displaying Characteristics of Command Line ................................... - 10 - 3.3.3 History Command of Command Line ............................................... - 11 -

3.3.4 Common Command Line Error Messages ........................................ - 11 - 3.3.5 Editing Characteristics of Command Line ......................................... - 12 -

4 Basic Configuration ......................................................................... - 13 -

4.1 Console Connection .......................................................................... - 13 - 4.2 Setting Console Baud Rate ................................................................ - 13 - 4.3 Creating user and setting password ................................................. - 14 - 4.4 Setting system clock .......................................................................... - 14 - 4.5 Setting system service ...................................................................... - 15 - 4.6 Setting system contact/name/location information for SNMP ........ - 15 - 4.7 Management firmware ..................................................................... - 16 -

4.8 Management configuration file ........................................................ - 16 - 4.9 Saving configuration file ................................................................... - 17 - 4.10 Restore system to default configuration .......................................... - 17 - 4.11 Reboot system .................................................................................. - 17 -

5 Port Configuration ........................................................................... - 18 -

5.1 Ethernet Port Overview .................................................................... - 18 - 5.2 Ethernet Port Configuration ............................................................. - 18 -

5.2.1 Enabling/Disabling an Ethernet Port ................................................ - 18 - 5.2.2 Setting the Duplex Attribute and speed of the Ethernet Port ......... - 19 -

5.2.3 Setting the type of combo port ........................................................ - 19 - 5.2.4 Enabling/Disabling Flow Control for the Ethernet Port ................... - 20 - 5.2.5 Setting the Ethernet Port Broadcast Suppression ............................ - 20 - 5.2.6 Setting the Ethernet Port multicast Suppression ............................. - 21 - 5.2.7 Setting the Ethernet Port dlf Suppression ........................................ - 21 - 5.2.8 Setting Port Mirroring ....................................................................... - 22 - 5.2.9 Setting rate limits.............................................................................. - 23 -

6 Link Aggregation Configuration ....................................................... - 24 -

6.1 Overview ........................................................................................... - 24 -

6.2 Statically Configuring a Trunk ........................................................... - 24 -

Page 6: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

7 VLAN Configuration ......................................................................... - 25 -

7.1 VLAN Overview ................................................................................. - 25 - 7.2 Configuring VLAN .............................................................................. - 26 -

7.2.1 Creating/Deleting a VLAN ................................................................. - 26 - 7.2.2 Setting vlan port pvid ....................................................................... - 26 - 7.2.3 Specifying/removing a VLAN port .................................................... - 27 -

7.3 VLAN Configuration Example ............................................................ - 27 -

8 GVRP Configuration ......................................................................... - 28 -

8.1 GVRP Overview ................................................................................. - 28 -

8.2 Enabling/Disabling Global GVRP ....................................................... - 29 - 8.3 Enabling/Disabling Port GVRP .......................................................... - 29 - 8.4 GVRP Configuration Example ............................................................ - 29 -

9 STP Configuration ............................................................................ - 30 -

9.1 STP Overview .................................................................................... - 30 - 9.2 Spanning-Tree Topology and BPDUs ................................................. - 31 - 9.3 Bridge ID, Switch Priority, and Extended System ID ......................... - 33 - 9.4 Spanning-Tree Interface States ......................................................... - 34 -

9.4.1 Blocking State ................................................................................... - 35 - 9.4.2 Listening State .................................................................................. - 36 - 9.4.3 Learning State ................................................................................... - 36 - 9.4.4 Forwarding State .............................................................................. - 36 - 9.4.5 Disabled State ................................................................................... - 37 -

9.5 How a Switch or Port Becomes the Root Switch or Root Port ......... - 37 - 9.6 Spanning Tree and Redundant Connectivity .................................... - 38 - 9.7 Spanning-Tree Address Management .............................................. - 38 - 9.8 Accelerated Aging to Retain Connectivity ........................................ - 39 - 9.9 Configuring STP Features .................................................................. - 39 -

9.9.1 Configure the mode of the spanning-tree ........................................ - 39 - 9.9.2 Configure the Bridge Priority for a Switch ........................................ - 39 - 9.9.3 Configure the Time Parameters of a Switch ..................................... - 40 - 9.9.4 Configure Port Priority ...................................................................... - 42 - 9.9.5 Enable/Disable STP on the Device .................................................... - 42 - 9.9.6 Enable/Disable STP on a Port ........................................................... - 43 -

9.10 Configuring RSTP Features ................................................................ - 43 - 9.10.1 Configure the mode of the spanning-tree ........................................ - 43 - 9.10.2 Configure the Bridge Priority for a Switch ........................................ - 44 - 9.10.3 Configure the Time Parameters of a Switch ..................................... - 44 - 9.10.4 Configure Port Priority ...................................................................... - 46 - 9.10.5 Enable/Disable STP on the Device .................................................... - 46 - 9.10.6 Enable/Disable STP on a Port ........................................................... - 47 -

10 IP Address Configuration ................................................................. - 47 -

10.1 IP Address Overview ......................................................................... - 47 - 10.1.1 IP Address Classification and Indications ......................................... - 47 -

10.1.2 Subnet and Mask .............................................................................. - 50 - 10.2 Configuring IP Address ...................................................................... - 50 -

10.2.1 Configuring the AUX port IP Address................................................ - 51 -

Page 7: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

10.2.2 Configuring the IP Address of the VLAN Interface ........................... - 51 - 10.3 IP Address Configuration Example .................................................... - 51 - 10.4 Troubleshooting IP Address Configuration ....................................... - 52 -

11 ARP Configuration ........................................................................... - 53 -

11.1 Introduction to ARP .......................................................................... - 53 - 11.2 Configuring ARP ................................................................................ - 54 -

11.2.1 Manually Adding/Deleting Static ARP Mapping Entries ................... - 54 - 11.2.2 Clear up ARP Mapping Entries .......................................................... - 54 -

12 Configuring IP Routing ..................................................................... - 55 -

12.1 Introduction to IP Route and Routing Table ..................................... - 55 - 12.1.1 IP Route and Route Segment ............................................................ - 55 - 12.1.2 Route Selection through the Routing Table ..................................... - 56 -

12.2 Routing Management Policy ............................................................. - 58 - 12.2.1 Routing protocols and the preferences of the corresponding routes- 58 - 12.2.2 Supporting Load Sharing and Route Backup .................................... - 58 - 12.2.3 Routes Shared between Routing Protocols ...................................... - 59 -

12.3 Static Route Configuration ................................................................ - 60 - 12.3.1 Introduction to Static Route ............................................................. - 60 - 12.3.2 Static Route Configuration ............................................................... - 60 - 12.3.3 Typical Static Route Configuration Example .................................... - 62 - 12.3.4 Static Route Fault Diagnosis and Troubleshooting ........................... - 64 -

12.4 RIP Configuration .............................................................................. - 64 - 12.4.1 Brief Introduction to RIP ................................................................... - 64 -

12.4.2 RIP Configuration .............................................................................. - 65 - 12.4.3 Typical RIP Configuration Example ................................................... - 68 -

12.5 OSPF Configuration ........................................................................... - 69 - 12.5.1 OSPF Overview.................................................................................. - 69 - 12.5.2 OSPF Configuration ........................................................................... - 73 - 12.5.3 Displaying and Debugging OSPF ....................................................... - 84 - 12.5.4 Typical OSPF Configuration Example ................................................ - 84 - 12.5.5 OSPF Fault Diagnosis and Troubleshooting ...................................... - 85 -

13 IP Multicast Protocol ....................................................................... - 87 -

13.1 IP Multicast Overview ....................................................................... - 87 - 13.1.1 Problems with Unicast/Broadcast .................................................... - 87 - 13.1.2 Advantages of Multicast ................................................................... - 88 - 13.1.3 Application of Multicast ................................................................... - 89 -

13.2 Implementation of IP Multicast ........................................................ - 90 - 13.2.1 Multicast Addresses.......................................................................... - 90 - 13.2.2 IP Multicast Protocols ....................................................................... - 92 -

13.3 IP Multicast Packet Forwarding ........................................................ - 93 - 13.4 IGMP Snooping Configuration .......................................................... - 94 -

13.4.1 IGMP Snooping Overview ................................................................. - 94 - 13.4.2 IGMP Snooping Configuration .......................................................... - 97 - 13.4.3 IGMP Snooping Configuration Example ........................................... - 99 -

13.4.4 Troubleshoot IGMP Snooping .......................................................... - 99 -

Page 8: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

13.5 Static Multicast Group Configuration ............................................. - 100 - 13.5.1 Introduction to Static Multicast Group Configuration ................... - 100 - 13.5.2 Static Multicast Group Configuration ............................................. - 100 -

13.6 IGMP Configuration ........................................................................ - 101 - 13.6.1 IGMP Overview ............................................................................... - 101 -

13.6.2 IGMP Configuration ........................................................................ - 102 - 13.7 PIM-SM Configuration .................................................................... - 108 -

13.7.1 PIM-SM Overview ........................................................................... - 108 - 13.7.2 PIM-SM Configuration .................................................................... - 110 -

14 ACL Configuration .......................................................................... - 113 -

14.1 ACL Overview .................................................................................. - 113 - 14.2 configuring ACL ............................................................................... - 114 -

14.2.1 Defining ACL .................................................................................... - 114 - 14.2.2 Activating ACL ................................................................................. - 115 -

14.3 configuring Default ACL .................................................................. - 116 - 14.4 ACL Configuration Example ............................................................ - 116 -

15 QoS Configuration ......................................................................... - 117 -

15.1 Setting the Queue Mode ................................................................ - 118 - 15.2 Setting the Priority for Port ............................................................ - 119 - 15.3 Mapping IP Precedence .................................................................. - 119 - 15.4 Changing Priorities Based on ACL Rules ......................................... - 120 -

16 802.1x Configuration ..................................................................... - 121 -

16.1 802.1x Overview ............................................................................. - 121 - 16.1.1 802.1x Standard Overview ............................................................. - 121 - 16.1.2 802.1x System Architecture ............................................................ - 122 - 16.1.3 802.1x Authentication Process ....................................................... - 123 - 16.1.4 Implement 802.1x on Ethernet Switch ........................................... - 123 -

16.2 802.1x Configuration ...................................................................... - 123 - 16.2.1 Enabling/Disabling 802.1x .............................................................. - 123 - 16.2.2 Setting port authentication state ................................................... - 124 - 16.2.3 Setting Supplicant Number on a Port ............................................. - 124 -

16.3 802.1x Configuration Example ........................................................ - 125 -

17 RADIUS Protocol Configuration ..................................................... - 127 -

17.1 RADIUS Protocol Overview ............................................................. - 127 - 17.2 Implementing RADIUS on Ethernet Switch..................................... - 128 - 17.3 Configuring RADIUS Protocol .......................................................... - 128 -

17.3.1 Enable/disable radius client service ............................................... - 128 - 17.3.2 Setting radius client ip address ....................................................... - 128 -

17.3.3 Setting a Real-time Accounting Interval ......................................... - 129 - 17.3.4 Setting IP Address of RADIUS Server .............................................. - 129 - 17.3.5 Setting Port of RADIUS Server ........................................................ - 130 - 17.3.6 Setting RADIUS Packet Encryption Key ........................................... - 130 -

18 DHCP Protocol Configuration ........................................................ - 131 -

Page 9: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

陈泽科技有限公司 www.stephen-tele.com

18.1 DHCP Relay configuration ............................................................... - 131 - 18.1.1 Brief Introduction to DHCP Relay ................................................... - 131 - 18.1.2 Configuring DHCP Relay .................................................................. - 132 -

18.2 DHCP Server configuration ............................................................. - 133 - 18.2.1 Configuring DHCP Relay .................................................................. - 134 -

18.3 DHCP Protocol Configuration Example ........................................... - 136 - 18.3.1 DHCP Relay Configuration Example................................................ - 136 - 18.3.2 DHCP Server Configuration Example .............................................. - 137 -

19 SNMP Configuration ...................................................................... - 138 -

19.1 SNMP Overview .............................................................................. - 138 - 19.2 SNMP Versions and Supported MIB ............................................... - 138 - 19.3 Configure SNMP .............................................................................. - 140 -

19.3.1 Setting Community Name .............................................................. - 140 - 19.3.2 Setting the Destination Address of Trap ........................................ - 140 - 19.3.3 Setting Trap Parameters ................................................................. - 141 -

19.4 SNMP Configuration Example ......................................................... - 141 -

20 VRRP Configuration ....................................................................... - 142 -

20.1 VRRP Overview ............................................................................... - 142 - 20.2 Configuring VRRP ............................................................................ - 143 -

20.2.1 Adding/Deleting a Virtual IP Address ............................................. - 144 - 20.2.2 Configuring the Priority of Switches in the Virtual Router ............. - 144 - 20.2.3 Configuring Preemption for a Switch within a Virtual Router ....... - 145 - 20.2.4 Configuring VRRP Timer.................................................................. - 145 -

20.2.5 Configuring Switch to Track a Specified Interface .......................... - 146 - 20.3 VRRP Configuration Example .......................................................... - 147 - 20.4 Troubleshoot VRRP ......................................................................... - 148 -

Page 10: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 1 - - www.stephen-tele.com

1 PRODUCT OVERVIEW

1.1 Product Overview

STCS5024 series Ethernet Switches are types of box-shaped L2/L3 wire speed Ethernet Switches, applied on the convergence

layer of the medium- and small-sized enterprise networks, IP Metropolitan Area Network (MAN) and Ethernet residential

areas。

STCS5024 series routing switches support the following services:

� Internet broadband access

� MAN, enterprise/campus networking

� Providing multicast service and multicast routing and supporting multicast audioand video services.

1.2 Function Features

Features Implementation

VLAN

Supports VLAN compliant with IEEE 802.1Q Standard

Supports GARP VLAN Registration Protocol (GVRP)

STP protocol

Supports Spanning Tree Protocol (STP)

Flow control

Supports IEEE 802.3x flow control (full-duplex)

Supports back-pressure based flow control (half-duplex)

Broadcast

Suppression

Supports Broadcast Suppression

Multicast

Supports Internet Group Management Protocol Snooping (IGMP

Snooping)

Supports Internet Group Management Protocol (IGMP)

Supports Protocol-Independent Multicast-Sparse Mode (PIM-SM)

IP routing

Supports static routing

Supports Routing Information Protocol (RIP) v1/v2

Supports Open Shortest Path First (OSPF)

DHCP Supports Dynamic Host Configuration Protocol (DHCP) Relay

Supports Dynamic Host Configuration Protocol (DHCP) Server

Link

aggregation

Supports link aggregation

Page 11: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 2 - - www.stephen-tele.com

Features Implementation

Mirror

Supports the port-based mirror

Supports the ACL-based mirror

Quality of

Service (QoS)

Supports traffic classification

Supports bandwidth control

Supports queues of different priority on the port

Queue scheduling: supports Strict Priority Queuing (SP),

Weighted Round Robin (WRR), and SP+WRR

Security

features

Supports Multi-level user management and password protect

Supports 802.1X authentication

Supports Packet filtering

Management

and

Maintenance

Supports Command Line Interface configuration

Supports local configuration via Console port and AUX port

Supports Local and remote configuration through Telnet on

Ethernet port

Supports SNMP management (SupportsRMON MIB Group 1, 2, 3 and 9)

Supports output of the debugging information

Supports PING

Supports the remote maintenance via Telnet

Loading and

updating

Supports to load and upgrade software via File Transfer Protocol

(FTP) and Trivial File Transfer Protocol (TFTP)

Page 12: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 3 - - www.stephen-tele.com

2 Logging in Switch

2.1 Setting up Configuration Environment via the Console Port

Step 1: As shown in the figure below, to set up the local configuration environment,connect the serial port of a PC (or a

terminal) to the Console port of the switch with theConsole cable.

Figure 2-1 Setting up the local configuration environment via the Console port

Step 2: Run terminal emulator (such as Terminal on Windows 3X or the Hyper Terminal on Windows 9X) on the Computer. Set

the terminal communication parameters as follows: Set the baud rate to 19200, databit to 8, parity check to none, stopbit to 1,

flow control to none and select the terminal type as VT100.

Page 13: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 4 - - www.stephen-tele.com

Figure 2-2 Setting up new connection

Figure 2-3 Configuring the port for connection

Page 14: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 5 - - www.stephen-tele.com

Figure 2-4 Setting communication parameters

Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the

command line prompt such as switch>.

Step 4: Input a command to configure the switch or view the operation state. Input a “?” for an immediate help. For details of

specific commands, refer to the following chapters.

2.2 Setting up Configuration Environment through Telnet

2.2.1 Connecting a PC to the Switch through Telnet

After you have correctly configured IP address of a VLAN interface for an switch via Console port, and added the port to this

VLAN (using port command in VLAN view), you can telnet this switch and configure it.

Step 1: Authenticate the Telnet user via the Console port before the user logs in by Telnet.

Step 2: To set up the configuration environment, connect the Ethernet port of the PC to that of the switch via the LAN.

Page 15: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 6 - - www.stephen-tele.com

Figure 2-5 Setting up configuration environment through telnet

Step 3: Run Telnet on the PC and input the IP address of the VLAN connected to the PC port.

Figure 2-6 Running Telnet

Step 4: The terminal displays “Login:” and prompts the user to input the logon user name and password. After you input the

correct user name and password, it displays the command line prompt (such as switch#).

Step 5: Use the corresponding commands to configure the switch or to monitor the running state. Enter “?” to get the

immediate help. For details of specific commands,refer to the following chapters.

2.2.2 Telneting a Switch through another Switch

After a user has logged into a switch, he or she can configure another switch through the switch via Telnet. The local switch

serves as Telnet client and the peer switch serves as Telnet server. If the ports connecting these two switches are in a same

local network, their IP addresses must beconfigured in the same network segment.

Otherwise, the two switches must establish a route that can reach each other.As shown in the figure below, after you telnet to

a switch, you can run telnet commandto log in and configure another switch.

Page 16: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 7 - - www.stephen-tele.com

Figure 2-7 Providing Telnet Client service

Step 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch) before login.

Step 2: The user logs in the Telnet Client (switch). For the login process, refer to the section describing “Connecting a PC to the

Switch through Telnet”.

Step 3: Perform the following operations on the Telnet Client:

Step 4: Enter the preset login password and you will see the prompt such switch#.

Step 5: Use the corresponding commands to configure the switch or view it running state. Enter “?” to get the immediate help.

For details of specific commands, refer to the following chapters.

3 Command Line Interface

3.1 Command Line Interface

These series switches provide a series of configuration commands and command line interfaces for configuring and managing

the switch. The command line interface has the following characteristics:

� Local configuration via the Console port and AUX port.

� Local or remote configuration via Telnet.

� Hierarchy command protection to avoid the unauthorized users accessing switch.Enter a “?” to get immediate online

help.

� Provide network testing commands, such as Ping, to fast troubleshoot the network.

� Log in and manage other switch directly, using the Telnet command.

� Provide FTP service for the users to upload and download files.

� Provide the function similar to Doskey to execute a history command.

� The command line interpreter searches for target not fully matching the keywords.

It is ok for you to key in the whole keyword or part of it, as long as it is unique and not ambiguous.

Page 17: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 8 - - www.stephen-tele.com

3.2 Command Line configure mode

The command line provides the following configure mode:

� Normal EXEC mode

� privileged EXEC mode

� Global configuration mode

� VLAN interface configuration mode

� OSPF configuration mode

The following table describes the function features of different views and the ways to

enter or quit.

Table 3-1 Function feature of command configure mode.

Command

mode

Function

Prompt

Command to

enter

Command to

exit

Normal EXEC mode Show the basic

information

about operation

and statistics

Switch>

Enter right user

name and password

exit

privileged EXEC

mode

Show the basic

information

about operation

and statistics

Switch# Enter <enable> and

right password

Exit returns to

normal EXEC mode

Global

configuration mode

Configure

system

parameters

Switch(config)# Key in

config in

user user configure

mode

Exit returns to user

configure mode

VLAN interface

configure mode

Configure ospf area

parameters

Switch(config-if)# Key in

Interface vint x in

system configure

mode

Exit returns to

system configure

mode

OSPF configuration

mode

Configure OSPF

parameters

Switch(config-ospf)# Key in

Router ospf in

system configure

mode

Exit returns to

system configure

mode

Page 18: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 9 - - www.stephen-tele.com

3.3 Features and Functions of Command Line

3.3.1 Online Help of Command Line

The command line interface provides the following online help modes.

� Full help

� Partial help

You can get the help information through these online help commands, which are described as follows.

Input “?” in any configure mode to get all the commands in it and corresponding descriptions.

switch#?

clear Clear the screen.

config Config system's setting.

debug Debugging functions

download Download file for software upgrade or load user config.

exit Exit current mode and shift to previous mode.

help Description of the interactive help system.

history Config history command.

kill Kill some unexpected things.

logout Disconnect from switch and quit.

no Negate a command or set its defaults.

ping Ping command to test if the net is correct.

quit Disconnect from switch and quit.

reboot Reboot the switch.

remove Remove system configuration.

sendmsg Send message to online user.

show Show running system information.

telnet Telnet to other host or switch.

terminal Set terminal line parameters.

upload Upload file for software upgrade or upload user config.

who Display who is connected to the switch.

write Save current running configuration to flash.

1) Input a command with a “?” separated by a space. If this position is for keywords,all the keywords and the corresponding

brief descriptions will be listed.

Page 19: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 10 - - www.stephen-tele.com

2) switch(config)# port ?

speed Set port speed.

state Set port state.

type Set port type.

3) Input a command with a “?” separated by a space. If this position is for parameters,all the parameters and their brief

descriptions will be listed.

switch(config)# router ?

hw-sync Dynamic route synchronize with hardware route table

ospf OSPF specific commands

rip Set Rip config parameters.

switch(config)# router ospf ?

<cr> Just Press <Enter> to Execute command!

<cr> indicates no parameter in this position. The next command line repeats the command, you can press <Enter> to execute

it directly.

4) Input a character string with a “?”, then all the commands with this character string as their initials will be listed.

switch(config)# a?

access-list Set access-list parameters.

arp Config system's setting.

authentication Config information of authentication.

5) Input a command with a character string and “?”, then all the key words with this character string as their initials in the

command will be listed.

switch# show ve?

version Display SPROS version.

6) Input the first letters of a keyword of a command and press <Tab> key. If no other keywords are headed by this letters, then

this unique keyword will be displayed automatically.

3.3.2 Displaying Characteristics of Command Line

Command line interface provides the following display characteristics:

� For users’ convenience, the instruction and help information can be displayed in both English and Chinese.

� For the information to be displayed exceeding one screen, pausing function is provided. In this case, users can have three

Page 20: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 11 - - www.stephen-tele.com

choices, as shown in the table below.

Table 3-2 Functions of displaying

Key or Command

Function

Press <Q> when the display pauses Stop displaying and executing command.

Press any key when the display pauses

Continue to display the next screen of

information.

Press <Enter> when the display

pauses

Continue to display the next line of information.

3.3.3 History Command of Command Line

Command line interface provides the function similar to that of DosKey. The commands entered by users can be automatically

saved by the command line interface and you can invoke and execute them at any time later. History command buffer is

defaulted as 10. That is, the command line interface can store 10 history commands for each user.The operations are shown in

the table below.

Table 3-3 Retrieving history command

Operation

Key

Result

Display history

command

history

Display history command by user

inputting

Retrieve the previous

history command

Up cursor key <↑> or

<Ctrl+P>

command, if there is any.

Retrieve the next

history command

Down

Down cursor key <↓>

or <Ctrl+N>

Retrieve the next history

command, if there is any.

3.3.4 Common Command Line Error Messages

All the input commands by users can be correctly executed, if they have passed the grammar check. Otherwise, error

Page 21: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 12 - - www.stephen-tele.com

messages will be reported to users. The common error messages are listed in the following table.

Table 3-4 Common command line error messages

Error messages

Causes

Unrecognized command

Cannot find the command.

Cannot find the keyword.

Wrong parameter type.

The value of the parameter exceeds the range.

Incomplete command

The input command is incomplete.

Too many parameters

Enter too many parameters.

Ambiguous command

The parameters entered are not specific.

3.3.5 Editing Characteristics of Command Line

Command line interface provides the basic command editing function and supports to edit multiple lines. A command cannot

longer than 256 characters. See the table below.

Table 3-5 Editing functions

Key

Function

Common keys

Insert from the cursor position and the cursor moves to

the

right, if the edition buffer still has free space.

Backspace

Move the cursor a character backward

Leftwards cursor key

<←> or <Ctrl+B>

Move the cursor a character backward

Rightwards cursor key

<→> or <Ctrl+F>

Move the cursor a character forward

Page 22: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 13 - - www.stephen-tele.com

Up cursor key <↑> or

<Ctrl+P>

Down cursor key <↓>

or <Ctrl+N>

Retrieve the history command.

<Tab>

Press <Tab> after typing the incomplete key word and the

system will execute the partial help: If the key word

matching the typed one is unique, the system will replace

the typed one with the complete key word and display it

in a

new line; if there is not a matched key word or the

matched key word is not unique, the system will do no

modification but display the originally typed word in a

new line.

4 Basic Configuration

4.1 Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level

(Privileged Exec).

The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow

you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the

Privileged Exec level. Access to both CLI levels are controlled by user names and passwords.

The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the

default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the <Login:> prompt, enter “admin.”

3. At the Password prompt, direct press “enter” (The default password not set.)

4. The session is opened and the CLI displays the “switch>” prompt indicating you have access at the Normal Exec level.

5. At the “switch>” prompt ,enter “enable” .

6 . At the Password prompt, direct press “enter” (The default password not set.)

7. The session is opened and the CLI displays the “switch#” prompt indicating you have access at the Privileged Exec level.

4.2 Setting Console Baud Rate

Beginning in privileged EXEC mode, follow these steps to set console baud rate.

Page 23: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 14 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 serial speed rate Setting console baud rate.

Rate : 19200、2400、38400、9600.

By default ,rate is 9600.

Step 3 exit Return to privileged EXEC mode.

Step 4 show serial Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

4.3 Creating user and setting password

When you create new user ,the default user is deleted automatically.

Beginning in privileged EXEC mode, follow these steps to create user and set password.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 user add user-name login-password login-password Create user and set login password.

Step 3 user login-password user-name <CR>

Input new login password for user abc please.

New Password:

Confirm Password:

(optional) Change login password.

Step 4 user enable-password user-name <CR>

Input new enable password for user abc please.

New Password:

Confirm Password:

(optional) Set or change enable password.

Step 5 user role user-name {NORMAL | ADMIN

enable-password enable-password}

(optional) Change user access level.

Step 6 exit Return to privileged EXEC mode.

Step 7 user list Verify your entries.

Step 8 write (Optional) Save your entries in the

configuration file.

4.4 Setting system clock

Beginning in privileged EXEC mode, follow these steps to set system clock.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 time year month date hour:minutes:seconds Setting system clock.

Step 3 exit Return to privileged EXEC mode.

Page 24: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 15 - - www.stephen-tele.com

Step 4 show system configuration Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

4.5 Setting system service

The system provide SNMP、telnet and webserver services, you can enable or disable these service.

Beginning in privileged EXEC mode, follow these steps to set system service.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 service snmp {enable | disable } Enabling/disabling SNMP service.

Step 3 service telnet {enable | disable } Enabling/disabling telnet service.

Step 4 webserver service {enable | disable}

Enabling/disabling webserver service.

When webserver service enabled , you can

management the switch through WEB.

Step 5 webserver password reset (optional) Reset web password to default.

By default the web login user name is

“admin”, login password is “password”.

You can change the password through

WEB.

Step 6 exit Return to privileged EXEC mode.

Step 7 show services Verify your entries.

Step 8 write (Optional) Save your entries in the

configuration file.

4.6 Setting system contact/name/location information for SNMP

Beginning in privileged EXEC mode, follow these steps to set system contact/name/location information.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 system contact string Setting system contact information for

SNMP.

Step 3 system name string Setting system name for SNMP.

Step 4 system location string Setting system location information for

SNMP.

Step 5 exit Return to privileged EXEC mode.

Step 6 show system config Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

Page 25: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 16 - - www.stephen-tele.com

4.7 Management firmware

You can download firmware from a FTP or TFTP server. After download the new firmware, when the switch next start, the

system use the new firmware.

Caution:

Before you down load firmware from a FTP or TFTP server, you must confirm follow items:

� You have configured IP address for a VLAN interface or AUX port.

� The FTP or TFTP server can communicate with the Switch correctly.

� You have run the FTP or TFTP program on the FTP or TFTP server.

� You have set the correct user name and password for FTP server, and specified the correct

directory.

� You have specified the correct directory for TFTP server..

Beginning in privileged EXEC mode, follow these steps to download firmware from FTP or TFTP server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 down ftp image ip-address user-name password

filename

Download firmware from FTP server.

Step 3 down tftp image ip-address filename Download firmware from FTP server.

Step 4 reboot (optional) Restart the system.

Step 5 exit Return to privileged EXEC mode.

Step 6 show version Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

4.8 Management configuration file

You can upload/download firmware to or from a FTP or TFTP server. After download the new configuration file, when the

switch next start, the system use the new configutation.

Beginning in privileged EXEC mode, follow these steps to upload/download configuration file to or from FTP or TFTP server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 upload ftp config ip-address user-name password

filename

Up load configuration file to FTP server.

Up load configuration file to TFTP server. upload tftp config ip-address filename

Page 26: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 17 - - www.stephen-tele.com

Step 3 down ftp config ip-address user-name password

filename

Download configuration file from FTP

server.

Download configuration file from TFTP

server.

down tftp config ip-address filename

Step 4 reboot (optional) Restart the system.

Step 5 exit Return to privileged EXEC mode.

Step 6 show version Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

4.9 Saving configuration file

Use the write command to save the current-configuration in the Flash Memory, and the configurations will become the

startup-configuration when the system is powered on for the next time.

Beginning in privileged EXEC mode, follow these steps to save configuration to the FLASH Memory.

Command Purpose

Step 1 write Save your entries in the configuration file.

4.10 Restore system to default configuration

You can use remove command to resume the startup-configuration to default configuration, after that you must reboot the

system. Beginning in privileged EXEC mode, follow these steps to restore system to default configuration.

Command Purpose

Step 1 remove Save your entries in the configuration file.

Step 2 reboot Reboot the system.

4.11 Reboot system

Beginning in privileged EXEC mode, follow these steps to restart the system.

Command Purpose

Page 27: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 18 - - www.stephen-tele.com

Step 1 reboot Reboot the system.

5. Port Configuration

Ethernet Port Overview

STCS5024 Series Routing Switches Configurations include:

� STCS5024ST:24 SFP ports and 12 Ethernet 10/100/1000 combo ports

� STCS5024TS:24 Ethernet 10/100/1000 ports and 4 SFP combo ports

4.12 Ethernet Port Configuration

Ethernet port configuration includes:

� Enabling/disabling an Ethernet port

� Setting the duplex attribute for the Ethernet port

� Setting speed for the Ethernet port

� Setting the type of combo port

� Setting the Ethernet port broadcast suppression ratio

� Setting the Ethernet port multicast suppression ratio

� Setting the Ethernet port dlf suppression ratio

� Setting port mirror

� Setting rate Limits

4.12.1 Enabling/Disabling an Ethernet Port

The following command can be used for disabling or enabling the port.

Beginning in privileged EXEC mode, follow these steps to enable an Ethernet port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 port state port-number enable Enable an Ethernet port.

Step 3 exit Return to privileged EXEC mode.

Step 4 show port port-number Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 28: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 19 - - www.stephen-tele.com

By default, the port is enabled.

4.12.2 Setting the Duplex Attribute and speed of the Ethernet Port

To configure a port to send and receive data packets at the same time, set it to full-duplex. To configure a port to either send

or receive data packets at a time, set it to half-duplex. If the port has been set to auto-negotiation mode, the local and peer

ports will automatically negotiate about the duplex mode. You can use the following command to set the speed on the

Ethernet port. If the speed is set to auto-negotiation mode, the local and peer ports will automatically negotiate about the

port speed.

Beginning in privileged EXEC mode, follow these steps to setting the duplex attribute and speed of the Ethernet port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 port speed portnumber {1000|Auto} Setting the duplex attribute and speed for

Gigabit Ethernet port

Step 3 exit Return to privileged EXEC mode.

Step 4 show port port-number Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Note that, The Gigabit electrical Ethernet port can operate in full duplex or auto-negotiation mode. When the port operates at

1000Mbps, the duplex mode can be set to full (full duplex) or auto (auto-negotiation).

The port defaults the auto (auto-negotiation) mode.

By default, the speed of the port is in auto mode.

4.12.3 Setting the type of combo port

By default, the combo ports type is copper, you can specify the combo port type is fibber use the following command.

Beginning in privileged EXEC mode, follow these steps to setting the type of combo port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 port type por-tnumber {copper|fiber} Setting the type of combo port.

Port-number range is 21 to 24.

Step 3 exit Return to privileged EXEC mode.

Step 4 show port port-number Verify your entries.

Page 29: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 20 - - www.stephen-tele.com

Step 5 write (Optional) Save your entries in the

configuration file.

4.12.4 Enabling/Disabling Flow Control for the Ethernet Port

After enabling flow control in both the local and the peer switch, if congestion occurs in the local switch, the switch will inform

its peer to pause packet sending. Once the peer switch receives this message, it will pause packet sending, and vice versa. In

this way,packet loss is reduced effectively. The flow control function of the Ethernet port can be enabled or disabled through

the following command.

Beginning in privileged EXEC mode, follow these steps to enable flow control for the Ethernet port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 control flow enable port port-number Enable Ethernet port flow control

Step 3 exit Return to privileged EXEC mode.

Step 4 show control flow Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable flow control, use the control flow disable port port-number global configuration command.

4.12.5 Setting the Ethernet Port Broadcast Suppression

You can use the following commands to restrict the broadcast traffic. Once the broadcast traffic exceeds the value set by the

user, the system will maintain an appropriate broadcast packet number by discarding the overflow traffic, so as to suppress

broadcast storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of

the broadcast traffic allowed on the port. The smaller the packet number is, the smaller the broadcast traffic is allowed.

Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port Broadcast Suppression

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 control rate broadcast port port-number speed

packets

Enable Broadcast Suppression

Packets indicate packet number per

second.

Step 3 exit Return to privileged EXEC mode.

Step 4 show control rate {port port-number |CR} Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 30: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 21 - - www.stephen-tele.com

To disable the Ethernet Port Broadcast Suppression, use the control rate broadcast port port-number disable global

configuration command.

4.12.6 Setting the Ethernet Port multicast Suppression

You can use the following commands to restrict the multicast traffic. Once the multicast traffic exceeds the value set by the

user, the system will maintain an appropriate multicast packet number by discarding the overflow traffic, so as to suppress

multicast storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the

multicast traffic allowed on the port. The smaller the packet number is, the smaller the multicast traffic is allowed.

Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port multicast Suppression

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 control rate multicast port port-number speed

packets

Enable multicast Suppression

Packets indicate packet number per

second.

Step 3 exit Return to privileged EXEC mode.

Step 4 show control rate {port port-number |CR} Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable the Ethernet Port Broadcast/multicast/dlf Suppression, use the control rate multicast port port-number disable

global configuration command.

4.12.7 Setting the Ethernet Port dlf Suppression

You can use the following commands to restrict the dlf traffic. Once the dlf traffic exceeds the value set by the user, the

system will maintain an appropriate dlf packet number by discarding the overflow traffic, so as to suppress dlf storm, avoid

suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the dlf traffic allowed on

the port. The smaller the packet number is, the smaller the dlf traffic is allowed.

Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port dlf Suppression

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 control rate dlf port port-number speed packets Enable dlf Suppression

Packets indicate packet number per

second.

Page 31: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 22 - - www.stephen-tele.com

Step 3 exit Return to privileged EXEC mode.

Step 4 show control rate {port port-number |cr} Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable the Ethernet Port Broadcast/multicast/dlf Suppression, use the control rate dlf port port-number disable global

configuration command.

4.12.8 Setting Port Mirroring

Port mirroring duplicates data on the monitored port to the designated monitoring port, for purpose of data analysis and

supervision. The switch supports multiple-to-one mirroring, that is, you can duplicate packets from multiple ports to a

monitoring port.

Beginning in privileged EXEC mode, follow these steps to set port mirroring.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 mirror mirrored-to port-number Set target port

Step 3 mirror link-group set index port-list [both | ingress

| egress]

Create source port group.

Index is source port group index, range is

1 to 24.

Port-list is source port group member list,

format is port-number + m, such as 01m.

Step 4 mirror link-group enable index Enable mirroring.

Step 5 exit Return to privileged EXEC mode.

Step 6 show mirror all Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To delete mirror source port group, use no mirror link-group index global configuration command.

Page 32: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 23 - - www.stephen-tele.com

Caution:

Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor

port.

All mirror sessions have to share the same destination port.

When mirroring port traffic, the target port must be included in the same VLAN as the source port.

4.12.9 Setting rate limits

This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface.

Rate limiting is configured on interfaces at the edge of a network to limit traffic into or outof the switch. Traffic that falls

within the rate limit is transmitted, while

packets that exceed the acceptable amount of traffic are dropped.

Rate limiting can be applied to individual ports or trunks. When an interface is configured with this feature, the traffic rate will

be monitored by the hardware to verify conformity. Non-conforming traffic is dropped, conforming traffic is forwarded

without any changes.

Beginning in privileged EXEC mode, follow these steps to set rate limits.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 traffic-limit link-group set group-id port-list ingress

[ingress-rate| default] [egress [egress-rate |

default]]

Create rate limits group.

Group-id is bandwidth management rule

index, range is 1 to 64.

Ingress-rate and egress-rate are

bandwidth granularity is 1M/s.

Default indicate no limit.

Step 3 traffic-limit link-group enable group-id Enable rate limits.

Step 4 exit Return to privileged EXEC mode.

Step 5 show traffic-limit link-group Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

To disable rate limits, use traffic-limit link-group disable group-id global configuration command.

To delete rate limits group, use no traffic-limit link-group group-id global configuration command.

Page 33: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 24 - - www.stephen-tele.com

5 Link Aggregation Configuration

This chapter describes how to configure trunk groups. Trunk groups are manually-configured aggregate links containing

multiple ports.

5.1 Overview

Link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the

member ports and enhance the connection reliability. In terms of load sharing, link aggregation may be load sharing

aggregation and non-load sharing aggregation.

You can create multiple links between devices that work as one virtual,aggregate link. A port trunk offers a dramatic increase

in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices.

You can create up to six trunks at a time.

One switch can support up to six aggregation groups, with each group containing a maximum of eight ports.

Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port

in the trunk fails.

However, before making any physical connections between devices, use the web interface or CLI to specify the trunk on the

devices at both ends.

When using a port trunk, take note of the following points:

� Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a

loop.

� You can create up to six trunks on the switch, with up to eight ports per trunk.

� The ports at both ends of a connection must be configured as trunk ports.

� The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed,

duplex mode and flow control), VLAN assignments, and CoS settings.

� All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN.

� STP, VLAN, and IGMP settings can only be made for the entire trunk.

5.2 Statically Configuring a Trunk

When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s

Page 34: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 25 - - www.stephen-tele.com

implementation.

However, note that the static trunks on this switch are Cisco EtherChannel compatible.

To avoid creating a loop in the network, be sure you add a static trunk via the configuration interface before connecting the

ports, and also disconnect the ports before removing a static trunk via the configuration interface.

Beginning in privileged EXEC mode, follow these steps to configure a statically trunk.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 channel-group add group-number port-list [smac |

dmac | sdmac | sip | dip |sdip]

Configure a statically trunk.

Group-number range is 1 to 6.

Port-list is trunk member, format is

port-number+ m, such as 01m.

Step 3 exit Return to privileged EXEC mode.

Step 4 show channel-group Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete a statically trunk, use the channel-group delete group-number global configuration command.

6 VLAN Configuration

6.1 VLAN Overview

Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the

virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation

solutions.Through VLAN technology, network managers can logically divide the physical LAN into different broadcast domains.

Every VLAN contains a group of workstations with the same demands. The workstations of a VLAN do not have to belong to

the same physical LAN segment.

With VLAN technology, the broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs, therefore, it is

very helpful in controlling network traffic,saving device investment, simplifying network management and improving security.

Page 35: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 26 - - www.stephen-tele.com

6.2 Configuring VLAN

VLAN configuration includes:

� Creating/deleting a VLAN

� Setting vlan port pvid

� Specifying/removing a VLAN port

To configure a VLAN, first create a VLAN according to the requirements.

6.2.1 Creating/Deleting a VLAN

You can use the following command to create/delete a VLAN.

Beginning in privileged EXEC mode, follow these steps to create a VLAN.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vlan static add vid vid port-list Create a VLAN.

Vid:1~4096

Port-list: port-number+u|m, ‘u’ indicate

untag port and ‘m’ indicate tag port

Step 3 exit Return to privileged EXEC mode.

Step 4 show vlan table Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

6.2.2 Setting vlan port pvid

You can use the following command to setting vlan port pvid.

Beginning in privileged EXEC mode, follow these steps to set VLAN port PVID.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vlan port pvid port-number pvid Setting VLAN port PVID.

pvid:1~4096

Step 3 exit Return to privileged EXEC mode.

Step 4 show vlan port Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 36: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 27 - - www.stephen-tele.com

6.2.3 Specifying/removing a VLAN port

You can use the following command to specifying/removing a vlan port.

Beginning in privileged EXEC mode, follow these steps to set VLAN port PVID.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vlan static set vid vid port-list Specifying/removing a VLAN port

Step 3 exit Return to privileged EXEC mode.

Step 4 show vlan table Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

6.3 VLAN Configuration Example

I. Networking requirements

Remove port1,port2,port3,port4 from vlan1;Create VLAN2 and VLAN3. Add port1 and port2 to VLAN2 and add Port3 and port4

to VLAN3.

II. Networking diagram

Figure 7-1 VLAN configuration example

III. Configuration procedure

# Remove port1,port2,port3,port4 from default VLAN (VLAN1).

switch(config)#vlan static set vid 1 01-02-03-04-

Page 37: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 28 - - www.stephen-tele.com

# Create VLAN 2

switch(config)#vlan static add vid 2 01u02u

# setting vlan port pvid of port1 and port2

switch(config)#vlan port pvid 1 2

switch(config)#vlan port pvid 2 2

# Create VLAN 3

switch(config)#vlan static add vid 3 03u04u

# setting vlan port pvid of port3 and port4

switch(config)#vlan port pvid 3 3

switch(config)#vlan port pvid 4 3

7 GVRP Configuration

7.1 GVRP Overview

GARP VLAN Registration Protocol (GVRP) is a GARP application. Based on GARP operating mechanism, GVRP provides

maintenance of the dynamic VLAN registration information in the switch and propagates the information to other switches. All

the GVRP-supporting switches can receive VLAN registration information from other switches and dynamically update the

local VLAN registration information including the active members and through which port those members can be reached. All

the GVRP-supporting switches can propagate their local VLAN registration information to other switches so that the VLAN

information can be consistent on all GVRP-supporting devices in one switching network. The VLAN registration information

propagated by GVRP includes both the local static registration information configured manually and the dynamic registration

information from other switches.

GVRP is described in details in the IEEE 802.1Q standard. SPEED series switches fully support the GARP compliant with the IEEE

standards.

Main GVRP configuration includes:

� Enabling/disabling global GVRP

� Enabling/disabling port GVRP

Page 38: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 29 - - www.stephen-tele.com

7.2 Enabling/Disabling Global GVRP

You can use the following command to enable/disable global GVRP.

Beginning in privileged EXEC mode, follow these steps to enable global GVRP.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 system gvrp enable Enable global GVRP.

Step 3 exit Return to privileged EXEC mode.

Step 4 show system configuration Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

By default, global GVRP is disabled.

To disable global GVRP, use system gvrp disable global configuration command.

7.3 Enabling/Disabling Port GVRP

You can use the following command to enable/disable the GVRP on a port.

Beginning in privileged EXEC mode, follow these steps to enable port GVRP.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vlan port gvrp port-number enable Enable port GVRP.

Step 3 exit Return to privileged EXEC mode.

Step 4 show vlan port Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

By default, port GVRP is enabled.

To disable port GVRP, use vlan port gvrp port-number disable global configuration command.

7.4 GVRP Configuration Example

I. Networking requirements

To dynamically register and update VLAN information among switches, GVRP needs to be enabled on the switches.

Page 39: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 30 - - www.stephen-tele.com

II. Networking diagram

Figure 8-1 GVRP configuration example

III. Configuration procedure

Configure Switch A:

# Enable GVRP globally.

Switch(config)#system gvrp enable

Configure Switch B:

# Enable GVRP globally.

Switch(config)#system gvrp enable

8. STP Configuration

STP Overview

The switch supports STP (spanning tree protocol).STP is a Layer 2 link management protocol that provides path

redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active

path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop

exists in the network, end stations might receive duplicate messages. Switches might also learn end-station MAC

addresses on multiple Layer 2 interfaces. These conditions result in an unstable network.Spanning-tree operation is

transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN

of multiple segments.

The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning

tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port

based on the role of the port in the active topology:

� Root—A forwarding port elected for the spanning-tree topology

� Designated—A forwarding port elected for every switched LAN segment

� Alternate—A blocked port providing an alternate path to the root port in the spanning tree

� Backup—A blocked port in a loopback configuration

Page 40: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 31 - - www.stephen-tele.com

Switches that have ports with these assigned roles are called root or designated switches.

Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a

redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path.

Switches send and receive spanning-tree frames,called bridge protocol data units (BPDUs), at regular intervals. The switches

do not forward these frames but use them to construct a loop-free path. BPDUs contain information about the sending switch

and its ports, including switch and MAC addresses, switch priority, port priority, and path cost. Spanning tree uses this

information to elect the root switch and root port for the switched network and the root port and designated port for each

switched segment.

When two ports on a switch are part of a loop, the spanning-tree port priority and path cost settings control which port is put

in the forwarding state and which is put in the blocking state. The spanning-tree port priority value represents the location of a

port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed.

7.5 Spanning-Tree Topology and BPDUs

The stable, active spanning-tree topology of a switched network is controlled by these elements:

� The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch. In a switch stack, all

switches use the same bridge ID for a given spanning-tree instance.

� The spanning-tree path cost to the root switch.

� The port identifier (port priority and MAC address) associated with each Layer 2 interface.

When the switches in a network are powered up, each functions as the root switch. Each switch sends a configuration BPDU

through all of its ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains

this information:

� The unique bridge ID of the switch that the sending switch identifies as the root switch

� The spanning-tree path cost to the root

� The bridge ID of the sending switch

� Message age

� The identifier of the sending interface

� Values for the hello, forward delay, and max-age protocol timers

When a switch receives a configuration BPDU that contains superior information (lower bridge ID,lower path cost, and so

forth), it stores the information for that port. If this BPDU is received on the root port of the switch, the switch also forwards it

with an updated message to all attached LANs for which it is the designated switch.

If a switch receives a configuration BPDU that contains inferior information to that currently stored for that port, it discards

the BPDU. If the switch is a designated switch for the LAN from which the inferior BPDU was received, it sends that LAN a

BPDU containing the up-to-date information stored for that port. In this way, inferior information is discarded, and superior

information is propagated on the network.

Page 41: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 32 - - www.stephen-tele.com

A BPDU exchange results in these actions:

� One switch in the network is elected as the root switch (the logical center of the spanning-tree topology in a switched

network). In a switch stack, one stack member is elected as the stack root switch. The stack root switch contains the

outgoing root port (Switch 1), as shown in Figure 9-1.

For each VLAN, the switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If

all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the

root switch. The switch priority value occupies the most significant bits of the bridge ID, as shown in Table 9-1.

� A root port is selected for each switch (except the root switch). This port provides the best path (lowest cost) when the

switch forwards packets to the root switch.

When selecting the root port on a switch stack, spanning tree follows this sequence:

– Selects the lowest root bridge ID

– Selects the lowest path cost to the root switch

– Selects the lowest designated bridge ID

– Selects the lowest designated path cost

– Selects the lowest port ID

Only one outgoing port on the stack root switch is selected as the root port. The remaining switches in the stack become its

designated switches (Switch 2 and Switch 3) as shown in the follow Figure.

� The shortest distance to the root switch is calculated for each switch based on the path cost.

� A designated switch for each LAN segment is selected. The designated switch incurs the lowest pathcost when forwarding

packets from that LAN to the root switch. The port through which the designated switch is attached to the LAN is called

the designated port.

Page 42: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 33 - - www.stephen-tele.com

Figure 9-1 Spanning-Tree Port States in a Switch Stack

All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree

blocking mode.

7.6 Bridge ID, Switch Priority, and Extended System ID

The IEEE 802.1D standard requires that each switch has an unique bridge identifier (bridge ID), which controls the selection of

the root switch. Because each VLAN is considered as a different logical bridge with PVST+ and rapid PVST+, the same switch

must have as many different bridge IDs as VLANs configured on it. Each VLAN on the switch has a unique 8-byte bridge ID. The

two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC

address.

The switch supports the 802.1t spanning-tree extensions, and some of the bits previously used for the switch priority are now

used as the VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs

can be supported, all while maintaining the uniqueness of the bridge ID. As shown in Table 8-1, the two bytes previously used

for the switch priority are reallocated into a 4-bit priority value and a 12-bit extended system ID value equal to the VLAN ID.

Table 9-1 Switch Priority Value and Extended System ID

Page 43: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 34 - - www.stephen-tele.com

Spanning tree uses the extended system ID, the switch priority, and the allocated spanning-tree MAC address to make the

bridge ID unique for each VLAN. Because the switch stack appears as a single switch to the rest of the network, all switches in

the stack use the same bridge ID for a given spanning tree. If the stack master fails, the stack members recalculate their bridge

IDs of all running spanning trees based on the new MAC address of the new stack master.

Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the

switch priority of a VLAN. For example, when you change the switch priority value,you change the probability that the switch

will be elected as the root switch. Configuring a higher value decreases the probability; a lower value increases the probability.

7.7 Spanning-Tree Interface States

Propagation delays can occur when protocol information passes through a switched LAN. As a result,topology changes can

take place at different times and at different places in a switched network. When an interface transitions directly from

nonparticipation in the spanning-tree topology to the forwarding state, it can create temporary data loops. Interfaces must

wait for new topology information to propagate through the switched LAN before starting to forward frames. They must allow

the frame lifetime to expire for forwarded frames that have used the old topology.

Each Layer 2 interface on a switch using spanning tree exists in one of these states:

� Blocking—The interface does not participate in frame forwarding.

� Listening—The first transitional state after the blocking state when the spanning tree decides that the interface should

participate in frame forwarding.

� Learning—The interface prepares to participate in frame forwarding.

� Forwarding—The interface forwards frames.

� Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no

spanning-tree instance running on the port.

An interface moves through these states:

� From initialization to blocking

� From blocking to listening or to disabled

� From listening to learning or to disabled

� From learning to forwarding or to disabled

� From forwarding to disabled

The following Figure illustrates how an interface moves through the states.

Page 44: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 35 - - www.stephen-tele.com

Figure 9-2 Spanning-Tree Interface States

When you power up the switch, spanning tree is enabled by default, and every interface in the switch,VLAN, or network goes

through the blocking state and the transitory states of listening and learning.Spanning tree stabilizes each interface at the

forwarding or blocking state.

When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this process occurs:

1. The interface is in the listening state while spanning tree waits for protocol information to transition the interface to the

blocking state.

2. While spanning tree waits the forward-delay timer to expire, it moves the interface to the learning state and resets the

forward-delay timer.

3. In the learning state, the interface continues to block frame forwarding as the switch learns

end-station location information for the forwarding database.

4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state,where both learning and

frame forwarding are enabled.

7.7.1 Blocking State

A Layer 2 interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU is sent to each

switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange

establishes which switch in the network is the root or root switch. If there is only one switch in the network, no exchange

occurs, the forward-delay timer expires, and the interface moves to the listening state. An interface always enters the blocking

state after switch initialization.

An interface in the blocking state performs these functions:

Page 45: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 36 - - www.stephen-tele.com

� Discards frames received on the interface

� Discards frames switched from another interface for forwarding

� Does not learn addresses

� Receives BPDUs

7.7.2 Listening State

The listening state is the first state a Layer 2 interface enters after the blocking state. The interface enters this state when the

spanning tree decides that the interface should participate in frame forwarding.

An interface in the listening state performs these functions:

� Discards frames received on the interface

� Discards frames switched from another interface for forwarding

� Does not learn addresses

� Receives BPDUs

7.7.3 Learning State

A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the learning state

from the listening state.

An interface in the learning state performs these functions:

� Discards frames received on the interface

� Discards frames switched from another interface for forwarding

� Learns addresses

� Receives BPDUs

7.7.4 Forwarding State

A Layer 2 interface in the forwarding state forwards frames. The interface enters the forwarding state from the learning state.

An interface in the forwarding state performs these functions:

� Receives and forwards frames received on the interface

� Forwards frames switched from another interface

� Learns addresses

� Receives BPDUs

Page 46: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 37 - - www.stephen-tele.com

7.7.5 Disabled State

A Layer 2 interface in the disabled state does not participate in frame forwarding or in the spanning tree.An interface in the

disabled state is nonoperational.

A disabled interface performs these functions:

� Discards frames received on the interface

� Discards frames switched from another interface for forwarding

� Does not learn addresses

� Does not receive BPDUs

7.8 How a Switch or Port Becomes the Root Switch or Root Port

If all switches in a network are enabled with default spanning-tree settings, the switch with the lowest MAC address becomes

the root switch. In the following Figure, Switch A is elected as the root switch because the switch priority of all the switches is

set to the default (32768) and Switch A has the lowest MAC address. However, because of traffic patterns, number of

forwarding interfaces, or link types, Switch A might not be the ideal root switch. By increasing the priority (lowering the

numerical value) of the idealswitch so that it becomes the root switch, you force a spanning-tree recalculation to form a new

topology with the ideal switch as the root.

Figure9-3 Spanning-Tree Topology

When the spanning-tree topology is calculated based on default parameters, the path between source and destination end

stations in a switched network might not be ideal. For instance, connecting higher-speed links to an interface that has a higher

number than the root port can cause a root-port change. The goal is to make the fastest link the root port.

For example, assume that one port on Switch B is a Gigabit Ethernet link and that another port on Switch B (a 10/100 link) is

the root port. Network traffic might be more efficient over the Gigabit Ethernet link. By changing the spanning-tree port

priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port

Page 47: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 38 - - www.stephen-tele.com

becomes the new root port.

7.9 Spanning Tree and Redundant Connectivity

You can create a redundant backbone with spanning tree by connecting two switch interfaces to another device or to two

different devices, as shown in the following Figure. Spanning tree automatically disables one interface but enables it if the

other one fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds are the

same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value.

Figure 9-4 Spanning Tree and Redundant Connectivity

You can also create redundant links between switches by using Channel groups.

7.10 Spanning-Tree Address Management

IEEE 802.1D specifies 17 multicast addresses, ranging from 0x0180C2000000 to 0x0180C2000010, to be used by different

bridge protocols. These addresses are static addresses that cannot be removed.

Regardless of the spanning-tree state, each switch in the stack receives but does not forward packets destined for addresses

between 0x0180C2000000 and 0x0180C200000F.

If spanning tree is enabled, the CPU on each switch in the stack receives packets destined for

0x0180C2000000 and 0x0180C2000010. If spanning tree is disabled, each switch in the stack forwards those packets as

unknown multicast addresses.

Page 48: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 39 - - www.stephen-tele.com

7.11 Accelerated Aging to Retain Connectivity

The default for aging dynamic addresses is 5 minutes, the default setting of the mac address-table aging-time global

configuration command. However, a spanning-tree reconfiguration can cause many station locations to change. Because these

stations could be unreachable for 5 minutes or more during a reconfiguration, the address-aging time is accelerated so that

station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the

forward-delay parameter value when the spanning tree reconfigures.

7.12 Configuring STP Features

These sections describe how to configure spanning-tree features:

� Configure the mode of the spanning-tree

� Configure the Bridge priority for a switch

� Configure the time parameters of a switch

� Configure the priority of a port

� Enable/disable STP on the device

� Enable/disable STP on a port

7.12.1 Configure the mode of the spanning-tree

Beginning in privileged EXEC mode, follow these steps to configure the mode of spanning-tree for a switch.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 Spanning-tree mode [ stp | rstp ] Configure the mode of the spanning-tree.

Step 3 exit Return to privileged EXEC mode.

Step 4 show spanning-tree model Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

7.12.2 Configure the Bridge Priority for a Switch

Whether a switch can be elected as the spanning tree root depends on its Bridge priority. The switch configured with a smaller

Page 49: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 40 - - www.stephen-tele.com

Bridge priority is more likely to become the root.

Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 spanning-tree bridge priority priority Configure the Bridge priority of the

Designated bridge.

Step 3 exit Return to privileged EXEC mode.

Step 4 show spanning-tree bridge Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

����Note:

For priority, the range is 1 to 65535; the default is 32768. The lower the number, the more likely the switch will be

chosen as the root switch.

����Note:

In the process of spanning tree root election, of two or more switches with the lowest Bridge priorities, the one has a

smaller MAC address will be elected as the root.

7.12.3 Configure the Time Parameters of a Switch

The switch has three time parameters, Forward Delay, Hello Time, and Max Age.Forward Delay is the switch state transition

mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the

configuration BPDU recalculated cannot be immediately propagated throughout the network. The temporary loops may occur

if the new root port and designated port forward data right after being elected. Therefore the protocol adopts a state

transition mechanism. It takes a Forward Delay interval for the root port and designated port to transit from the learning state

to forwarding state. The Forward Delay guarantees a period of time during which the new configuration BPDU can be

propagated throughout the network.

The switch sends Hello packet periodically at an interval specified by Hello Time to check if there is any link fault.

Max Age specifies when the configuration BPDU will expire. The switch will discard the expired configuration BPDU.

You can use the following command to configure the time parameters for the switch.

Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.

Page 50: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 41 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 spanning-tree bridge forward centiseconds

Configure Forward Delay on the switch.

For forward delay, the range is 400 to

3000; the default is 1500.

Step 3 spanning-tree bridge hellotime centiseconds Configure Hello Time on the switch.

For hello time, the range is 100 to 1000;

the default is 200.

Step 4 spanning-tree bridge maxage centiseconds Configure Max Age on the switch.

For Max Age, the range is 10 to 1000000;

the default is 2000.

Step 5 exit Return to privileged EXEC mode.

Step 6 show spanning-tree bridge Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

Caution:

The Forward Delay configured on a switch depends on the switching network diameter.Generally, the Forward Delay is

supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute

some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming.

The default value is recommended.

A suitable Hello Time ensures the switch to detect the link fault on the network but occupy moderate network

resources. The default value is recommended. If you set too long a Hello Time, when there is packet dropped over a

link, the switch may consider it as link fault and the network device will recalculate the spanning tree

accordingly.However, for too short a Hello Time, the switch frequently sends configuration BPDU,which adds its burden

and wastes the network resources.

Too short a Max Age may cause the network device frequently calculate the spanning tree and mistake the congestion

as link fault. However, if the Max Age is too long, the network device may not be able to discover the link fault and

recalculate the spanning tree in time, which will weaken the auto-adaptation capacity of the network. The default value

is recommended.

To avoid frequent network flapping, the values of Hello Time, Forward Delay and Maximum Age should guarantee the

following formulas equal.

2 * (forward-delay - 1seconds) >= maximum-age

maximum-age >= 2 * (hello + 1.0 seconds)

You are recommended to use the stp root primary command to specify the network diameter and Hello Time of the switching

network, thus MSTP will automatically calculate and give the rather desirable values.

Page 51: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 42 - - www.stephen-tele.com

7.12.4 Configure Port Priority

If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the

forwarding state. You can assign higher priority values (lower numerical values) to interfaces that you want selected first and

lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value,

spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.

Beginning in privileged EXEC mode, follow these steps to configure the port priority.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 spanning-tree port port-number priority priority Configure port priority

For priority, the range is 1 to 255; the

default is 128.

Step 3 exit Return to privileged EXEC mode.

Step 4 show spanning-tree bridge Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

7.12.5 Enable/Disable STP on the Device

You can use the following command to enable STP on the device.

Beginning in privileged EXEC mode, follow these steps to enable stp on the device.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 system span enable Enable STP on a device

Step 3 exit Return to privileged EXEC mode.

Step 4 show system config Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable STP on a device, use system span disable global configuration command.

Only if STP has been enabled on the device will other STP configurations take effect.

By default, STP is disabled.

Page 52: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 43 - - www.stephen-tele.com

7.12.6 Enable/Disable STP on a Port

You can use the following command to enable/disable STP on a port. You may disable STP on some Ethernet ports of a switch

to spare them from spanning tree calculation. This is a measure to flexibly control STP operation and save the CPU resources

of the switch.

Beginning in privileged EXEC mode, follow these steps to enable stp on a port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 spanning-tree port port-number enable Enable STP on a device

Step 3 exit Return to privileged EXEC mode.

Step 4 show spanning-tree ports Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable STP on a port, use spanning-tree port port-number disable global configuration command.

Note that redundant route may be generated after STP is disabled.

By default, STP is enabled on all the ports after it is enabled on the device.

7.13 Configuring RSTP Features

These sections describe how to configure spanning-tree features:

� Configure the mode of the spanning-tree

� Configure the Bridge priority for a switch

� Configure the time parameters of a switch

� Configure the priority of a port

� Enable/disable STP on the device

7.13.1 Configure the mode of the spanning-tree

Beginning in privileged EXEC mode, follow these steps to configure the mode of spanning-tree for a switch.

Command Purpose

Page 53: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 44 - - www.stephen-tele.com

Step 1 config terminal Enter global configuration mode.

Step 2 Spanning-tree mode [ stp | rstp ] Configure the mode of the spanning-tree.

Step 3 exit Return to privileged EXEC mode.

Step 4 show rstp model Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

7.13.2 Configure the Bridge Priority for a Switch

Whether a switch can be elected as the spanning tree root depends on its Bridge priority. The switch configured with a smaller

Bridge priority is more likely to become the root.

Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 rstp bridge priority priority Configure the Bridge priority of the

Designated bridge.

Step 3 exit Return to privileged EXEC mode.

Step 4 show rstp bridge Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

����Note:

For priority, the range is 1 to 61440; the default is 32768. The lower the number, the more likely the switch will be

chosen as the root switch.

����Note:

In the process of spanning tree root election, of two or more switches with the lowest Bridge priorities, the one has a

smaller MAC address will be elected as the root.

7.13.3 Configure the Time Parameters of a Switch

The switch has three time parameters, Forward Delay, Hello Time, and Max Age.Forward Delay is the switch state transition

mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the

configuration BPDU recalculated cannot be immediately propagated throughout the network. The temporary loops may occur

if the new root port and designated port forward data right after being elected. Therefore the protocol adopts a state

transition mechanism. It takes a Forward Delay interval for the root port and designated port to transit from the learning state

Page 54: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 45 - - www.stephen-tele.com

to forwarding state. The Forward Delay guarantees a period of time during which the new configuration BPDU can be

propagated throughout the network.

The switch sends Hello packet periodically at an interval specified by Hello Time to check if there is any link fault.

Max Age specifies when the configuration BPDU will expire. The switch will discard the expired configuration BPDU.

You can use the following command to configure the time parameters for the switch.

Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 rstp bridge forward centiseconds

Configure Forward Delay on the switch.

For forward delay, the range is 400 to

3000; the default is 1500.

Step 3 rstp bridge hellotime centiseconds Configure Hello Time on the switch.

For hello time, the range is 100 to 1000;

the default is 200.

Step 4 rstp bridge maxage centiseconds Configure Max Age on the switch.

For Max Age, the range is 10 to 1000000;

the default is 2000.

Step 5 exit Return to privileged EXEC mode.

Step 6 show rstp bridge Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

Caution:

The Forward Delay configured on a switch depends on the switching network diameter.Generally, the Forward Delay

is supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute

some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming.

The default value is recommended.

A suitable Hello Time ensures the switch to detect the link fault on the network but occupy moderate network

resources. The default value is recommended. If you set too long a Hello Time, when there is packet dropped over a

link, the switch may consider it as link fault and the network device will recalculate the spanning tree

accordingly.However, for too short a Hello Time, the switch frequently sends configuration BPDU,which adds its

burden and wastes the network resources.

Too short a Max Age may cause the network device frequently calculate the spanning tree and mistake the

congestion as link fault. However, if the Max Age is too long, the network device may not be able to discover the link

fault and recalculate the spanning tree in time, which will weaken the auto-adaptation capacity of the network. The

default value is recommended.

Page 55: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 46 - - www.stephen-tele.com

To avoid frequent network flapping, the values of Hello Time, Forward Delay and Maximum Age should guarantee the

following formulas equal.

2 * (forward-delay - 1seconds) >= maximum-age

maximum-age >= 2 * (hello + 1.0 seconds)

You are recommended to use the stp root primary command to specify the network diameter and Hello Time of the switching

network, thus MSTP will automatically calculate and give the rather desirable values.

7.13.4 Configure Port Priority

If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the

forwarding state. You can assign higher priority values (lower numerical values) to interfaces that you want selected first and

lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value,

spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.

Beginning in privileged EXEC mode, follow these steps to configure the port priority.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 rstp port port-number priority priority Configure port priority

For priority, the range is 1 to 255; the

default is 128.

Step 3 exit Return to privileged EXEC mode.

Step 4 show rstp bridge Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

7.13.5 Enable/Disable STP on the Device

You can use the following command to enable STP on the device.

Beginning in privileged EXEC mode, follow these steps to enable stp on the device.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 system span enable Enable STP on a device

Step 3 exit Return to privileged EXEC mode.

Step 4 show system config Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 56: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 47 - - www.stephen-tele.com

To disable STP on a device, use system span disable global configuration command.

Only if STP has been enabled on the device will other STP configurations take effect.

By default, STP is disabled.

7.13.6 Enable/Disable STP on a Port

You can use the following command to enable/disable STP on a port. You may disable STP on some Ethernet ports of a switch

to spare them from spanning tree calculation. This is a measure to flexibly control STP operation and save the CPU resources

of the switch.

Beginning in privileged EXEC mode, follow these steps to enable stp on a port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 rstp port port-number enable Enable STP on a device

Step 3 exit Return to privileged EXEC mode.

Step 4 show rstp ports Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable STP on a port, use rstp port port-number disable global configuration command.

Note that redundant route may be generated after STP is disabled.

By default, STP is enabled on all the ports after it is enable

8 IP Address Configuration

8.1 IP Address Overview

8.1.1 IP Address Classification and Indications

IP address is a 32-bit address allocated to the devices which access into the Internet. It consists of two fields: net-id field and

host-id field. There are five types of IP address. See the following figure.

Page 57: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 48 - - www.stephen-tele.com

Figure 10-1 Five classes of IP address

Where, Class A, Class B and Class C are unicast addresses, while Class D addresses are multicast ones and class E addresses are

reserved for special applications in future. The first three types are commonly used.

The IP address is in dotted decimal format. Each IP address contains 4 integers in dotted decimal notation. Each integer

corresponds to one byte, e.g.10.110.50.101.

When using IP addresses, it should also be noted that some of them are reserved for special uses, and are seldom used. The IP

addresses you can use are listed in the following table.

Table 10-1 IP address classes and ranges

Network class

Address range

IP network range

Note

Page 58: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 49 - - www.stephen-tele.com

A

0.0.0.0 to

127.255.255.255

1.0.0.0 to

126.0.0.0

Host ID with all the digits being 0 indicates that the IP

address is the network address, and is used for network

routing.

Host ID with all the digits being 1 indicates the broadcast

address, i.e.broadcast to all hosts on the network.

IP address 0.0.0.0 is used for the host that is not put into use

after starting up.

The IP address with network number as 0 indicates the

current network and its network can be cited by the router

without knowing its network number.

Network ID with the format of 127.X.Y.Z is reserved for

self-loop test and the packets sent to this address will not

be output to the line. The

packets are processed internally and regarded as input

packets.

B

128.0.0.0 to

191.255.255.255

128.0.0.0 to

191.254.0.0

Host ID with all the digits being 0 indicates that the IP

address is the network address, and is used for network

routing.

Host ID with all the digits being 1 indicates the broadcast

address, i.e.broadcast to all hosts on the network.

C

192.0.0.0 to

223.255.255.255

192.0.0.0 to

223.255.254.0

Host ID with all the digits being 0 indicates that the IP

address is the network address, and is used for network

routing.

Host ID with all the digits being 1 indicates the broadcast

address, i.e.broadcast to all hosts on the network.

D

224.0.0.0 to

239.255.255.255

None

Addresses of class D are multicast addresses.

E

240.0.0.0 to

255.255.255.254

None

The addresses are reserved for futureuse.

Other

addresses

255.255.255.255

255.255.255.255

255.255.255.255 is used as LAN broadcast address.

Page 59: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 50 - - www.stephen-tele.com

8.1.2 Subnet and Mask

Nowadays, with rapid development of the Internet, IP addresses are depleting very fast.The traditional IP address allocation

method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concept of mask and subnet is

proposed.

A mask is a 32-bit number corresponding to an IP address. The number consists of 1s and 0s. Principally, these 1s and 0s can

be combined randomly. However, the first consecutive bits are set to 1s when designing the mask. The mask divides the IP

address into two parts: subnet address and host address. The bits 1s in the address and the mask indicate the subnet address

and the other bits indicate the host address.If there is no sub-net division, then its sub-net mask is the default value and the

length of "1" indicates the net-id length. Therefore, for IP addresses of classes A, B and C, the default values of corresponding

sub-net mask are 255.0.0.0, 255.255.0.0 and 255.255.255.0 respectively.

The mask can be used to divide a Class A network containing more than 16,000,000 hosts or a Class B network containing

more than 60,000 hosts into multiple small networks. Each small network is called a subnet. For example, for the Class B

network address 138.38.0.0, the mask 255.255.224.0 can be used to divide the network into 8 subnets: 138.38.0.0,

138.38.32.0, 138.38.64.0, 138.38.96.0, 138.38.128.0, 138.38.160.0, 138.38.192.0 and 138.38.224.0 (Refer to the following

figure). Each subnet can contain more than 8000 hosts.

Figure 10-2 Subnet division of IP address

8.2 Configuring IP Address

The IP address configuration includes:

� Configuring the AUX port IP Address

� Configuring the IP Address of the VLAN Interface

Page 60: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 51 - - www.stephen-tele.com

8.2.1 Configuring the AUX port IP Address

When you use the applications like telnet or http locally, you can use IP address

Beginning in privileged EXEC mode, follow these steps to configure the AUX port IP address.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface aux ipaddress set ip-address net-mask Configure the AUX port IP address.

By default AUX port IP address is

192.168.1.168.

Step 3 exit Return to privileged EXEC mode.

Step 4 show interface aux Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete AUX port IP address, use interface aux ipaddress delete ip-address global configuration commad.

8.2.2 Configuring the IP Address of the VLAN Interface

You can configure an IP address for every VLAN interface of the switch. Generally, it is enough to configure one IP address for

an interface. You can also configure thirty two IP addresses for an interface at most, so that it can be connected to several

subnets. Beginning in privileged EXEC mode, follow these steps to configure the IP address of the VLAN interface.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip address add vint interface-id ip-address net-mask

vid vlan-id [description string]

Configure the IP address of the VLAN

interface.

Interface-id is virtual interface number,

range is 0 to 32.

By default, the IP address of a VLAN

interface is null.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip address Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete the IP address of the VLAN interface, use ip address delete ip-address global configuration command.

8.3 IP Address Configuration Example

I. Networking requirements

Page 61: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 52 - - www.stephen-tele.com

Configure the IP address as 129.2.2.1 and sub-net mask as 255.255.255.0 for the VLAN 1 of the switch.

II. Networking diagram

Figure 10-3 IP address configuration networking

III. Configuration procedure

Switch(config)#ip address add vint 1 129.2.2.1 255.255.255.0 vid 1

8.4 Troubleshooting IP Address Configuration

Fault 1: The switch cannot ping through a certain host in the LAN.

Troubleshooting can be performed as follows:

Check the configuration of the switch. Use show arp command to view the ARP entry table that the Switch maintains.

� Troubleshooting: First check which VLAN includes the port of the switch used to connect to the host.

� Check whether the VLAN has been configured with the VLAN interface. Then check whether the IP address of the VLAN

interface and the host is on the same network segment.

Page 62: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 53 - - www.stephen-tele.com

9 ARP Configuration

9.1 Introduction to ARP

I. Necessity of ARP

An IP address cannot be directly used for communication between network devices because network devices can only identify

MAC addresses. An IP address is only an address of a host in the network layer. To send the data packets transmitted through

the network layer to the destination host, physical address of the host is required. So the IP address must be resolved into a

physical address.

II. ARP implementation procedure

When two hosts on the Ethernet communicate, they must know the MAC addresses of each other. Every host will maintain

the IP-MAC address translation table, which is known as ARP mapping table. A series of maps between IP addresses and MAC

addresses of other hosts which were recently used to communicate with the local host are stored in the ARP mapping table.

When a dynamic ARP mapping entry is not in use for a specified period of time, the host will remove it from the ARP mapping

table so as to save the memory space and shorten the interval for switch to search ARP mapping table.

Suppose there are two hosts on the same network segment: Host A and Host B. The IP address of Host A is IP_A and the IP

address of Host B is IP_B. Host A will transmit messages to Host B. Host A checks its own ARP mapping table first to make sure

whether there are corresponding ARP entries of IP_B in the table. If the corresponding MAC address is detected, Host A will

use the MAC address in the ARP mapping table to encapsulate the IP packet in frame and send it to Host B. If the

corresponding MAC address is not detected, Host A will store the IP packet in the queue waiting for transmission, and

broadcast it throughout the Ethernet. The ARP request packet contains the IP address of Host B and IP address and MAC

address of Host A. Since the ARP request packet is broadcast, all hosts on the network segment can receive the request.

However, only the requested host (i.e., Host B) needs to process the request.Host B will first store the IP address and the MAC

address of the request sender (Host A) in the ARP request packet in its own ARP mapping table. Then Host B will generate an

ARP reply packet into which, it will add MAC address of Host B, and then send it to Host A. The reply packet will be directly

sent to Host A in stead of being broadcast. Receiving the reply packet, Host A will extract the IP address and the corresponding

MAC address of Host B and add them to its own ARP mapping table. Then Host A will send Host B all the packets standing in

the queue.

Normally, dynamic ARP executes and automatically searches for the resolution from the IP address to the Ethernet MAC

address without the administrator.

Page 63: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 54 - - www.stephen-tele.com

9.2 Configuring ARP

The ARP mapping table can be maintained dynamically or manually. Usually, the manually configured mapping from the IP

addresses to the MAC addresses is known as static ARP. The user can display, add or delete the entries in the ARP mapping

table through relevant manual maintenance commands.

The static ARP configuration includes:

� Manually adding/deleting static ARP Mapping Entries

� Clear up the ARP table.

9.2.1 Manually Adding/Deleting Static ARP Mapping Entries

Beginning in privileged EXEC mode, follow these steps to add static ARP mapping entries.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 arp add ip-address mac-address Add static ARP mapping entries.

Step 3 exit Return to privileged EXEC mode.

Step 4 show arp Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete static ARP mapping entries, use arp delete ip-address global configuration command.

By default, the ARP mapping table is empty and the address mapping is obtained through dynamic ARP.

9.2.2 Clear up ARP Mapping Entries

Beginning in privileged EXEC mode, follow these steps to clear up ARP mapping entries.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 arp flush Clear up ARP mapping entries.

Step 3 exit Return to privileged EXEC mode.

Step 4 show arp Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 64: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 55 - - www.stephen-tele.com

10 Configuring IP Routing

This chapter describes how to configure IP routing on the SPEED S3224A. A switch operates and appears as a single router to

the rest of the routers in the network. Basic routing functions, including static routing,the Routing Information Protocol (RIP)

and Open Shortest Path First protocol (OSPF).

10.1 Introduction to IP Route and Routing Table

10.1.1 IP Route and Route Segment

Routers are implemented for route selection in the Internet. A router works in the following way: It selects an appropriate

path (through a network) according to the destination address of its received packet and forwards the packet to the next

router. It works in this way hop by hop and the last router in the path is responsible for submitting the packet to the

destination host to complete the IP packet forwarding and the routing across network segments.

In a network, the router regards a path for sending a packet as a logical route unit, and calls it a Hop. For example, in the figure

below, a packet sent from Host A to Host C, a packet should go through 2 routers and the packet is transmitted through two

hops and router segments. Therefore, when a node is connected to another node through a network, there is a hop between

these two nodes and these two nodes are deemed as adjacent in the Internet. In the same principle, the adjacent routers refer

to two routers connected to the same network. The number of route segments between a router and hosts in the same

network counted as zero. In the following figure, the bold arrows represent the hops. A router can be connected to any

physical link that constitutes a route segment for routing packets via the network.

Page 65: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 56 - - www.stephen-tele.com

Figure 12-1 About hops

As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also

different. The number of route segments multiplies a weighted coefficient can serve as a weighted measurement for the

actual length of the signal transmission path.

If a router in a network is regarded as a node and a route segment in the Internet is regarded as a link, message routing in the

Internet works in a similar way as the message routing in a conventional network. Message routed through the shortest route

may not always be the optimal way route. For example, routing through 3 LAN route segments may be much faster than that

through 2 WAN route segments.

10.1.2 Route Selection through the Routing Table

The key for a router to forward packets is the routing table. Each router saves a routing table in its memory, and each entry of

this table specifies the physical port of the router through which the packet is sent to a subnet or a host. Therefore, it can

reach the next router in via a particular path or reach a destination host via directly connected network.

A routing table has the following key entries:

� Destination address: It is used to identify the destination IP address or thedestination network of IP packet, which is 32

bits in length.

� Network mask: It is made up of several consecutive "1"s, which can be expressed either in the dotted decimal format or

by the number of the consecutive "1" s in the mask. Combining with the destination address, it is used to identify the

network address of the destination host or router. If the destination address is ANDed with the network mask, you will

get the address of the network segment where the destination host or router is located. For example, if the destination

address is 129.102.8.10, the address of the network where the host or the router with the mask 255.255.0.0 is located

will be 129.102.0.0.

Page 66: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 57 - - www.stephen-tele.com

� Output interface: It indicates an interface through which an IP packet should be forwarded.

� Next hop address: Indicates the next router that an IP packet will pass through.

� Priority added to the IP routing table for a route: There may be different next hops to the same destination. These routes

may be discovered by different routing protocols, or they can just be the static routes configured manually. The one with

the highest priority (the smallest numerical value) will be selected as the current optimal route.

According to different destinations, the routes can be divided into the following:

� Subnet route: The destination is a subnet.

� Host route: The destination is a host In addition, according to whether the network of the destination host is directly

connected to the router, there are the following types of routes:

� Direct route: The router is directly connected to the network where the destination locates.

� Indirect route: The router is not directly connected to the network where the destination locates.

In order to limit the size oft the routing table, an option is available to set a default route.All the packets that fail to find the

suitable entry will be forwarded through this default route.

In a complicated Internet as shown in the following figure, the number in each network is the network address. The router R8

is connected with three networks, so it has three IP addresses and three physical ports, and its routing table is shown in the

diagram below:

Figure 12-2 The routing table

Page 67: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 58 - - www.stephen-tele.com

10.2 Routing Management Policy

This Series Routing Switches support the configuration of a series of dynamic routing protocols such as RIP, OSPF , as well as

the static routes. The static routes configured by the user are managed together with the dynamic routes as detected by the

routing protocol. The static routes and the routes learned or configured by different routing protocols can also be shared with

each other.

10.2.1 Routing protocols and the preferences of the corresponding routes

Different routing protocols (as well as the static configuration) may generate different routes to the same destination, but not

all these routes are optimal. In fact, at a certain moment, only one routing protocol can determine a current route to a specific

destination. Thus, each of these routing protocols (including the static configuration) is set a preference, and when there are

multiple routing information sources, the route discovered by the routing protocol with the highest preference will become

the current route. Routing protocols and the default preferences (the smaller the value, the higher the preference is) of the

routes learned by them are shown in the following table.

Table 12-1 Routing protocols and the default preferences for the routes learned by them

Routing protocol or route type The preference of the corresponding route

DIRECT 0

OSPF

10

STATIC

60

RIP 100

UNKNOWN

255

In the table, 0 indicates a direct route. 255 Indicates any route from unreliable source. Except for direct routing, the

preferences of various dynamic routing protocols can be manually configured to meet the user requirements. In addition, the

preferences for individual static routes can be different.

10.2.2 Supporting Load Sharing and Route Backup

I. Load sharing

Page 68: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 59 - - www.stephen-tele.com

Load sharing: Support multi-route mode, permitting to configure multiple routes that reach the same destination and use the

same precedence. The same destination can be reached via multiple different paths, whose precedences are equal. When

there is no route that can reach the same destination with a higher precedence, the multiple routes will be adopted by IP,

which will forward the packets to the destination via these paths so as to implement load sharing.

For the same destination, a specified routing protocol may find multiple different routes.If the routing protocol has the highest

precedence among all active routing protocols,these multiple routes will be regarded as currently valid routes. Thus, load

sharing of IP traffic is ensured in terms of routing protocols.

II. Route backup

Route backup: Support route backup. When main route is in failure, the system will automatically switch to a backup route to

improve the network reliability.In order to achieve route backup, the user can configure multiple routes to the same

destination according to actual situation. One of the routes has the highest precedence and is called as main route. The other

routes have descending precedences and are called as backup routes. Normally, the router sends data via main route. When

the line is in failure, the main route will hide itself and the router will choose one from the left routes as a backup route whose

precedence is higher than others’ to send data. In this way, the switchover from the main route to the backup route is realized.

When the main route recovers, the router will restore it and re-select route. As the main route has the highest precedence,

the router will choose the main route to send data. This process is the automatic switchover from the backup route to the

main route.

10.2.3 Routes Shared between Routing Protocols

As the algorithms of various routing protocols are different, different protocols may generate different routes, thus bringing

about the problem of how to resolve the differences when different routes are generated by different routing protocols. The

SPEED series switches can import the information of another routing protocol.Each protocol has its own route redistribution

mechanism.

Page 69: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 60 - - www.stephen-tele.com

10.3 Static Route Configuration

10.3.1 Introduction to Static Route

10.3.1.1 Attributes and Functions of Static Route

A static route is a special route. You can set up an interconnecting network with the static route configuration. The problem

for such configuration is when a fault occurs to the network, the static route cannot change automatically to steer away from

the node causing the fault, if without the help of an administrator. In a relatively simple network, you only need to configure

the static routes to make the router work normally. The proper configuration and usage of the static route can improve the

network performance and ensure the bandwidth of the important

applications.

10.3.1.2 Default Route

A default route is a static route, too. A default route is a route used only when no suitable routing table entry is matched and

when no proper route is found, the default route is used. In a routing table, the default route is in the form of the route to the

network 0.0.0.0 (with the mask 0.0.0.0). You can see whether it has been set via the output of the command display ip

routing-table. If the destination address of a packet fails in matching any entry of the routing table, the router will select the

default route to forward this packet. If there is no default route and the destination address of the packet fails in matching any

entry in the routing table, this packet will be discarded, and an Internet Control Message Protocol (ICMP) packet will be sent to

the originating host to inform that the destination host or network is unreachable. Default route is very useful in the networks.

Suppose that there is a typical network, which consists of hundreds of routers. In that network, far from less bandwidth would

be consumed if you put all kinds of dynamic routing protocols into use without configuring a default route. Using the default

route could provide an appropriate bandwidth, even not achieving a high bandwidth, for communications between large

numbers of users.

10.3.2 Static Route Configuration

Static Route Configuration includes:

� Configuring a static route

� Configuring a default route

Page 70: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 61 - - www.stephen-tele.com

10.3.2.1 Configuring a static route

Perform the following configurations in global configuration mode.

Beginning in privileged EXEC mode, follow these steps to configure a static route.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip route static add dst-ipaddress net-mask next-hop

[description string|usehw {yes|no}|gateway

{yes|no}|mac mac-address|port port-number|vid

vlan-id]

Configuring a static route.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip route static Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete a static route use ip route static delete dst-ipaddress global configuration command.

The parameters are explained as follows:

� dst-ipaddress and net-mask

The dst-ipaddress and net-mask are in a dotted decimal format. As "1"s in the 32-bit mask is required to be consecutive, the

dotted decimal mask can also be replaced by the mask-length (which refers to the digits of the consecutive "1"s in the mask).

� Next-hop address

When configuring a static route, you can specify the gateway-address to decide the next hop address, depending on the actual

conditions.

In fact, for all the routing items, the next hop address must be specified. When IP layer transmits a packet, it will first search

the matching route in the routing table according to the destination address of the packet. Only when the next hop address of

the route is specified can the link layer find the corresponding link layer address, and then forward the packet according to this

address.

10.3.2.2 Configuring a default route

Perform the following configurations in global configuration mode.

Beginning in privileged EXEC mode, follow these steps to configure a default route.

Page 71: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 62 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip route static add 0.0.0.0 0.0.0.0 next-hop

[description string|usehw {yes|no}|gateway

{yes|no}|mac mac-address|port port-number|vid

vlan-id]

Configuring default route.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip route static Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete a static route use ip route static delete 0.0.0.0 global configuration command.

The meanings of parameters in the command are the same as those of the static route.

10.3.3 Typical Static Route Configuration Example

I. Networking requirements

As shown in the figure below, the masks of all the IP addresses in the figure are 255.255.255.0. It is required that all the hosts

or Routing Switches can be interconnected in pairs by configuring static routes.

II. Networking diagram

Figure 12-3 Networking diagram of the static route configuration example

III. Configuration procedure

Page 72: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 63 - - www.stephen-tele.com

# Setting switch A VLAN and specifying IP address for VLAN

switchA(config)#vlan static set vid 1 01-02-

switchA(config)#vlan static set vid 2 01u

switchA(config)#vlan static set vid 3 02u

switchA(config)#vlan port pvid 1 2

switchA(config)#vlan port pvid 2 3

switchA(config)#ip address add vint 1 1.1.1.2 255.255.255.0 vid 2

switchA(config)#ip address add vint 2 1.1.2.1 255.255.255.0 vid 3

# Setting default route for switch A

switchA(config)#ip route static add 0.0.0.0 0.0.0.0 1.1.2.2

# Setting switch B VLAN and specifying IP address for VLAN

switchB(config)#vlan static set vid 1 01-02-

switchB(config)#vlan static set vid 2 01u

switchB(config)#vlan static set vid 3 02u

switchB(config)#vlan port pvid 1 2

switchB(config)#vlan port pvid 2 3

switchB(config)#ip address add vint 1 1.1.4.1 255.255.255.0 vid 2

switchB(config)#ip address add vint 2 1.1.3.2 255.255.255.0 vid 3

# Setting default route for switch B

switchB(config)#ip route static add 0.0.0.0 0.0.0.0 1.1.3.1

# Setting switch C VLAN and specifying IP address for VLAN

switchC(config)#vlan static set vid 1 01-02-03-

switchC(config)#vlan static set vid 2 01u

switchC(config)#vlan static set vid 3 02u

switchC(config)#vlan static set vid 4 03u

switchC(config)#vlan port pvid 1 2

switchC(config)#vlan port pvid 2 3

switchC(config)#vlan port pvid 3 4

switchC(config)#ip address add vint 1 1.1.2.2 255.255.255.0 vid 2

switchC(config)#ip address add vint 2 1.1.3.1 255.255.255.0 vid 3

switchC(config)#ip address add vint 3 1.1.5.2 255.255.255.0 vid 3

# Setting static route for switch C

switchC(config)#ip route static add 1.1.1.0 255.255.255.0 1.1.2.1

switchC(config)#ip route static add 1.1.4.0 255.255.255.0 1.1.3.2

Page 73: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 64 - - www.stephen-tele.com

10.3.4 Static Route Fault Diagnosis and Troubleshooting

By default the Switch is not configured with the dynamic routing protocol and both the physical status and the link layer

protocol status of the interface is UP, but the IP packets cannot be forwarded normally.

Troubleshooting:

� Use the show ip route static command to view whether the corresponding static route is correctly configured.

� Use the show ip route table command to view whether the corresponding route is valid.

10.4 RIP Configuration

10.4.1 Brief Introduction to RIP

Routing Information Protocol (RIP) is a relatively simple dynamic routing protocol, but it has a wide application. RIP is a kind of

Distance-Vector (D-V) algorithm-based protocol and exchanges routing information via UDP packets. It employs Hop Count to

measure the distance to the destination host, which is called Routing Cost. In RIP, the hop count from a router to its directly

connected network is 0, and that to a network which can be reached through another router is 1, and so on. To restrict the

time to converge, RIP prescribes that the cost value is an integer ranging 0 and 15. The hop count equal to or exceeding 16 is

defined as infinite, that is to say, the destination network or the host is unreachable.

RIP sends routing refreshing message every 30 seconds. If no routing refreshing message is received from one network

neighbor in 180 seconds, RIP will tag all routes of the network neighbor to be unreachable. If no routing refreshing message is

received from one network neighbor in 300 seconds, RIP will finally remove the routes of the network neighbor from the

routing table.

To improve the performances and avoid route loop, RIP supports Split Horizon, Poison Reverse and allows importing the

routes discovered by other routing protocols Each router running RIP manages a route database, which contains routing

entries to all the reachable destinations in the network. These routing entries contain the following information:

� Destination address: IP address of a host or network.

� Next hop address: The address of the next router that an IP packet will pass through for reaching the destination.

� Output interface: The interface through which the IP packet should be forwarded.

� Cost: The cost for the router to reach the destination, which should be an integer in the range of 0 to 16.

� Timer: Duration from the last time that the routing entry is modified till now. The timer is reset to 0 whenever a routing

entry is modified.

� Route tag: Discriminate whether the route is generated by an interior routing protocol or by an exterior routing protocol.

The whole process of RIP startup and running can be described as follows:

1) If RIP is enabled on a router for the first time, the router will broadcast or multicast the request packet to the adjacent

Page 74: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 65 - - www.stephen-tele.com

routers. Upon receiving the request packet, the adjacent routers (on which, RIP should have been enabled) respond to

the request by returning the response packets containing information of their local routing tables.

2) After receiving the response packets, the router, which has sent the request, will modify its own routing table.

3) At the same time, RIP broadcasts its routing table to the adjacent routers every 30 seconds. The adjacent routers will

maintain their own routing table after receiving the packets and will select an optimal route, and then advertise the

modification information to their respective adjacent network so as to make the updated route globally known.

Furthermore, RIP uses the timeout mechanism to handle the out-timed routes so as to ensure the real-timeliness and

validity of the routes. With these mechanisms, RIP, an interior routing protocol, enables the router to learn the routing

information of the whole network.

RIP has become one of the actual standards of transmitting router and host routes by far. It can be used in most of the campus

networks and the regional networks that are simple yet extensive. For larger and more complicated networks, RIP is not

recommended.

10.4.2 RIP Configuration

The RIP configuration includes:

� Enabling RIP Interface

� Specifying RIP Version of the Interface

� Setting RIP Packet Authentication

� Setting Additional Routing Cost

� Enable/disable RIP protocol

10.4.2.1 Enabling RIP interface

To flexibly control RIP operation, you can specify the interface and configure the network where it is located to the RIP

network, so that these interfaces can send and receive RIP packets.

Beginning in privileged EXEC mode, follow these steps to enable rip interface.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 router rip network network-address Enable RIP on the specified network.

Step 3 exit Return to privileged EXEC mode.

Step 4 show router rip config Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 75: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 66 - - www.stephen-tele.com

To disable rip on the specified network, use router rip no network network-address global configuration commanc.

10.4.2.2 Specifying RIP Version of the Interface

RIP has two versions, RIP-1 and RIP-2. You can specify the version of the RIP packet processed by the interface.

RIP-1 broadcasts the packets. RIP-2 can transmit packets by both broadcast and multicast. By default, multicast is adopted for

transmitting packets. In RIP-2, the multicast address is 224.0.0.9. The advantage of transmitting packets in the multicast mode

is that the hosts not operating RIP in the same network can avoid receiving RIP broadcast packets. In addition, this mode can

also make the hosts running RIP-1 avoid incorrectly receiving and processing the routes with subnet mask in RIP-2. When an

interface is running RIP-2 broadcast, the RIP-1 packets can also be received.

Beginning in privileged EXEC mode, follow these steps to specify RIP version of the interface.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 router rip entry interface-id recvtype [rip1 | rip2

|rip1Orrip2 | doNotReceive ]

Specified receive message type of the

interface.

Step 3 router rip entry interface-id sendtype [ripVersion1 |

ripVersion2 | ripV1Demand | ripV2Demand |

rip1Compatible | doNotSend]

Specified send message type of the

interface.

Step 4 exit Return to privileged EXEC mode.

Step 4 show router rip config Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

10.4.2.3 Setting RIP-2 Packet Authentication

RIP-1 does not support packet authentication. But when the interface operates RIP-2, the packet authentication can be

configured.

RIP-2 supports two authentication modes: Simple authentication and MD5 authentication. MD5 authentication uses two

packet formats: One follows RFC2453 and another one follows the RFC2082.

The simple authentication does not ensure security. The authentication key not encrypted is sent together with the packet, so

the simple authentication cannot be applied to the case with high security requirements.

Beginning in privileged EXEC mode, follow these steps to set rip-2 packet authentication.

Page 76: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 67 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 router rip entry interface-id authtype [md5 |

simplePass | noAuth]

Setting authentication type.

Step 3 router rip entry interface-id password string Setting authentication password..

Step 4 exit Return to privileged EXEC mode.

Step 4 show router rip config Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

The usual packet format follows RFC2453 and nonstandard follows RFC2082.

10.4.2.4 Setting Additional Routing Metric

Additional routing metric is the input or output routing metric added to an RIP route. It does not change the metric value of

the route in the routing table, but adds a specified metric value when the interface receives or sends a route.

Beginning in privileged EXEC mode, follow these steps to set additional routing metric.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 router rip entry interface-id metric vlaue Setting additional routing metric.

Step 3 exit Return to privileged EXEC mode.

Step 4 show router rip config Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

By default, the additional routing metric added to the route when RIP sends the packet is 1. The additional routing metric

when RIP receives the packet is 0 by default.

10.4.2.5 Enable/disable RIP protocol

Beginning in privileged EXEC mode, follow these steps to enable RIP protocol.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 router rip enable Enabling RIP protocol.

By default the RIP protocol disabled.

Step 3 exit Return to privileged EXEC mode.

Page 77: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 68 - - www.stephen-tele.com

Step 4 show router rip config Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable RIP protocol, use router rip disable global configuration command.

10.4.3 Typical RIP Configuration Example

10.4.3.1 Networking requirements

As shown in the following figure, the Routing Switches C connects to the subnet 117.102.0.0 through the Ethernet port. The

Ethernet ports of Routing Switches A and Switch B are respectively connected to the network 155.10.1.0 and 196.38.165.0.

Switch C, Switch A and Switch B are connected via Ethernet 110.11.2.0. Correctly configure RIP to ensure that Switch C, Switch

A and Switch B can interconnect.

10.4.3.2 Networking diagram

Figure 12-4 RIP configuration networking

Page 78: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 69 - - www.stephen-tele.com

10.4.3.3 Configuration procedure

�Note:

The following configuration only shows the operations related to RIP. Before performing the following

configuration, please make sure the Ethernet link layer can work normally.

# Configure Switch A

switchA(config)#router rip network 110.11.2.0

switchA(config)#router rip network 155.10.1.0

switchA(config)#router rip enable

# Configure Switch B

switchB(config)#router rip network 110.11.2.0

switchB(config)#router rip network 196.38.165.0

switchB(config)#router rip enable

# Configure Switch C

switchC(config)#router rip network 110.11.2.0

switchC(config)#router rip network 117.102.0.0

switchC(config)#router rip enable

10.5 OSPF Configuration

10.5.1 OSPF Overview

10.5.1.1 Introduction to OSPF

Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF

version 2 (RFC2328) is used, which is available with the following features:

� Applicable scope: It can support networks in various sizes and can support several hundred routers at maximum.

� Fast convergence: It can transmit the update packets instantly after the network topology changes so that the change is

synchronized in the AS.

� Loop-free: Since the OSPF calculates routes with the shortest path tree algorithm according to the collected link states, it

is guaranteed that no loop routes will be generated from the algorithm itself.

� Area partition: It allows the network of AS to be divided into different areas for the convenience of management so that

the routing information transmitted between the areas is abstracted further, hence to reduce the network bandwidth

Page 79: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 70 - - www.stephen-tele.com

consumption.

� Equal-cost multi-route: Support multiple equal-cost routes to a destination.

� Routing hierarchy: OSPF has a four-level routing hierarchy. It prioritizes the routes to be intra-area, inter-area, external

type-1, and external type-2 routes.

� Authentication: It supports the interface-based packet authentication so as to guarantee the security of the route

calculation.

� Multicast transmission: Support multicast address to receive and send packets.

10.5.1.2 Process of OSPF Route Calculation

The routing calculation process of the OSPF protocol is as follows:

� Each OSPF-capable router maintains a Link State Database (LSDB), which describes the topology of the whole AS.

According to the network topology around itself, each router generates a Link State Advertisement (LSA). The routers on

the network transmit the LSAs among them by transmitting the protocol packets to each others. Thus, each router

receives the LSAs of other routers and all these LSAs compose its LSDB.

� LSA describes the network topology around a router, so the LSDB describes the network topology of the whole network.

Routers can easily transform the LSDB to a weighted directed graph, which actually reflects the topology architecture of

the whole network. Obviously, all the routers get a graph exactly the same.

� A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the

nodes in the autonomous system. The external routing information is leave node. A router, which advertises the routes,

also tags them and records the additional information of the autonomous system. Obviously, the Routing tables obtained

by different routers are different.

Furthermore, suppose that the routers are directly connected without other in-between routing devices in a broadcast

network. To enable the individual routers to broadcast the information of their local statuses to the whole AS, any two routers

in the environment should establish adjacency between them. In this case, however, the changes that any router takes will

result in multiple transmissions, which are not only unnecessary but also waste the precious bandwidth resources. To solve

this problem,“Designated Router” (DR) is defined in the OSPF. Thus, all the routers only send information to the DR for

broadcasting the network link states in the network. Thereby,the number of router adjacent relations on the multi-access

network is reduced.OSPF supports interface-based packet authentication to guarantee the security of

route calculation. Also, it transmits and receives packets by IP multicast.

10.5.1.3 OSPF Packets

OSPF uses five types of packets:

� Hello Packet:

It is the commonest packet, which is periodically sent by a router to its neighbor. It contains the values of some timers, DR,

Page 80: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 71 - - www.stephen-tele.com

BDR and the known neighbor.

� Database Description (DD) Packet:

When two routers synchronize their databases, they use the DD packets to describe their own LSDBs, including the digest of

each LSA. The digest refers to the HEAD of an LSA, which can be used to uniquely identify the LSA. Such reduces the traffic size

transmitted between the routers, since the HEAD of a LSA only occupies a small portion of the overall LSA traffic. With the

HEAD, the peer router can judge whether it already has had the LSA.

� Link State Request (LSR) Packet:

After exchanging the DD packets, the two routers know which LSAs of the peer routers are lacked in the local LSDBs. In this

case, they will send LSR packets requesting for the needed LSAs to the peers. The packets contain the digests of the needed

LSAs.

� Link State Update (LSU) Packet:

The packet is used to transmit the needed LSAs to the peer router. It contains a collection of multiple LSAs (complete

contents).

� Link State Acknowledgment (LSAck) Packet

The packet is used for acknowledging the received LSU packets. It contains the HEAD(s) of LSA(s) requiring acknowledgement.

10.5.1.4 Basic Concepts Related to OSPF

I. Router ID

To run OSPF, a router must have a router ID. If no ID is configured, the system will automatically select an IP address from the

IP addresses of the current interface as the Router ID. Way to choose a router ID: if the LoopBack interface address exists, the

system chooses the LoopBack address with the greatest IP address value as the router ID; if no LoopBack interface configured,

then the address of the physical interface with the greatest IP address value will be the router ID.

II. DR and BDR

� Designated Router (DR)

In multi-access networks, if any two routers are neighbors, the same LSA will be transmitted repeatedly, wasting bandwidth

resources. To solve this problem, the OSPF protocol regulates that a DR must be elected in a multi-access network and only

the DR (and the BDR in the following content) can be the neighbor of other routers in this network. Two non-DR routers or

BDR routers cannot be neighbors and exchange routing information. Which router can be the DR in its segment is not

manually specified. Instead, DR is elected by all the routers in the segment.

� Backup Designated Router (BDR)

If the DR fails for some faults, a new DR must be elected and synchronized with the other routers on the segment. This process

Page 81: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 72 - - www.stephen-tele.com

will take a relatively long time, during which, the route calculation is incorrect. To shorten the process, BDR is brought forth in

OSPF.In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also established between

the BDR and all the routers on the segment, and routing information is also exchanged between them. After the existing DR

fails, the BDR will become a DR immediately.

III. Area

The network size grows increasingly larger. If all the routers on a huge network are running OSPF, the large number of routers

will result in an enormous LSDB, which will consume an enormous storage space, complicate the SPF algorithm, and add the

CPU load as well. Furthermore, as a network grows larger, the topology becomes more likely to take changes. Hence, the

network will always in “turbulence”, and a great deal of OSPF packets will be generated and transmitted in the network. This

will lower the network bandwidth utility. In addition, each change will cause all the routes on the network to recompute the

route.

OSPF solves the above problem by partition an AS into different areas. Areas logically group the routers. The borders of areas

are formed by routers. Thus, some routers may belong to different areas. A router connects the backbone area and a

non-backbone area is called Area Border Router (ABR). An ABR can connect to the backbone area physically or logically.

IV. Backbone area and virtual link

� Backbone Area

After the area division of OSPF, not all the areas are equal. In which, an area is different from all the other areas. Its area-id is 0

and it is usually called the backbone area.

� Virtual link

Since all the areas should be connected to the backbone area, virtual link is adopted so that the physically separated areas can

still maintain the logic connectivity to the backbone area.

V. Route summary

AS is divided into different areas that are interconnected via OSPF ABRs. The routing information between areas can be

reduced through route summary. Thus, the size of routing table can be reduced and the calculation speed of the router can be

improved.After calculating an intra-area route of an area, the ABR summarizes multiple OSPF routes into an LSA and sends it

outside the area according to the configuration of summary.

Page 82: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 73 - - www.stephen-tele.com

10.5.2 OSPF Configuration

In various configurations, you must first enable OSPF, specify the interface and area ID before configuring other functions. But

the configuration of the functions related to the interface is not restricted by whether the OSPF is enabled or not. It should be

noted that after OSPF is disabled, the OSPF-related interface parameters also become invalid.

OSPF configuration includes:

� Entering the OSPF configuration mode

� Enabling OSPF Process

� Specifying Interface

� Configuring the Cost for Sending Packets on an Interface

� Setting the Interface Priority for DR Election

� Setting the Interval of Hello Packet Transmission

� Setting a dead timer for the neighboring routers

� Configuring an Interval required for sending LSU packets

� Setting an Interval for LSA Retransmission between Neighboring Routers

� Setting a Shortest Path First (SPF) Calculation Interval for OSPF

� Configuring STUB Area of OSPF

� Configuring the Route Summarization of OSPF Area

� Configuring OSPF Virtual Link

� Configuring OSPF Packet Authentication

� Disabling the Interface to Send OSPF Packets

10.5.2.1 Enter OSPF Configuration Mode

Beginning in privileged EXEC mode, follow these steps to enter OSPF configuration mode.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 router ospf Enter OSPF configuration mode.

10.5.2.2 Enabling OSPF Process

Beginning in OSPF configuration mode, follow these steps to enable OSPF Process.

Page 83: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 74 - - www.stephen-tele.com

Command Purpose

Step 1 service enable Enable OSPF Process.

By default, OSPF is not enabled.

Step 2 exit Return to global configuration mode.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip ospf Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable OSPF process, use service disable OSPF configuration command.

10.5.2.3 Specifying interface

OSPF further divides the AS into different areas. An area logically groups the routers.Some routers belong to different areas

(such routers are called ABRs), but one segment can only belong to an area. In other words, you must specify each OSPF

interface to belong to a particular area identified by area ID. The areas transfer routing information between them via the

ABRs.

In addition, parameters of all the routers in the same area should be identical. Therefore, when configuring the routers in the

same area, please note that most configurations should be based upon the area. Wrong configuration may disable the

neighboring routers to transmit information between them, and even lead to congestion or self-loop of the routing

information.

Beginning in OSPF configuration mode, follow these steps to specify interface.

Command Purpose

Step 1 network ip-address ip-mask area area-id Specify interface to run OSPF

Step 2 exit Return to global configuration mode.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip ospf Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete specified network, use no network ip-address ip-mask area area-id OSPF configuration command.

You must specify the segment to which the OSPF will be applied after enabling the OSPF.

Page 84: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 75 - - www.stephen-tele.com

10.5.2.4 Configuring the Cost for Sending Packets on an Interface

The user can control the network traffic by configuring different message sending costs for different interfaces. Otherwise,

OSPF will automatically calculate the cost according to the baud rate on the current interface.

Beginning in privileged EXEC mode, follow these steps to configure the cost for sending packets on an interface.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Step3 ip ospf cost value Configure the cost for sending packets on

Interface

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To restore the default cost for packet transmission on the Interface, use no ip ospf cost OSPF configuration command.

By default, the interface automatically calculates the costs for running OSPF protocol according to the current Baud rate. The

calculation formula is: 100 Mbps/ Interface current baud rate.

10.5.2.5 Setting the Interface Priority for DR Election

The priority of the router interface determines the qualification of the interface in DR election, and the router of higher

priority will be considered first if there is a collision in the election.

DR is not designated manually; instead, it is elected by all the routers on the segment. Routers with the priorities > 0 in the

network are eligible “candidates”. Among all the routers self-declared to be the DR, the one with the highest priority will be

elected. If two routers have the same priority, the one with the highest router ID will be elected as the DR. Votes are the hello

packets. Each router writes the expected DR in the packet and sends it to all the other routers on the segment. If two routers

attached to the same segment concurrently declare themselves to be the DR, choose the one with higher priority. If the

priorities are the same, choose the one with greater router ID. If the priority of a router is 0, it will not be elected as DR or

BDR.If DR fails due to some faults, the routers on the network must elect a new DR and synchronize with the new DR. The

process will take a relatively long time, during which, the route calculation is incorrect. In order to speed up this process, OSPF

puts forward the concept of BDR. In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are

also established between the BDR and all the routers on the segment, and routing information is also exchanged between

Page 85: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 76 - - www.stephen-tele.com

them. When the DR fails, the BDR will become the DR instantly. Since no re-election is needed and the adjacencies have

already been established, the process is very short. But in this case,a new BDR should be elected. Although it will also take a

quite long period of time, it will not exert any influence upon the route calculation.

But please note:

� The DR on the network is not necessarily the router with the highest priority. Likewise, the BDR is not necessarily the

router with the second highest priority. If a new router is added after DR and BDR election, it is impossible for the router

to become the DR even if it has the highest priority.

� DR is based on the router interface in a certain segment. Maybe a router is a DR on one interface, but can be a BDR or DR

Other on the other interface.

Beginning in privileged EXEC mode, follow these steps to set the Interface Priority for DR Election.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Step 3 ip ospf priority priority_num Configure the interface with a priority for

DR election.

By default, the priority of the Interface is

1 in the DR election. The value can be

taken from 0 to 255.

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To restore the default interface priority, use no ip ospf priority interface configuration command.

10.5.2.6 Setting the Interval of Hello Packet Transmission

Hello packets are a kind of most frequently used packets, which are periodically sent to the adjacent router for discovering and

maintaining the adjacency, and for electing DR and BDR. The user can set the hello timer.

According to RFC2328, the consistency of hello intervals between network neighbors should be kept. The hello interval value is

in inverse proportion to the route convergence rate and network load.

Beginning in privileged EXEC mode, follow these steps to set the interval of hello packet transmission.

Command Purpose

Page 86: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 77 - - www.stephen-tele.com

Step 1 config terminal Enter global configuration mode.

Step 2 Interface vint interface-id Enter interface configuration mode.

Step 3 ip ospf hello-interval seconds Set the hello interval of the interface

By default, send Hello packets every 10

seconds.

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To restore the default hello of the interface, use no ip ospf hello-interval interface configuration command.

10.5.2.7 Setting a dead timer for the neighboring routers

The dead timer of neighboring routers refers to the interval in which a router will regard the neighboring router as dead if no

Hello packet is received from it. The user can set a dead timer for the neighboring routers.

Beginning in privileged EXEC mode, follow these steps to set a dead timer for the neighboring routers.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Step 3 ip ospf dead-interval seconds Configure a dead timer for the

neighboring routers

By default, the dead interval for the

neighboring routers is 40 seconds.

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To restore the default dead interval of the neighboring routers, use no ip ospf hello-interval interface configuration command.

Page 87: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 78 - - www.stephen-tele.com

10.5.2.8 configuring an Interval required for sending LSU packets

Trans-delay seconds should be added to the aging time of the LSA in an LSU packet.Setting the parameter like this mainly

considers the time duration that the interface requires for transmitting the packet.

The user can configure the interval of sending LSU message. Obviously, more attention should be paid on this item over low

speed network.

Beginning in privileged EXEC mode, follow these steps to configure an Interval required for sending LSU packets.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Step 3 ip ospf transmit-delay seconds

Configure an interval for sending LSU

packets

By default, the LSU packets are

transmitted per second.

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To restore the default interval of sending LSU packets, use no ip ospf transmit-delay interface configuration command.

10.5.2.9 Setting an Interval for LSA Retransmission between Neighboring Routers

If a router transmits an LSA (Link State Advertisements) to the peer, it requires the acknowledgement packet from the peer. If

it does not receive the acknowledgement packet within the retransmit, it will retransmit this LSA to the neighbor. The value of

retransmit is user-configurable.

Beginning in privileged EXEC mode, follow these steps to set an Interval for LSA Retransmission between Neighboring Routers.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Step 3 ip ospf retransmit-interval seconds

Configure the interval of LSA

retransmission for the neighboring

routers

By default, the interval for neighboring

routers to retransmit LSAs is five

seconds.

Page 88: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 79 - - www.stephen-tele.com

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To restore the default LSA retransmission interval for the neighboring routers, use no ip ospf retransmit-interval interface

configuration command.

The value of interval should be bigger than the interval in which a packet can be transmitted and returned between two

routers.

Note that you should not set the LSA retransmission interval too small. Otherwise, unnecessary retransmission will be caused.

10.5.2.10 Setting a Shortest Path First (SPF) Calculation Interval for OSPF

Whenever the LSDB of OSPF takes changes, the shortest path requires recalculation. Calculating the shortest path upon

change will consume enormous resources as well as affect the operation efficiency of the router. Adjusting the SPF calculation

interval, however, can restrain the resource consumption due to frequent network changes.

Beginning in OSPF configuration mode, follow these steps to set a Shortest Path First (SPF) Calculation Interval for OSPF.

Command Purpose

Step 1 timers spf delay-seconds hold-seconds

Set the SPF calculation interval

By default, the interval of SPF

recalculation is 5 seconds.

Step 2 exit Return to global configuration mode.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip ospf Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To restore the SPF calculation interval, use no timers spf OSPF configuration command.

10.5.2.11 Configuring STUB Area of OSPF

STUB areas are some special LSA areas, in which the ABRs do not propagate the learned external routes of the AS. In these

areas, the routing table sizes of routers and the routing traffic are significantly reduced.

The STUB area is an optional configuration attribute, but not every area conforms to the configuration condition. Generally,

Page 89: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 80 - - www.stephen-tele.com

STUB areas, located at the AS boundaries, are those non-backbone areas with only one ABR. Even if this area has multiple

ABRs, no virtual links are established between these ABRs.

To ensure that the routes to the destinations outside the AS are still reachable, the ABR in this area will generate a default

route (0.0.0.0) and advertise it to the non-ABR routers in the area.

Please pay attention to the following items when configuring a STUB area:

� The backbone area cannot be configured to be the STUB area and the virtual link cannot pass through the STUB area.

� If you want to configure an area to be the STUB area, then all the routers in this area should be configured with this

attribute.

� No ASBR can exist in a STUB area. In other words, the external routes of the AS cannot be propagated in the STUB area.

Beginning in OSPF configuration mode, follow these steps to configure STUB Area of OSPF.

Command Purpose

Step 1 area area-id stub [cr|no-summary] Configure an area to be the STUB area

Step 2 area area-id default-cost value Configure the cost of the default route

transmitted by OSPF to the STUB area

Step 3 exit Return to global configuration mode.

Step 4 exit Return to privileged EXEC mode.

Step 5 show ip ospf Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

To remove the configured STUB area, use no area area-id stub [cr|no-summary] OSPF configuration command.

To remove the cost of the default route to the STUB area, use no area area-id default-cost value OSPF configuration

command.

By default, the STUB area is not configured, and the cost of the default route to the STUB area is 1.

10.5.2.12 Configuring the Route Summarization of OSPF Area

Route summary means that ABR can aggregate information of the routes of the same prefix and advertise only one route to

other areas. An area can be configured with multiple aggregate segments, thereby OSPF can summarize them. When the ABR

transmits routing information to other areas, it will generate Sum_net_Lsa (type-3 LSA) per network. If some continuous

networks exist in this area, you can use the abr-summary command to summarize these segments into one segment. Thus, the

ABR only needs to send an aggregate LSA, and all the LSAs in the range of the aggregate segment specified by the command

will not be transmitted separately.

Once the aggregate segment of a certain network is added to the area, all the internal routes of the IP addresses in the range

of the aggregate segment will no longer be separately advertised to other areas. Only the route summary of the whole

Page 90: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 81 - - www.stephen-tele.com

aggregate network will be advertised. But if the range of the segment is restricted by the keyword "not-advertise", the route

summary of this segment will not be advertised. This segment is represented by IP address and mask.Route summarization can

take effect only when it is configured on ABRs.

Beginning in OSPF configuration mode, follow these steps to configure the Route Summarization of OSPF Area.

Command Purpose

Step 1 summary-address ip-address mask

[cr|not-advertise|tag value]

Configure the Route Summarization of

OSPF Area

Step 2 exit Return to global configuration mode.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip ospf Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To cancel route summarization of OSPF Area, use no summary-address ip-address mask OSPF configuration command.

By default, the inter-area routes will not be summarized.

10.5.2.13 Configuring OSPF Virtual Link

According to RFC2328, after the area division of OSPF, not all the areas are equal. In which, an area is different from all the

other areas. Its area-id is 0.0.0.0 and it is usually called the backbone Area. The OSPF routes between non-backbone areas are

updated with the help of the backbone area. OSPF stipulates that all the non-backbone areas should maintain the connectivity

with the backbone area. That is, at least one interface on the ABR should fall into the area 0.0.0.0. If an area does not have a

direct physical link with the backbone area 0.0.0.0, a virtual link must be created.

If the physical connectivity cannot be ensured due to the network topology restriction, a virtual link can satisfy this

requirement. The virtual link refers to a logic channel set up through the area of a non-backbone internal route between two

ABRs. Both ends of the logic channel should be ABRs and the connection can take effect only when both ends are configured.

The virtual link is identified by the ID of the remote router. The area, which provides the ends of the virtual link with a

non-backbone area internal route, is called the transit area. The ID of the transit area should be specified when making

configuration.

The virtual link is activated after the route passing through the transit area is calculated,which is equivalent to a p2p

connection between two ends. Therefore, similar to the physical interfaces, you can also configure various interface

parameters on this link, such as hello timer.

The "logic channel" means that the multiple routers running OSPF between two ABRs only take the role of packet forwarding

(the destination addresses of the protocol packets are not these routers, so these packets are transparent for them and the

routers forward them as common IP packets). The routing information is directly transmitted between the two ABRs. The

Page 91: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 82 - - www.stephen-tele.com

routing information herein refers to the type-3 LSAs generated by the ABRs, for which the synchronization mode of the routers

in the area will not be changed.

Beginning in OSPF configuration mode, follow these steps to configure OSPF Virtual Link.

Command Purpose

Step 1 area area-id virtual-link router-id [cr |

hello-interval seconds | retransmit-interval

seconds | transmit-delay seconds | dead-interval

seconds |

authentication-simple password |

authentication-md5 keyid key ]

Create and configure a virtual link

Step 2 exit Return to global configuration mode.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip ospf Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To remove the created virtual link, use no area area-id virtual-link router-id [cr | hello-interval seconds | retransmit-interval

seconds | transmit-delay seconds | dead-interval seconds | authentication-simple password | authentication-md5 keyid key ]

OSPF configuration command.

area-id and router-id have no default value. By default, hello timer is 10 seconds, retransmit 5 seconds, trans-delay 1 second,

and the dead 40 seconds.

10.5.2.14 Configuring OSPF Packet Authentication

OSPF supports simple authentication or MD5 authentication between neighboring routers.

All the routers in one area must use the same authentication mode (no authentication,simple text authentication or MD5

cipher text authentication). If the mode of supporting authentication is configured, all routers on the same segment must use

the same authentication key. To configure a simple text authentication key, use the ospf authentication-mode simple

command. And, use the ospf authentication-mode md5 command to configure the MD5 cipher text authentication key if the

area is configured to support MD5 cipher text authentication mode.

Beginning in privileged EXEC mode, follow these steps to configure OSPF Packet Authentication.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Page 92: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 83 - - www.stephen-tele.com

Step 3 ip ospf authentication-simple password Specify a password for OSPF simple text

authentication

Step 4 ip ospf authentication-md5 key_id key Specify the key-id and key for OSPF MD5

authentication

Step 5 exit Return to global configuration mode.

Step 6 exit Return to privileged EXEC mode.

Step 7 show ip ospf interface [vint interface-id] Verify your entries.

Step 8 write (Optional) Save your entries in the

configuration file.

To Cancel simple authentication on the interface, use no ip ospf authentication-simple interface configuration command.

To Cancel the interface to use MD5 authentication, use no ip ospf authentication-md5 interface configuration command.

By default, the interface is not configured with either simple authentication or MD5 authentication.

10.5.2.15 Disabling the Interface to Send OSPF Packets

To prevent OSPF routing information from being acquired by the routers on a certain network, use the passive command to

disable the interface to transmit OSPF packets.

Beginning in privileged EXEC mode, follow these steps to disable the Interface to Send OSPF Packets.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 interface vint interface-id Enter interface configuration mode.

Step 3 ip ospf passive Disable the interface to send OSPF

packets

Step 4 exit Return to global configuration mode.

Step 5 exit Return to privileged EXEC mode.

Step 6 show ip ospf interface [vint interface-id] Verify your entries.

Step 7 write (Optional) Save your entries in the

configuration file.

To enable the interface to send OSPF packets, use no ip ospf passive interface configuration mode.

By default, all the interfaces are allowed to transmit and receive OSPF packets.

After an OSPF interface is set to be in silent status, the interface can still advertise its direct route. However, the OSPF hello

packets of the interface will be blocked, and no neighboring relationship can be established on the interface. Thereby, the

Page 93: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 84 - - www.stephen-tele.com

capability for OSPF to adapt to the networking can be enhanced, which will hence reduce the consumption of system

resources. On a switch, this command can disable/enable the specified VLAN interface to send OSPF packets.

10.5.3 Displaying and Debugging OSPF

After the above configuration, execute show command in any view to display the running of the OSPF configuration, and to

verify the effect of the configuration.

Table 12-2 Displaying and debugging OSPF

Operation Command

Display the brief information of

the OSPF routing process

show ip ospf

Display OSPF neighbor information show ip ospf neighbor

Display OSPF routing table show ip ospf routing

Display OSPF virtual links

show ip ospf virtual-links

Display OSPF statistics

show ip ospf database

Display LSDB information of

OSPF

show ip ospf lsa

Display OSPF interface

information

show ip ospf interface

10.5.4 Typical OSPF Configuration Example

I. Networking requirements

In the following figure, Area 2 and Area 0 are not directly connected. Area 1 is required to be taken as transit area for

connecting Area 2 and Area 0.Enable OSPF service on switch and Correctly configure a virtual link between Switch B and

Switch C in Area 1.

II. Networking diagram

Page 94: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 85 - - www.stephen-tele.com

Figure 12-6 OSPF virtual link configuration networking

III. Configuration procedure

10.5.5 OSPF Fault Diagnosis and Troubleshooting

Fault 1: OSPF has been configured in accordance with the above-mentioned steps, but OSPF on the router cannot run

normally.

Troubleshooting: Please check according to the following procedure.

Troubleshooting locally:

Check whether the protocol between two directly connected routers is in normal operation. The normal sign is the peer state

machine between the two routers reaches the FULL state. (Note: On a broadcast or NBMA network, if the interfaces for two

routers are in DROther state, the peer state machine for the two routers are in 2-way state, instead of FULL state. The peer

state machine between DR/BDR and all the other routers is in FULL state.

� Execute the show ip ospf neighbour command to view neighbours.

� Execute the show ip ospf interface command to view OSPF information in the interface.

� Check whether the physical connections and the lower level protocol operate normally. You can execute the ping

command to test. If the local router cannot ping the peer router, it indicates that faults have occurred to the physical link

and the lower level protocol.

� If the physical link and the lower layer protocol are normal, please check the OSPF parameters configured on the interface.

The parameters should be the same parameters configured on the router adjacent to the interface. The same area ID

Page 95: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 86 - - www.stephen-tele.com

should be used, and the networks and the masks should also be consistent. (The p2p or virtually linked segment can have

different segments and masks.) Ensure that the dead timer on the same interface is at least four times the value of the

hello timer.

� If the network type is broadcast or NBMA, there must be at least one interface with a priority greater than zero.

� If an area is set as the STUB area, to which the routers are connected. The area on these routers must be also set as the

STUB area.

� The same interface type should be adopted for the neighboring routers.

� If more than two areas are configured, at least one area should be configured as the backbone area (that is to say, the

area ID is 0).

� Ensure the backbone area to connect with all the areas.

� The virtual links cannot pass through the STUB area.

Troubleshooting globally:

If OSPF cannot discover the remote routes yet in the case that the above steps are correctly performed, proceed to check the

following configurations.

� If more than two areas are configured on a router, at least one area should be configured as the backbone area.

As shown in the following figure: RTA and RTD are configured to belong to only one area, whereas RTB (area0 and area1) and

RTC (area1 and area 2) are configured to belong to two areas. In which, RTB also belongs to area0, which is compliant with the

requirement. However, none of the areas to which RTC belongs is area0. Therefore, a virtual link should be set up between

RTC and RTB. Ensure that area2 and area0 (backbone area) is connected.

Figure 12-7 OSPF areas

� The backbone area (area 0) cannot be configured as the STUB area and the virtual link cannot pass through the STUB area.

That is, if a virtual link has been set up between RTB and RTC, neither area1 nor area0 can be configured as a stub area. In

the above figure, only area 2 can be configured as stub area.

� Routers in the STUB area cannot redistribute the external routes.

� Backbone area must guarantee the connectivity of all nodes.

Page 96: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 87 - - www.stephen-tele.com

11 IP Multicast Protocol

11.1 IP Multicast Overview

11.1.1 Problems with Unicast/Broadcast

The constant development of the Internet and increasing interaction of versatile data,voice and vedio information over the

network, has promoted the emergence of new services like e-commerce, network conference, online auction, vedio on

demand (VoD),and tele-education. These services require higher information security and greater rewards.

I. Unicast

In unicast mode, every user that needs the inforamtion receives a copy through the channels the system separately

establishes for them. See Figure 13-1.

Figure 13-1 Data transmission in unicast mode

Suppose that Users B, D, and E need the information, the information source Server establishes transmision channels with

every of them. Since the traffic in transmission increases with the number of users, excessive copies of the information would

Page 97: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 88 - - www.stephen-tele.com

spread over the network if the there is a large number of users in need of this infomration. As the bandwidth would turn short,

the unicast mode is incapable of massive transmission.

II. Broadcast

In broadcast mode, every user on the network receives the information regardless of their needs. See Figure 13-2 Data

transmission in broadcast mode.

Figure 13-2 Data transmission in broadcast mode

Suppose the Users B, D, and E need the information, the information source Server broadcasts the information through the

router; User A and User C can also receive the information. In that case, information security and rewards to services are not

guaranteed. Moreover, bandwidth is terribly wasted when only a few part of users are in need of the information.

In short, the unicast mode is useful in networks with scattered users, and the multicast mode is suitable for networks with

dense users. When the number of users is uncertain, the adoption of unicast or multicast mode results in low efficiency.

11.1.2 Advantages of Multicast

I. Multicast

IP multicast technology solves those problems. It allows the multicast source to send the information once only, and ensures

that the information will not be duplicated or distributed unless it reaches a fork in the tree route established by the multicast

routing protocol. See Figure 13-3 Data transmission in multicast mode.

Page 98: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 89 - - www.stephen-tele.com

Figure 13-3 Data transmission in multicast mode

Suppose the Users B, D, and E need the information, they need to be organized into a receiver group to ensure that the

information can reach them smoothly. The routers on the network duplicate and forward the information according to the

distribution of these users in the group.

In multicast mode, the information sender is called the "multicast source", the receiver is called the "multicast group", and the

routers for multicast information transmission are called "multicast routers". Members of a multicast group can scatter around

the network; the multicast group therefore has no geographical limitation. It should be noted that a multicast source does not

necessarily belong to a multicast group. It sends data to multicast groups but is not necessarily a receiver. Multiple sources can

send packets to a multicast group simultaneously.

II. Advantages

The main advantages of multicast are:

� Enhanced efficiency: It reduces network traffic and relieves server and CPU of loads.

� Optimized performance: It eliminates traffic redundancy.

� Distributed application: It enables multipoint application.

11.1.3 Application of Multicast

IP multicast technology effectively implements point to multi-point forwarding with high speed, as saves network bandwidth a

lot and can relieve network loads. It facilitates also the development of new value-added services in the Internet information

service area that include online live show, Web TV, tele-education, telemedicine, network radio station and real-time

audio/video conferencing. It takes a positive role in:

Page 99: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 90 - - www.stephen-tele.com

� Multimedia and streaming media application

� Occasional communication for training and cooperation

� Data storage and finance (stock) operation

� Point-to-multipoint data distribution

With the increasing popularity of multimedia services over IP network, multicast is gaining its marketplace.

11.2 Implementation of IP Multicast

11.2.1 Multicast Addresses

In multicast mode, there are questions about where to send the information, how to locate the destination or know the

receiver. All these questions can be narrowed down to multicast addressing. To guarantee the communication between a

multicast source and a multicast group, the network layer multicast address (namely the IP multicast address) is required,

along with the technique to correlate it with the link layer MAC multicast address. Following is the introduction to these two

kinds of addresses.

I. IP Multicast Addresses

According to the definition in Internet Assigned Number Authority (IANA), IP addresses fall into four types: Class A, Class B,

Class C and Class D. Unicast packets use IP addresses of Class A, Class B or Class C, depending on specific packet

scales.Multicast packets use IP addresses of Class D as their destination addresses, but Class D IP addresses cannot be

contained in the source IP field of IP packets.

During unicast data transmission, a packet is transmitted "hop-by-hop" from the source address to the destination address.

However, in IP multicast environment, a packet has more than one destination address, or a group of addresses. All the

information receivers are added to a group. Once a receiver joins the group, the data for this group of addresses start flowing

to this receiver. All members in the group can receive the packets.

Membership here is dynamic, and a host can join or leave the group at any time. A multicast group can be permanent or

temporary. Some multicast group addresses are allocated by IANA, and the multicast group is called permanent multicast

group. The IP addresses of a permanent multicast group are unchangeable, but its membership is changeable, and the number

of members is arbitrary. It is quite possible for a permanent group to not a single member. Those not reserved for permanent

multicast groups can be used by temporary multicast groups. Class D multicast addresses range from 224.0.0.0 to

239.255.255.255. More information is listed in Table 13-1 Ranges and meanings of Class D addresses.

Table 13-1 Ranges and meanings of Class D addresses

Class D address range Description

Page 100: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 91 - - www.stephen-tele.com

224.0.0.0∼224.0.0.255 Reserved multicast addresses (addresses of

permanent groups). All but 224.0.0.0 can be

allocated by routing protocols.

224.0.1.0∼238.255.255.255 Multicast addresses available for users (addresses of

temporary groups). They are valid in the entire

network.

239.0.0.0∼239.255.255.255 Multicast addresses for local management. They are

valid only in the specified local range.

Reserved multicast addresses that are commonly used are described in the following table.

Table 13-2 Reserved multicast address list

Class D address range Description

224.0.0.0

Base Address (Reserved)

224.0.0.1

Addresses of all hosts

224.0.0.2

Addresses of all multicast routers

224.0.0.3

Not for allocation

224.0.0.4

DVMRP routers

224.0.0.5

OSPF routers

224.0.0.6

OSPF DR

224.0.0.7

ST routers

224.0.0.8

ST hosts

224.0.0.9

RIP-2 routers

224.0.0.10

IGRP routers

224.0.0.11

Active agents

224.0.0.12

DHCP server/Relay agent

224.0.0.13 All PIM routers

224.0.0.14

RSVP encapsulation

224.0.0.15

All CBT routers

224.0.0.16 Specified SBM

Page 101: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 92 - - www.stephen-tele.com

224.0.0.17

All SBMS

224.0.0.18

VRRP

II. Ethernet Multicast MAC Addresses

When a unicast IP packet is transmitted on the Ethernet, the destination MAC address is the MAC address of the receiver.

However, for a multicast packet, the destination is no longer a specific receiver but a group with unspecific members.

Therefore, the multicast MAC address should be used.

As Internet Assigned Number Authority (IANA) provisions, the high 24 bits of a multicast MAC address are 0x01005e and the

low 23 bits of a MAC address are the low 23 bits of a multicast IP address.

Figure 13-4 Mapping between a multicast IP address and an Ethernet MAC address

The first four bits of the multicast address are 1110, representing the multicast identifier. Among the rest 28 bits, only 23 bits

are mapped to the MAC address, and the other five bits are lost. This may results in that 32 IP addresses are mapped to the

same MAC address.

11.2.2 IP Multicast Protocols

Multicast involves multicast group management protocols and multicast routing protocols. Their application positions are

shown in Figure 1-5 Application positions of multicast-related protocols.

Page 102: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 93 - - www.stephen-tele.com

Figure 13-5 Application positions of multicast-related protocols

I. Multicast group management protocol

Multicast groups use Internet group management protocol (IGMP) as the management protocols. IGMP runs between the

switch and multicast router and defines the membership establishment and maintenance mechanism between them.

II. Multicast routing protocols

A multicast routing protocol runs between multicast routers to create and maintain multicast routes for correct and efficient

forwarding of multicast packet. The multicast routing creates a loop-free data transmission path from one source to multiple

receivers.The task of multicast routing protocols is to build up the distribution tree architecture. A multicast router can use

multiple methods to build up a path for data transmission, that is, a distribution tree.

As in unicast routing, the multicast routing can also be intra-domain or inter-domain. Intra-domain multicast routing is rather

mature and protocol independent multicast (PIM) is the most wildly used intra-domain protocol, which can work in

collaboration with unicast routing protocols. The inter-domain routing first needs to solve how to transfer routing information

between ASs. Since the ASs may belong to different telecom carriers, the inter-domain routing information must contain

carriers’ policies, in addition to distance information. Currently, inter-domain routing protocols include multicast source

discovery protocol (MSDP) and MBGP multicast extension.

11.3 IP Multicast Packet Forwarding

To ensure that multicast packets reach a router along the shortest path, the multicast router must check the receiving

Page 103: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 94 - - www.stephen-tele.com

interface of multicast packets depending on the unicast routing table or a unicast routing table independently provided for

multicast. This check mechanism is the basis for most multicast routing protocols to perform multicast forwarding, and is

known as Reverse Path Forwarding (RPF) check. A multicast router uses the source address of a received multicast packet to

query the unicast routing table or the independent multicast routing table to determine that the receiving interface is on the

shortest path from the receiving station to the source. If a source tree is used, the source address is the address of the source

host sending the multicast packet. If a shared tree is used, the source address is the RP address of the shared tree. A multicast

packet arriving at the router will be forwarded according to the multicast forwarding entry if it passes the RPF check, or else, it

will be discarded.

11.4 IGMP Snooping Configuration

11.4.1 IGMP Snooping Overview

11.4.1.1 IGMP Snooping Principle

IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2

Ethernet switch and it is used for multicast group management and control.

IGMP Snooping runs on the link layer. When receiving the IGMP messages transmitted between the host and router, the Layer

2 Ethernet switch uses IGMP Snooping to analyze the information carried in the IGMP messages. If the switch hears IGMP host

report message from an IGMP host, it will add the host to the corresponding multicast table. If the switch hears IGMP leave

message from an IGMP host, it will remove the host from the corresponding multicast table. The switch continuously listens to

the IGMP messages to create and maintain MAC multicast address table on Layer 2. And then it can forward the multicast

packets transmitted from the upstream router according to the MAC multicast address table.

When IGMP Snooping is disabled, the packets are multicast on Layer 2. See the following figure:

Page 104: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 95 - - www.stephen-tele.com

Figure 13-6 Multicast packet transmission without IGMP Snooping

When IGMP Snooping runs, the packets are not broadcast on Layer 2. See the following figure:

Figure 13-7 Multicast packet transmission when IGMP Snooping runs

11.4.1.2 Implement IGMP Snooping

I. Related concepts of IGMP Snooping

Page 105: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 96 - - www.stephen-tele.com

To facilitate the description, this section first introduces some related switch concepts of IGMP Snooping:

� Router Port: The port of the switch, directly connected to the multicast router.

� Multicast member port: The port connected to the multicast member.The multicast member refers to a host joined a

multicast group.

� MAC multicast group: The multicast group is identified with MAC multicast address and maintained by the Ethernet

switch.

� Router port aging time: Time set on the router port aging timer. If the switch has not received any IGMP general query

message before the timer times out, it considers the port no longer as a router port.

� Multicast group member port aging time: When a port joins an IP multicast group,the aging timer of the port will begin

timing. The multicast group member port aging time is set on this aging timer. If the switch has not received any IGMP

report message before the timer times out, it transmits IGMP specific query message to the port.

� Maximum response time: When the switch transmits IGMP specific query message to the multicast member port, the

Ethernet switch starts a response timer,which times before the response to the query. If the switch has not received any

IGMP report message before the timer times out, it will remove the port from the multicast member ports

II. Implement Layer 2 multicast with IGMP Snooping

The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding

multicast group address. To implement IGMP Snooping, the Layer 2 Ethernet switch processes different IGMP messages in the

way illustrated in the figure below:

Page 106: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 97 - - www.stephen-tele.com

Figure 13-8 Implement IGMP Snooping

1) IGMP general query message: Transmitted by the multicast router to the multicast group members to query which

multicast group contains member. When an IGMP general query message arrives at a router port, the Ethernet switch will

reset the aging timer of the port. When a port other than a router port receives the IGMP general query message, the

Ethernet switch will notify the multicast router that a port is ready to join a multicast group and starts the aging timer for

the port.

2) IGMP specific query message: Transmitted from the multicast router to the multicast members and used for querying if a

specific group contains any member. When received IGMP specific query message, the switch only transmits the

specific query message to the IP multicast group which is queried.

3) IGMP report message: Transmitted from the host to the multicast router and used for applying to a multicast group or

responding to the IGMP query message. When received the IGMP report message, the switch checks if the MAC multicast

group, corresponding to the IP multicast group the packet is ready to join exists.

If the corresponding MAC multicast group does not exist, the switch only notifies the router that a member is ready to

join a multicast group, creates a new MAC multicast group, adds the port received the message to the group, starts the

port aging timer, and then adds all the router ports in the native VLAN of the port into the MAC multicast forwarding

table, and meanwhile creates an IP multicast group and adds the port received the report message to it. If the

corresponding MAC multicast group exists but does not contains the port received the report message, the switch adds

the port into the multicast group and starts the port aging timer.

And then the switch checks if the corresponding IP multicast group exists. If it does not exist, the switch creates a new IP

multicast group and adds the port received the report message to it. If it exists, the switch adds the port to it. If the MAC

multicast group corresponding to the message exists and contains the port received the message, the switch will only

reset the aging timer of the port.

4) IGMP leave message: Transmitted from the multicast group member to the multicast router to notify that a router host

left the multicast group. When received a leave message of an IP multicast group, the Ethernet switch transmits the

specific query message concerning that group to the port received the message, in order to check if the host still has

some other member of this group and meanwhile starts a maximum response timer. If the switch has not receive any

report message from the multicast group, the port will be removed from the corresponding MAC multicast group. If the

MAC multicast group does not have any member, the switch will notify the multicast router to remove it from the

multicast tree.

11.4.2 IGMP Snooping Configuration

The main IGMP Snooping configuration includes:

� Enabling/disabling IGMP Snooping

Page 107: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 98 - - www.stephen-tele.com

� Configuring the aging time of multicast group member port

Among the above configuration tasks, enabling IGMP Snooping is required, while others are optional for your requirements.

11.4.2.1 Enabling/Disabling IGMP Snooping

You can use the following commands to enable/disable IGMP Snooping to control whether MAC multicast forwarding table is

created and maintained on Layer 2.

Beginning in privileged EXEC mode, follow these steps to enable IGMP snooping.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 system igmp-snooping enable Enable IGMP Snooping

Step 3 exit Return to privileged EXEC mode.

Step 4 show system config Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable IGMP snooping, use system igmp-snooping disable global configuration command.

By default, IGMP Snooping is disabled.

11.4.2.2 Configuring Aging Time of Multicast Group Member

This task is to manually set the aging time of the multicast group member port. If the switch receives no multicast group report

message during the member port aging time, it will transmit the specific query message to that port and starts a maximum

response timer.

Beginning in privileged EXEC mode, follow these steps to configure Aging Time of Multicast Group Member.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 igmp-snooping timeout seconds Configure aging time

Step 3 exit Return to privileged EXEC mode.

Step 4 show igmp-snooping timeout Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 108: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 99 - - www.stephen-tele.com

By default, the aging time of the multicast member is 300 seconds.

11.4.3 IGMP Snooping Configuration Example

11.4.3.1 Enable IGMP Snooping

I. Networking requirements

To implement IGMP Snooping on the switch, first enable it. The switch is connected with the router via the router port, and

with user PC through the non-router ports.

II. Networking diagram

Figure 13-9 IGMP Snooping configuration networking

III. Configuration procedure

# Enable IGMP snooping on switch

switch(config)#system igmp-snooping enable

11.4.4 Troubleshoot IGMP Snooping

Fault: Multicast function cannot be implemented on the switch.

Troubleshooting:

1) IGMP Snooping is disabled.

� Input the display current-configuration command to display the status of IGMP Snooping.

Page 109: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 100 - - www.stephen-tele.com

� If the switch disabled IGMP Snooping, check whether the IGMP Snooping is not nabled globally or it is not enabled in the

VLAN. If it is not enabled globally, first nput the igmp-snooping enable command in system view and then in VLAN iew. If

it is not enabled in the VLAN, input the same command in VLAN view.

2) Multicast forwarding table set up by IGMP Snooping is wrong.

� Input the display igmp-snooping group command to display if the multicast roup is the expected one.

� If the multicast group created by IGMP Snooping is not correct, turn to rofessional maintenance personnel for help.

� Continue with diagnosis 3 if the second step is completed.

3) Multicast forwarding table set up on the bottom layer is wrong.

� Enable IGMP Snooping group in user view and then input the command display gmp-snooping group to check if MAC

multicast forwarding table in the bottom ayer and that created by IGMP Snooping is consistent. You may also input the

isplay mac vlan command in any view to check if MAC multicast forwarding able under vlanid in the bottom layer and that

created by IGMP Snooping is onsistent.

� If they are not consistent,please contact the maintenance personnel for help.

11.5 Static Multicast Group Configuration

11.5.1 Introduction to Static Multicast Group Configuration

The static multicast group configuration is a mode of the multicast group management, it specified the multicast forwarding

table, etc.

11.5.2 Static Multicast Group Configuration

Static multicast group configuration includes:

� Add/delete static multicast group.

Beginning in privileged EXEC mode, follow these steps to add static multicast group.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 multicast-group static add vid vlan-id mac-address

port-list

Add static multicast group.

Mac-address is multicast group address.

Port-list is port member list, format is

port-number+m,such as 01m

Step 3 exit Return to privileged EXEC mode.

Step 4 show multicast-group Verify your entries.

Page 110: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 101 - - www.stephen-tele.com

Step 5 write (Optional) Save your entries in the

configuration file.

To delete a static multicast group, use multicast-group static add vid vlan-id mac-address global configuration command.

11.6 IGMP Configuration

11.6.1 IGMP Overview

11.6.1.1 Introduction to IGMP

Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast

members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring

routers. IGMP excludes transmitting and maintenance of membership information among multicast routers, which are

completed by multicast routing protocols. All hosts participating in multicast must implement IGMP.

Hosts participating in IP multicast can join and leave a multicast group at any time. The number of members of a multicast

group can be any integer and the location of them can be anywhere. A multicast router does not need and cannot keep the

membership of all hosts. It only uses IGMP to learn whether receivers (i.e., group members) of a multicast group are present

on the subnet connected to each interface. A host only needs to keep which multicast groups it has joined.

IGMP is not symmetric on hosts and routers. Hosts need to respond to IGMP query messages from the multicast router, i.e.,

report the group membership to the router. The router needs to send membership query messages periodically to discover

whether hosts join the specified group on its subnets according to the received response messages. When the router receives

the report that hosts leave the group, the router will send a group-specific query packet (IGMP Version 2) to discover whether

no member exists in the group.

Up to now, IGMP has three versions, namely, IGMP Version 1 (defined by RFC1112), IGMP Version 2 (defined by RFC2236) and

IGMP Version 3. At present, IGMP Version 2 is the most widely used version.

IGMP Version 2 boasts the following improvements over IGMP Version 1:

I. Election mechanism of multicast routers on the shared network segment

A shared network segment means that there are multiple multicast routers on a network segment. In this case, all routers

running IGMP on the network segment can receive the membership report from hosts. Therefore, only one router is necessary

to send membership query messages. In this case, the router election mechanism is required to specify a router as the querier.

In IGMP Version 1, selection of the querier is determined by the multicast routing protocol. While IGMP Version 2 specifies

that the multicast router with the lowest IP address is elected as the querier when there are multiple multicast routers on the

same network segment.

Page 111: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 102 - - www.stephen-tele.com

II. Leaving group mechanism

In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router. In this case, the multicast

router can only depend on the timeout of the response time of the multicast group to confirm that hosts leave the group. In

Version 2, when a host is intended to leave, it will send a leave group message if it is the host who responds to the latest

membership query message.

III. Specific group query

In IGMP Version 1, a query of a multicast router is targeted at all the multicast groups on the network segment, which is

known as General Query. In IGMP Version 2, Group-Specific Query is added besides general query. The destination IP address

of the query packet is the IP address of the multicast group. The group address domain in the packet is also the IP address of

the multicast group. This prevents the hosts of members of other multicast groups from sending response messages.

IV. Max response time

The Max Response Time is added in IGMP Version 2. It is used to dynamically adjust the allowed maximum time for a host to

response to the membership query message.

11.6.2 IGMP Configuration

1) IGMP basic configuration includes:

� Enabling multicast routing

� Enabling IGMP on an interface

2) IGMP advanced configuration includes:

� Configuring the IGMP version

� Configuring the interval of sending IGMP Group-Specific Query packet

� Configuring the times of sending IGMP Group-Specific Query packet

� Configuring the limit of IGMP groups on an interface

� Configuring a router to join specified multicast group

� Controlling the access to IP multicast groups

� Configuring the IGMP query message interval

� Configuring the IGMP querier present timer

� Configuring the maximum query response time

� Deleting IGMP Groups Joined on an Interface

Page 112: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 103 - - www.stephen-tele.com

11.6.2.1 Enabling Multicast routing

Enable multicast first before enabling IGMP and the multicast routing protocol.

Beginning in privileged EXEC mode, follow these steps to enable IP multicast routing.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip multicast-routing enable Enable IP multicast routing.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip mroute Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

By default, multicast is disabled.

To disable multicast routing, use the ip multicast-routing disable global configuration command.

11.6.2.2 Enabling Igmp on a interface

Only multicast function is enabled can the ip multicast-routing enable command be executed. After this, you can initiate IGMP

feature configuration.

Beginning in privileged EXEC mode, follow these steps to enable igmp on a interface.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip pim interface interface-id sparse-mode enable Enable IP multicast routing.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip igmp interface interface-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

By default, multicast is disabled.

To disable multicast routing, use the ip pim interface interface-id sparse-mode disable global configuration command.

11.6.2.3 Configuring the IGMP Version

Beginning in privileged EXEC mode, follow these steps to configuring the igmp version.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Page 113: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 104 - - www.stephen-tele.com

Step 2 ip igmp interface interface-id

version { 1 | 2 }

Specify the IGMP version that the switch

uses.

Note:

If you change to Version 1, you cannot

configure the ip igmp query-interval or

the ip igmp query-max-response-time

interface configuration commands.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip igmp interface interface-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

By default, IGMP Version 2 is used.

�Note:

All routers on a subnet must support the same version of IGMP. After detecting the presence of IGMP Version 1

system, a router cannot automatically switch to Version 1.

11.6.2.4 Configuring the Interval to Send IGMP Query Message

Multicast routers send IGMP query messages to discover which multicast groups are present on attached networks. Multicast

routers send query messages periodically to refresh their knowledge of members present on their networks.

Beginning in privileged EXEC mode, follow these steps to configuring the Interval to Send IGMP Query Message.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip igmp query-interval seconds Configure the interval to send IGMP query

message

By default, the interval is 60 seconds.

Seconds is range from 1 to 65535.

Step 3 exit Return to privileged EXEC mode.

Step 4 write (Optional) Save your entries in the

configuration file.

When there are multiple multicast routers on a network segment, the querier is responsible for sending IGMP query messages

to all hosts on the LAN.

Page 114: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 105 - - www.stephen-tele.com

11.6.2.5 Configuring the Interval of Querying IGMP Packets

On the shared network, it is the query router (querier) that maintains IGMP membership on the interface. When an IGMP

querier receives an IGMP Leave Group message from a host, the last member query interval can be specified for

Group-Specific Queries.

� The host sends the IGMP Leave message.

� Upon receiving the message, IGMP querier sends the designated group IGMP query message for specified times (defined

by the robust-value in igmp robust-count, with the default value as 1 second) and at a time interval (defined by the

seconds in igmp lastmember-queryinterval, with the default value as 2).

� When other hosts reciver the message from the IGMP querier and are interested in this group, they return the IGMP

Memberhsip Report message within the defined maximum response time.

� If IGMP querier receives the report messges from other hosts within the period equal to robust-value × seconds, it

continues memberhship maintenance for this group.

� If it receives no report message from any other host within this peroid, it reckens

this as timeout and ends mebership maintenance for this group.

This command can be used only when the querier runs IGMP version 2, since a host running IGMP Version 1 does not send

IGMP Leave Group message when it leaves a group.

Beginning in privileged EXEC mode, follow these steps to configuring the Interval of Querying IGMP Packets

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip igmp last-query-interval senconds Configure interval for querying IGMP

packets

By default, the interval is 1 seconds.

Seconds is range from 1 to 65.

Step 3 exit Return to privileged EXEC mode.

Step 4 write (Optional) Save your entries in the

configuration file.

11.6.2.6 Changing the IGMP Query Timeout for IGMPv2

If you are using IGMPv2, you can specify the period of time before the switch takes over as the querier for the interface. By

default, the switch waits twice the query interval controlled by the ip igmp query-interval interface configuration command.

After that time, if the switch has received no queries,it becomes the querier.

You can configure the query interval by entering the show ip igmp interface interface-id privileged EXEC command.

Beginning in privileged EXEC mode, follow these steps to change the IGMP query timeout. This procedure is optional.

Page 115: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 106 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip igmp querier-timeout senconds Specify the IGMP query timeout.

The default is 60 seconds (twice the query

interval). The range is 60 to 300.

Step 3 exit Return to privileged EXEC mode.

Step 4 write (Optional) Save your entries in the

configuration file.

11.6.2.7 Changing the Maximum Query Response Time for IGMPv2

If you are using IGMPv2, you can change the maximum query response time advertised in IGMP queries. The maximum query

response time enables the switch to quickly detect that there are no more directly connected group members on a LAN.

Decreasing the value enables the switch to prune groups faster.

Beginning in privileged EXEC mode, follow these steps to change the maximum query response time.This procedure is

optional.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip igmp query-max-response seconds Change the maximum query response

time advertised in IGMP queries.

The default is 10 seconds. The range is 1

to 25.

Step 3 exit Return to privileged EXEC mode.

Step 4 write (Optional) Save your entries in the

configuration file.

11.6.2.8 Configuring a Router to Join Specified Multicast Group

Usually, the host operating IGMP will respond to IGMP query packet of the multicast router. In case of response failure, the

multicast router will consider that there is no multicast member on this network segment and will cancel the corresponding

path. Configuring one interface of the router as multicast member can avoid such problem. When the interface receives IGMP

query packet, the router will respond, thus ensuring that the network segment where the interface is connected can normally

receive multicast packets.

For an ethernet switch, you can configure a port in a VLAN interface to join a multicast group.

Beginning in privileged EXEC mode, follow these steps to configure a router to join specified multicast group.

Page 116: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 107 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip igmp interface interface-id join-group

group-address

Configure a router to join specified

multicast group

By default, a router joins no multicast

group.

Step 3 exit Return to privileged EXEC mode.

Step 4 write (Optional) Save your entries in the

configuration file.

To leave a group , use ip igmp interface interface-id leave-group group-address global configuration command.

11.6.2.9 Configuring the Switch as a Statically Connected Member

Sometimes there is either no group member on a network segment or a host cannot report its group membership by using

IGMP. However, you might want multicast traffic to go to that network segment. These are ways to pull multicast traffic down

to a network segment:

� Use the ip igmp interface interface-id join-group Globle configuration command. With this method, the switch accepts

the multicast packets in addition to forwarding them. Accepting the multicast packets prevents the switch from fast

switching.

� Use the ip igmp interface interface-id static-group globle configuration command. With this method, the switch does not

accept the packets itself, but only forwards them. This method enables fast switching. The outgoing interface appears in

the IGMP cache, but the switch itself is not a member, as evidenced by lack of an L (local) flag in the multicast route entry.

Beginning in privileged EXEC mode, follow these steps to configure the switch itself to be a statically connected member of a

group (and enable fast switching). This procedure is optional.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip igmp interface interface-id static-group add

group-address

Configure the switch as a statically

connected member of a group.

By default, this feature is disabled.

Step 3 exit Return to privileged EXEC mode.

Step 4 write (Optional) Save your entries in the

configuration file.

To remove the switch as a member of the group, use ip igmp interface interface-id static-group delete group-address globle

configuration command.

Page 117: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 108 - - www.stephen-tele.com

11.7 PIM-SM Configuration

11.7.1 PIM-SM Overview

11.7.1.1 Introduction to PIM-SM

PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly

applicable to large-scale networks with broad scope in which group members are relatively sparse.

Different from the flood & prune principle of the dense mode, PIM-SM assumes that all hosts do not need to receive multicast

packets, unless there is an explicit request for the packets.

PIM-SM uses the RP (Rendezvous Point) and the BSR (Bootstrap Router) to advertise multicast information to all PIM-SM

routers and uses the join/prune information of the router to build the RP-rooted shared tree (RPT), thereby reducing the

bandwidth occupied by data packets and control packets and reducing the process overhead of the router. Multicast data

flows along the shared tree to the network segments the multicast group members are on. When the data traffic is sufficient,

the multicast data flow can switch over to the SPT (Shortest Path Tree) rooted on the source to reduce network delay. PIM-SM

does not depend on the specified unicast routing protocol but uses the present unicast routing table to perform the RPF

check.

Running PIM-SM needs to configure candidate RPs and BSRs. The BSR is responsible for collecting the information from the

candidate RP and advertising the information.

11.7.1.2 PIM-SM Working Principle

The PIM-SM working process is as follows: neighbor discovery, building the RP-rooted shared tree (RPT), multicast source

registration and SPT switchover etc. The neighbor discovery mechanism is the same as that of PIM-DM, which will not be

described any more.

I. Build the RP shared tree (RPT)

When hosts join a multicast group G, the leaf routers that directly connect with the hosts send IGMP messages to learn the

receivers of multicast group G. In this way, the leaf routers calculate the corresponding rendezvous point (RP) for multicast

group G and then send join messages to the node of a higher level toward the rendezvous point (RP). Each router along the

path between the leaf routers and the RP will generate (*, G) entries in the forwarding table, indicating that all packets sent to

multicast group G are applicable to the entries no matter from which source they are sent. When the RP receives the packets

sent to multicast group G, the packets will be sent to leaf routers along the path built and then reach the hosts. In this way, an

RP-rooted tree (RPT) is built as shown in the following figure.

Page 118: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 109 - - www.stephen-tele.com

Figure 13-10 RPT schematic diagram

II. Multicast source registration

When multicast source S sends a multicast packet to the multicast group G, the PIM-SM multicast router directly connected to

S will encapsulate the received packet into a registration packet and send it to the corresponding RP in unicast form. If there

are multiple PIM-SM multicast routers on a network segment, the Designated Router (DR) will be responsible for sending the

multicast packet.

11.7.1.3 Preparations before Configuring PIM-SM

I. Configuring candidate RPs

In a PIM-SM network, multiple RPs (candidate-RPs) can be configured. Each Candidate-RP (C-RP) is responsible for forwarding

multicast packets with the destination addresses in a certain range. Configuring multiple C-RPs is to implement load balancing

of the RP. These C-RPs are equal. All multicast routers calculate the RPs corresponding to multicast groups according to the

same algorithm after receiving the C-RP messages that the BSR advertises.

It should be noted that one RP can serve multiple multicast groups or all multicast groups. Each multicast group can only be

uniquely correspondent to one RP at a time rather than multiple RPs.

II. Configuring BSRs

The BSR is the management core in a PIM-SM network. Candidate-RPs send announcement to the BSR, which is responsible

for collecting and advertising the information about all candidate-RPs. It should be noted that there can be only one BSR in a

network but you can configure multiple candidate-BSRs. In this case, once a BSR fails, you can switch over to another BSR. A

BSR is elected among the C-BSRs automatically. The C-BSR with the highest priority is elected as the BSR. If the priority is the

same, the C-BSR with the largest IP address is elected as the BSR.

Page 119: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 110 - - www.stephen-tele.com

III. Configuring static RP

The router that serves as the RP is the core router of multicast routes. If the dynamic RP elected by BSR mechanism is invalid

for some reason, the static RP can be configured to specify RP. As the backup of dynamic RP, static RP improves network

robusticity and enhances the operation and management capability of multicast network.

11.7.2 PIM-SM Configuration

1) PIM-SM basic configuration includes:

� Enabling Multicast

� Enabling PIM-SM

� Configuring the PIM-SM domain border

� Configuring candidate-BSRs

� Configuring candidate-RPs

� Configuring static RP

2) PIM-SM advanced configuration includes:

� Configuring the sending interval for the Hello packets of the interface

� Configuring the filtering of multicast source/group

� Configuring the filtering of PIM neighbor

� Configuring the maximum number of PIM neighbor on an interface

� Configuring RP to filter the register messages sent by DR

� Clearing multicast route entries from PIM routing table

� Clearing PIM neighbor

It should be noted that at least one router in an entire PIM-SM domain should be configured with Candidate-RPs and

Candidate-BSRs.

11.7.2.1 Enabling Multicast

Refer to 13.6.2.1

11.7.2.2 Enabling PIM-SM

This configuration can be effective only after multicast is enabled.

Beginning in privileged EXEC mode, follow these steps to enable PIM-SM.

Page 120: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 111 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip pim interface interface-id sparse-mode enable Enable IP multicast routing.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip igmp interface interface-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Repeat this configuration to enable PIM-SM on other interfaces. Only one multicast routing protocol can be enabled on an

interface at a time.

11.7.2.3 Configuring Candidate-BSRs

In a PIM domain, one or more candidate BSRs should be configured. A BSR (Bootstrap Router) is elected among candidate

BSRs. The BSR takes charge of collecting and advertising RP information.

The automatic election among candidate BSRs is described as follows:

One interface which has started PIM-SM must be specified when configuring the router as the candidate BSR.

At first, each candidate BSR considers itself as the BSR of the PIM-SM domain, and sends Bootstrap message by taking the IP

address of the interface as the BSR address.

When receiving Bootstrap messages from other routers, the candidate BSR will compare the BSR address of the newly

received Bootstrap message with that of itself. Comparison standards include priority and IP address. The bigger IP address is

considered better when the priority is the same. If the new BSR address is better, the candidate BSR will replace its BSR

address and stop regarding itself as the BSR.

Otherwise, the candidate BSR will keep its BSR address and continue to regard itself as the BSR.

Beginning in privileged EXEC mode, follow these steps to configure Candidate-BSRs.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip pim bsr-candidate interface-id [ priority priority ] Configure a candidate-BSR

By default, no BSR is set. The default

priority is 0.

Priority range is 0 to 255.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip pim bsr-router Verify your entries.

Page 121: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 112 - - www.stephen-tele.com

Step 5 write (Optional) Save your entries in the

configuration file.

Candidate-BSRs should be configured on the routers in the network backbone

Caution:

One router can only be configured with one candidate-BSR. When a candidate-BSR is configured on another

interface, it will replace the previous configuration.

11.7.2.4 Configuring Candidate-RPs

In PIM-SM, the shared tree built by the multicast routing data is rooted at the RP. There is a mapping from a multicast group

to an RP. A multicast group can be mapped to an RP. Different groups can be mapped to one RP.

Beginning in privileged EXEC mode, follow these steps to configure Candidate-RPs.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip pim rp-candidate interface-id [ priority priority ] Configure a candidate-RP

The default priority is 0.Priority range is 0 to

255.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip pim rp Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

When configuring RP, if the range of the served multicast group is not specified, the RP will serve all multicast groups.

Otherwise, the range of the served multicast group is the multicast group in the specified range. It is suggested to configure

Candidate RP on the backbone router.

11.7.2.5 Configuring Static RP

Static RP serves as the backup of dynamic RP, so as to improve network robusticity.

Beginning in privileged EXEC mode, follow these steps to configure static RP.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip pim rp-address set ip-address Configure static RP

Page 122: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 113 - - www.stephen-tele.com

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip pim rp Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

If static RP is in use, all routers in the PIM domain must adopt the same configuration. If the configured static RP address is the

interface address of the local router whose state is UP, the router will function as the static RP. It is unnecessary to enable PIM

on the interface that functions as static RP.

When the RP elected from BSR mechanism is valid, static RP does not work.

11.7.2.6 Modifying the PIM Router-Query Message Interval

PIM routers and multilayer switches send PIM router-query messages to find which device will be the DR for each LAN

segment (subnet). The DR is responsible for sending IGMP host-query messages to all hosts on the directly connected LAN.

With PIM SM operation, the DR is the device that is directly connected to the multicast source. It sends PIM register messages

to notify the RP that multicast traffic from a source needs to be forwarded down the shared tree. In this case, the DR is the

device with the highest IP address.

Beginning in privileged EXEC mode, follow these steps to modify the router-query message interval. This procedure is optional.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 ip pim query-interval seconds

Configure the frequency at which the

switch sends PIM router-query messages.

The default is 30 seconds. The range is 1

to 65535.

Step 3 exit Return to privileged EXEC mode.

Step 4 show ip igmp interface interface-id

Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

12 ACL Configuration

12.1 ACL Overview

A series match rules must be configured to recognize the packets before they are filtered. Only when packets are identified,

Page 123: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 114 - - www.stephen-tele.com

can the network take corresponding actions, allowing or prohibiting them to pass, according to the preset policies. Access

control list (ACL) is targeted to achieve these functions.

ACLs classify packets using a series of matching rules, which can be source addresses, destination addresses and port IDs. ACLs

can be used globally on the switch or just at a port, through which the switch determines whether to forward or drop the

packets.

The matching rules defined in ACLs can also be imported to differentiate traffic in other situations, for example, defining traffic

classification rules in QoS.

An ACL rule can include many sub-rules, which may be defined for packets of different size. Matching order involves in

matching an ACL.

12.2 configuring ACL

The ACL configuration tasks include:

� Define ACL

� Activate ACL

You are recommended to run the configuration tasks in order, that is, first define ACL and last activate the ACL.

12.2.1 Defining ACL

The switch supports several types of ACLs, which are described in this section. Follow these steps to define an ACL.

1) Enter the corresponding ACL configuration mode.

2) Define ACL sub-rules.

�Note:

� The ACL will be effective at any time after being activated.

� You can define multiple rules for the ACL by using the rule command several times.

� The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs.

Beginning in privileged EXEC mode, follow these steps to define ACL.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 access-list ruleid rule-id [deny | permit] priority

priority [port-list | default]

Enter the corresponding ACL configuration

mode.

Rule-id range is 1 to 999.

Priority range is 0 to 8, 8 is the highest

level.

Port-list indicate the rule binding port

Page 124: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 115 - - www.stephen-tele.com

member, format is port-number + m, such

as 01m.

Default indicate all ports.

Step 3 subset ip {any | source-add source-mask} [dst-add

dst-mask]

Setting based ip ACL rule.

Setting based MAC ACL rule.

Setting based protocol ACL rule.

Setting based VLAN ID ACL rule.

subset mac {any | dst-mac} {any | source-mac}

subset protocol {type-number | igmp | ipinip |

ospf | pim | icmp | tcp [src-port src-port |

dst-port dst-port | established [src-port src-port |

dst-port dst-port]] | udp [src-port src-port |

dst-port dst-port ]}

subset vlan-id vlan-id

Step 4 exit Return to privileged EXEC mode.

Step 4 show access-list ruleid rule-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete a ACL, use no access-list ruleid rule-id global configuration command.

Command Attributes:

� Source-add/Dest-add – Specifies the source or destination IP address. Use “Any” to match any address.

� Source-mask/dst-mask – Source or destination address of rule must match this subnet mask. When source or destination

IP address is a host, the mask must be 255.255.255.255; when source or destination IP address is network address, the

mask must be corresponding subnet mask.

� Source-mac/dst-mac – Source or destination MAC address, Use “Any” to include all possible addresses

� Type-number - indicates a specific protocol number (0-255).

� Source-port/Dest-Port – Source/destination port number for the specified protocol type. (Range: 0-65535)

12.2.2 Activating ACL

After activating an ACL, you must activate it. This configuration activates those ACLs to filter or classify the packets forwarded

by hardware.

Beginning in privileged EXEC mode, follow these steps to active ACLs.

Page 125: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 116 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 packet-filter enable ruleid rule-id Activating ACL.

Step 3 exit Return to privileged EXEC mode.

Step 4 show access-list ruleid rule-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To inactive a ACL, use packet-filter disable ruleid rule-id global configuration command.

12.3 configuring Default ACL

When you configured a ACL on a port, the system auto create a default ACL on the port and the default ACL’s rule permit any

packet. So when you need the switch deny any packet on a port you should configure the default ACL manually.

Beginning in privileged EXEC mode, follow these steps to configure default ACL.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 access-list default set port-list {deny | permit} Configuring default ACL.

Step 3 exit Return to privileged EXEC mode.

Step 4 show access-list default Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

12.4 ACL Configuration Example

I. Networking requirement

The intranet is connected through 100 Mbps ports between departments. The server of the financial department is connected

through the port 1 (subnet address 129.110.1.2). With proper ACL configuration, the CEO’s office can access the server, but

other departments can not access it.

II. Networking diagram

Page 126: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 117 - - www.stephen-tele.com

Figure 14-1 Networking for advanced ACL configuration

III. Configuration procedure

13 QoS Configuration

Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch

due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority

queue will be transmitted before those in the lower-priority queues. You can set the priority for each interface, and configure

the mapping of frame priority tags to the switch’s priority queues.

Mapping CoS Values to Egress Queues

This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service

schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p.

The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following

table.

Table 15-1 Egress Queue Priority Mapping

Queue 0 1 2 3 4 5 6 7

Priority 0 1 2 3 4 5 6 7

Page 127: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 118 - - www.stephen-tele.com

The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following

table.

Table 15-2 CoS Priority Levels

0 Best Effort

1 Background

2 (Spare)

3 Excellent Effort

4 Controlled Load

5 Video, less than 100 milliseconds latency and jitter

6 Voice, less than 10 milliseconds latency and jitter

7 Network Control

13.1 Setting the Queue Mode

You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be

processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative

weight of each queue. WRR uses a predefined relative weight for each queue that determines the percentage of service time

the switch services each queue before moving on to the next queue. This prevents the head-of-line blocking that can occur

with strict priority queuing.

Beginning in privileged EXEC mode, follow these steps to set the Queue mode.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 traffic-policy running-mode {strict-queue |

weighted-queue }

Setting the Queue running mode.

Step 3 exit Return to privileged EXEC mode.

Step 4 show traffic-policy all Verify your entries.

Step 5 write (Optional) Save your entries in the configuration

file.

Page 128: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 119 - - www.stephen-tele.com

13.2 Setting the Priority for Port

You can specify the port priority for each port on the switch. All untagged packets entering the switch are tagged with the

specified port priority, and then sorted into the appropriate priority queue at the output port.

This switch provides four priority queues for each port. It uses Weighted Round Robin to prevent head-of-queue blockage.

The t priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and

tagged frames). This priority does not apply to IEEE 802.1Q VLAN tagged frames. If the incoming frame is an IEEE 802.1Q VLAN

tagged frame, the IEEE 802.1p User Priority bits will be used.

If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to

transmission.

Beginning in privileged EXEC mode, follow these steps to set port priority.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 traffic-policy link-group set group-id port –list

local-precedence priority

Creating the link-group to set priority for

the port.

Group-id - range is 1 to 26.

Port-list – format is port-number + m, such

as 01m.

Priority – range is 0 to 7, 7 is the highest

precedence.

Step 3 traffic-policy link-group enable group-id Enable the traffic policy to set priority for

the port.

Step 4 exit Return to privileged EXEC mode.

Step 5 show traffic-policy all Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

To delete the link-group, use no traffic-policy link-group group-id global configuration command.

To disable traffic policy to set the priority for the port, use traffic-policy link-group disable group-id global configuration

command.

13.3 Mapping IP Precedence

The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging

from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are

mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth). Bits 6 and 7 are

used for network control, and the other bits for various application types. ToS bits are defined in the following table.

Page 129: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 120 - - www.stephen-tele.com

Table 15-3 Mapping IP Precedence

Priority Level Traffic Type

0 Routine

1 Priority

2 Immediate

3 Flash

4 Flash Override

5 Critical

6 Internetwork Control

7 Network Control

Beginning in privileged EXEC mode, follow these steps to enable IP precedence to map to local precedence.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 traffic-policy tos set default [port-list] Creating IP precedence one-to-one map

to local precedence policy for port.

Port-list – format is port-number + m,

such as 01m.

Step 3 traffic-policy tos enable Enable the traffic policy of mapping IP

precedence.

Step 4 exit Return to privileged EXEC mode.

Step 5 show traffic-policy all Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

To disable traffic policy of mapping IP precedence, use traffic-policy tos disable global configuration command.

13.4 Changing Priorities Based on ACL Rules

You can change traffic priorities for frames matching the defined ACL rule.

�Note:

Before initiating any of these QoS configuration tasks, you should first define the corresponding ACL. Then you can

achieve packet filtering just by activating the right ACL.

Beginning in privileged EXEC mode, follow these steps to change priorities Based on ACL rules.

Page 130: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 121 - - www.stephen-tele.com

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 traffic-policy acl-group set group-id access-list

ruleid rule-id local-precedence precedence

Creating Based on ACL rules traffic policy.

Group-id – Based on ACL rules traffic

policy group ID (range: 0 to 999).

Precedence – range : 0 to 7, 7 is the

highest precedence.

Step 3 traffic-policy acl-group enable group-id Enable the traffic policy Based on ACL

rules.

Step 4 exit Return to privileged EXEC mode.

Step 5 show traffic-policy all Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

To disable traffic policy Based on ACL rules, use traffic-policy acl-group disable group-id global configuration command.

14 802.1x Configuration

14.1 802.1x Overview

14.1.1 802.1x Standard Overview

IEEE 802.1x (hereinafter simplified as 802.1x) is a Port Based Network Access Control protocol. IEEE issued it in 2001 and

suggested the related manufacturers should use the protocol as the standard protocol for LAN user access authentication. The

802.1x originated from the IEEE 802.11 standard, which is the standard for wireless LAN user access. The initial purpose of

802.1x was to implement the wireless LAN user access authentication. Since its principle is commonly applicable to all the

LANs complying with the IEEE 802 standards, the protocol finds wide application in wired LANs.In the LANs complying with the

IEEE 802 standards, the user can access the devices and share the resources in the LAN through connecting the LAN access

control device like the LAN Switch. However, in telecom access, commercial LAN (a typical example is the LAN in the office

building) and mobile office etc., the LAN providers generally hope to control the user’s access. In these cases, the requirement

on the above-mentioned “Port Based Network Access Control” originates.

As the name implies, “Port Based Network Access Control” means to authenticate and control all the accessed devices on the

port of LAN access control device. If the user’s device connected to the port can pass the authentication, the user can access

Page 131: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 122 - - www.stephen-tele.com

the resources in the LAN. Otherwise, the user cannot access the resources in the LAN. It equals that the user is physically

disconnected.

802.1x defines port based network access control protocol and only defines the point-to-point connection between the access

device and the access port. The port can be either physical or logical. The typical application environment is as follows: Each

physical port of the LAN Switch only connects to one user workstation (based on the physical port) and the wireless LAN

access environment defined by the IEEE 802.11 standard (based on the logical port), etc.

14.1.2 802.1x System Architecture

The system using the 802.1x is the typical C/S (Client/Server) system architecture. It contains three entities, which are

illustrated in the following figure: Supplicant System,Authenticator System and Authentication Sever System.

The LAN access control device needs to provide the Authenticator System of 802.1x.The devices at the user side such as the

computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by CHIMA

(or by Microsoft Windows XP). The 802.1x Authentication Sever system normally stays in the carrier’s AAA center.

Authenticator and Authentication Sever exchange information through EAP (Extensible Authentication Protocol) frames. The

Supplicant and the Authenticator exchange information through the EAPoL (Extensible Authentication Protocol over LANs)

frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the

packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the

Authentication Server. Such procedure is called EAP Relay.

There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port. The

Uncontrolled Port is always in bi-directional connection state. The user can access and share the network resources any time

through the ports.The Controlled Port will be in connecting state only after the user passes the authentication. Then the user

is allowed to access the network resources.

Page 132: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 123 - - www.stephen-tele.com

Figure 16-1 802.1x system architecture

14.1.3 802.1x Authentication Process

802.1x configures EAP frame to carry the authentication information. The Standard defines the following types of EAP frames:

� EAP-Packet: Authentication information frame, used to carry the authentication information.

� EAPoL-Start: Authentication originating frame, actively originated by the Supplicant.

� EAPoL-Logoff: Logoff request frame, actively terminating the authenticated state.

� EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.

� EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert Standard Forum (ASF).

The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant and the Authenticator. The EAP-Packet

information is re-encapsulated by the Authenticator System and then transmitted to the Authentication Server System. The

EAPoL-Encapsulated-ASF-Alert is related to the network management information and terminated by the Authenticator.

802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the

scheme. The administrator of the access device should configure RADIUS or local authentication so as to assist 802.1x to

implement the user ID authentication.

14.1.4 Implement 802.1x on Ethernet Switch

This Series Ethernet Switches not only support the port access authentication method regulated by 802.1x, but also extend

and optimize it in the following way:

� Support to connect several End Stations in the downstream via a physical port.

� The access control (or the user authentication method) can be based on MAC address.

In this way, the system becomes much securer and easier to manage.

14.2 802.1x Configuration

The Main 802.1x configuration includes:

� Enabling/Disabling 802.1x

� Setting port authentication state

� Setting maximum number of users via each port

14.2.1 Enabling/Disabling 802.1x

The following command can be used to enable/disable the 802.1x on globally.

Page 133: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 124 - - www.stephen-tele.com

Beginning in privileged EXEC mode, follow these steps to enable/disable 802.1x.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dot1x system-auth-control enable Enable 802.1x.

Step 3 exit Return to privileged EXEC mode.

Step 4 show dot1x system-auth-control Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable 802.1x ,use dot1x system-auth-control disable global configuration command.

14.2.2 Setting port authentication state

The following command can be used to set port authentication state.

Beginning in privileged EXEC mode, follow these steps to set port authentication state.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dot1x ports port-list Set port authentication state.

Port-list: format is port-number+”m/-“;

“m” indicate member,”-“ indicate not a

member.

Step 3 exit Return to privileged EXEC mode.

Step 4 show dot1x ports Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

14.2.3 Setting Supplicant Number on a Port

The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified,

all the ports accept the same number of supplicants.

Beginning in privileged EXEC mode, follow these steps to set maximum number of users via each port.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dot1x multiple-host-num number Set maximum number of users via each

port.

Number range is 1 to 256.

Page 134: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 125 - - www.stephen-tele.com

Step 3 exit Return to privileged EXEC mode.

Step 4 show dot1x ports Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

14.3 802.1x Configuration Example

I. Networking requirements

As shown in the following figure, the workstation of a user is connected to the port 1 of the Switch.

The switch administrator will enable 802.1x on all the ports to authenticate the supplicants so as to control their access to the

Internet. The access control mode is configured as based on the MAC address.

A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2 respectively, is connected to the switch. The

former one acts as the primary-authentication/accounting server. The latter one acts as the secondary-authentication/

ccounting server. Set the encryption key as “test” when the system exchanges packets with the RADIUS server.

Configure the system to transmit a real-time accounting packet to the RADIUS server every 15 minutes.

The user name of the local 802.1x access user is local user and the password is local pass (input in plain text).

II. Networking diagram

Figure 16-2 Enabling 802.1x and RADIUS to perform AAA on the supplicant

Page 135: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 126 - - www.stephen-tele.com

III. Configuration procedure

�Note:

The following examples concern most of the RADIUS configuration commands.

For details, refer to the chapter RADIUS Protocol Configuration.

# Configure 802.1x

switch(config)#dot1x system-auth-control enable

switch(config)#dot1x ports 01m

# Configure radius client service

switch(config)#radiusclient ipaddress 10.1.1.254

switch(config)#radiusclient service enable

switch(config)#radiusclient accounting interval 1

#Configure radius server

switch(config)#radiusserver master_ipaddress 10.1.1.1

switch(config)#radiusserver slave_ipaddress 10.1.1.2

switch(config)#radiusserver master_port 1812 1813

switch(config)#radiusserver slave_port 1812 1813

switch(config)#radiusserver master_key test

switch(config)#radiusserver slave_key test

Page 136: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 127 - - www.stephen-tele.com

15 RADIUS Protocol Configuration

15.1 RADIUS Protocol Overview

I. What is RADIUS

Remote Authentication Dial-In User Service, RADIUS for short, is a kind of distributed information switching protocol in

Client/Server architecture. RADIUS can prevent the network from interruption of unauthorized access and it is often used in

the network environments requiring both high security and remote user access. For example, it is often used for managing a

large number of scattering dial-in users who use serial ports and modems. RADIUS system is the important auxiliary part of

Network Access Server (NAS).

After RADIUS system is started, if the user wants to have right to access other network or consume some network resources

through connection to NAS (dial-in access server in PSTN environment or Ethernet switch with access function in Ethernet

environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.RADIUS server has a user

database recording all the information of user authentication and network service access. When receiving user’s request from

NAS, RADIUS server performs AAA through user database query and update and returns the configuration information and

accounting data to NAS. Here, NAS controls supplicant and corresponding connections, while RADIUS protocol regulates how

to transmit configuration and accounting information between NAS and RADIUS.

NAS and RADIUS exchange the information with UDP packets. During the interaction,both sides encrypt the packets with keys

before uploading user configuration information (like password etc.) to avoid being intercepted or stolen.

II. RADIUS operation

RADIUS server generally uses proxy function of the devices like access server to perform user authentication. The operation

process is as follows: First, the user send request message (the client username and encrypted password is included in the

message ) to RADIUS server. Second, the user will receive from RADIUS server various kinds of response messages in which the

ACCEPT message indicates that the user has passed the authentication, and the REJECT message indicates that the user has

not passed the authentication and needs to input username and password again, otherwise he will be rejected to access.

Page 137: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 128 - - www.stephen-tele.com

15.2 Implementing RADIUS on Ethernet Switch

By now, we understand that in the above-mentioned RADIUS framework, SPEED Series Ethernet Switches, serving as the user

access device or NAS, is the client end of RADIUS. In other words, the RADIUS concerning client-end is implemented on SPEED

Series Ethernet Switches.

15.3 Configuring RADIUS Protocol

RADIUS protocol configuration includes:

� Enable/disable radius client service

� Setting radius client ip address

� Setting a real-time accounting interval

� Setting IP Address of RADIUS Server

� Setting Port Number of RADIUS Server

� Setting RADIUS packet encryption key

15.3.1 Enable/disable radius client service

Beginning in privileged EXEC mode, follow these steps to enable radius client service.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 radiusclient service enable Enable radius client service.

Step 3 exit Return to privileged EXEC mode.

Step 4 show radiusclient service Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable radius client service ,use radiusclient service disable global configuration command.

15.3.2 Setting radius client ip address

Beginning in privileged EXEC mode, follow these steps to setting radius client ip address.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 radiusclient ipaddress ip-address Setting radius client ip address.

Ip-address is vlan interface ip address.

Page 138: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 129 - - www.stephen-tele.com

Step 3 exit Return to privileged EXEC mode.

Step 4 show radiusclient ipaddress Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

15.3.3 Setting a Real-time Accounting Interval

To implement real-time accounting, it is necessary to set a real-time accounting interval.After the attribute is set, NAS will

transmit the accounting information of online users to the RADIUS server regularly.

You can use the following command to set a real-time accounting interval.

Beginning in privileged EXEC mode, follow these steps to setting a real-time accounting interval.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 radiusclient accounting interval minutes Setting a real-time accounting interval.

Minutes must be same as radius server

setting.

When minutes is set to 0 ,the radius client

does not sent update message to radius

server.

Step 3 exit Return to privileged EXEC mode.

Step 4 show radiusclient accounting interval Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

15.3.4 Setting IP Address of RADIUS Server

Set IP addresses for the RADIUS servers, including primary/second authentication/authorization servers and accounting

servers.

You can use the following commands to configure the IP address for RADIUS servers.

Beginning in privileged EXEC mode, follow these steps to setting ip address for radius server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 radiusserver master_ipaddress ip-address Setting ip address for master radius

server.

Page 139: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 130 - - www.stephen-tele.com

Step 3 radiusserver slave_ipaddress ip-address (optional) Setting ip address for slave

radius server

Step 4 show radiusserver master_ipaddress Verify your entries.

Step 5 show radiusserver slave_ipaddress Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

By default, all the IP addresses of primary/second authentication/authorization and accounting servers are 0.0.0.0.

15.3.5 Setting Port of RADIUS Server

Set port for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers.

You can use the following commands to configure the port number for RADIUS servers.

Beginning in privileged EXEC mode, follow these steps to setting port for radius server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 radiusserver master_port authentication-port

account-port

Setting port for master radius server.

Step 3 radiusserver slave_port authentication-port

account-port

(optional) Setting port for slave radius

server

Step 4 show radiusserver master_port Verify your entries.

Step 5 show radiusserver slave_port Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

15.3.6 Setting RADIUS Packet Encryption Key

RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the exchanged packets. The two ends verify

the packet through setting the encryption key.Only when the keys are identical can both ends to accept the packets from each

other end and give response.

You can use the following commands to set the encryption key for RADIUS packets.

Beginning in privileged EXEC mode, follow these steps to setting radius packet encryption key.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 radiusserver master_key string Setting encryption key for master radius

server.

Page 140: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 131 - - www.stephen-tele.com

Step 3 radiusserver slave_key string (optional) Setting encryption key for slave

radius server

Step 4 show radiusserver master_key Verify your entries.

Step 5 show radiusserver slave_key Verify your entries.

Step 6 write (Optional) Save your entries in the

configuration file.

By default, the keys of RADIUS authentication/authorization and accounting packets are all “test”.

16 DHCP Protocol Configuration

This chapter describes how to configure DHCP Server and DHCP Relay features on the switch.

16.1 DHCP Relay configuration

16.1.1 Brief Introduction to DHCP Relay

With the extension of network and improving of network complexity, network configuration is becoming more and more

complex. Dynamic Host Configuration Protocol (DHCP) is issued to ease user’s fast accessing and exiting the network and

improve utilization of the IP addresses in places where computers should be often moved (e.g., portable computer or wireless

network is used) or the host number exceeds the number of IP addresses which can be allocated. DHCP works in Client/Server

mode. With this protocol, the DHCP Client can dynamically request configuration information and the DHCP Server can

configure the information for the Client conveniently.

In the early days, the DHCP was only suitable for the case, when the DHCP Client and DHCP Server locate on the same subnet,

and could not work across the network segments. If the early DHCP is used to dynamically configure the host, each subnet

should be equipped with a DHCP Server, which is obviously uneconomical. The introduction of DHCP relay solves this difficulty.

The DHCP relay serves as relay between the DHCP Client and the DHCP Server located on different subnets. The DHCP packets

can be relayed to the destination DHCP Server (or Client) across network segments. Thereby, the DHCP clients on different

networks can use the same DHCP Server. This is economical and convenient for centralized management.

Page 141: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 132 - - www.stephen-tele.com

Figure 18-1 DHCP Relay typical application

DHCP Relay work on this principle:

� In the startup and DHCP initialization, DHCP Client advertises configuration request messages to the local network.

� If there is a DHCP Server in the local network, you can initiate DHCP configuration directly, with DHCP Relay unnecessary.

� Otherwise, when a device with DHCP Relay enabled which is connected with the local network receives the messages, it

will make necessary processing and forward them to the designated DHCP Server on other network.

� DHCP Server makes configurations according to the information from DHCP Client and sends the configuration result via

DHCP Relay back to DHCP Client.

In practice, several times of interaction behaviors may be required in the dynamic configuration of DHCP Client.

16.1.2 Configuring DHCP Relay

DHCP relay configuration includes:

� Specifying VLAN interface to forward DHCP packets.

� Configuring the IP Address of a DHCP Server.

� Enabling/disabling DHCP Relay service.

16.1.2.1 Specifying VLAN interface to forward DHCP packets

Beginning in privileged EXEC mode, follow these steps to specify VLAN interface to forward DHCP packets.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcpr listen add index vlan-interface Specifying VLAN interface to forward DHCP

packets

Vlan-interface format is vint+interface-id

Page 142: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 133 - - www.stephen-tele.com

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcpr listen Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete VLAN interface of forwarding DHCP packets, use dhcpr listen delete index global configuration command.

16.1.2.2 Configuring the IP Address of a DHCP Server

Beginning in privileged EXEC mode, follow these steps to configure the IP Address of a DHCP Server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcpr targetip add index server-ipaddress Configuring the IP address of a DHCP

Server.

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcpr targetip Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete the IP address of a DHCP Server, use dhcpr targetip del index global configuration command.

16.1.2.3 Enabling/disabling DHCP Relay service

Beginning in privileged EXEC mode, follow these steps to enable DHCP Relay service.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcpr service enable Enable DHCP Relay service.

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcpr service Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable DHCP Relay service, use dhcpr service disable global configuration command.

16.2 DHCP Server configuration

The switch can act as a DHCP server. This switch includes a Dynamic Host Configuration Protocol (DHCP) server that can assign

temporary IP addresses to any attached host requesting service. It can also provide other network settings such as the domain

Page 143: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 134 - - www.stephen-tele.com

name, default gateway, Domain Name Servers (DNS) etc. Addresses can be assigned to clients from a common address pool

configured for a specific IP interface on this switch.

16.2.1 Configuring DHCP Relay

DHCP Server configuration includes:

� Specifying VLAN interface to forward DHCP packets.

� Enabling/disabling DHCP Server service.

� Add IP address pool .

� Setting DNS for DHCP Server (optional)

� Setting lease time for DHCP Server (optional).

16.2.1.1 Specifying VLAN interface to forward DHCP packets

Beginning in privileged EXEC mode, follow these steps to specify VLAN interface to forward DHCP packets.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcps listen add index vlan-interface Specifying VLAN interface to forward

DHCP packets

Vlan-interface format is vint+interface-id

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcps listen Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete VLAN interface of forwarding DHCP packets, use dhcps listen delete index global configuration command.

16.2.1.2 Enabling/disabling DHCP Server service

Beginning in privileged EXEC mode, follow these steps to enable DHCP Server service.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcps service enable Enable DHCP Relay service.

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcps service Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 144: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 135 - - www.stephen-tele.com

To disable DHCP Server service, use dhcps service disable global configuration command.

16.2.1.3 Add IP address pool

Beginning in privileged EXEC mode, follow these steps to add IP address pool.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcps addresspool add name start-ip end-ip gate-way

net-mask [dns1 dns1-ip | dns2 dns2-ip |leasetime

seconds | parameters string]

Add IP address pool

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcps addresspool Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete IP address pool, use dhcps addresspool del name global configuration command.

16.2.1.4 Setting DNS for DHCP Server (optional)

Beginning in privileged EXEC mode, follow these steps to set DNS for DHCP Server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcps dns dns-ip Setting DNS for DHCP Server.

Step 3 exit Return to privileged EXEC mode.

Step 4 show dhcps dns Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

16.2.1.5 Setting lease time for DHCP Server (optional)

Beginning in privileged EXEC mode, follow these steps to set DNS for DHCP Server.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 dhcps leasetime seconds Setting lease time for DHCP Server.

By default seconds is 691200.

Step 3 exit Return to privileged EXEC mode.

Page 145: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 136 - - www.stephen-tele.com

Step 4 show dhcps dns Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

16.3 DHCP Protocol Configuration Example

16.3.1 DHCP Relay Configuration Example

I. Networking requirements

The segment address for DHCP Client is 10.110.0.0, which is connected to a port in the VLAN2 on the switch. The IP address of

DHCP Server is 202.38.1.2. The DHCP packets should be forwarded via the switch with DHCP Relay enabled. DHCP Client can

get IP address and other configuration information from DHCP Server.

II. Networking diagram

Figure 18-2 Networking diagram of configuring DHCP relay

III. Configuration procedure

# Configure VLAN and specify IP address for VLAN

switch(config)#vlan static set vid 1 01-

switch(config)#vlan static add vid 2 01u

switch(config)#vlan port pvid 1 2

switch(config)#ip address add vint 1 202.38.1.1 255.255.255.0 vid 1

switch(config)#ip address add vint 2 10.110.1.1 255.255.255.0 vid 2

# Configure DHCP Relay

switch(config)#dhcpr listen add 1 vint1

Page 146: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 137 - - www.stephen-tele.com

switch(config)#dhcpr listen add 2 vint2

switch(config)#dhcpr targetip add 1 202.38.1.2

switch(config)#dhcpr service enable

16.3.2 DHCP Server Configuration Example

I. Networking requirements

The segment address for DHCP Client is 10.110.0.0, which is connected to a port in the VLAN2 on the switch. When DHCP

Server service enabled. DHCP Client can get IP address and other configuration information from DHCP Server.

II. Networking diagram

Figure18-3 Networking diagram of configuring DHCP Server

III. Configuration procedure

# Configure VLAN and specify IP address for VLAN

switch(config)#vlan static set vid 1 01-

switch(config)#vlan static add vid 2 01u

switch(config)#vlan port pvid 1 2

switch(config)#ip address add vint 2 10.110.1.1 255.255.255.0 vid 2

# Configure DHCP Server

switch(config)#dhcps listen add 1 vint2

switch(config)#dhcps service enable

switch(config)#dhcps addresspool add pool1 10.110.1.2 10.110.1.254 10.110.1.1 255.255.255.0 dns1 202.96.128.68 dns2

211.95.193.97

Page 147: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 138 - - www.stephen-tele.com

17 SNMP Configuration

17.1 SNMP Overview

By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer

networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the

transmission of the management information between any two nodes. In this way,network administrators can easily search

and modify the information on any node on the network. In the meantime, they can locate faults promptly and implement the

fault diagnosis, capacity planning and report generating. SNMP adopts the polling mechanism and provides the most basic

function set. It is most applicable to the small-sized, fast-speed and low-cost environment. It only requires the unverified

transport layer protocol UDP; and is thus widely supported by many other products.

In terms of structure, SNMP can be divided into two parts, namely, Network Management Station and Agent. Network

Management Station is the workstation for running the client program. At present, the commonly used NM platforms include

Sun NetManager and IBM NetView. Agent is the server software operated on network devices. Network Management Station

can send GetRequest, GetNextRequest and SetRequest messages to the Agent. Upon receiving the requests from the Network

Management Station, Agent will perform Read or Write operation according to the message types, generate and return the

Response message to Network Management Station. On the other hand, Agent will send Trap message on its own initiative to

the Network Management Station to report the events whenever the device encounters any abnormalities such as new device

found and restart.

17.2 SNMP Versions and Supported MIB

To uniquely identify the management variables of a device in SNMP messages, SNMP adopts the hierarchical naming scheme

to identify the managed objects. It is like a tree.A tree node represents a managed object, as shown in the figure below. Thus

the object can be identified with the unique path starting from the root.

Page 148: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 139 - - www.stephen-tele.com

Figure 19-1 Architecture of the MIB tree

The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined

by the standard variables of the monitored network device. In the above figure, the managed object B can be uniquely

specified by a string of numbers {1.2.1.1}. The number string is the Object Identifier of the managed object.

The current SNMP Agent of Ethernet switch supports SNMP V1, V2C and V3. The MIBs supported are listed in the following

table.

Table 19-1 MIBs supported by the Ethernet Switch

MIB attribute

MIB content

References

Public MIB

MIB II based on TCP/IP network device

RFC1213

BRIDGE MIB

RFC1493

RFC2675

RIP MIB

RFC1724

RMON MIB

RFC2819

Ethernet MIB

RFC2665

OSPF MIB

RFC1253

IF MIB

RFC1573

Private MIB

VLAN MIB

Device management

Page 149: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 140 - - www.stephen-tele.com

17.3 Configure SNMP

The main configuration of SNMP includes:

� Set community Name

� Set the Destination Address of Trap

� Set Trap parameters

17.3.1 Setting Community Name

SNMP V1 and SNMPV2C adopt the community name authentication scheme. The SNMP message incompliant with the

community name accepted by the device will be discarded. SNMP Community is named with a character string, which is called

Community Name. The various communities can have read-only or read-write access mode. The community with read-only

authority can only query the device information, whereas the community with read-write authority can also configure the

device. Beginning in privileged EXEC mode, follow these steps to set Community Name.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 snmp community set index string {read-only|

read-write }

Set community string.

Index: range is 1 to 8.

Step 3 exit Return to privileged EXEC mode.

Step 4 show snmp community Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete community string ,use snmp community delete index global configuration command.

17.3.2 Setting the Destination Address of Trap

You can use the following commands to set or delete the destination address of the trap.

Beginning in privileged EXEC mode, follow these steps to set the Destination Address of Trap.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 snmp traps host host-number hostaddr ip-address

[port udp-port]

Set the destination address of trap.

Host-number: range is 1 to 3.

Step 3 exit Return to privileged EXEC mode.

Step 4 show snmp traps Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

Page 150: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 141 - - www.stephen-tele.com

17.3.3 Setting Trap Parameters

You can use the following commands to set trap parameters.

Beginning in privileged EXEC mode, follow these steps to set trap parameters.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 snmp traps parameters index mpmodel {v1 |v2c | v3}

securemodel {v1 | v2c | usm} securename string

securelevel {AuthNoPriv |AuthPriv |noAuthNoPriv }

Set trap parameters.

Step 3 exit Return to privileged EXEC mode.

Step 4 show snmp traps Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

17.4 SNMP Configuration Example

I. Networking requirements

Network Management Station and the Ethernet switch are connected via the Ethernet. The IP address of Network

Management Station is 129.102.149.23 and that of the VLAN interface on the switch is 129.102.0.1. Perform the following

configurations on the switch: setting the community name and set trap host address.

II. Networking diagram

Figure 19-2 SNMP configuration example

III. Configuration procedure

# Configure community string

switch(config)#snmp community set 1 public read-write

# Configure trap host

Page 151: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 142 - - www.stephen-tele.com

switch(config)#snmp traps host 1 hostaddr 129.102.149.23

18 VRRP Configuration

18.1 VRRP Overview

Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.1 as

shown in the following internetworking diagram) will be configured for every host on a network, so that the packets destined

to some other network segment from the host will go through the default route to the Layer 3 Switch1, implementing

communication between the host and the external network. If Switch1 is down, all the hosts on this segment taking Switch1 as

the next-hop on the default route will be disconnected to the external network.

VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet) settles the above problem. The diagram

below is taken as an example to explain the implementation principal of VRRP. VRRP combines a group of LAN switches

(including a Master and several Backups) into a virtual router (a backup group).

Page 152: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 143 - - www.stephen-tele.com

This virtual router has its own IP address: 10.100.10.1 (which can be the interface address of a switch within the virtual router).

The switches within the virtual router have their own IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3

for the BACKUP switch). The host on the LAN only knows the IP address of this virtual router 10.100.10.1, but not the specific

IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the BACKUP switch. They configure their own default routes

as the IP address of this virtual router: 10.100.10.1. Therefore, hosts within the network will communicate with the external

network through this virtual router. If a Master switch in the virtual group breaks down, another BACKUP switch will function

as the new Master switch to continue serving the host with routing to avoid interrupting the communication between the host

and the external networks.

18.2 Configuring VRRP

Note:

Before you configure VRRP, you must confirm the ARP PROXY service already enabled. Enabling ARPRPOXY service use

arp proxy service enable global configuration command.

VRRP configuration includes:

� Set Correspondence between Virtual IP Address and MAC Address

� Add/Remove virtual IP address

� Configure the priority of switches in the virtual router.

� Enable the preemption mode

� Configure timer of the virtual router

� Configure to track a specified interface

Page 153: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 144 - - www.stephen-tele.com

18.2.1 Adding/Deleting a Virtual IP Address

The following command is used for assigning an IP address of the local segment to a virtual router or removing an assigned

virtual IP address of a virtual router from the virtual address list.

Beginning in privileged EXEC mode, follow these steps to add a Virtual IP address.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vrrp add vrid virtual-router-ID

virtual-ip virtual-ipaddress interface-id

Adding a Virtual IP address.

Virtual-router-id range is 1 to 255;

Interface-id format is vint+number, such

as vint1.

Step 3 exit Return to privileged EXEC mode.

Step 4 show vrrp configuration interface-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To delete a virtual IP address, use the vrrp delete vrid virtual-router-ID virtual-ip virtual-ipaddress interface-id global

configuration command.

The virtual-router-ID covers the range from 1 to 255. The virtual-address can be an unused address in the network segment

where the virtual router resides, or the IP address of an interface in the virtual router. If the IP address is of the switch, it can

also be configured. In this case, the switch will be called an IP Address Owner. When adding the first IP address to a virtual

router, the system will create a new virtual router accordingly. When adding new address to this backup group thereafter, the

system will directly add it into the virtual IP address list.

After the last virtual IP address is removed from the virtual router, the whole virtual router will also be removed. That is, there

is no more virtual router on the interface any more and any configuration of it is invalid accordingly.

18.2.2 Configuring the Priority of Switches in the Virtual Router

The status of each switch in the virtual router will be determined by its priority in VRRP.The switch with the highest priority

will become the Master.

The priority ranges from 0 to 255 (the greater the number, the higher the priority). However the value can only be taken from

1 to 254. The priority 0 is reserved for special use and 255 is reserved for the IP address owner by the system.

Beginning in privileged EXEC mode, follow these steps to Configure the Priority of Switches in the Virtual Router.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Page 154: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 145 - - www.stephen-tele.com

Step 2 vrrp set vrid virtual-router-ID priority priority Configure the priority of switches in the

virtual Router

By default, the priority is 100,it’s range is

1to 254

Step 3 exit Return to privileged EXEC mode.

Step 4 show vrrp configuration vrid virtual-router-ID Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

18.2.3 Configuring Preemption for a Switch within a Virtual Router

Once a switch in the virtual router becomes the Master switch, so long as it still functions properly, other switches, even

configured with a higher priority later, cannot become the Master switch unless they are configured to work in preemption

mode. The switch in preemption mode will become the Master switch, when it finds its own priority is higher than that of the

current Master switch. Accordingly, the former Master switch will become the BACKUP switch.

Beginning in privileged EXEC mode, follow these steps to Configure Preemption for a Switch within a Virtual Router.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vrrp set vrid virtual-router-ID preempt enable Configure Preemption for a Switch within

a Virtual Router.

Step 3 exit Return to privileged EXEC mode.

Step 4 show vrrp configuration vrid virtual-router-ID Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

To disable Preemption for a Switch within a Virtual Router, use vrrp set vrid virtual-router-ID preempt disable global

configuration command.

18.2.4 Configuring VRRP Timer

The Master switch advertises its normal operation state to the switches within the VRRP virtual router by sending them VRRP

packets regularly (at adver-interval). If the Backup has not received any VRRP packet from the Master after a period of time

(specified by master-down-interval), it will consider the Master as down. It will then take his place and become the Master.

You can use the following command to set a timer and adjust the interval, adver-interval, between Master transmits VRRP

packets. The master-down-interval of the BACKUP switch is three times that of the adver-interval. The excessive network

traffic or the differences between different switch timers will result in master-down-interval timing out and state changing

abnormally. Such problems can be solved through prolonging the adver-interval and setting delay time. adver-interval is

Page 155: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 146 - - www.stephen-tele.com

measured in seconds.

Beginning in privileged EXEC mode, follow these steps to Configure VRRP Timer.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vrrp set vrid virtual-router-ID adv-interval adv-interval Configure VRRP Timer;

Adv-interval range is 1 to 255, by default is

1 scond

Step 3 exit Return to privileged EXEC mode.

Step 4 show vrrp configuration vrid virtual-router-ID Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

18.2.5 Configuring Switch to Track a Specified Interface

VRRP interface track function has expanded the backup function. Backup is provided not only to the interface where the

virtual router resides, but also to some other malfunctioning switch interface. By implementing the following command you

can track some interface. If the interface which is tracked is DOWN, the priority of the switch including the interface will

reduce automatically by the value specified by value-reduced, thus resulting in comparatively higher priorities of other

switches within the virtual router, one of which will turn to Master switch so as to track this interface.

Beginning in privileged EXEC mode, follow these steps to Configure Switch to Track a Specified Interface.

Command Purpose

Step 1 config terminal Enter global configuration mode.

Step 2 vrrp set vrid virtual-router-ID track interface-id reduce reduce-value

Configure Switch to Track a Specified

Interface;

By default, reduce-value is taken to 10.

Step 3 exit Return to privileged EXEC mode.

Step 4 show vrrp configuration interface-id Verify your entries.

Step 5 write (Optional) Save your entries in the

configuration file.

�Note:

When the switch is an IP address owner, its interfaces cannot be tracked.If the interface tracked is up again, the

corresponding priority of the switch, including the interface, will update automatically

You can only track up to eight interfaces in one backup group.

Page 156: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 147 - - www.stephen-tele.com

1.3 Displaying and debugging VRRP

After the above configuration, execute show command in any view to display the running of the VRRP configuration, and to

verify the effect of the configuration. Execute debug command in user view to debug VRRP configuration.

Command Operation

show vrrp configuration interface-id Display VRRP state information information.

show vrrp statistics interface-id Display VRRP statistics information information.

show vrrp configuration vrid virtual-router-ID Display VRRP state information information

show vrrp statistics vrid virtual-router-ID Display VRRP statistics information information.

debug vrrp trace Debug VRRP trace information

TO cancel debug VRRP, use no debug vrrp trace global configuration command.

18.3 VRRP Configuration Example

I. Networking requirements

Host A uses the VRRP virtual router which combines switch A and switch B as its default gateway to visit host B on the Internet.

VRRP virtual router information includes: virtual router ID1, virtual IP address 202.38.160.111, switch A as the Master and

switch B as the BACKUP allowed preemption.

II. Networking diagram

Page 157: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 148 - - www.stephen-tele.com

III. Configuration Procedure

18.4 Troubleshoot VRRP

As the configuration of VRRP is not very complicated, almost all the malfunctions can be found through viewing the

configuration and debugging information. Here are some possible failures you might meet and the corresponding

troubleshooting methods.

I. Fault 1: frequent prompts of configuration errors on the console

This indicates that an incorrect VRRP packet has been received. It may be because of the inconsistent configuration of another

switch within the virtual router, or the attempt of some devices to send out illegal VRRP packets. The first possible fault can be

solved through modifying the configuration. And as the second possibility is caused by the malicious attempt of some devices,

non-technical measures should be resorted to.

II. Fault 2: More than one Masters existing within the same virtual router

There are also 2 reasons. One is short time coexistence of many Master switches, which is normal and needs no manual

intervention. Another is the long time coexistence of many Master switches, which may be because several Masters cannot

Page 158: STCS5024 Layer 3 Routing Switch Configuration Guide · STCS5024 Full Gigabit Layer 3 switch User Manual 陈泽科技有限公司

STCS5024 Full Gigabit Layer 3 switch User Manual

- - 149 - - www.stephen-tele.com

receive VRRP packets from each other, or receive some illegal packets.

To solve such problems, an attempt should be made to ping among the many Master switches and if such an attempt fails, it

indicates that there are other problems in existence. If they can be pinged through, it indicates that the problems are caused

by inconsistent configuration. For the configuration of the same VRRP virtual router,

complete consistence for the number of virtual IP addresses, each virtual IP address, timer duration and authentication type

must be guaranteed.

III. Fault 3: frequent switchover of VRRP state

Such problem occurs when the virtual router timer duration is set too short. So the problem can be solved through prolonging

this duration or configuring the preemption delay.

Copyright Notice:

No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any

language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the

prior written permission of Stephen Technologies Co.,Limited.

Disclaimer Notice:

No license is granted, implied or otherwise, under any patent or patent rights of Stephen Technologies Co.,LTD. Stephen

Technologies Co.,LTD, makes no warranties, implied or otherwise, in regard to this document and to the products described in

this document. The information provided by this document is believed to be accurate and reliable to the publication date of

this document. However, Stephen Technologies Co.,LTD assumes no responsibility for any errors in this document.

Furthermore, Stephen Technologies Co.,LTD, assumes no responsibility for the use or misuse of the information in this

document and for any patent infringements that may arise from the use of this document. The information and product

specifications within this document are subject to change at any time, without notice and without obligation to notify any

person of such change.

STEPHEN TECHNOLOGIES CO.,LIMITED

1204, LiuXiuShengChuangYeDaSha, High Tech

Park Southern Area, Shenzhen , China , 518057

Tel: +86 755 83016956

Fax: +86 755 83016321

Website: www.stephen-tele.com

Email: [email protected]