R1P-VD Series 0002 Eng

Edition : 0002 Distribution : 3/2008
Corecess Symmetric VDSL2 IP DSLAM
R1P-VD Series
R1P-VD16 R1P-VD24 R1P-VD16J
User's Guide
| Copyright |
Copyright 2008 by Corecess Inc. All rights reserved. No Part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. The specifications and information regarding the products in this manual are subject to changed without notice.
| Trademark Credit |
Corecess R1P-VD series is registered trademark of Corecess Inc. Other product names or company names mentioned in this manual are registered trademarks of the appropriate company.
Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120 TEL:+82-31-739-6600 FAX: :+82-31-739-6622 http://www.corecess.com
Manual Contents
Manual Contents
This manual is organized as follows concerning the Corecess R1P-VD series:
y y y y
Introduction to functions and features Name and function of each part How to install on a rack and connect cable to each port How to configure the Corecess R1P-VD series
Careful reading of this manual before using the Corecess R1P-VD series will alleviate the complexity of manipulating the system. The user should read the chapters 1~3 to become acquainted with the functions of the product, name and function of each part, and the precautions before installation. Understanding chapters 1~3 will help a great deal for safety in installing and using the product.
9 If you have any problems or questions during installation or while using the product, contact your equipment provider or visit our website at www.corecess.com and leave a message in Q&A. 9 This document described general setup and connection of equipment. Did not describe about various transceiver and compatibility of fiber optic connectors. Detailed item requires to technical support team (support@corecess.com)
Audience
This manual is designed for the users with basic knowledge in Ethernet and VDSL. Thus, this manual assumes that the reader is knowledgeable of basic concepts and terminology about Ethernet and VDSL and does not provide separate explanations for these topics. If you feel that the contents of this manual are difficult and require more detailed explanations, refer to other network related books.
Revision History
Edition 00 01 02 Date 08/2007 12/2007 3/2008 Description First Draft First Edtion Second Edtion
III
Notations
Notations
This manual uses the notations explained below for assisting readers in understanding the contents of this manual.
Notations in Console Screen

When indicating text displayed on the console screen, the following indications are used:
y y Text displayed on console screen is shown in Courier New. Values entered by user are displayed in bold Courier New.
Notations in Command Syntax

In this manual, the following indications are used to explain the syntax of console commands:
y y y y y Console commands are indicated in bold Courier New. Parameters that need to be entered are indicated in Courier New. Parameters in [ ] are parameters that can be ignored.
{ A | B | C } means that one entry among A, B, and C must be selected and entered. [A | B | C] means that one entry among A, B, and C may or may not be selected and entered.
IV
R1P-VD User's Guide
Notations
Conventions
This manual uses the following conventions:
Recommendation: Introduces recommendatory item for the use of product..
Note: Introduces useful item for the use of product, reference, and its related materials
Caution: Explains possible situations or conditions of improper operation and possibility of losing data and provides suggestions how to deal with those cases.
Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically, and informs you how to respond to those situations.
Organization
Organization
The chapters of this manual are organized as follows:
Chapter 1 Overview
This chapter introduces functions and features of the Corecess R1P-VD series and provides example applications for the Corecess R1P-VD series.
Chapter 2 Hardware Description

This chapter provides components of the Corecess R1P-VD series and describes the function and appearance of the uplink modules provided for the Corecess R1P-VD series.
Chapter 3 Before Installation

This chapter describes the precautions for installation of the Corecess R1P-VD series and installation environment for the normal operation. It also describes the way to unpack box of the Corecess R1P-VD series and verify the contents.
Chapter 4 Installation
This chapter describes how to mount the Corecess R1P-VD series on a rack, connect the cables to the ports, and connect the power.
Chapter 5 Basic Configuration

This chapter briefs general configuration method of the Corecess R1P-VD series.
Chapter 6 Configuring Ports

This chapter describes how to change port configuration settings.
Chapter 7 Configuring VLAN

This chapter overviews Virtual LAN and describes how to configure VLAN using several examples. The tagged VLAN and overlapped VLAN are described in this chapter.
Chapter 8 Configuring SNMP and RMON

This chapter describes how to configure SNMP and RMON on the Corecess R1P-VD series.
VI
R1P-VD User's Guide
Organization
Chapter 9 Configuring QoS

This chapter describes how to configure QoS (Quality of Service) on the Corecess R1P-VD Series.
Chapter 10 Configuring Security

This chapter describes how to configure security features on the Corecess R1P-VD Series.
Chapter 11 Configuring IGMP Snooping

This chapter describes how to configure IGMP snooping for the Corecess R1P-VD series to manage the multicast traffic.
Chapter 12 Configuring DHCP & ARP Snooping

This chapter describes how to configure DHCP snooping and ARP snooping for the Corecess R1PVD series to manage the DHCP traffic and ARP traffic.
Chapter 13 Configuring AAA

This chapter describes how to configure PPPoE snooping and AAA(Autentication Authorization Accounting).
Chapter 14 Configuring LACP

For high bandwidth connection, use trunking group which allows several ports to be connected together to operate as a single link. This chapter describes how to configure a trunking group by using LACP (Link Aggregation Control Protocol).
Chapter 15 Configuring STP/RSTP

This chapter describes how to configure STP (Spanning Tree Protocol) on the Corecess R1P-VD Series.
Appendix A
Product Specifications
Appendix A describes the specifications of the Corecess R1P-VD series.
Appendix B
Connector & Cable Specifications
Appendix B describes the specifications of the ports on the Corecess R1P-VD series. In addition, the kinds and specifications of cables needed for the connection of each port.
VII
Organization
VIII
R1P-VD User's Guide
Table of contents
Table of contents
Manual Contents ....................................................................................................................... III Audience ........................................................................................................................................ III Revision History ............................................................................................................................ III Notations ...................................................................................................................................IV Notations in Console Screen .......................................................................................................... IV Notations in Command Syntax ...................................................................................................... IV Conventions .....................................................................................................................................V Organization..............................................................................................................................VI Table of contents ......................................................................................................................IX List of tables.......................................................................................................................... XVII
Chapter 1 Overview
1-1
Introduction............................................................................................................................. 1-2 Hardware Features ........................................................................................................................ 1-3 Software Features ......................................................................................................................... 1-4 Applications ............................................................................................................................ 1-7 Corecess R1P-VD series Network ................................................................................................ 1-7 GbE & GEPON Uplink................................................................................................................. 1-8 Gigabit WDM Uplink ................................................................................................................... 1-8
Chapter 2 Hardware Description
2-1
System Appearance................................................................................................................ 2-2 Uplink Modules ...................................................................................................................... 2-7 OPT-P1ES1CD ............................................................................................................................. 2-8 OPT-P1EL1CD ........................................................................................................................... 2-11 OPT-P2CD .................................................................................................................................. 2-14 OPT-P1W.................................................................................................................................... 2-16
Chapter 3 Before Installation
3-1
Precautions ............................................................................................................................. 3-2 General Precautions ...................................................................................................................... 3-2 Power Considerations ................................................................................................................... 3-3
IX
Table of contents
Preventing ESD............................................................................................................................. 3-4 Installing and Servicing the System .............................................................................................. 3-5 Rack-Mounting the System........................................................................................................... 3-7 Lifting the System......................................................................................................................... 3-8 Disposing of the System ............................................................................................................... 3-8 Installation Place .................................................................................................................... 3-9 Environmental Requirements........................................................................................................ 3-9 Power Supply................................................................................................................................ 3-9 Unpacking ............................................................................................................................. 3-10
Chapter 4 Installation
4-1
Installation Procedure ............................................................................................................ 4-2 Rack-Mounting........................................................................................................................ 4-3 Checking the Rack-Mount Space.................................................................................................. 4-3 Required Tools and Equipment ..................................................................................................... 4-4 Mounting the System on a Rack ................................................................................................... 4-4 Connecting Ports .................................................................................................................... 4-6 Connecting Gigabit Ethernet Uplink Port ..................................................................................... 4-6 Connecting Gigabit Ethernet PON Uplink Port ............................................................................ 4-8 Connecting PSTN Port.................................................................................................................. 4-9 Connecting VDSL Port ............................................................................................................... 4-10 Connecting the Console Port .............................................................................................. 4-11 Configuring a Console Terminal ................................................................................................. 4-12 Connecting a Console Terminal .................................................................................................. 4-12 Connecting Power ................................................................................................................ 4-13 Starting the Corecess R1P-VD series ................................................................................. 4-15
Chapter 5 Basic Configuration
5-1
Before Configuration.............................................................................................................. 5-2 Accessing the CLI......................................................................................................................... 5-2 Command Modes.......................................................................................................................... 5-5 Prompt .......................................................................................................................................... 5-8 Getting Help.................................................................................................................................. 5-9 Configuring Basic System Parameters............................................................................... 5-13 Configuring the IP Address and Default Gateway ...................................................................... 5-13
R1P-VD User's Guide
Table of contents
User Management ....................................................................................................................... 5-16 Configuring System Name and Setting System Date and Time .................................................. 5-19 Configuration File Management .......................................................................................... 5-24 Displaying and Saving the Current Running Configuration........................................................ 5-24 Displaying the Current Running Configuration .......................................................................... 5-25 Saving the Current Running Configuration................................................................................. 5-26 Restoring Default Configuration................................................................................................. 5-27 Upgrading Software.............................................................................................................. 5-28 Configuring Stacking............................................................................................................ 5-31 Configuring Master Node ........................................................................................................... 5-32 Configuring Slave Node ............................................................................................................. 5-33 Managing Slave Node via Master Node ..................................................................................... 5-34 System Log Management .................................................................................................... 5-35 Specifying Event Level............................................................................................................... 5-35 Specifying Screen to Display Log............................................................................................... 5-38 Saving Log Message in Log File ................................................................................................ 5-40 Displaying Contents of Log File ................................................................................................. 5-41 Clearing System Log................................................................................................................... 5-42 Monitoring the System ......................................................................................................... 5-43 Checking Network Connectivity................................................................................................. 5-43 Displaying System Module Equipment Status ............................................................................ 5-46 Displaying System Module Information ..................................................................................... 5-47 Displaying Memory Usage ......................................................................................................... 5-48
Chapter 6 Configuring Ports
6-1
Configuring Gigabit Ethernet Ports....................................................................................... 6-2 Default Gigabit Ethernet Configurations ...................................................................................... 6-2 Configuring Gigabit Ethernet Ports .............................................................................................. 6-3 Displaying Gigabit Ethernet Port Information .............................................................................. 6-7 Configuring Flex links .......................................................................................................... 6-10 Flex links Features ...................................................................................................................... 6-10 Flex links Set up ......................................................................................................................... 6-10 Flex links primary port Enable.................................................................................................... 6-12 Configuring the VDSL Port .................................................................................................. 6-13 Configuring the VDSL Port ........................................................................................................ 6-14 Configuring Profile ............................................................................................................... 6-32
XI
Table of contents
Creating Profile........................................................................................................................... 6-32 Profile Mapping .......................................................................................................................... 6-33
Chapter 7 Configuring VLAN
7-1
VLAN (Virtual LAN) ................................................................................................................. 7-2 Types of VLAN............................................................................................................................. 7-3 Configuring VLAN................................................................................................................... 7-6 Default VLAN Configuration ....................................................................................................... 7-6 VLAN Configuration Procedure ................................................................................................... 7-7 Tagged VLAN Configuration ..................................................................................................... 7-15 Configuring Q-in-Q ............................................................................................................... 7-17 Q-in-Q Features .......................................................................................................................... 7-17 Q-in-Q Setup............................................................................................................................... 7-18 Transparent Switching Setup ...................................................................................................... 7-18 Priority Copy Setup .................................................................................................................... 7-19 Displaying VLAN Configuration .......................................................................................... 7-20 Displaying VLAN Configuration................................................................................................ 7-20 Displaying VLAN Tagging Configuration.................................................................................. 7-21 VLAN Configuration Commands ......................................................................................... 7-22 Pass-through......................................................................................................................... 7-23 Cisco bpdu tunneling .................................................................................................................. 7-23 bpdu tunneling ............................................................................................................................ 7-23
Chapter 8 Configuring SNMP and RMON
8-1
Configuring SNMP .................................................................................................................. 8-2 SNMP (Simple Network Management Protocol) Overview ......................................................... 8-2 Configuring SNMP ....................................................................................................................... 8-6 Displaying SNMP Information ................................................................................................... 8-12 Configuring RMON ............................................................................................................... 8-17 RMON (Remote MONitoring) Overview ................................................................................... 8-17 Configuring RMON .................................................................................................................... 8-18 Displaying RMON Information .................................................................................................. 8-24 SNMP and RMON Configuration Commands ..................................................................... 8-26
Chapter 9 Configuring QoS
9-1
XII
R1P-VD User's Guide
Table of contents
QoS Overview ......................................................................................................................... 9-2 QoS (Quality of Service) .............................................................................................................. 9-2 Classifier ....................................................................................................................................... 9-3 Packet Marker ............................................................................................................................... 9-6 Policer........................................................................................................................................... 9-6 Queue Scheduler ........................................................................................................................... 9-9 Buffer Manager........................................................................................................................... 9-14 QoS on the Corecess R1P-VD Series.......................................................................................... 9-15 Configuring QoS ................................................................................................................... 9-17 Configuring QoS Service Policy................................................................................................. 9-17 Configuring a Class Map ............................................................................................................ 9-18 Configuring a Policy Map........................................................................................................... 9-22 Configuring Service Policy......................................................................................................... 9-29 Configuring Non-Class-map QoS Features ........................................................................ 9-31 Configuring CoS (Class of Service)............................................................................................ 9-31 Configuring Rate Limiting on a Port........................................................................................... 9-33 Specifying Precedence of Values for CoS Field.......................................................................... 9-34 Specifying Priority for a Transmission Queue ............................................................................ 9-35 Configuring Shaping................................................................................................................... 9-36 Configuring Broadcast Suppression............................................................................................ 9-37 Organizing Transmission Bandwidth Monitoring .............................................................. 9-38 Transmission Bandwidth Monitoring Setting Example .............................................................. 9-45 QoS Configuration Commands ........................................................................................... 9-48
Chapter 10 Configuring Security
10-1
Configuring Password and Session Timeouts................................................................... 10-2 Configuring Password................................................................................................................. 10-2 Password Encryption .................................................................................................................. 10-4 Session Timeouts ........................................................................................................................ 10-5 Configuring Access Lists..................................................................................................... 10-6 Access Lists ................................................................................................................................ 10-6 Configuring Packet Filtering.............................................................................................. 10-11 Packet Filtering ......................................................................................................................... 10-11 Filtering DHCP Offer Packets................................................................................................... 10-12 File and Resource Sharing Protocol Filtering ........................................................................... 10-14 Default Traffic Filtering ............................................................................................................ 10-16
XIII
Table of contents
CIFS (Cognitive Information Filtering System)........................................................................ 10-17 Security Configuration Commands................................................................................... 10-22
Chapter 11 Configuring IGMP Snooping
11-1
Multicast and IGMP............................................................................................................... 11-2 Multicast Transmission Mode ..................................................................................................... 11-2 IGMP Snooping .......................................................................................................................... 11-4 Configuring IGMP Snooping................................................................................................ 11-6 Enabling IGMP Snooping ........................................................................................................... 11-7 Enabling IGMP Fast-leave Processing........................................................................................ 11-8 Configuring Static Router Port.................................................................................................... 11-9 Defining a Multicast Group ...................................................................................................... 11-11 Configuring Membership Timeout............................................................................................ 11-12 Configuring the Maximum Number of IGMP Groups .............................................................. 11-13 Displaying IGMP Snooping Information ........................................................................... 11-14 Displaying IGMP Snooping information .................................................................................. 11-14 Displaying Multicast Router Interface ...................................................................................... 11-16 Displaying the List of Interfaces IGMP Fast-leave is Enabled.................................................. 11-17 Displaying IGMP Group Membership Time ............................................................................. 11-17 IGMP Snooping Configuration Commands ...................................................................... 11-18
Chapter 12 Configuring DHCP & ARP Snooping
12-1
DHCP Snooping .................................................................................................................... 12-2 DHCP Snooping Overview ......................................................................................................... 12-2 Configuring DHCP Snooping ..................................................................................................... 12-7 Displaying DHCP Snooping Configuration .............................................................................. 12-15 ARP Snooping..................................................................................................................... 12-17 Configuring ARP Snooping ...................................................................................................... 12-17 Displaying ARP Snooping Configuration ................................................................................. 12-19 L2DhcpRelay ....................................................................................................................... 12-20
Chapter 13 Configuring AAA
13-1
PPPoE Snooping .................................................................................................................. 13-2 Configuring PPPoE Snooping..................................................................................................... 13-4 PPPoE Snooping Client Session confirming............................................................................... 13-4
XIV
R1P-VD User's Guide
Table of contents
Setting Up the Compatibility between PPPoE Snooping and Cisco Equipment ......................... 13-5 Setting up node-id, circuit-id, remote-id with PPPoE Snooping ................................................. 13-6 RADIUS Management ........................................................................................................... 13-7 RADIUS Server Registration...................................................................................................... 13-7 RADIUS Client Configuration.................................................................................................... 13-8 RADIUS Accounting Configuration ........................................................................................... 13-8 RADIUS Proxy Server Registration ......................................................................................... 13-10 802.1X .................................................................................................................................. 13-12 Setting Port trust-mode ............................................................................................................. 13-12 Configuring AAA about 802.1X ............................................................................................... 13-13 Parameters................................................................................................................................. 13-14 Status ........................................................................................................................................ 13-16 Pass-through....................................................................................................................... 13-19 Cisco bpdu tunneling ................................................................................................................ 13-19 bpdu tunneling .......................................................................................................................... 13-19
Chapter 14 Configuring LACP
14-1
LACP (Link Aggregation Control Protocol) ........................................................................ 14-2 Configuring Link Aggregation ............................................................................................. 14-4 Setting LACP Key and Operation Mode..................................................................................... 14-4 Setting LACP Partner Key .......................................................................................................... 14-7 LACP Configuration Example .................................................................................................... 14-9
Chapter 15 Configuring STP/RSTP
15-1
Understanding STP............................................................................................................... 15-2 STP Overview............................................................................................................................. 15-2 RSTP (Rapid Spanning Tree Protocol) ....................................................................................... 15-7 Configuring STP ................................................................................................................... 15-8 Default STP Configuration ......................................................................................................... 15-8 Procedures for STP Configuration ...................................................................................... 15-9 Enabling or Disabling STP on a VLAN ...................................................................................... 15-9 Enabling or Disabling STP on a Port ........................................................................................ 15-11 Setting the Bridge ID (Priority)................................................................................................. 15-12 Configuring the Path Cost......................................................................................................... 15-14 Configuring STP Encoding Mode............................................................................................. 15-16 Configuring the Port Priority .................................................................................................... 15-17
XV
Table of contents
Setting Spanning Tree Timers ................................................................................................... 15-18 Configuring RSTP............................................................................................................... 15-21 Configuration Procedure of RSTP ............................................................................................ 15-21 Enabling RSTP on a VLAN ...................................................................................................... 15-22 Configuring the Path Cost......................................................................................................... 15-24 Configuring RSTP Encoding .................................................................................................... 15-26 Configuring Spanning Tree Protocol Type................................................................................ 15-27 Configuring an Edge Port ......................................................................................................... 15-28 STP Configuration Commands.......................................................................................... 15-29
Appendix A
A-1
Hardware Specifications ....................................................................................................... A-2 Software Specifications ........................................................................................................ A-3
Appendix B
B-1
Connector Specifications...................................................................................................... B-2 Champ Connector ........................................................................................................................ B-2 RJ-45 Connector .......................................................................................................................... B-3 LC Connector............................................................................................................................... B-4 SC Connector............................................................................................................................... B-4 Cable Specifications.............................................................................................................. B-5 Telco Cable .................................................................................................................................. B-5 Twisted Pair Cable ....................................................................................................................... B-5 Fiber Optic Cable......................................................................................................................... B-7 Console Cable .............................................................................................................................. B-9
XVI
R1P-VD User's Guide
List of tables
List of tables
Table 1-1 Table 2-1 Table 2-2 Table 2-3 Table 2-4 Table 2-5 Table 2-6 Table 2-7 Table 2-8 Table 2-9 Table 2-10 Table 2-11 Table 2-12 Table 2-13 Table 2-14 Table 2-15 Table 2-16 Table 3-1 Table 3-2 Table 3-3 Table 4-1 Table 5-1 Table 5-2 Table 5-3 Table 5-4 Table 5-5 Table 5-6 Table 5-7 Table 5-8 Table 5-9 Table 5-10 Table 5-11 Table 5-12 Types of Uplink module........................................................................................................1-3 Difference of the Corecess R1P-VD series ........................................................................2-2 Uplink port LED's function ....................................................................................................2-4 Uplink port specification ........................................................................................................2-5 LED Functions of the Corecess R1P-VD series ................................................................2-5 Uplink Modules of the Corecess R1P-VD series ...............................................................2-7 LED Functions of the OPT-P1ES1CDModule .....................................................................2-8 Specifications of Gigabit Ethernet PON Port on the OPT- P1ES1CD Module................2-8 Specifications of Gigabit Ethernet Port on the OPT- P1ES1CD Module .........................2-9 LED Functions of Gigabit Ethernet Port on the OPT-P2CD Module .............................2-10 1000Base-PX20 port LED Functions of the OPT-P1EL1CD Module............................ 2-11 Specifications of 1000Base-PX20 port on the OPT-P1EL1CD Module......................... 2-11 Specifications of Gigabit Ethernet Port on the OPT-P1EL1CD Module .......................2-12 LED Functions of the OPT-P1EL1CD Module................................................................2-13 Specifications of Gigabit Ethernet Port on the OPT-P2CD Module..............................2-14 10/100/1000Base-TX port 100/1000Base-SX/LX SFP port LED fuction ..........................2-15 GW-PON port LED fuction .................................................................................................2-16 The Number of Required Person to Lift The System .......................................................3-8 Temperature and humidity condition ....................................................................................3-9 Power condition .....................................................................................................................3-9 Configuring a console terminal...........................................................................................4-12 CLI Modes .............................................................................................................................5-5 Prompt of the command modes ..........................................................................................5-8 Configuring IP address, subnet mask, and default gateway...........................................5-13 Adding a new user .............................................................................................................5-16 Changing a user password.................................................................................................5-17 Deleting a user....................................................................................................................5-18 Changing the system name ...............................................................................................5-19 Adjusting system time .........................................................................................................5-20 Configuring NTP ..................................................................................................................5-22 Setting the time zone .......................................................................................................5-23 display the current running ...............................................................................................5-25 Commands for saving the current running configuration ...............................................5-26
XVII
List of tables
Table 5-13 Table 5-14 Table 5-15 Table 5-16 Table 5-17 Table 5-18 Table 5-19 Table 5-20 Table 5-21 Table 5-22 Table 5-23 Table 5-24 Table 5-25 Table 5-26 Table 5-27 Table 6-1 Table 6-2 Table 6-3 Table 6-4 Table 6-5 Table 6-6 Table 6-21 Table 6-22 Table 6-23 Table 6-24 Table 6-25 Table 7-1 Table 7-2 Table 7-3 Table 7-4 Table 7-5 Table 7-6 Table 7-7 Table 7-8 Table 7-9 Table 8-1 Table 8-2 Table 8-3
Restoring the default configuration ..................................................................................5-27 Downloading software from a remote TFTP server .......................................................5-28 Configuring a master node of a stack group .................................................................5-32 Configuring a slave node of a stack group....................................................................5-33 Configuring event level .....................................................................................................5-36 Configuring to display log message to console screen.................................................5-38 Configuring to display log message to a remote server ...............................................5-38 Configuring to display log message to a Telnet sessions.............................................5-39 Saving log messages in a log file ..................................................................................5-40 Displaying contents of log file ..........................................................................................5-41 Checking network connectivity..........................................................................................5-43 Output of PING command ................................................................................................5-44 System state information...................................................................................................5-46 show module field descriptions ........................................................................................5-47 show meminfo field descriptions ......................................................................................5-48 Default Gigabit Ethernet Configurations...............................................................................6-2 Configuring administrative state of Gigabit Ethernet port ..................................................6-3 Configuring Gigabit Ethernet port speed and duplex mode ..............................................6-4 Setting Gigabit Ethernet port name .....................................................................................6-5 Setting Gigabit Ethernet port trap........................................................................................6-6 Show port field descriptions .................................................................................................6-8 Setting the VDSL carrier ....................................................................................................6-27 Setting the VDSL default....................................................................................................6-28 Setting the VDSL powermode .............................................................................................6-28 Setting the VDSL psdnoise..................................................................................................6-28 Setting the VDSL upboparam..............................................................................................6-29 Default VLAN configuration...................................................................................................7-6 Creating a VLAN ...................................................................................................................7-7 Assigning ports to a VLAN...................................................................................................7-8 Assigning IP address to a VLAN.......................................................................................7-10 Assigning IP address to a VLAN....................................................................................... 7-11 Configuring tagged port ......................................................................................................7-15 show vlan field descriptions ...............................................................................................7-20 Show dot1q field descriptions ............................................................................................7-21 VLAN configuration commands ..........................................................................................7-22 Community Strings.................................................................................................................8-5 Default SNMP Configuration .................................................................................................8-6 Setting system contact and location information ................................................................8-6
XVIII
R1P-VD User's Guide
List of tables
Table 8-4 Table 8-5 Table 8-6 Table 8-7 Table 8-8 Table 8-9 Table 8-10 Table 8-11 Table 8-12 Table 8-13 Table 8-14 Table 8-15 Table 9-1 Table 9-2 Table 9-3 Table 9-4 Table 9-5 Table 9-6 Table 9-7 Table 9-8 Table 9-9 Table 9-10 Table 9-11 Table 9-12 Table 9-13 Table 9-14 Table 9-15 Table 9-16 Table 9-17 Table 9-18 Table 9-19 Table 10-1 Table 10-2 Table 10-3 Table 10-4 Table 10-5 Table 10-6 Table 10-7
Adding new community string ..............................................................................................8-7 Types of trap supported by Corecess R1P-VD series ......................................................8-9 Enabling a trap type .............................................................................................................8-9 Adding a trap receiver host ............................................................................................... 8-11 show snmp-server field descriptions ..................................................................................8-13 show snmp-server community-list field descriptions .........................................................8-14 show snmp-server statistics field descriptions ................................................................8-15 show snmp-server traphost field descriptions .................................................................8-16 Configuring RMON event group.......................................................................................8-18 Configuring RMON alarm group.......................................................................................8-21 show rmon field descriptions............................................................................................8-25 SNMP & RMON Configuration Commands .....................................................................8-26 Criteria for packet classification .........................................................................................9-18 Creating a class map .........................................................................................................9-19 Creating a policy map ........................................................................................................9-23 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map.....9-24 Configuring packet filtering of a traffic class in a policy map ........................................9-25 Configuring a transmission queue for a traffic class .......................................................9-26 Specifying a priority of a traffic class in a policy map ...................................................9-27 Configuring rate-limint of a traffic class in a policy map ................................................9-28 Applying QoS service policy...............................................................................................9-29 Configuring CoS value ......................................................................................................9-31 Configuring rate limiting on a port ...................................................................................9-33 Configring the precedence of values for CoS field........................................................9-34 Specifying priority for transmission queue.......................................................................9-35 Configuring Shaping ...........................................................................................................9-36 Configuring broadcast suppression ...................................................................................9-37 To config class using match classification standard ......................................................9-39 Creating a policy map ......................................................................................................9-41 Applying QoS service policy.............................................................................................9-42 QoS configuration commands...........................................................................................9-48 Changing timeout for an unattended telent session ......................................................10-5 Defining access lists..........................................................................................................10-7 Applying the access list to terminal line .........................................................................10-9 Applying the access list to SNMP access....................................................................10-10 Filtering DHCP offer.........................................................................................................10-12 Filtering File and Resource Sharing Protocol................................................................10-14 Filtering Default Traffic ....................................................................................................10-16
XIX
List of tables
Table 10-8 Table 10-9 Table 10-10 Table 10-11 Table 11-1 Table 11-2 Table 11-3 Table 11-4 Table 11-5 Table 11-6 Table 12-17 Table 11-7 Table 11-8 Table 12-1 Table 12-2 Table 12-3 Table 12-4 Table 12-5 Table 12-6 Table 12-7 Table 12-8 Table 12-9 Table 12-10 Table 12-11 Table 12-12 Table 12-13 Table 12-14 Table 12-15 Table 13-1 Table 13-2 Table 14-1 Table 14-2 Table 14-11 Table 14-12 Table 14-13 Table 14-14 Table 14-15 Table A-1
Creating a class map ......................................................................................................10-18 Creating a policy map for packet filtering.....................................................................10-20 Applying service policies...............................................................................................10-21 Security configuration commands .................................................................................10-22 Enabling IGMP snooping on a VLAN.............................................................................. 11-7 Enabling IGMP fast-leave processing .............................................................................. 11-8 Configuring a static router port ........................................................................................ 11-9 Defining a multicast group .............................................................................................. 11-11 Configuring Membership timeout .................................................................................... 11-12 Configuring the maximum number of IGMP groups..................................................... 11-13 show ip igmp snoop field descriptions ........................................................................ 11-15 show ip igmp snoop mrouter field descriptions ............................................................ 11-16 IGMP snooping configuration commands....................................................................... 11-18 DHCP snooping action according to DHCP message type ................................................12-6 Enabling DHCP snooping ...................................................................................................12-7 Specifying DHCP snooping ports........................................................................................12-8 Configuring the system filtering rules .................................................................................12-9 Configuring port filtering rules...........................................................................................12-10 Configuring information policy .......................................................................................... 12-11 Specifying the maximum number of DHCP clients ........................................................... 12-11 Adding static binding entries.............................................................................................12-12 Clearing dynamic binding entries .....................................................................................12-12 Enabling DHCP option 82 data insertion ........................................................................12-14 Displaying DHCP snooping binding information .............................................................12-15 Displaying DHCP snooping port information .................................................................12-16 Enabling ARP snooping ..................................................................................................12-17 Configuring Secure-Reply Check Type ..........................................................................12-18 Configuring Secure-Request Type .................................................................................12-19 Configuring link aggregation .............................................................................................14-5 Configuring LACP partner key..........................................................................................14-7 STP Timers .........................................................................................................................15-4 Comparison of STP and RSTP port states .....................................................................15-7 Enabling RSTP on a VLAN...........................................................................................15-22 Configuring the path cost ..............................................................................................15-24 Configuring RSTP encoding mode ...............................................................................15-26 Configuring Spanning Tree Protocol Type .......................................................................15-27 Configuring an Edge Port..............................................................................................15-28 Corecess R1P-VD series hardware specifications................................................................ A-2
XX
R1P-VD User's Guide
List of tables
Table A-2 Table B-1 Table B-2 Table B-3
Corecess R1P-VD series software specifications .................................................................. A-3 Pin Configuration of 10/100/1000Base-T Port ................................................................... B-3 Pin Configuration of Console Port...................................................................................... B-3 System Modules with Fiber Optic Ports ............................................................................ B-7
XXI
List of tables
XXII
R1P-VD User's Guide
Chapter 1
Overview
This chapter introduces functions and features of the Corecess R1P-VD series and provides example applications for the Corecess R1P-VD series. 9 9 Introduction Applications 1-2 1-7
Introduction
Introduction
R1P-VD is high quality broadband VDSL solution which supplies DMT based service interface for 100/100Mbps up/down speed. R1P-VD, 1RU Pizza-box type, is the best choice for limited space and demanding subscribers such as basement or cabinet. R1P-VD has built-in POTS splitter and comes in 2 models: 16ports and 24 ports. R1P-VD basically uses AC power and all connection supports full front access. The power, network connection, and management interfaces are located in the front side for easy access and effective for small space installation. R1P-VD provides 802.1q tagged VLAN, 802.1w RSTP, 802.1p CoS, 802.3ad Link Aggregation, 802.3x flow control, Ingress/egress port mirroring technology and powerful QoS such as MFC, CoS, DSCP, ToS marking/remarking, Policing/ Shaping/ Rate control, Congestion Control, Scheduling for the Triple Play Service (TPS). Moreover, it provides network protection technology such as MAC filtering, IGMP/DHCP/ARP Snoop filtering, HOL blocking prevention, DHCP filtering, NetBEUI/NetBIOS/NBT filtering, ACL and Multicast function like IGMP snooping, Fast leave . R1P-VD is composed of 2 Gigabit Ethernet ports, and one of Fast Ethernet, Gigabit Ethernet, Gigabit EPON and Gigabit WDM-PON for uplink, selectable in case by case. It can adapt to variable network configurations for service providers. The removable module makes R1P-VD easy to adapt, and the Gigabit interface offers more scalability connecting in cascade formation.
1-2
R1P-VD User's Guide
Introduction
Hardware Features
Memories
y y y Main Memory (Protocol processing) : 128Mbytes(SDRAM) Packet Buffer : 32Mbytes(DDR SDRAM) Flash Memory : 64Mbytes(OneNAND)
Supported Line Interfaces

y y VDSL interface (Telco-50) PSTN interface (Telco-50)
Flexible Uplink Interfaces

The Corecess R1P-VD series provides uplink slots in which a variety of uplink modules can be installed as follows:
Table 1-1 Types of Uplink module
Uplink Module OPT-P1ES1CD OPT-P1EL1CD OPT-P2CD OPT-P1W
Specification 1 port of 10/100/1000Base-TX (RJ-45) or 1000Base-LX/SX( SFP) 1 port of 1000Base-PX10 SFP Maximum cable length of 10Km 1 port of 10/100/1000Base-TX (RJ-45) or 1000Base-LX/SX (SFP) 1 port of 1000Base-PX20 SFP Maximum cable length of 20Km 2 port of 10/100/1000Base-T (RJ-45) or 1000Base-LX/SX supported 100M/1000M 1 port GW-PON (Single SC) ONU
Overview
1-3
Introduction
Software Features
VDSL
y y y y Supports T1.424-2004, G.993.1-2004, G.993.2, TS 101 270-1, 270-2, T1.424-2004 Supports DMT modulation and demodulation Provides up to 24 VDSL channels Supports up to 100Mbps downstream rates and up to 100Mbps upstream rates for each VDSL channel
Layer 2 Switching Function

Corecess R1P-VD provides the following Layer 2 switching functions.
y y y y y y Supports IEEE 802.3x Flow control Supports IEEE 802.1p Traffic priority (8 priority queues) Supports Port based VLAN and IEEE 802.1q Tagged VLAN (Maximum: 254) Supports Link aggregation using Trunk and IEEE802.3ad Supports STP(Spanning Tree Protocol) and RSTP (Rapid STP) Supports Flex Link
QoS (Quality of Service)

The Corecess R1P-VD supports the following QoS fuctions:
y y y y y y y Maximum 2048 of traffic flow Multi-Field Packet Classification 802.1p CoS Marking, Reclassification ToS Marking, Reclassification DSCP Marking, Reclassification SP (Strict Priority) and WRR (Weight Round Robin), WFQ(Weighted Fair Queuing) Each Port Shaping
1-4
R1P-VD User's Guide
Introduction
Security
The Corecess R1P-VD Series supports the following security fuctions:
y y y y y System access control through Telnet or SNMP using access lists DHCP filtering to prevent operation of an unauthentic private DHCP server NetBIOS filtering to pervent file share between subscribers CIFS filtering using MAC address, IP address and TCP/UDP port number ARP spoonfing protection
Network Management
The Corecess R1P-VD Series supports the SNMP and RMON for network management and port mirroring feature for solving the network problem. You can monitor and control the Corecess R1P-VD Series network via the console port, Telnet session, or the Corecess NMS, ViewlinX. The Corecess R1P-VD Series supports the following network management tools:
y CLI (Command Line Interface) Commands The Corecess R1P-VD Series provides the in-band management using SNMP, Telnet and the out-of-band management using the console based on CLI. y ViewlinX Manager / EMS The ViewlinX is a Corecess NMS (Network Management System). y RMON Provides four RMON groups (history, statistics, alarms, and events) in each port as traffic management, monitoring and analysis tools. y Port Mirroring The Corecess R1P-VD Series allows you to use the port mirroring feature without effecting the switching performance. y Software Maintenance The Corecess R1P-VD Series provides easy-to-upgrade using FTP and TFTP in a remote place. y DHCP relay & snoop, DHCP option 82, PPPoE Plus
Overview
1-5
Introduction
Improved Switching Functions

y RSTP and STP (Spanning Tree Protocol) Supports RSTP(IEEE 802.1W) and STP (IEEE 802.1D) for each VLAN. y MAC Addresses Can learn MAC addresses of up to 8,192. y Port Trunking Supports port trunking feature which allows you to bundle several physical ports together to form a single logical link.
1-6
R1P-VD User's Guide
Applications
Applications
This section describes example applications for the Corecess R1P-VD series.
Corecess R1P-VD series Network

MDU/MTU
IP CORE
S5 Platform:
CO GigE switch GEPON OLT
Gigabit Ethernet Or GEPON Or SuperPON
CPE
R1P-VD
Edge Router Management
S5
GbE or 10GbE IP Aggregation Network
R1P-VD: RT/Building 1RU access node Cascading or L3 Aggregation
CPE
S5
R1P-VD
R1P-VD: Cascading
Gigabit Ethernet Or GEPON Or SuperPON
CPE
Stand Alone 1 port GEPON or 1 port GbE or 1 port SuperPON
R1P-VD: Street Cabinet CPE
Cascading Multiple R1Ps Through GbE port
Overview
1-7
Applications
GbE & GEPON Uplink

CO/Hub/Center Single Service Area
Big Company GbE GEPON R1P-VD MTU
S518 Chassis
RT/Node
Big Company R1P-VD
MTU
GEPON Splitter
Gigabit WDM Uplink

CO/Hub/Center Single Service Area
Big Company MTU
RT/Node
8 or 16 GbE 1 or 2 GbE R1P-VD
WDM Filter S518 Chassis M5 MUX
1-8
R1P-VD User's Guide
Chapter 2
Hardware Description
This chapter provides components of the Corecess R1P-VD series and describes the function and appearance of the uplink modules provided for the Corecess R1P-VD series. 9 9 System Appearance Uplink Modules 2-2 2-7
System Appearance
System Appearance
This section describes the external features of the Corecess R1P-VD series. The Corecess R1P-VD series is the Corecess R1P-VD24A, R1P-VD16 and the Corecess R1P-VD16J.
Table 2-1 Difference of the Corecess R1P-VD series
Item Port Number Splitter Type
Corecess R1P-VD24 24 PSTN
Corecess R1P-VD16 16 PSTN
Corecess R1P-VD16J 16 TCM-ISDN
R1P-VD24 - AC Type
R1P-VD16 - AC Type
LED
2-2
R1P-VD User's Guide
System Appearance
R1P-VD16J AC Type
LED
R1P-VD Series DC Type

Format of DC Type relationship R1P-VD series is equal with AC Type and power department change.
LED
2-3
System Appearance
Ground Connector
Ground connector is used to ground the Corecess R1P-VD series for preventing damage from electrostatic discharge or lightning. Before connecting power to the system, connect it according to local site practice.
Power Input
AC Type: The power input is a terminal that connects external AC power of 100 - 240VAC by using a power cord. DC Type: The terminal block is used to connect external DC power supplies of 48VDC or rectifiers. There are three (3) terminals in the terminal block: FGND, RTN and -48V.
Power Switch
The power switch is used when turning the Corecess R1P-VD Series on and off.
Option Slots
There are uplink slots in which uplink modules can be installed. The Corecess R1P-VD series provides a variety of uplink modules that support the Gigabit Ethernet ports, Gigabit EPON port and GW-PON port.
Uplink port LED

Uplink port LED marks operating state of 2 uplink port in R1P-VD series as following.
Table 2-2 Uplink port LED's function
LED ACT /LINK SPEED /1000
Color Green
State On Blink Off
Description The port is enabled and connecting to the devices. Data is being transmitted/received through the port. The port is disabled or not connecting to the device. Indicates that the port is operating at 1000Mbps speed. Indicates that the port is operating at 100Mbps speed.
Orange
On Off
Uplink port
Uplink port is used to port that connect R1P-VD series to core network and there are two ports .
y 10/100/1000Base-T Port (RJ-45 Connector)
2-4
R1P-VD User's Guide
System Appearance
Uplink port specification is as following.

Table 2-3 Uplink port specification
Feature Transfer Mode Transfer Speed Connector Type Maximum Transfer Distance Transfer Media
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m STP category-5+, 6 cable
Reset Switch (RST)

The reset switch is used to reboot the Corecess R1P-VD series. When the reset switch is pressed, all the configuration information that has not been saved is deleted, and the connections between each port and other devices are disconnected. Use pointed objects like a ball-point pen when pressing the reset switch.
Caution: If the reset switch is pressed, all subsribers connecting to the VDSL ports would be cut off. Therefore, the reset switch should not be used unless it is indispensible.
Console Port (CONSOLE)

The console port is used to connect a console terminal for monitoring and configuring the Corecess R1P-VD series. To connect the console port to a console terminal, use the included console cable. A PC or workstation installed with a terminal emulation program or VT-100 terminal can be used as a console terminal.
LEDs
There are system status LED, Uplink status LEDs, and VDSL status LEDs on the front panel of the Corecess R1P-VD series. The system status LED indicates the operating state of the system. Uplink status LEDs and VDSL status LEDs indicate the data transmission/reception status and connection state of each port.
Table 2-4 LED Functions of the Corecess R1P-VD series
LED System Status LED VDSL Status LED
Color Green
Status Blink
RUN
Off Red On On Off
LINK (1~24)
Description System initialization is completed and the processor is operating normally. The system is being initialized, or the processor is not operating normally. The processor is NOT operating normally (system fail). Indicates that a subscriber is connected to the VDSL port. Indicates that no subscriber is connected to the VDSL port.
Green
2-5
System Appearance
Note: For the description of the Uplink Status LED, refers to the Uplink Modules section.
VDSL Ports
There is one VDSL port on the Corecess R1P-VD series. The VDSL port supports 24 VDSL channels. Through this port, both telephone voice signal and VDSL data communication signal are carried. R1P-VD series is consisted of 16/24 VDSL channel and splitter is linked together to each channel. Telephone aural signal (low frequency band) and data (high frequency band) through these port at the same time send-receive do .
PSTN Port
The PSTN port is connected to the central office switch or PBX (Private Branch Exchange). A low pass filter exists between an VDSL port and a PSTN port.
2-6
R1P-VD User's Guide
Uplink Modules
Uplink Modules
There is an uplink slot on the front panel of the Corecess R1P-VD Series, and you can install the following uplink modules into it.
Table 2-5 Uplink Modules of the Corecess R1P-VD series
Module OPT-P1ES1CD OPT-P1EL1CD OPT-P2CD OPT-P1W
Specification 1 port 10/100/1000Base-TX (RJ-45) or 1 port 100/1000Base-LX/SX (SFP) Support 1 port 1000Base-PX10 (Max 10Km), 100M or 1G 1 port 10/100/1000Base-TX (RJ-45) or 1 port 100/1000Base-LX/SX (SFP) Support 1 port 1000Base-PX20 (Max 20Km), 100M or 1G 2 ports 10/100/1000Base-TX (RJ-45) or Support 2 ports 100/1000Base-LX/SX 100M or 1G Support 1 port GW-PON (Single SC), 1G
This section describes types and functions of uplink modules that can be installed in the uplink slot of the Corecess R1P-VD Series.
2-7
Uplink Modules
OPT-P1ES1CD
The OPT-P1ES1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo port. The SFF type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit Ethernet PON port (1000Base-PX10) provides maximum 10Km of service length. The feature of the OPT-P1ES1CD is as follows:
1000Base-PX10 port
1000Base-SX/LX port
10/100/1000Base-T port
LEDs of 1000Base-PX10 port
LEDs of 1000Base-SX/LX SFP port and 10/100/1000Base-T port LED
1000Base-PX Port LED

The following table describes the information indicated by LEDs of the OPT-P1ES1CDmodule:
Table 2-6 LED Functions of the OPT-P1ES1CDModule
LED LINK ACT
Color Green Yellow
State On Off Blink
Description Indicates that the port have established a valid link with the network. Indicates that the port have not established a valid link with the network. Indicates that the port is transmitting or receiving data.
1000Base-PX Port
The Gigabit Ethernet PON port can be connected to the E-PON OLT(Optical Line Terminal) through an optical splitter. 1000Base-PX port specification is as following.
Table 2-7 Specifications of Gigabit Ethernet PON Port on the OPT- P1ES1CD Module
Item Transfer Mode Transfer Speed Connector Type Full-duplex mode 1000Mbps SC
Description
2-8
R1P-VD User's Guide
Uplink Modules
Port Number Maximum Transfer Distance Transfer Media
1 1000Base-PX10 Tx: 1310nm Single mode Rx: 1490nm Single mode 10Km
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the aperture of the port when no fiber cable is connected. Thus, if you dont use the fiber optic port for a long time during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.
Gigabit Ethernet Port

The Gigabit Ethernet combo ports are used for connecting R1P-VD Series to the core network. The OPT-P1ES1CD module has two kinds of Gigabit Ethernet ports as follows:
y y 10/100/1000Base-T Port (RJ-45 Connector) 1000Base-SX/LX Port (SFP)
Both the RJ-45 connector and the SFP connector cannot be used as Gigabit Ethernet port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected to a Gigabit Ethernet device, a connector of SFP port is automatically disabled. The following table lists the specifications of the Gigabit Ethernet port on the OPT-P1ES1CD module:
Table 2-8 Specifications of Gigabit Ethernet Port on the OPT- P1ES1CD Module
Feature Transfer Mode Transfer Speed Connector Type Maximum Transfer Distance
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m
1000Base-SX/LX Port Full-duplex mode 100/1000Mbps Duplex LC y 1000Base-SX : 550m y 1000Base-LX : 10Km y 100Base-SX : 1310nm Multi-mode y 100Base-LX : 1310nm Single mode y 1000Base-SX : 850nm Multi-mode y 1000Base-LX : 1310nm Single mode
Transfer Media
Twisted-pair category-5+, 6 cable
2-9
Uplink Modules
Gigabit Ethernet Port LED

The following table describes the information indicated by LEDs of the Gigabit Ethernet port on the OPT-P1ES1CD module:
Table 2-9 LED Functions of Gigabit Ethernet Port on the OPT-P2CD Module
LED ACT/ LINK (A, B) SPEED 1000
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port is transmitting or receiving data. Indicates that the port have not established a valid link with the network. Indicates that the port is operating at 1000Mbps speed. Indicates that the port is operating at 100Mbps speed.
Green
Blink Off
Orange
On Off
2-10
R1P-VD User's Guide
Uplink Modules
OPT-P1EL1CD
The OPT-P1EL1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo port. The SFP type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit Ethernet PON port (1000Base-PX20) provides maximum 20Km of service length. The feature of the OPT-P1EL1CD is as follows:
100/1000Base-SX/LX SFP port 10/100/1000Base- T port
1000Base-PX20 port
1000Base-PX20 port LED 100/1000Base-SX/LX SFP port 10/100/1000Base-T port LED
1000Base-PX20 port LED

The following table describes the information indicated by LEDs of 1000Base-PX20 port:
Table 2-10 1000Base-PX20 port LED Functions of the OPT-P1EL1CD Module
LED LINK
Color Green
State On Off
Description Indicates that the port have established a valid link with the network. Indicates that the port have not established a valid link with the network. Indicates that the port is transmitting or receiving data.
ACT
Yellow
Blink
1000Base-PX20 port
1000Base-PX port can be connected to the E-PON OLT(Optical Line Terminal) through an optical splitter. 1000Base-PX port specification is as following.
Table 2-11 Specifications of 1000Base-PX20 port on the OPT-P1EL1CD Module
Feature Transfer Mode Transfer Speed
Description Full-duplex mode 1000Mbps
2-11
Uplink Modules
Connector Type Port Number Maximum Transfer Distance Transfer Media
Single one-core SC 1 1000Base-PX20 20Km
Tx: 1310nm Single mode Rx: 1490nm Single mode
Gigabit Ethernet port

The Gigabit Ethernet combo ports are used for connecting R1P-VD Series to the core network. The OPT-P1EL1CD module has two kinds of Gigabit Ethernet ports as follows:
y y 10/100/1000Base-T Port (RJ-45 Connector) 1000Base-SX/LX SFP Port (SFP Connector)
Both the RJ-45 connector and the SFP module cannot be used as Gigabit Ethernet port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected to a Gigabit Ethernet device, a SFP module connector is automatically disabled. The following table lists the specifications of the Gigabit Ethernet port on the OPT-P1EL1CD module:
Table 2-12 Specifications of Gigabit Ethernet Port on the OPT-P1EL1CD Module
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m Twisted-pair category-5+, 6 cable
1000Base-SX/LX Port Full-duplex mode 1000Mbps SFP y 1000Base-SX :550m y 1000Base-LX : 10Km y 1000Base-SX : 850nm Multi-mode y 1000Base-LX : 1310nm Single mode
2-12
R1P-VD User's Guide
Uplink Modules
Gigabit Ethernet port LED

The following table describes the information indicated by LEDs of the OPT-P1EL1CD module:
Table 2-13 LED Functions of the OPT-P1EL1CD Module
LED ACT/ LINK (A, B) SPEED 1000
Color
State On
Green
Blink Off
Orange
On Off
2-13
Uplink Modules
OPT-P2CD
OPT-P2CD module offers 2 Gigabit Ethernet uplink port (RJ-45 or SFP type). Gigabit Ethernet uplink port offers the 1Gigabit full speed. The feature of the OPT-P2CD is as follows:
100/1000Base-SX/LX SFP port
10/100/1000Base-TX port
port 100/1000Base -SX/LX SFP 10/100/1000Base-TX port LED
Gigabit Ethernet port

The Gigabit Ethernet combo ports are used for connecting R1P-VD Series to the core network. The OPT-P2CD module has two kinds of Gigabit Ethernet ports as follows:
y y 10/100/1000Base-T Port (RJ-45 Connector) 1000Base-SX/LX SFP Port (SFP Connector)
Both the RJ-45 connector and the SFP connector (SFP module) cannot be used as Gigabit Ethernet port at the same time. For example, if a RJ-45 connector of 10/100/1000Base-T port is connected to a Gigabit Ethernet device, a SFP connector port is automatically disabled. The following table lists the specifications of the Gigabit Ethernet port on the OPT-P2CD module:
Table 2-14 Specifications of Gigabit Ethernet Port on the OPT-P2CD Module
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m Twisted-pair category-5+, 6 cable
1000Base-SX/LX SFP Port Full-duplex mode 100/1000Mbps SFP y 1000Base-SX : 550m y 1000Base-LX : 10Km y 1000Base-SX : 850nm Multi-mode y 1000Base-LX : 1310nm Single mode
2-14
R1P-VD User's Guide
Uplink Modules
Gigabit Ethernet port LED

Status LED function of the 10/100/1000Base-TX port and 100/1000Base-SX/LX SFP port is as follows.
Table 2-15 10/100/1000Base-TX port 100/1000Base-SX/LX SFP port LED fuction
LED
Color
State On
LINK
Green
Blink Off
SPEED1000
Orange
On Off
2-15
Uplink Modules
OPT-P1W
The OPT-P1W module provides one Gigabit GW-PON ONU port(Single SC type). OPT-P1W supports transmission by 16 light waves of different types of WDM Gigabit Ethernet links in one physical optical cable. The feature of the OPT-P1W is as follows:
GW-PON SC Port
LED
GW-PON port
The GW-PON port is used as an uplink port for the R1P-VD Series to the core network, and the following is the only Gigabit Ethernet port in the OPT-P1W module.
GW-PON port (Single one-core SC connector)
GW PON port LED

Status LED function of the GW-PON is as follows.
Table 2-16 GW-PON port LED fuction
LED
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port have not established a valid link with the network. Indicates that the port is transmitting or receiving data. Indicates that the port is not transmitting or receiving data.
LINK
Green Off
ACT
Yellow
Blink off
2-16
R1P-VD User's Guide
Chapter 3
Before Installation
This chapter describes the precautions for installation of the Corecess R1P-VD series and installation environment for the normal operation. It also describes the way to unpack box of the Corecess R1P-VD series and verify the contents. 9 9 9 Precautions Installation Place Unpacking 3-2 3-9 3-10
Precautions
Precautions
Warning: Before you install the Corecess R1P-VD series, read this section. This section contains important safety information you should know before working with the system.
General Precautions
y y y y
While or after installing the equipment, keep the equipment clean and free from dust. After opening the cover of the equipment, keep the cover in safe place. Tools and cables should not be left on a passage for better safety. When installing the equipment, engineers should fit in their clothing so that ties, scarves, and sleeves should not be caught in the equipment. Keep ties and scarves from getting slack, and roll up the sleeves.
y y
Avoid any dangerous actions which damage the people or the equipment. If the case is opened for repairing or test is required, contact the sales agency where you purchased this equipment. Or directly contact Corecess Inc. for professional help.
3-2
R1P-VD User's Guide
Precautions
Power Considerations
y y Notice that wiring is not overloaded when connecting the system to the supply circuit. On plugging in a power socket or handling any power sources, put rings, necklaces, and metal watches in safe place. If these materials touch the power socket or ground of the product, the parts may be burnt out. y Always check that there are any potential risks in the workplace. Wet floor, ungrounded extension, rubbed-off power code, or unsafe (or ungrounded) floor may be dangerous.
AC Power
y The system is designed to be connected to TN power systems. A TN power system is a power distribution system with one point which is connected directly to earth (ground). The exposed conductive parts of the installation are connected to that point by protective earth conductors. y Ensure that the plug-socket combination is accessible at all times, because it serves as the main disconnecting device.
DC Power
y y Incorporate a readily accessible two-poled disconnect device in the fixed wiring. Ensure that power is removed from the DC circuit before installing or removing powersupplies. Tape the switch handle of the switch in the off position. y Use approved wiring terminations, such as closed-loop or spade-type with upturned lugs, when stranded wiring is required. These terminations should be the appropriate size for the wires and should clamp both the insulation and the conductor.
Before Installation
3-3
Precautions
Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are mishandled and can result in complete or intermittent failures. Note the following guidelines before you install or service the system:
y Always wear an ESD-preventive wrist or ankle strap when handling electronic components. Connect one end of the strap to an ESD jack or an unpainted metal component on the system (such as a captive installation screw). y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and connector pins. y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and connector pins. y Avoid contact between the cards and clothing. The wrist strap only protects the card from ESD voltages on the body; ESD voltages on clothing can still cause damage. y For safety, periodically check the resistance value of the antistatic strap. The measurement should b e between 1 and 10 Mohms.
3-4
R1P-VD User's Guide
Precautions
Installing and Servicing the System

y Before installation, the power switch of the system should be turned OFF and disconnect all power and external cables. y Remove all jewelry (including rings and chains) or other items that could get caught in the system or heat up and cause serious burns. y y y Do not touch the backplane or mid-plane with your hand or metal tools. Do not work alone under potentially hazardous conditions. Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
Disconnecting Power
When disconnecting power, note the following guidelines.
y y Locate the emergency power-off switch for the room before working with the system. Turn off the power and disconnect the power from the circuit when working with components that are not hot-swappable or when working near the system backplane or mid-plane. If the system does not have an on/off switch, unplug the power cord. y y To completely de-energize the system, disconnect the power connection to all power supplies. For DC power supplies, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit breaker to the off position, and tape the switch handle of the switch in the off position. y Do not touch the power supply when the power cord is connected. Line voltages are present within t he power supply even when the power switch is off and the power cord is connected.
Grounding the System

y y y Connect AC-powered systems to grounded power outlets. Do not defeat the ground conductor on an AC plug. Connect the system to earth (ground).
Connecting Cables
When you connect cables, note the following guidelines.
y Use caution when installing or modifying telephone lines to prevent electric shock.
Before Installation
3-5
Precautions
y y
Do not work on the system or connect or disconnect cables during periods of lightning activity. Do not touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface.
Hazardous network voltages are present in WAN ports regardless of whether power to the system is off or on. When you detach cables, detach the end away from the system first.
y y
Do not use a telephone to report a gas leak in the vicinity of the leak. Do not install telephone jacks in wet locations unless the jack is specifically designed for wet locations.
Working with Lasers

If your system includes a fiber-optic port, note the following guidelines.
To avoid exposure to radiation, do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the aperture of the port when no fiber cable is connected.
Always keep unused fiber-optic ports capped with a clean dust cap.
Preventing EMI
When you run wires for any significant distance in an electromagnetic field, electromagnetic interference (EMI) can occur between the field and the signals on the wires.
y y Bad plant wiring can result in radio frequency interference (RFI). Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the signal drivers and receivers in the system, and can even create an electrical hazard by conducting power surges through lines and into the system. y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.
3-6
R1P-VD User's Guide
Precautions
Rack-Mounting the System

The following explanations should be noticed when installing the system into the 19-inch rack.
Install the system in an open rack whenever possible. If installation in an enclosed rack is unavoidable, ensure that the rack has adequate ventilation.
Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted, or if the intake air is too warm, an over temperature condition can occur.
Avoid placing the system in an overly congested rack or directly next to another equipment rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over temperature condition.
Equipment near the bottom of a rack might generate excessive heat that is drawn upward and into the intake ports of the equipment above. The warm air can cause an over temperature condition in the equipment above.
Ensure that cables from other equipment do not obstruct the airflow through the chassis or impair access to the power supplies or cards.
y y y
Bolt the rack to the floor for stability. Load the rack from the bottom to the top, with the heaviest system at the bottom. If there is equipment already installed in the rack, select the location for the system carefully considering the size of the system:
Before Installation
3-7
Precautions
Lifting the System

When you lift the product to move or change the installation place, note the following guidelines.
y y y
Disconnect all power and external cables before lifting the system. Ensure that your footing is solid and the weight of the system is evenly distributed between your feet. Lift the system slowly, keeping your back straight. Lift with your legs, not with your back. Bend at the knees, not at the waist.
Do not attempt to lift the system with the handles on the power supplies or on any of the cards. These handles are not designed to support the weight of the system.
To lift and move the system, following number of people or a crane should be needed depends on weight of the system:
Table 3-1 The Number of Required Person to Lift The System
Weight of the System Below 18Kg 18~32Kg 32~55Kg Above 55Kg
The Number of Required Persons 1 2 3 Crane
Disposing of the System

Dispose of the system and its components (including batteries) as specified by all national laws and regulations.
3-8
R1P-VD User's Guide
Installation Place
Installation Place
Environmental Requirements
For the safe installation and use of the Corecess R1P-VD series, the place for installation should satisfy the following requirements:
y y While or after installing the product, keep the product clean all the time. The system should be installed in a cool place where has no direct ray of sunlight. Any tool or equip ment should not be place on the way of passage. y The following ambience condition for temperature and humidity should always be kept.
Table 3-2 Temperature and humidity condition
Feature
Value -20 ~ 60 -40 ~ 65 0 ~ 95% (40, non-condensing)
Normal Operating Temperature Hardened Operating Temperature Operating Humidity
Power Supply
y The Corecess R1P-VD series should be installed in the place where power supply satisfying the following condition is provided.
Table 3-3 Power condition
Feature Input Voltage Rating Operating Range Frequency y
AC 100 ~ 240VAC 88 ~ 264VAC 50/60Hz -48VDC
DC
-40 ~ -56VDC N/A
Verify the power (source) be clean. If there is too much noise or spark, it is better to have the power control equipment.
y y
Locate an electric outlet near the system for easy installation of power cable. Be careful with connecting power supply equipment and avoiding overload wiring.
Before Installation
3-9
Unpacking
Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the shipping carton. 1. Open the shipping carton of the Corecess R1P-VD series. There are a manual, desiccant, a power cable(s), and a console cable on the cushion inserted- Corecess R1P-VD series. 2. 3. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe place. And then, verify whether there is a plastic bag that contains rack brackets and screws under the shipping carton.
Corecess R1P-VD Series
Users Guide
Console cable (RJ45-DB9)
Rack brackets (2) Power cable (AC) Pan-head screws (8) Binder-head screws (4)
Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe place in case the product is relocated, it is better to move the product after packing with the box including cushions. Note: If there are some missing contents or damaged components, contact the sales agency where you purchased this product to replace them with new ones.
3-10
R1P-VD User's Guide
Chapter 4
Installation
This chapter describes how to mount the Corecess R1P-VD series on a rack, connect the cables to the ports, and connect the power. 9 9 9 9 9 9 Installation Procedure Rack-Mounting Connecting Ports Connecting the Console Port Connecting Power 4-2 4-3 4-6 4-11 4-13 4-15
Starting the Corecess R1P-VD series
Installation Procedure
Installation Procedure
The following summarizes the installation procedure for the Corecess R1P-VD series. The next section will describe in detail the step-by-step procedures for each step.
Caution:
Before starting the installation
y Be sure that the installation place is satisfy the requirements referred to the Chapter 3 Before Installation. y Be sure that the power switch is in the OFF (O) position and disconnect all connected cables.
1. Rack-mount The design allows the Corecess R1P-VD series to be mounted on a 19-inch rack. Rack brackets and screws needed for rack mounting are enclosed with the product. 2. Connect ports Connect a splitter to the VDSL connectors on the front side of the Corecess R1P-VD series using Telco cables. 3. Console Terminal Link Links the console terminal in order to change the composition or to monitor the status of the Corecess R1P-VD series. 4. Connect power to the system Connect adjacent power after installing the Corecess R1P-VD series. 5. Start the system Turn the Corecess R1P-VD series on and verity that the system is correctly installed by checking that certain LEDs are lit.
4-2
R1P-VD User's Guide
Rack-Mounting
Rack-Mounting
Depending upon the installation location or network topology, the Corecess R1P-VD series can be placed on a flat place like a table or can be mounted on a 19-inch rack. The design allows the Corecess R1P-VD series to be mounted on any kind of standard 19-inch racks. This section describes how to install the Corecess R1P-VD series on a 19-inch rack.
Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the Chapter 3 Before Installation to familiarize yourself with the proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to the system and components.
Checking the Rack-Mount Space

Before installing the Corecess R1P-VD Series in a 19-inch rack, check the rack-mount space as follows:
y Make sure that the 19-inch rack is placed on a convenient location for the Corecess R1P-VD Series installation. At least, the space of 550 x 750 (width x length)mm is needed to install the 19-inch rack. y Check to see if there is a vertical space of around two rack units (2U) in the rack because of the Corecess R1P-VD Series (1U) and air flow space (1U).
Air flow space R1P-VD16
19inch rack
Installation
4-3
Rack-Mounting
Required Tools and Equipment

To mount the Corecess R1P-VD series on a 19-inch rack, you need the following tools and equipment:
y y y
A Philips screwdriver Electrostatic discharge (ESD) grounding strap Rack Brackets and Screws (provided along with the product)
Two (2) rack brackets Four (4) binder-head screws (M5, 8mm) Eight (8) pan-head screws (M3, 6mm)
Note:
For more information about ESD, refer to the Chapter 3 Before Installation.
Mounting the System on a Rack

Once all the tools and equipment are prepared, mount the Corecess R1P-VD series on a 19-inch rack according to the following procedure: 1. Place the Corecess R1P-VD series on a spacious floor or a sturdy table near the rack. And check the tools and equipment. 2. There are four screw holes on each side of the Corecess R1P-VD series. As shown in the figure, place the rack brackets to the screw holes and fix them using pan-head screws.
4-4
R1P-VD User's Guide
Rack-Mounting
3.
Make sure that the 19-inch rack is placed on a convenient location for the Corecess R1P-VD series to be installed. And check to see if there is a 1U high space in the rack where the Corecess R1PVD series can be installed.
1U high space
4.
Lift up the Corecess R1P-VD series installed with rack brackets as high as the available space in the 19-inch rack.
5.
Place the rack brackets installed on the Corecess R1P-VD series to the holes of the 19-inch rack. And fix the brackets using four (4) binder-head screws.
Binder-head screw
Installation
4-5
Connecting Ports
Connecting Ports
This section describes how to connect the ports on the front panel of the Corecess R1P-VD series. The types of cables used for port connection are described in Chapter 3 and Appendix B Connectors and Cables Specifications.
Caution: In case distance between cable linked equipments is far than maximum
distance that present in this manual, transmission data can be lost.
Connecting Gigabit Ethernet Uplink Port

Connecting RJ-45 Connector
The RJ-45 port of the uplink modules on the Corecess R1P-VD series supports 10/100/1000Base-T interface, and the RJ-45 port can be connected with the Gigabit Ethernet device that support the transmission speed up to 1000Mbps. Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet device.
Gigabit Ethernet Switch or Router
STP cable y 10Mbps : Category-3, 4 y 100Mbps : Category-5 y 1000Mbps : Category-5+, 6 y Max. cable length : 100m
R1P-VD24
4-6
R1P-VD User's Guide
Connecting Ports
Connecting LC Connector on SFP Module

The 1000Base-SX/LX SFP module can be installed in the SFP slot of the uplink modules on the Corecess R1P-VD series, and the Corecess R1P-VD series can be connected to the core network using the 1000Base-SX/LX SFP module. Depends on the type of SFP modules, connect cables as follows:
1000Base-SX SFP Module

When the 1000Base-SX SFP module is installed in the SFP module slot, use the 850nm Multi-mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, and then connect to the Gigabit Ethernet network.
1000Base-LX SFP Module

When the 1000Base-LX SFP module is installed in the SFP module slot, use the 1310nm Single mode fiber optic cable. Prepare the fiber optic cable of the duplex LC type, and then connect to the Gigabit Ethernet network.
1000Base-LX SFP Module 1000Base-SX SFP Module
R1P-VD16 Single Mode Fiber Optic Cable y Connector : Duplex LC y Wavelength : 1310nm (Rx, Tx) y Max. cable length : 10Km Multi-Mode Fiber Optic Cable y Connector : Duplex LC y Wavelength : 850nm (Rx, Tx) y Max. cable length : 550m
Gigabit switch or Router
Installation
4-7
Connecting Ports
Connecting Gigabit Ethernet PON Uplink Port

The OPT-P1ES1CD and OPT-P1EL1CD module of the Corecess R1P-VD series provides the Gigabit Ethernet PON uplink port. The Gigabit Ethernet PON uplink port can be connected to the core network using the 1000Base-PX SFP connector. Prepare the single mode fiber optic cable (Rx: 1310nm, Tx: 1490nm). Then, connect the cable to the 1000Base-PX SFP port of the OPT-P1ES1CD or OPT-P1EL1CD module and a Gigabit Ethernet PON device.
Corecess S5 E-PON OLT Single Mode Fiber Optic Cable y Connector : Simplex SC/PC y Wavelength : 1310nm (Rx) 1490nm (Tx) y Max. cable length : 10/20Km
Corecess 4500 Optical Splitter Single Mode Fiber Optic Cable y Connector : Simplex SC/PC y Wavelength : 1310nm (Tx), 1490nm (Rx) y Max. cable length : 10/20Km
R1P-VD24
4-8
R1P-VD User's Guide
Connecting Ports
Connecting PSTN Port

The PSTN port on the Corecess R1P-VD24 is connected to the Central Office switch or PBX via MDF. To connect the PSTN port on the front panel of the Corecess R1P-VD24, prepare a Telco cable with 50pin Champ connecter and follow these steps: 1. 2. Connect a 50-pin Champ connector of the Telco cable to the PSTN port. Connect the other end of the Telco cable to the MDF which is connected to the central office switch or PBX.
Telco cable (straight-through)
CO MDF
Installation
4-9
Connecting Ports
Connecting VDSL Port

The VDSL port on the Corecess R1P-VD series is connected to the subscribers VDSL modem via MDF. To connect the VDSL port on the front panel of the Corecess R1P-VD series, prepare a Telco cable with 50-pin Champ connecter and follow these steps: 1. 2. Connect a 50-pin Champ connector of the Telco cable to the VDSL port. Connect the other end of the Telco cable to the MDF which is which is cabled to the subscribers VDSL modem.
MDF
VDSL Modem
Telco cable (straight-through)
4-10
R1P-VD User's Guide
Connecting the Console Port

The Corecess R1P-VD can perform the following works via a console:
y y Can browse various network statistics information and the status of the switch and ports. Can change the switch configuration for changing the topology, improving the switch performance or controlling the network traffic. y y y Can browse the logs of various events and traps occurring at the switch. Can download new software from ftp server. Can strengthen the system security through specifying hosts that can access switches.
There are two different ways to access to a console: y Out-of-Band: The console port on the front panel of the Corecess R1P-VD Series is directly connected to a VT-100 terminal or a PC that is to be used as a console terminal using a console cable comes with the Corecess R1P-VD Series. y In-Band: Access is gained from a PC or a VT-100 terminal emulator through Telnet sessions to the Corecess R1P-VD Series. To use this method, the IP address and subnet mask of the Corecess R1P-VD Series need to be designated. See the Chapter 5/ Basic Configuration to designate the IP address and subnet mask of the Corecess R1P-VD Series.
Installation
4-11
Configuring a Console Terminal

Make sure that your terminal emulation software is configured to communicate with the system through hardware flow control. Configure the baud rate and character format of the PC or terminal to match these console port default characteristics:
Table 4-1 Configuring a console terminal
Bits per second Data bit Parity bit Stop bit Flow control
9600bps 8bit None 1bit None
Connecting a Console Terminal

Connect the PC or terminal to the console port on the Corecess R1P-VD Series using the console cable included with the Corecess R1P-VD Series.
Console Cable (RJ-45 - DB-9) y included with the product y Max. cable length : 15m
Console Terminal Configuration y Bit/Sec : 9600bps y Data Bit : 8bit y Parity Bit : None y Stop Bit : 1bit Console Terminal y Flow Control : None
Console Terminal
4-12
R1P-VD User's Guide
Connecting Power
Connecting Power
Caution: Before connecting AC or DC power
y Be sure that the power to be connected to the system is satisfy the considerationts referred to the Chapter 3 Before Installation. y Be sure that the power switch on the front panel is turned off (O).
Connecting AC Power
1. Check that the power switch is in the OFF (O) position. 2. Connect the power cord, which is provided with the product, to the power input located on the rear panel of the Corecess R1P-VD series. And plug the power cord into an outlet.
Installation
4-13
Connecting Power
Connecting DC-Input Power

1. Check that the power switch is in the OFF (O) position. 2. Connect the cable of an external power supply or a rectifier to the terminal block located on the front panel of the R1P-VD series as follows:
4-14
R1P-VD User's Guide

Start the Corecess R1P-VD series according to the following order after installation: Check the followings once again before operating the Corecess R1P-VD series:
y y y Make sure that uplink modules are properly inserted in the uplink slot of the system. Make sure that cables are properly connected to each port. Make sure that the power cord is properly connected.
Console terminal is connected to the console port and turned on. Turn the system power switch to the ON position. The green RUN LED should go on. Listen for the fans; they should be operating as soon as power is turned on. The system boots from Flash memory.
U-Boot 1.1.4 (Jun 30 2007 - 18:31:54) R1P-VD u-Boot 1.1.4(3) (sdream@hera) CPU: AMCC PowerPC 405EP Rev. B at 200 MHz (PLB=99, OPB=33, EBC=49 MHz) I2C boot EEPROM disabled Internal PCI arbiter enabled 16 kB I-Cache 16 kB D-Cache Board: Corecess R1P-VD I2C: DRAM: In: Out: Err: FMEM: ready 124 MB serial serial serial OneNAND 64MB 2.65/3.3V 16-bit KFG1216D2A Samsung 63.1008 Mbytes available (BB=0), 504Blocks(128KB) BEDBUG:ready Hit CTRL-C to stop autoboot: 0 .. complete. Loading from device onenand(0:0x1800000) to 0x1000000 ... 100% ## Booting image at 01000000 ... Image Name: Created: Image Type: Data Size: r1p_vd-base-osapp-REL1.0.1RC7.im 2008-01-25 8:02:26 UTC 5.8 MB PowerPC Linux Multi-File Image (gzip compressed) 6104145 Bytes = .... OK
FLASH: 512 kB
Load Address: 00000000
Installation
4-15
Entry Point: Contents: Image 0: Image 1:
00000000 1.9 MB 3.9 MB
1968693 Bytes = 4135437 Bytes =
Verifying Checksum ... OK Uncompressing Multi-File Image ... OK Loading Ramdisk to 077a1000, end 07b92a0d ... OK CoreOS $Revision: 0.81 $ Loading....... success open console INIT: version 2.86 booting Welcome to Corecess Embedded Linux Environment Press 'I' to enter interactive startup. Mounting proc filesystem: Setting hostname localhost: Checking filesystems [ OK ] [ ] OK ] [ OK Mounting local filesystems: Enabling swap space: [ [ OK [ OK ] OK ] ] Configuring kernel parameters:
touch: /.autofsck: Read-only file system INIT: Entering runlevel: 3 Entering non-interactive startup Setting network parameters: Bringing up interface lo: Starting xinetd: [ Starting crond: [ PRODUCT : r1p_vd mount Configuration FS Starting VDSL :[ Starting SNMP : [ Starting SVCMgr : [ Starting DHCP : [ Starting 802.1X : [ OK OK OK OK OK ] ] ] ] ] OK OK ] ] [ [ OK OK ] ]
Enter CoreNetwork Kit
Starting Corecess Extended Protocols
waiting for system ready... use default user corecess/corecess SFP COULD BE INSERTED ANYTIME! DS75 MUST BE THERE!
When initialization has been completed, the console screen displays a login message as follows:
localhost login:
4-16
R1P-VD User's Guide
Now, the Corecess R1P-VD series installation is properly done. Continuously, log into the Corecess R1P-VD series CLI and configure the system.
Installation
4-17
4-18
R1P-VD User's Guide
Chapter 5
Basic Configuration
This chapter briefs general configuration method of the Corecess R1P-VD series.
9 9 9 9 9 9 9
Before Configuration
5-2 5-13 5-24 5-28 5-31 5-35 5-43
Configuring Basic System Parameters Configuration File Management Upgrading Software Configuring Stacking System Log Management Monitoring the System
The Corecess R1P-VD series already has configured with default upon the shipment and can immediately be used without additional configuration explained in this chapter. If the default configuration should be changed according to users network environment, refer to the contents in this chapter. This section describes how to access CLI (Command Line Interface) of the Corecess R1P-VD series and provides information that you should know before using CLI.
Accessing the CLI

When the Corecess R1P-VD series starts up for the first time, the only CLI access is available through the console port. The following steps describe how to access CLI on the console terminal connected to the console port: 1. To access the Corecess CLI on the console screen, the console port on the Corecess R1P-VD series should be connected to a serial port (DB-9) of the console terminal using a console cable as the following figure:
Console port
Corecess R1P-VD24 Console termial environment - 9600 bps, 8 data bits, no parity bit, 1 stop bit, no hardware flow control Console cable (RJ-45 - DB-9) y Console cable included with the system y Max. cable length : 15m
VT100 terminal
2.
Make sure that you have started the emulation software program such as HyperTerminal from your console terminal.
5-2
R1P-VD User's Guide
3.
Press [Enter], then the login message is displayed on the console terminal:
localhost login:
Basic Configuration
5-3
4.
Enter the login id, password and press the [Enter]. The default login ID is corecess. If you entered the login id, localhost> prompt appears.
localhost login: corecess Password: localhost>
5.
To configure the Corecess R1P-VD series, enter in the Privileged mode using enable command. Once you enter in the Privileged mode, the prompt will be changed from localhost> to localhost#.
localhost> enable localhost# Note: After specifying the IP address of a VLAN interface, you can access CLI of the Corecess R1P-VD series through the Telnet session or NMS.
5-4
R1P-VD User's Guide
Command Modes
The commands in the CLI are organized into the following modes:
Table 5-1 CLI Modes
Command Mode User
Description In this mode, you can display information and perform basic tasks such as Ping and Telnet. In this mode, you can use the same commands as those at the User mode plus configuration commands that do not require saving the changes to the system-configure file. This mode allows you to globally configure access-lists, DHCP, SNMP, and VLAN. You can also apply or modify parameters for ports on the device. This mode allows you to assign or modify specific interface parameters. This mode allows you to configure QoS (Quality of Service) on the system. This mode allows you to configure QoS class-map. This mode allows you to configure QoS policy-map. This mode allows you to assign the class to be applied to QoS policy-map. This mode allows you to configure a virtual terminal. Log in.
Access Method
Privileged
From User mode, enter the enable command.
Global
From Privileged mode, enter the configure terminal command. From Global configure mode, enter the interface command. From Global configure mode, enter the qos command. From QoS configure mode, enter the class-map command. From QoS configure mode, enter the policy-map command. From Policy-map configure mode, enter the class command. From Global configuration mode, enter the line vty command. From Global configuration mode, enter the dsl command.
Interface
QoS
Class-map Configure Policy-map Policy-mapclass
VTY-line
DSL
This mode allows you to configure VDSL.
Basic Configuration
5-5
Entering Privileged Mode

When you start a session on the Corecess R1P-VD series, you begin in the user mode. Only a limited subset of the commands is available in the user mode. To have access to all commands, you must enter the privileged mode. To enter the privileged mode from the user mode, enter the enable user mode command. The CLI prompt will be changed from > to # entering the privileged mode.
> enable #
To exit from the privileged mode, enter disable privileged mode command. The CLI prompt will be changed from # to > returning to the user mode from the privileged mode.
# disable >
If you enter the exit privileged mode command, you can exit form the CLI.
# exit localhost login:
Entering Global Configuration Mode

The configuration mode allows you to change configuration to for the Corecess R1P-VD series. The configuration mode contains sub-modes for individual ports, for VLANs, and other configuration areas. To be entered into the configuration mode from the privileged mode, enter the configure terminal which is a privileged mode command. The CLI prompt will be changed to (config)# which means entering into the configuration mode.
# configure terminal (config)#
To exit from the configuration mode, enter end or exit command. The CLI prompt will be changed to # returning to the privileged mode.
(config)# end #
5-6
R1P-VD User's Guide
Returning to Previous Command Mode

To log out from CLI, you should return to the user mode or the privileged mode. Use the exit or end command to return to the user mode or the privileged mode from other command mode: This example shows how to return to the privileged mode from the policy-map mode by using the exit command:
(config-pmap)# exit (config-qos)# exit (config)# exit #
This example shows how to return to the privileged mode from the policy-map mode by using the end command:
(config-pmap)# end #
Logging out From CLI

To log out from the CLI, enter the exit command at the user mode or the privileged mode. This example shows how to log out from the CLI at the privileged mode. After logging out from the CLI, login prompt will be displayed as follow.
# exit localhost login:
This example shows how to log out from the CLI at the user mode. After logging out from the CLI, login prompt will be displayed as follow.
> exit localhost login:
Basic Configuration
5-7
Prompt
On the CLI prompt, the node name and current command mode are indicated as follows:
localhost(config-qos)#
Node name Command mode
The default node name is localhost. This default node name is used for the prompt until you change them. The following table provides the prompt of the main command modes. The following table provides the prompt of the main command modes.
Table 5-2 Prompt of the command modes
Command Mode User Privileged Global Interface QoS Configuration Class-map Policy-map Policy-map-class VTY-line DSL localhost> localhost#
Prompt
localhost(config)# localhost(config-if)# localhost(config-qos)# localhost(config-cmap)# localhost(config-pmap)# localhost(config-pmap-c)# localhost(config-line)# Localhost(config-dsl)#
5-8
R1P-VD User's Guide
Getting Help
The CLI provides help system that shows the list of available commands or command options. You can also get information about their function and brief description of usage. This section describes how to use help system for the CLI.
To obtain a list of commands that are available for each command mode, enter a question mark (?) at the prompt: # ? calendar clear clock close cls configure copy debug delete diag disable end exit help list no ping reset show ssh telnet terminal traceroute undebug update write # Delete Diagnosis mode Turn off privileged mode command End current mode and down to previous mode Exit current mode and down to previous mode Description of the interactive help system Print command list Negate a command or set its defaults send echo messages Reset System Show running system information Open a ssh connection Open a telnet connection Set terminal line parameters Trace route to destination Disable debugging functions (see also 'debug') Update Image Write Information calendar Reset functions System clock Close the terminal Clear a screen Configuration from vty interface Copy from one file to another
Basic Configuration
5-9
To obtain command syntaxes which are available in each command mode, enter the list command at the prompt: # list calendar set WORD [WORD] [WORD] [WORD] clear arp clear arp A.B.C.D clear host-entries clear host-entries A.B.C.D clear interface vlan id <1-4094> clear ip dhcp snoop port (fastethernet|gigabitethernet|VDSL|vdsl|shdsl) WORD * clear ip dhcp snoop vlan id <1-4094> A.B.C.D clear ip dhcp snoop vlan id <1-4094> A:B:C:D:E:F . . update boot-cfg id <1-100> update flash image NAME update flash image id <1-100> write file write memory write terminal write terminal global write terminal port (fastethernet|gigabitethernet|VDSL|vdsl|shdsl| switchfabric|stacking) WORD #
To obtain a list of command associated keywords and arguments, enter a question mark (?) after a partial command followed by a space: # copy ? factory-default flash ftp running-config startup-config tftp # Copy from factory-default configuration From flash From ftp Copy from current system configuration Copy from startup configuration From tftp
5-10
R1P-VD User's Guide
Command Usage Basics

Entering Commands
To executing a CLI command, you should enter both the command and its options. You can execute the commands in the command mode which the prompt is locating now. The CLI commands of the Corecess R1P-VD series have the following characteristics: y The CLI commands are case-sensitive. y The CLI supports command completion, so you do not need to enter the entire name of a command or option. As much as you enter enough characters of the command or option name not to be ambiguous, the CLI understands what you are typing. For example, you may enter only con t to execute the configure terminal command in Privileged command mode.
localhost# con t localhost(config)#
But if you enter only co t, the following error message will be displayed. Because there are copy and configure command and the system cant distinguish the two commands.
localhost# co t % Ambiguous command :co t.
To complete a command, press Tab key. If you enter a few known characters, then press Tab key, the CLI displays the rest characters of the command. For example, if you enter only con, then press Tab key, the CLI displays configure on the terminal.
y To display a list of available commands or command options, enter ?. If you have not entered part of a command at the command prompt, all the commands supported at the current CLI mode are listed. If you enter part of a command, then enter ?, the CLI lists the options you can enter at the point in the command string.
Basic Configuration
5-11
Specifying Ports
To specify ports, follow these rules.
y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1 on the option module installed in the slot 1. y Use dash (-) to specify consecutive number of ports. For example, enter 2/3-6 instead of entering 2/3 2/4 2/5 2/6. y Use comma (,) to specify non-consecutive number of ports. For example, enter 2/1,2/3-4 instead of entering 2/1 2/3 2/4. y See the following figure to check the slot number:
y Port number: 2/1, 2/2 y Port type :Optional
y Port number : 3/1~16 y Port type : VDSL
y Port number: 1/1, 1/2 y Port type :Gigabit Ethernet
R1P-VD Series
5-12
R1P-VD User's Guide
Configuring Basic System Parameters

This section describes the procedure of configuring the following basic system parameters:
y y y
IP address and default gateway System name System time and date
Configuring the IP Address and Default Gateway

To access the Corecess R1P-VD series via Telnet session or to configure the Corecess R1P-VD series remotely using the SNMP, the following values must be set:
y y
IP address and subnet mask of the VLAN connected to the host or backbone. Default gateway address
The following is a procedure of configuring the IP address for managing the Corecess R1P-VD series and default gateway:
Table 5-3 Configuring IP address, subnet mask, and default gateway
Command enable show vlan configure terminal interface vlan id <vlan id> ip address <ip-address> /<M> exit ip route default <default-gateway> end 1. Enter Privileged mode.
Task
2. Verify the current VLAN configuration 3. Enter Global configuration mode. 4. Enter Interface configuration mode for the VLAN connected to the host or backbone. y<vlan-id>: VLAN ID (1 ~ 4094). 5. Assign an IP address and subnet mask to the VLAN interface. y<ip-address>: IP address for the VLAN interface. y<M>: Subnet mask. 6. Exit from Interface configuration mode to Privileged mode. 7. Specify a default gateway address. y<default-gateway>: Default gateway address. 8. Return to Privileged mode.
Basic Configuration
5-13
show interface ping <destination>
9. Verify the configuration. 10. Check network connectivity with other host or network. y <destination>: The IP address of the host or the network number to ping.
write memory
11. Save the configuration change.
The following is an example of assigning an IP address and subnet mask for the managing the Corecess R1P-VD24A and verifying the configuration:
> enable # configure terminal (config)# vlan id 2 port gigabitethernet 1/1 (config)# end # show vlan VLAN ----1 DEFAULT active 2/1-24 2 vlan2 MTU 1500 1500 STP enable enable active Private disable disable 1/1 Promisc port None None 1/2 Name Status Slot/Ports ------------------------------------------------ --------
VLAN Interface 1 2 disable disable
---- ------------ ------ -------- -------- ------------
# configure terminal (config)# interface vlan id 2 (config-if)# ip address 172.18.37.200/16 (config-if)# end (config)# ip route default 172.18.37.254 (config)# end # show interface Interface vlan2 index 31 kernel index 4 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:90:a3:cd:cc:e5 inet 172.18.37.200/16 broadcast 172.18.255.255 input packets 182, bytes 10920, dropped 378, multicast packets 23 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0
5-14
R1P-VD User's Guide
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0,window 0 collisions 0 Status Checking link-status trap is disable no checking member's link status IPv4 Options icmp redirects are not sent icmp unreachables are sent # ping 172.27.2.49 PING 172.27.2.49 (172.27.2.49) from 172.27.2.100 : 56(84) bytes of data. 64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=955 usec 64 bytes from 172.27.2.49: icmp_seq=1 ttl=128 time=817 usec . . 64 bytes from 172.27.2.49: icmp_seq=14 ttl=128 time=760 usec 64 bytes from 172.27.2.49: icmp_seq=15 ttl=128 time=762 usec --- 172.27.2.49 ping statistics --16 packets transmitted, 15 packets received, 6% packet loss round-trip min/avg/max/mdev = 0.760/1.304/8.284/1.866 ms #
Basic Configuration
5-15
User Management
To access the CLI of the Corecess R1P-VD series, you must login by entering a user name. By default, corecess exists. The corecess is administrators who can read and write the system configuration. You can add new users to the Corecess R1P-VD series, modify the users information, and remove them.
Adding a New User

The table below shows the commands to add a user:
Table 5-4 Adding a new user
Command enable configure terminal username <name> password <password> [8] end show username write memory 1. Enter Privileged mode.
Task
2. Enter Global configuration mode. 3. Add a user. y <name>: The user ID for entering the CLI. y <password>: The password for the user. 4. Return to Privileged mode. 5. Verify the list of user configuration 6. Save the IP address configuration.
The following example adds a user whose id is kka and password is violet and verifies the configuration:
# configure terminal (config)# username kka passwd violet (config)# end # show username corecess kka none console none Sat Nov 12 12 14:41:45 +0900 2005 **Never logged in**
# write memory Building Configuration... [OK] #
5-16
R1P-VD User's Guide
Changing a User Password

To change a user password for a user, perform this task in Privileged mode:
Table 5-5 Changing a user password
Command configure terminal username <user-name> passwd [8] <password> end write memory
Task 1. Enter Global configuration mode. 2. Specify a new password. y <user-name>: The user name to modify password. y <password>: New password y 8: Encrypts the password. 3. Return to Privileged mode. 4. Save the configuration change.
The following is an example of changing a password of the user kka:

# configure terminal (config)# username kka password R1PVDSLL2B (config)# end # write memory Building Configuration... [OK] #
Basic Configuration
5-17
Deleting a User
To delete a user, perform this task in Privileged mode:
Table 5-6 Deleting a user
Command configure terminal no username <name> end show username write memory
Task 1. Enter Global configuration mode. 2. Delete a user. y <user-name>: The user name to delete. 3. Return to Privileged mode. 4. Verify the list of users. 5. Save the configuration change.
The following is an example of deleting the user kka and verify the deletion:
# configure terminal (config)# no username kka (config)# end # show username # write memory Building Configuration... [OK] #
5-18
R1P-VD User's Guide
Configuring System Name and Setting System Date and Time

This section describes the configuration of the following general system features:
y y y System name System date and time NTP mode and time zone
Changing System Name

The system name on the switch is a user-configurable string that identifies the device. The default system name is localhost. To change the system name, enter the following command in Global configuration mode:
Table 5-7 Changing the system name
Command enable configure terminal 1. Enter Privileged mode
Task
1. Enter Global configuration mode. 2. Specify the system name. y <system-name>: The string used for system name. The maximum length of the host name is 63 alphanumeric characters or _ beginning with alphabet. 3. Return to Privileged mode. 4. Save the configuration change.
hostname <system-name>
end write memory
The following example changes the system name to R1PVD16:

localhost# configure terminal localhost(config)# hostname R1PVD16 R1PVD16(config)# R1PVD16 (config)# end R1PVD16# write memory Building Configuration... [OK]
Basic Configuration
5-19
Adjusting System Time

The system date and time is used in the log which is the record of the events occurred in the system. When recording events or commands executed in the system into a log, the date and time of the system is recorded with events or commands. Such logs can be used as an important data in solving problems in the system thus, it is very important to accurately set the date and time of the system. To adjust the system time, use calendar and clock read-calendar commands in Privileged mode:
Table 5-8 Adjusting system time
Command enable 1. Enter Privileged mode.
Task
clock set <time> [<date>] [<month>] [<year>]
2. Specify the current system time and date. y <time>: Current time in hours, minutes, and seconds (in the format hh:mm:ss, example : 16:24:00) y <day>: Current day (by date) in the month. y <month>: Current month (1 ~ 12, or name). y <year>: Current year (no abbreviation). 3. Reads manually the calendar into the system clock. 4. Verify the configuration.
show clock write memory
The following is an example of adjusting the system calendar and changing the system clock into the system calendar: >enable
# clock set 15:00:00 12 11 2005 # show clock Sat Nov 12 15:00:03 KST 2005 # write memory Building Configuration... [OK] #
To change the current software clock (calendar) to the system clock, use the clock readcalendar command in Privileged mode.
# show calendar Sat Nov 12 15:00:08 2005 # clock read-calendar # show clock -0.747987 seconds
5-20
R1P-VD User's Guide
Sun Nov 13 00:02:00 KST 2005 # Note: The "calendar" clock is the software clock which is erased when the system is powered cycles or rebooted. This is separate from the hardware clock that runs continuously, even if the system is powered off or rebooted.
Configuring NTP
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur. The R1P-VD series supports the following NTP modes: y Broadcast client mode* In broadcast client mode, local network equipment, such as a router, regularly broadcasts the time information. The R1P-VD series listens for the broadcast messages and set the system clock. y Multicast client mode* Multicast mode acts the same as broadcast client mode, only instead of broadcast messages (IP address 255.255.255.255) multicast messages are sent (IP address 224.0.1.1). y Server mode In server mode, the R1P-VD series regularly request the time information to an NTP server.
Basic Configuration
5-21
To configure NTP on the system, follow this procedure:

Table 5-9 Configuring NTP
Command configure terminal 1. Enter Global configuration mode.
Task
ntp config type {broadcast | multicast <groupaddress> | server <poll> <ip-address> preset {on | off}}
2. Set the NTP mode. y broadcast: Configure the system in NTP broadcast client mode. y multicast <group-address>: Configure the system in NTP multicast client mode. - <group-address>: Multicast group address y server <poll> <ip-address>: Configure the system in NTP server mode.
- <poll>: The polling interval. - <ip-address>: The IP address of the NTP server.
y preset: Whether to preset the system clock to the time received from NTP server. - on: Preset. - off: Not preset.
ntp enable end show ntp config
3. Enable NTP on the system.

4. Return to Privileged mode. 5. Verify the NTP configuration.
The following example shows how to configure the system in NTP server mode and verify the configuration:
(config)# ntp config type server 32 203.255.112.69 preset on (config)# ntp enable (config)# end # show ntp config ntp config type server 32 203.255.112.69 preset on ntp enable
Setting the Time Zone

You can specify a time zone for the system to display the time in that time zone. You must enable NTP before you set the time zone. If NTP is not enabled, this command has no effect. If you enable NTP and do not specify a time zone, UTC is shown by default. The default time zone is UTC. To set the time zone, use the following commands in Global configuration mode:
5-22
R1P-VD User's Guide
Table 5-10 Setting the time zone
Command configure terminal 1. Enter Global configuration mode. 2. Set the time zone.
Task
clock timezone <region> <areacode>
y <region>: The region name. Select one of followings: africa Africa region america America region antarctica Antarctica region arctic Arctic region asia Asia region atlantic Atlantic region australia Australia region europe Europe region indian Indian region pacific Pacific region cet CET(Central Europe time UTC+1) eet EET(Eastern Europe Time UTC+2) est EST(Estern Standard Time UTC-5) gmt GMT(Greenwich Mean Time UTC) pst PST(Pacific Standard Time UTC-8) utc UTC(Universal Time Clock) y <area-cded>: Area code(area code, 1 ~ 1000). You can see the area code for the selected region by using the show ntp region in Privileged mode. 3. Return to Privileged mode. 4. Verify the configuration. 5. Save the configuration changes. 6. Restart the system.
end show ntp config write memory reset system
The following example shows how to set the time zone and the area code to asia/seoul:
localhost(config)# clock timezone %set timezone asia/Seoul %please restart vtysh (config)# end # show ntp config ntp region Asia 54 ntp enable # reset system
Basic Configuration
5-23
Configuration File Management

This section describes how to display the current system configuration, save the configuration change, and restore the default configuration.
Displaying and Saving the Current Running Configuration

The Corecess R1P-VD series contains two types of configuration files: the running (current operating) configuration and the startup (last saved) configuration.
Running Configuration
The running configuration is the current (unsaved) configuration that reflects the most recent configuration changes. You can upload or download the running configuration file via FTP or TFTP.
Startup Configuration
The startup configuration is the saved configuration in Flash memory and is used when the system initializes. You can upload or download the startup configuration file via FTP or TFTP.
Caution: Whenever you make changes to the Corecess R1P-VD series configuration, you must save the changes to memory so they will not be lost if the system is rebooted.
5-24
R1P-VD User's Guide
Displaying the Current Running Configuration

To display the current running configuration, enter the show running-config command in Privilege mode: You can confirm present composition file contents of system by following method.
Table 5-11 display the current running
Command enable show running-config 1. Enter Privileged mode
Task
2. Display contents of current running configuration file.
The following is example that confirm contents of current running configuration file of Corecess R1PVD series.
# show running-config Current configuration: ! ! version ! hostname localhost dsl ! snmp-server community "pulbic" rw snmp-server community "public" rw snmp-server contact Unknown snmp-server location Unknown snmp-server enable rmon ! system fan enable 30 20 system temperature enable 90 80 ! interface vlan id 1 ip address 172.18.37.216/16 ! interface null id 12 ! interface vlan id 2 ! line vty 0 10 ! 0.77
Basic Configuration
5-25
no ntp ! . . #
Saving the Current Running Configuration

To save your configuration changes to Flash memory so that they will not be lost if the system is rebooted, enter one of the following commands in the Privileged command mode:
Table 5-12 Commands for saving the current running configuration
Command write memory write file copy running-config startup-config
The following example shows how to save the configuration changes to Flash using the write
memory command:
# write memory Building Configuration... . . [OK] #
The following example shows how to save the configuration changes to Flash using the write file command:
# write file Building Configuration... . . [OK] #
The following example shows how to save the configuration changes to Flash using the copy
running-config startup-config command:
5-26
R1P-VD User's Guide
# copy running-config startup-config Building Configuration... . . [OK] #
Restoring Default Configuration

To restore the default configuration, use the following commands in Privileged mode:
Table 5-13 Restoring the default configuration
Commands copy factory-default start-up config reset system
Task 1. Restore the default configuration. 2. Restart the Corecess R1P-VD series.
The following example shows how to restore the default configuration.

# copy factory-default startup-config done # reset system . .
Basic Configuration
5-27
Upgrading Software
Upgrading Software
You can download the latest software image for the Corecess R1P-VD series from a remote FTP or TFTP server and upgrade the Corecess R1P-VD series. To download software image from a FTP or TFTP server, the Corecess R1P-VD series should be connected with remote source server as follows:
Corecess R1P-VD24 Network Source server
Remote telnet
Console
To upgrade the Corecess R1P-VD series software, perform this task in Privileged mode:
Table 5-14 Downloading software from a remote TFTP server
Command show version copy ftp <ftp-ip> [id <name> password <password>] flash image <file-name> copy tftp <tftp-ip> flash image <file-name> show flash image
Task 1. Verify the current system software version. 2. Download the specified image file from the FTP or TFTP server. y <ftp-ip>: IP address of the FTP server. y <tftp-ip>: IP address of the TFTP server. y id <name>: ID for login to a FTP server. y passwd <passwd>: Password for login to a FTP server. y <file-name>: The file name used for saving the downloaded file. 3. Verify that the image file is downloaded. 4. Update the system software to the downloaded image file. y <id>: Id of the image. y <name>: Name of the image. Note: You can see the id and name of the image file using the show flash command in step 3. 5. Reboot the system.
update flash image {<id> | <name>}
reset system
5-28
R1P-VD User's Guide
Upgrading Software
The following is an example of downloading image file from the TFTP server whose IP address is 172.27.2.49:
localhost# show version CoreOS Software ------------------------------------------------------------Copyright (c) 1998-2007 by Corecess Inc. Compiled on Aug 3 2007 12:43:53 by r1p_vd 3 18:09:16 2007) System Uptime 000/03/34/11 [d:h:m:s] (Fri Aug Software ------------------------------------------------------------r1p_vd-base-osapp-REL_P24_0.9.4RC4.img CoreOS Version $Revision: 0.80 $ CPU 405EP Processor board ID 13361(Base) hardware revision 2 Rom Version FS Version REL_P24_0.9.1
------------------- ------------------ ---------- ------------System Bootstrap
Used/Total bytes of memory 68584K / 118864K
---------------------------------------- ----------------------------
------------------- ------------------
5677K/ 23045K bytes of processor board System flash (Read/Write) # copy tftp 172.27.2.49 flash image r1p_vd-base-osapp-REL_P24_0.9.4RC4.img tftp: done localhost# sh flash image System flash directory: File 1 Length (bytes) 5813464 Name/status r1p_vd-base-osapp-REL_P24_0.9.4RC4.img (*) ----- --------------- -----------------------------------------[5677 blocks used, 17368 available, 23045 total, 1K-blocks] */# : running/updated image localhost# # update flash image id 1 update flash: r1p_vd-base-osapp-REL_P24_0.9.4RC4.img is completed # reset system data 10000 Kbytes
Basic Configuration
5-29
Upgrading Software
[DEVICE]klogging.is_enable_backuplog = 0 halt system now Power Reset Called Power Reset C? U-Boot 1.1.4 (Jun 8 2007 - 18:10:08)
R1P-SW24L2B u-Boot 1.1.4(3) (sdream@hera) CPU: AMCC PowerPC 405EP Rev. B at 200 MHz (PLB=99, OPB=33, EBC=49 MHz) I2C boot EEPROM disabled Internal PCI arbiter enabled 16 kB I-Cache 16 kB D-Cache Board: Corecess R1P-VD24
5-30
R1P-VD User's Guide
Configuring Stacking
Stacking is a function enabling effective and easier management of device in your site with multiple of
devices installed. This is a method to solve the complication of connecting to each IP address via NMS by setting the IP address for each switch or connecting the console for each switch to configure each switch in case of using multiple of switches. Configure one switch as a master node and the remaining switch as slave nodes. Then all switches can be configured via switches with a master node. When stacking function is used, the following convenient functions can be used in managing the devices.
y y y y Can manage multiple of devices using one IP address. Can configure multiple of devices at once and can monitor. Can upload or download software of multiple of devices at once. Can reboot multiple of devices at once.
The R1P-VD series can be connected together, through standard network connections, and managed through a single IP address. Up to eleven (11) systems (including Master node) can be connected together in such a stack group. You identify one of the systems as the Master node and give that system an IP address. Up to ten (10) other systems (Slave nodes) in the network can then easily be configured as members of the stack and managed through the Masters IP address. The management includes Telnet access to the Master node and to each Slave node through the Master node. To configure a stack group, the R1P-VD series are connected through the Ethernet port. The Master node is connected to the Ethernet switch through the uplink port.
Basic Configuration
5-31
Configuring Master Node

To configure the R1P-VD series as a master node of a stack group, perform this task in Privileged mode:
Table 5-15 Configuring a master node of a stack group
Command configure terminal stacking mode master stacking group <group-id> end show stacking
Task 1. Enter Global configuration mode. 2. Configure the system as a master node. 3. Specifies the stack group the system will belong to. y <group>: Stack group ID (1 ~ 99). 4. Return to Privileged mode. 5. Verify the stacking configuration.
The following example configures the system as a master node of the stack group 1:
# configure terminal (config)# stacking mode master (config)# stacking group 1 (config)# end # show stacking Configured to Master in group 1. #
Note: The R1P-VD series which is configured as a master node should have IP address.
To configure the R1P-VD series as a standalone node (not stacking), use the stackset mode standalone command.
(config)# stacking mode standalone (config)# end # show stacking Configured to Standalone. #
5-32
R1P-VD User's Guide
Configuring Slave Node

To configure the R1P-VD series as a slave node of a stack group, perform this task in Privileged mode:
Table 5-16 Configuring a slave node of a stack group
Command configure terminal stacking mode slave <slave-id> stacking group <group-id> end show stacking
Task 1. Enter Global configuration mode. 2. Configure the system as a slave node. y <slave-id>: ID of the slave node(1 ~ 10). 3. Specifies the stack group the system will belong to. y <group>: Stack group ID(1 ~ 99). 4. Return to Privileged mode. 5. Verify the stacking configuration.
The following example configures the system as a slave node of ID 1 in the stack group 1:
# configure terminal (config)# stacking mode slave 1 (config)# stacking group 1 (config)# end # show stacking Configured to Slave 1 in group 1. #
Basic Configuration
5-33
Managing Slave Node via Master Node

After configuring the stack group, slave nodes can be managed via the master node. In another words, without the need of connecting the console terminal for each slave node to manage slave node, just connect to the master node to monitor or configure slave node. In order to manage slave node in the master node, establish a session for connecting the salve node using the session stack-member command in Privileged mode. After establishing the session for the slave node, the commands entered on the session are applied to the slave node. The following example establishes a session for managing a slave node of ID 2:
# session stack-member 2 session_stack_member: cmd[/crcs_root/bin/stackapp 2] stackclient_proc: dest stack id[2] stackclient_proc: dest ip :127.254.254.3 stack:slave 02>
5-34
R1P-VD User's Guide
System Log Management

The Corecess R1P-VD series maintains a log file of all error and status messages generated by each module on the Corecess R1P-VD series. Log file is stored in the Corecess R1P-VD series. You can transmit the system log file to a remote host to manage it separately. In this section, the following issues will be described:
y y y y y Specifying level of the logs to be displayed on the console screen Specifying screens to display log messages Saving event messages in the log file Displaying system logs saved in the log file Clearing system logs in the log file
Specifying Event Level

All events occurred in the Corecess R1P-VD series dont need to be stored in the system log file. You can specify the top level of events to be stored using the syslog level command in Global configure mode. The events of the upper levels than the level designated by the syslog level command will be ignored (These events will be neither saved nor displayed). The Corecess R1P-VD series supports the following eight event levels. 1. Emergency event is the most critical level and 8. Debug is the least critical level event. 1. Emergency 2. Alert 3. Critical 4. Errors 5. Warning 6. Notify 7. Inform 8. Debug Less critical More critical
Basic Configuration
5-35
To configure the types and level of the events, use the following command in Global configuration mode:
Table 5-17 Configuring event level
Command logging level <type> <level> end show logging
Task 1. Configure the event types and level to save. y <type>: Type of event to configure the level. y <level>: Level of event (1 ~ 8). Default setting is 6. 2. Return to Privileged mode. 3. Verify the configuration.
The following example configures the sys events of the lower levels (Emergency, Alert, Critical, and Errors) than Errors level (level 4) to be stored in the system log file:
(config)# logging level sys 4 (config)# end # show logging console logging is disable logging buffer is enable logging buffer size is 128 kbytes Facility ----------sys filesys authorize . . 6 6 6 Default Severity -----------------4(*) 6 6 Current Severity ------------------
5-36
R1P-VD User's Guide
Note: The Corecess R1P-VD series supprts the following types of events: - sys - filesys - port - vlan - lacp - igmp : Events related to system hardware. : Events related to file system. : Events related to security and authentication. : Events related to interfaces. : Events related to spanning tree and bridge. : Events related to ports. : Events related to VLAN (Virtual LAN). : Events related to LACP (Link aggregation Control Protocol). : Events related to IGMP and IGMP snoopping.
- authorize - interface - spantree
- pbnac : Events related to PBNAC (Port Base Network Access Control). - mcast - qos - acl - snmp - dhcp - ntp : Events related to multicast. : Events related to QoS (Quality Of Service). : Events related to access list. : Events related to SNMP. : Events related to SNMP RMON. : Events related to DHCP. : Events related to NTP.
- snmp_rmon
- route_main : Events related to Main Routing Control.
Basic Configuration
5-37
Specifying Screen to Display Log

When an event occurs, the information of the event can be appeared on the remote host screen, a console screen, and telnet sessions.
Configuring to Display Log Messages to Console Screen

To configure the log messages to display on the console screen, use the following commands in Global configuration mode:
Table 5-18 Configuring to display log message to console screen
Command logging console {enable | disable}
Task Configure whether to display log messages on the console. y enable: Displays log messages on the console. y disable: Doesnt display log messages on the console.
The following example configures the log messages to display on the console screen:
# configure terminal (config)# logging console enable (config)#
Configuring to Display Log Messages to a Remote Server

To configure the log messages to display on a remote server, use the following command in Global configuration mode:
Table 5-19 Configuring to display log message to a remote server
Command logging {<ip-address> | <host-name>}
Task Specify a remote server to display the log messages. y <ip-address>: IP address of a remote server. y <host-name>: Host name of a remote server.
The following example configures the system log to display on the remote server whose IP address is 172.10.1.0:
(config)# logging 172.10.1.0 (config)#
5-38
R1P-VD User's Guide
Configuring to Display Log Messages to a Telnet Sessions

To configure the log messages to display on Telnet sessions, use the following commands in Global configuration mode:
Table 5-20 Configuring to display log message to a Telnet sessions
Command logging session {enable | disable}
Task Configure whether to display log messages on telnet sessions. y enable: Displays log messages on telnet sessions. y disable: Doesnt display log messages on telnet sessions.
The following example configures the system log to display on telnet sessions:
(config)# logging session enable (config)#
Basic Configuration
5-39
Saving Log Message in Log File

By default, the Corecess R1P-VD series does not save the log messages in a log file. After configuring the log messages to save using the logging file enable command, the log message generated will be saved in a log file. To configure the log messages to be saved in a log file, use the following command in Global configuration mode:
Table 5-21 Saving log messages in a log file
Command logging file {enable | disable}
Task 1. Configure whether to save the log messages in a log file. y enable: Saves log messages in a file. y disable: Doesnt save log messages in a file.
The following example shows how to configure the log message to be saved in a file:
(config)# logging file enable (config)#
5-40
R1P-VD User's Guide
Displaying Contents of Log File

To display the contents of the log file, use the following command in Privileged mode:
Table 5-22 Displaying contents of log file
Command show logging buffer <line>
Task Display the log messages saved in the log file. y <line>: Number of log messages to display.
The following is a sample output of the show logging buffer command:

# show logging buffer 100 Dec 31 00:01:49 localhost Dec 31 00:02:21 localhost Dec 31 00:02:21 localhost Dec 31 00:02:21 localhost Dec 31 00:02:38 VLAN-6-VLAN_CREATED: vlan [1] is created SYS-6-SYS_MODULE: module [1] is inserted SYS-6-SYS_MODULE: module [2] is inserted SYS-6-SYS_MODULE: module [3] is inserted AUTHORIZE-6-USER_LOGIN: corecess login from
Dec 31 00:02:21 localhost SNMP-5-COLDSTART: Cold Start localhost /cinitrd/dev/console Dec 31 00:58:53 localhost AUTHORIZE-6-USER_LOGOUT: corecess logout Dec 31 00:59:01 localhost AUTHORIZE-6-USER_LOGIN: corecess login from /cinitrd/dev/console Aug 16 16:27:31 localhost SYS-6-CFGCHANGE: system configuration was changed by corecess #
The following table describes the fields shown by the show logging buffer command:
Dec 31 00:01:49 localhost VLAN-6-VLAN_CREATED: vlan [1] is created n No n o p o p Description Date and time that the event occurred (month date hour:minute:second) System name The brief description of the event in brief.
Basic Configuration
5-41
Clearing System Log

To clear the system log file, the clear logging buffer command in Privileged mode. The following is an example of clearing the logs in the log file and verifying the result:
# clear logging buffer # show logging buffer 1 #
5-42
R1P-VD User's Guide
Monitoring the System

This section describes the commands you use to monitor the network connectivity and the state of the system modules and display the system configuration.
Checking Network Connectivity

After you assign an IP address and a default gateway and connect at least one properly configured port to the network, you should be able to communicate with other nodes on the network. To check whether the Corecess R1P-VD series is properly connected and configured, use the following commands in Privileged mode:
Table 5-23 Checking network connectivity
Command
Task 1. Ping another node on the network. y -c <packet-count>: Sends the specified number of ICMP packets.
- <packet-count>: The number of packets to send.
ping [c <packet-count>| -i <wait-time>| -s <packet-size>] <destination>
y -i <wait-time>: Pings at intervals of the specified in <wait-time>.

- <wait-time>: Time packets (in seconds). interval of sending ICMP echo request
y -s <packet-size>: Pings with ICMP packets of the specified size (<packet-size>) instead of 56byte ICMP packets.
- <packet-size>: Size of packets sent for the ping test (in bytes, 56 1472). ~
y <destination>: The IP address of the host or the network number to ping. 2. If the host is unresponsive, check the IP address, subnet mask, broadcast address of the VLAN. y <interface-name>: Interface name to display its configuration 3. If the interface is properly configured, check the default gateway configuration.
show interface
show ip route
This example shows how to ping a host with IP address 172.27.2.49:

# ping 172.27.2.49 PING 172.27.2.49 (172.27.2.49): 56 data bytes 64 bytes from 172.27.2.49: icmp_seq=0 ttl=128 time=0.6 ms 64 bytes from 172.27.2.49: icmp_seq=1 ttl=128 time=0.6 ms
Basic Configuration
5-43
64 bytes from 172.27.2.49: icmp_seq=2 ttl=128 time=0.6 ms 64 bytes from 172.27.2.49: icmp_seq=8 ttl=128 time=0.5 ms 64 bytes from 172.27.2.49: icmp_seq=2 ttl=128 time=0.6 ms 64 bytes from 172.27.2.49: icmp_seq=8 ttl=128 time=0.5 ms 64 bytes from 172.27.2.49: icmp_seq=9 ttl=128 time=0.5 ms 64 bytes from 172.27.2.49: icmp_seq=10 ttl=128 time=0.5 ms --- 172.27.2.49 ping statistics --11 packets transmitted, 11 packets received, 0% packet loss round-trip min/avg/max = 0.4/2.2/19.2 ms #
The following messages are displayed according to the status of host and network:
Table 5-24 Output of PING command
Connection Status Host or network is connected. (When the ICMP echo response messages have been received from the host or network) Destination does not respond. (When any packets have not been received from the host or network) Host is unreachable. Network is unreachable.
Displayed message <host> is alive 22 data bytes from <host> : icmp_seq=n. time=n ms no answer from <host> <host> is unreachable Network is unreachable. : 2
The following example shows how to display the VLAN interface information of the using the show interface command:
localhost# show interface CoreOS Routing Interface : $Revision: 1.2 $ Interface management index 0, kernel index 2(0) HWaddr: 00:00:00:0a:01:ad input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 Status Checking link-status trap is disable no checking member's link status IPv4 Options metric 1 mtu 1514 <BROADCAST,MULTICAST>
5-44
R1P-VD User's Guide
icmp redirects are not sent icmp unreachables are not sent IPv4 ARP Information timeout : 1800 sec proxy-arp : routing mode off proxy-arp : bridge mode off Interface vlan1 index > HWaddr: 00:90:a3:00:00:02 inet 172.18.9.218/16 broadcast 172.18.255.255 input packets 71385, bytes 5655731, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 224, bytes 16832, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 Status Checking link-status trap is disable no checking member's link status IPv4 Options icmp redirects are not sent icmp unreachables are sent IPv4 ARP Information timeout : 1800 sec proxy-arp : routing mode off proxy-arp : bridge mode off 27, kernel index 6(1) metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST
The following is a sample output from the show ip route command:

# show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, > - selected route, * - FIB route S>* 0.0.0.0/0 [1/0] via 172.19.1.254, vlan2 C>* 172.19.0.0/16 is directly connected, vlan2 Route Source connected static Total # 1 2 Num of Entries 1
Basic Configuration
5-45
Displaying System Module Equipment Status

You can display the equipment and running state of the system modules using the show system command in
Privileged mode. The following is a sample output of the show system command:
localhost# sh system System Information ----------------------------------------------------------------------------Subscriver/Service Interface Board(s) SIB SIB SIB PWR FAN FAN FAN FAN [ [ [ [ [ [ [ [ 1] 2] 3] 1] 1] 2] 3] 4] Normal Unequipped Normal Normal Normal Normal Normal Normal
Auxiliary Information ----------------------------------------------------------------------------Fan Temperature (`C(`F)) Max/Min Threshold (`C(`F)) Current Temperature Max/Min Threshold MIB-II: System Group Contact: support@corecess.com Name: Corecess R1P-VDSL Location: Corecess Inc. Descr: R1P VDSL ObjectID(36): 1,3,6,1,4,1,2971,50,50 localhost# : : 29 ( 84 ) 90/ 80 (194/176) : 33/ 25 ( 91/ 77)
-----------------------------------------------------------------------------
Each field shown by the show system command describes the following information about system state:
Table 5-25 System state information
Field System Information
Description The state of the main and option slot, power, and fan module.
5-46
R1P-VD User's Guide
Auxiliary Information
The range of the temperature of the fan module, but the Corecess R1P-VD series does not provide this information.
Displaying System Module Information

You can display the information of the modules installed in the option slots on the Corecess R1P-VD
series using the show module command in Privileged mode. The following is a sample output of the show module command:
localhost# sh module Codes : * - Internal/Built-in Module, N - Network Attached Module X - Switch Fabric Module, > - Current Management Module Module > Base 1 2 3 Module 1 3 Ports Description N/A 2 N/A 24 Control Module R1P Base Uplink Module N/A R1P-VD24 Hw Status active insert,up not-exist insert,up Fw N/A N/A Sw N/A N/A Serial No. N/A N/A N/A N/A
------- ----- ------------------------------- ---------------- -------------
Version
------- ------------------ ---------------- --------------- --------------release.rev(patch) 0.0(2) release.rev(patch) 0.0(2)
The table below describes the fields shown by the show module command:
Table 5-26 show module field descriptions
Field Module Ports Description Status Serial No. Version Hw Fw Sw
Description Slot number which the module is installed on. (1 : option slot, 2~ 3 : base slots) Number of the ports on the module. Type of the module. Equipment status and operating status of the module. Serial number of the module. Version format. Hardware version of the module. Firmware version of the module. Software version of the module.
Basic Configuration
5-47
Displaying Memory Usage

You can display the usage of the memories on the Corecess R1P-VD series using the show meminfo
command in Privileged mode. The following is a sample output of the show meminfo command:
# show meminfo T total: Mem: 111812608 Swap: 0 MemTotal: MemFree: MemShared: Buffers: Cached: SwapCached: Active: Inactive: HighTotal: HighFree: LowTotal: LowFree: SwapTotal: SwapFree: Committed_AS: VmallocTotal: VmallocUsed: VmallocChunk: #
used: 66183168 0 109192 kB 44560 kB 0 kB 3852 kB 40548 kB 0 kB 9412 kB 49368 kB 0 kB 0 kB 109192 kB 44560 kB 0 kB 0 kB 63444 kB 1048560 kB 33336 kB 1015224 kB
free: 45629440 0
shared: 0
buffers: 3944448
cached: 41521152
The table below describes the fields shown by the show meminfo command:
Table 5-27 show meminfo field descriptions
Field total used Mem free shared buffers cached Total amount of memory held in bytes. Total amount of used memory in bytes. Total amount of free memory in bytes.
Description
Total amount of shared memory in bytes. Total amount of buffer memory in bytes. Total amount of cache memory in bytes.
(Continued)
5-48
R1P-VD User's Guide
Field total Swap used free MemTotal MemFree MemShared Buffers Cached SwapCached Active Inactive HighTotal HighFree LowTotal LowFree SwapTotal SwapFree Total amount of swap in bytes. Total amount of used swap in bytes. Total amount of free swap in bytes. Total amount of memory in Kilobytes.
Description
Total amount of free memory in Kilobytes. Total amount of shared memory in Kilobytes. Total amount of buffer memory in Kilobytes. Total amount of cache memory in Kilobytes. Total amount of swap cache in Kilobytes. Amount of buffer or cache memory currently allocated in kilobytes. Amount of free buffer or cache memory in Kilobytes. Amount of memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Amount of free memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Amount of memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Amount of free memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Total amount of swap in Kilobytes. Total amount of free swap in Kilobytes.
Basic Configuration
5-49
5-50
R1P-VD User's Guide
Chapter 6
Configuring Ports
This chapter describes how to change port configuration settings. 9 9 9 9 Configuring Gigabit Ethernet Ports Configuring Flex links Configuring the VDSL Port Configuring Profile 6-2 6-10 6-13 6-29
Configuring Gigabit Ethernet Ports

This section describes how to configure basic Gigabit Ethernet port parameters. The configurations mentioned in this section are applied to Gigabit Ethernet interface of the Corecess R1P-VD series.
Default Gigabit Ethernet Configurations

The following table lists the Gigabit Ethernet default configuration.
Table 6-1 Default Gigabit Ethernet Configurations
Feature Admin status Port name Port priority level 10/100Base-TX Duplex mode 1000Base-LX 1000Base-SX Enable None configured Normal Auto Full-duplex Auto Disable 10/100Base-TX Cost 1000Base-LX 1000Base-SX 19 4 32
Default setting
Port speed STP status
Port STP priority VLAN
All ports belong to the default VLAN (ID : 1, name: DEFAULT)
When change the Gigabit Ethernet port configurations, the change becomes part of the running configuration. The change does not automatically become part of the startup configuration file in Flash memory. If you do not save your changes in Flash memory, they are lost when the system is restarted. To save the changes of the Gigabit Ethernet port configuration in Flash memory, you must enter the write memory command in Privileged mode.
6-2
R1P-VD User's Guide

This section describes the following Gigabit Ethernet port configuration tasks:
y y y y Disabling or enabling the Gigabit Ethernet port Setting the port speed and duplex mode Setting port name Setting port trap
Disabling or Enabling the Gigabit Ethernet Port

By default, all Gigabit Ethernet ports on the Corecess R1P-VD series are enabled. To configure the administrative state of a port (disabling a port or re-enabling a port), enter the following command in Global configuration mode:
Table 6-2 Configuring administrative state of Gigabit Ethernet port
Command y port <port-type> <slot>/<port> admin {enble|disable} <port-type>: Port type
Task
- gigabitethernet: Gigabit Ethernet port
y <slot>: Slot number (1) y <port>: Port number (1, 2) y enable: Enable the specified port. y disable: Disable the specified port.
The following example shows how to disable Gigabit Ethernet port 1/2:
(config)# port gigabitethernet 1/2 admin disable (config)#
The following example shows how to re-enable Gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 admin enable (config)#
Configuring Ports
6-3
Setting the Port Speed and Duplex Mode

You can configure the port speed and duplex mode parameters to auto and allow the Corecess R1P-VD series to negotiate the port speed and duplex mode between ports. Follow these guidelines when configuring the port speed and duplex mode:
y y
If you set the port speed to auto, the switch automatically sets the duplex mode to auto. When you set the port speed to 1000 Mbps, the duplex mode is full duplex. You cannot change the duplex mode.
If the port speed is set to 10 or 100 mbps, the duplex mode is set to half duplex by default unless you explicitly configure it.
To set the speed and duplex parameters on a port, enter the following commands in Global configuration mode:
Table 6-3 Configuring Gigabit Ethernet port speed and duplex mode
Command
Task 1. Set the speed on the specified port. y <port-type>: Port type
port <port-type> <slot>/<port> speed <speed>
y <slot>: Slot number (1) y <port>: Port number (1, 2) y <speed>: Port speed
auto: Speed is auto negotiated. 1000: 1000Mbps 100: 100Mbps 10: 10Mbps
2. Set the port duplex mode. y <port-type>: Port type

port <port-type> <slot>/<port> duplex <duplex-mode>
y <slot>: Slot number (1) y <port>: Port number (1, 2) y <duplex-mode>: Duplex mode
- auto: Duplex mode is auto negotiated. - full: Full-duplex mode - half: Half-duplex mode
Note: y 1000Base-SX/LX port supports only full-duplex mode. y To not use autonegotiation featue, you should configure both the port speed and the duplx mode.
6-4
R1P-VD User's Guide
This example shows how to set the port speed and duplex mode on the Gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 speed 100 (config)# port gigabitethernet 1/1 duplex full (config)#
Setting Port Name

You can assign names to the Gigabit Ethernet ports to facilitate system administration. To assign a name to a port, enter the following command in Global configuration mode:
Table 6-4 Setting Gigabit Ethernet port name
Command y <port-type>: Port type port <port-type> <slot>/<port> name <port-name>
Task
y <slot>: Slot number (1) y <port>: Port number (1, 2) y <port-name>: Port name
This example shows how to set the name for Gigabit Ethernet port 1/1.
(config)# port gigabitethernet 1/1 name uplink-port (config)#
Setting Port Trap

You can enable or disable the operation of the standard SNMP link trap (up or down) for a Gigabit Ethernet port. By default, the SNMP link trap of the ports on the Corecess R1P-VD series is disabled. To configure the operation of the standard SNMP link trap, enter the following command in Global configuration mode:
Configuring Ports
6-5
Table 6-5 Setting Gigabit Ethernet port trap
Command y <port-type>: Port type port <port-type> <slot>/<port> trap link-status
Task
y <slot>: Slot number (1) y <port>: Port number (1, 2)
This example shows how to enable the SNMP link trap for the Gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 trap link-status (config)#
To disble the SNMP link trap, use no port <port-type> <slot>/<port> trap linkstatus command. This example shows how to disable the SNMP link trap for the Gigabit Ethernet port 1/1:
(config)# no port gigabitethernet 1/1 trap link-status (config)#
6-6
R1P-VD User's Guide
Displaying Gigabit Ethernet Port Information

To display the configuration information and statistics for a specific Gigabit Ethernet port, enter show
port <port-type> <slot>/<port> command in Privileged mode.
This example shows how to display the configuration information and statistics for the 1/1 Gigabit Ethernet port:
# show port gigabitethernet 1/1 Port 1/1 Name uplink-port Status Vlan FlwCtl Duplex a-off full Speed 0 Type 1000BaseT LinkAgg. off
----- -------------- ---------- ----- ------- ------- --------- -----------notconnect 1
AdminStatus enable Port 1/1
Media-type STP none disable
RSTP Edge Trap disable disable
----------- ---------- ---------- ---------- ---------- ----------
Admin Speed 0 M Logical ID 1
Limited Speed Unlimited
Active Speed 0 M
----- ---------------- ---------------- -----------------
If Index 1
---------- ----------
access-type : tranparent Port 1/1 Statistics Counters All(bytes) in out 0 0 0 0 0 0 0 0 0 0 0 0 Unicast Multicast Broadcast Discard Error -------------- ------------- ------------- ------------ ---------- --------
Port Error Counters input(0): runt/shortCRC/normalCRC/normalAlign/longCRC (0/0/0/0/0) output(0): defered(0) collision single/multi/consecutive/late (0/0/0/0/0) Extension status N/A
Configuring Ports
6-7
# The following table describes the fields in the show port <port-type> <slot>/<port> command output:
Table 6-6 Show port field descriptions
Field Port Name Status Vlan FlwCtl Duplex Speed Type AdminStatus Media-type STP RSTP Edge Trap Admin Speed Active Speed If Index Logical ID All in Unicast Multicast Broadcast
Description Slot number / port number of the port. Name of the port. Connecting status of the port. VLAN ID which the port belongs to. Whether to enable the flow control function. Duplex mode of the port. Speed of the port. Type of the port. Administrative status of the port (enable, disable). Media type (MDI/MDIX) of the port (none). STP status of the port (enable, disable). RSTP status of the port (enable, disable). Whether to enable displaying trap messages of the VDSL port (enable, disable). Maximum speed of the port. Current speed of the port. Interface number of the port. Logical ID of the port. Total number of the incoming packets on the port. Total number of the incoming unicast packets on the port. Total number of the incoming multicast packets on the port. Total number of the incoming broadcast packets on the port.
6-8
R1P-VD User's Guide
Field in Discard Error All Unicast out Multicast Broadcast Discard Error Runt shortCRC input normalCRC normalAlign longCRC Deferred Single output Multi consecutive Late
Description Number of the incoming packets discarded on the port. Number of the incoming packets with errors on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Number of frames received without Start of Frame Delimiter detection but with carrier assertion. Number of frames less than 64 bytes in length, received with CRC error. Number of frames with lengths between 64 bytes and the maximum frame size, received with an integral number of bytes and a CRC error. Number of frames with lengths between 64 bytes and the maximum frame size, received with a non integral number of bytes and a CRC error. Number of frames, larger then the maximum frame size, received with a CRC error. Number of frames deferred at the first transmit attempt due to a busy line in half duplex mode. Number of frames transmitted without any error following a single collision. Number of frames transmitted without any error following multiple collisions. Number of frames that have experienced 16 consecutive collisions or more, not including late collisions. Number of transmission abortion due to a collision occurring after the transmission of the first 64 bytes fo that packet.
Configuring Ports
6-9
Configuring Flex links

Flex links is a function that provides basic interface duplication in L2 Layer environment which doesn't use STP. In Corecess R1P-VD, the flex links function is provided by setting up the primary/backup port.
Flex links Features

y The primary/backup relationship (hereinafter referred to as the flex link) can be set up on two usable ports. These two ports tied up in pairs cannot be overlapped with other ports in setting up flex links. y The primary port stands for the port used in communication under ordinary circumstances and the backup port is the port used when communication is impossible because problem has occurred to the primary port. y Because only the duplication of L2 Layer is provided, two ports which belong to different VLAN from each other are unable to set up Flex links. y y y The ports in which STP is set are unable to set up Flex links. Only the first primary port is able to communicate and the communication of backup port gets blocked. In case the link of Active port becomes unable to communicate, the standby port changes its role as an active port. Once that active port that had become unable to communicate is recovered, it stands by as a block state until the active-port is activated with flex-link update [PORT] command.
Flex links Set up

The Flex links are set up as a pair of primary/backup port. Setup is enabled using the following commands.
Command configure terminal [no] Port <PORT1> flex-link backup <PORT2 Task Enter Global configuration mode. Setup (clear) the flex link that has <PORT1> as primary and <PORT2> as backup port.
6-10
R1P-VD User's Guide
Exit Show port flex-link
Exit to Enable mode. Check the setup of Flex-links
The following is an example of Flex link setup.

Localhost# configure terminal Localhost(config)# port fastethernet 3/1 flex-link backup fastethernet 3/2 Localhost(config)# end Localhost# show port flex-link Port 3/1 3/2 3/3 3/10 3/11 3/12 Disabled Disabled Disabled flex-link Primary (3/2) Backup (3/1) - blocked Disabled ------- ----------
The port indicated as blocked in above information is a port blocked by flex-link function. The flex-link can be cleared as follows.
Localhost# configure terminal Localhost(config)# no port fastethernet 3/1 flex-link Localhost(config)# end Localhost# show port flex-link Port 3/1 3/2 3/3 3/10 3/11 3/12 Disabled Disabled Disabled flex-link Disabled Disabled Disabled ------- ----------
Configuring Ports
6-11
Flex links primary port Enable

Once the Flex link function is set up, the communication becomes in progress again as the backup port gets enabled if problem occurs at the port set as primary. In order to recover the primary port and proceed with the communication again by activating the primary port, the following command is used.
Command Flex-link update port <primary port> Show port flex-link Enable Primary port Confirm Flex-links setting Task
If the primary port is activated using the command above, the backup port gets blocked. The following is an example of reactivating the primary port.
Localhost# show port flex-link Port 3/1 3/2 3/3 3/10 3/11 3/12 Disabled Disabled Disabled flex-link Primary (3/2) - blocked Backup (3/1) Disabled ------- ----------
Localhost# flex-link update port fastethernet 3/1 Localhost# show port flex-link Port 3/1 3/2 3/3 3/10 3/11 3/12 Disabled Disabled Disabled flex-link Primary (3/2) Backup (3/1) - blocked Disabled ------- ----------
6-12
R1P-VD User's Guide
Configuring the VDSL Port

The VDSL port configuration that is preset in the Corecess R1P-VD series is as shown below.
Table 6-7 VDSL Port Default Configuration
Item Port Operation Status Band Plan Line Speed (Upstream/downstream) Interleave delay (Upstream/downstream) Alarm Threshold INP (Upstream/downstream) SNR Margin UPBO PSD Mask Name TX/RX Band Plan Option Band Type Line Type PSD Protection Point (Upstream/downstream) Target (Upstream/downstream) Minimum (Upstream/downstream)
Default Configuration All operations enabled 998-640-30000 100/100 200.00/200.00 Kbps 2.0/2.0 msec Set all items to 0 0/0 6/6 dB 0/0 dB Disable ANSI_M1_CAB All Tone On not configured VDSL2 Profile 8D VDSL2 Profile 12A VDSL2 Profile 17A VDSL2 Profile 30A (0/0)
When the VDSL port default configuration is changed as seen above, it will be immediately applied to the system without having to reboot the system or executing other commands. However, in order to use the changed configurations even after turning off and on the system, the write memory command in the Privileged mode must be used to save the VDSL port configuration in the flash memory.
Configuring Ports
6-13

This part explains how to configure the VDSL ports as seen below.
y y y y y y y y y y y y y y y Setting the VDSL port operation status Setting the VDSL band plan Setting the VDSL option band Setting the VDSL line type Setting the link speed Setting the interleaving Setting the SNR margin Configuring the Impulse Noise Protection Setting the UPBO (Upstream Power Backoff) Setting the PSD (Power Spectral Density) Setting the PSD Mask Setting the RFI (Radio Frequency Interference) notch Setting the maximum frame size Resetting the VDSL port Controlling the VDSL modem
6-14
R1P-VD User's Guide
Setting the VDSL Port Operation Status

The Corecess R1P-VD series VDSL ports are preset so that they will all operate. In order to change the VDSL port operation status, input the below commands at the Global Configuration menu.
Table 6-8 VDSL Setting the Port Operation Status
Command Port vdsl <slot>/<port> admin {enble|disable} end
Operation y <slot>: Slot Number (3) y <port>: Port Number (1 ~ 16, 24) y enable: set so port is operating. y disable: set so port is not operating. Go to Privileged mode.
Below is an example of the setting so that the 2/1 VDSL port is operating.
(config-dsl)# port vdsl 3/1 admin enable (config)# end
Below is an example of the setting so that the 2/1 VDSL port is not operating.
(config-dsl)# port vdsl 3/1 admin disable (config)# end
Setting the VDSL Band Plan

In order to set the VDSL band plan, perform the below procedures in the Global Configuration mode.
Table 6-9 Setting the VDSL Band Plan
Command dsl 1. Go to the DSL mode.
Operation
vdsl bandplan <slot>/<port> {03|04|05|06|07|08|09|11|1 2|18|19|20|21}
2. Set the VDSL band plan. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y 03 (998-138-8500_Long_Reach) y 04 (998-138-12000_High_Data_Rate) y 05 (998-640-30000_100/100) y 06 (997-138-8500) y 07 (Flex-138-4400) y 08 (998-138-4400) y 09 (997-138-4400) y 11 (998-138-4400-optband) y 12 (997-138-4400-optband)
Configuring Ports
6-15
y 18 (998-138-12000_4K_Tones) y 19 (997-138-12000_4K_Tones) y 20 (998-138-17000_4K_Tones) y 21 (998-138-30000_4K_Tones_30A) end show vdsl bandplan <slot>/ <port> configured 3. Go to Privileged mode. 4. Check the VDSL configuration results. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
Below is an example of setting the VDSL Port 3/1 band plan to 998-138-8500_Long_Reach and confirming the results.
# configure terminal (config)# dsl (config-dsl)# vdsl bandplan 3/1 03 (config)# end # show vdsl bandplan 3/1 configured 3/1 # BANDPLAN :03 (998-640-30000 100/100)
Setting the VDSL Option Band

In order to set the VDSL option plan, perform the below procedures in the Global Configuration mode.
Table 6-10 Setting the VDSL Option Band
Command dsl vdsl optionBand <slot>/<port> txBand <1-5> rxBand <1-5> optionBand {no option | annex_A_6_32 | annex_B_32_64 | annex_B_6_64} end show vdsl optionBand <slot>/ <port> configured 1. Go to the DSL mode.
Operation
2. Set the VDSL option band. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y txBand (1-5) y rxBand (1-5) y no option y annex_A_6_32 y annex_B_32_64 y annex_B_6_64 3. Go to Privileged mode. 4. Check the vdsl configuration results. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
6-16
R1P-VD User's Guide
Below is an example of setting the VDSL Port 3/1 option band to Annex_B_6_64 and confirming the results.
# configure terminal (config)# dsl (config-dsl)# vdsl optionBand 3/1 Txband 1 rxband 1 optionband annex_B_6_64 (config)# end # show vdsl optionBand 3/1 configured 3/1 Tx Band Plan : All Tone On Rx Band Plan : All Tone On option Band type : Annex_B_6_64, 26 to 276 KHZ #
Setting the VDSL Line Type

In order to set the VDSL line type, perform the below procedures in the Global Configuration mode.
Table 6-11 Setting the VDSL Line Type
Command dsl vdsl line-type <slot>/<port> {dsl1 | vdsl2Profile8A | vdsl2Profile8B | vdsl2Profile8C | vdsl2Profile8D | vdsl2Profile12A | vdsl2Profile17A | vdsl2Profile30A | vdsl2Profile17B} {enable | disable} end show vdsl line-type <slot>/ <port> configured show vdsl line-type <slot>/ <port> current 1. Go to the DSL mode.
Operation
2. Set the VDSL line type. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y vdsl2Profile8A y vdsl2Profile8B y vdsl2Profile8C y vdsl2Profile8D y vdsl2Profile12A y vdsl2Profile12B y vdsl2Profile17A y vdsl2Profile30A y enable y disable 3. Go to Privileged mode. 4. Check the vdsl configuration results. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) 4. Check the vdsl current operation status. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
Below is an example of setting line type to enable the vdsl2Profile30A at the VDSL port 3/1 and confirming the results.
Configuring Ports
6-17
# configure terminal (config)# dsl (config-dsl)# vdsl line-type 3/1 vdsl2Profile30A enable (config)# end # show vdsl linetype 3/1-2 configured 3/1 VDSL1 VDSL2 Profile 8A VDSL2 Profile 8B VDSL2 Profile 8C VDSL2 Profile 8D VDSL2 Profile 12A VDSL2 Profile 17A VDSL2 Profile 30A VDSL2 Profile 12B 3/1 # [OFF] [OFF] [OFF] [OFF] [ON] [ON] [ON] [ON] [OFF]
# show vdsl linetype 3/1 current Line Type : VDSL2 Profile 30A
6-18
R1P-VD User's Guide
Setting the VDSL Link Speed

In order to set the VDSL link speed, perform the below procedures in the Global Configuration mode.
Table 6-12 Setting the VDSL Link Speed
Command dsl 1. Go to Dsl Mode.
Operation
vdsl speed <slot>/<port> ds <64-200000> us <64-200000>
2. Set the VDSL link speed. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y ds downlink speed <64-200000> y us uplink speed <64-200000> 3. Go to Privileged mode. 4. Check the vdsl configuration results. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) 5. Check the vdsl current operation status. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
end show vdsl speed <slot>/ <port> configured show vdsl speed <slot>/ <port> current
Below is an example of setting all the downlink and uplink speeds at 100000 at the VDSL port 3/1 and confirming the results.
# configure terminal (config)# dsl (config-dsl)# vdsl speed 3/1 ds 100000 us 100000 (config)# end # show vdsl speed 3/1 configured 3/1 3/1 # speed(ds/us) : 10000/10000 current speed : 127.49/126.07 Mbps # show vdsl speed 3/1 current current payload : 103.98/101.98 Mbps
Configuring Ports
6-19
Setting the Interleaving

Interleaving delays certain data in order to prevent noises. The interleaving delay value can be set in the Corecess R1P-VD series to set the VDSL interleaving. The default interleaving delay value applied when uploading or downloading data through the VDSL port is 2/2 msec. In order to set the interleaving delay value of the designated VDSL port, execute the below procedures in the Global configuration mode.
Table 6-13 VDSL Setting the Ports Interleaving Depth
Command dsl 1. Go to dsl mode.
Operation
vdsl interleavedelay <slot>/<port> ds <downdepth> us <up-depth>
2. Set the interleaving delay value to be applied to the ports upstream band and downstream band. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y <down-depth> Downstream interleaving delay (0 ~ 200msec) y <up-depth> Upstream interleaving delay (0 ~ 200msec) 3. Go to Privileged mode. 4. Check the VDSL configuration results. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) 4. Check the current status of VDSL. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
end show vdsl interleavedelay <slot>/<port> configured show vdsl interleavedelay <slot>/<port> configured
Note: When noise is a problem, set the interleaving dealy at a value larger than the largest expected noise time. If delay is a problem, set the interleaving delay at the lowest amount.
Below is an example of applying a 3msec interleaving delay for downloading or uploading data through the 2/1-10 VDSL port, and confirming the results.
# configure terminal (config)# dsl (config-dsl)# vdsl interleavedelay 3/1-10 ds 4 us 4 (config)# end # show vdsl interleavedelay 3/1-10 configured 3/1 3/2 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4
6-20
R1P-VD User's Guide
3/3 3/4 3/5 3/6 3/7 3/8 3/9 3/10 #
intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4 intleave delay(ds/us): 4/4
In order to print the current value of the interleaving delay, execute the show VDSL interleavedelay <slot>/<port> current command in the Privileged mode. The below shows how to print the current value of the interleaving delay.
# show VDSL interleavedelay 3/1-10 current 3/1 3/2 3/3 3/4 3/5 3/6 3/7 3/8 3/9 3/10 current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms current delay : 1.8/1.7 ms#
Setting the SNR Margin

The SNR margin is the maximum amount of noise tolerated when the VDSL modems BER (Bit Error Rate) requisites are satisfied. In other words, the SNR margin is a value that shows how much the BER can be maintained under a specified level when noise is in the line. The below SNR margins can be set for the Corecess R1P-VD series as seen below.
y In order to successfully complete initialization of the modem, the Target SNR margin must be set the BER above 10-7. y When the actually set SNR margin is smaller than the cancelled SNR margin, the modem will fail initialization and will retry after increasing the power output. y y The below SNR margin defaults are set in the Corecess R1P-VD series. Target downstream/upstream SNR margin: 6dB
Configuring Ports
6-21
Minimum downstream/upstream SNR margin: 5dB
Methods for setting the Upstream/downstream SNR margin values to be applied to the VDSL port are as seen below.
Table 6-14 Setting the VDSL Port SNR Margin
Command dsl
Operation 1. Go to DSL configuration mode. 2. Set the SNR margin to be applied when uploading or downloading the data through the VDSL port. y<slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y target target SNR margin y minnm minimum SNR margin y <ds-margin> downstream SNR margin (0~31 dB) y <us-margin> upstream SNR margin (0~31 dB) 3. Go to Privileged mode. 4. Check the SNR margin configuration. y <slot> Slot Number (1~8) y <port> Port Number (1 ~ 24, 48) y current currently set SNR margin y target target SNR margin y minnm minimum SNR margin
VDSL snrmargin <slot>/<port> {target |min} ds <ds-margin> us <us-margin>
end
show VDSL snrmargin <slot>/<port> {current| min|target}
Below is an example of setting the SNR margin to be applied when downloading or uploading data through the 2/1 VDSL port, and confirming the results.
(config)# dsl
(config-dsl)# VDSL snrmargin 3/1 target ds 6 us 6 (config-dsl)# VDSL snrmargin 3/1 min ds 5 us 5
(config)# end
# show VDSL snrmargin 3/1 target 3/1 3/1 3/1 # min margin : min margin : 6/ 5/ 6 5 # show VDSL snrmargin 3/1 min # show VDSL snrmargin 3/1 current current Training Margin : 0.0/7.2 dB
6-22
R1P-VD User's Guide
Configuring the Impulse Noise Protection

You can designate the minimum INP for the up and downstream channels. INPs are displayed as signs and can be set in values such as 0, 0.5, 1 or 2. The Impulse Noise Protection (INP) is expressed as a symbol and can be set in one of the symbols for 0, 0.5, 1 or 2. For example, 1 INP means that the noise that occurs during the length and time interval of one symbol can be modified without errors. One symbol equals 250 and INP 1 corresponds to the adjustment time of 250 . Chart 6-16 is an explanation of how to set the INP for downstream bearer channels.
Table 6-15 Configuring the INP(Impulse Noise Protection)
Command dsl
Operation 1. Go to DSL configuration mode. 2. Set the INP value. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y <ds-inp> INP value for downstream (0, 1,2,4). y <us-inp> INP value for upstream (0, 1,2,4). 3. Go to Privileged mode. 4. Check the setting results. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) 5. Check the current status. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
VDSL inp <slot>/<port> ds <ds-inp> us <us-inp>
end show VDSL inp <slot>/<port> configured show VDSL inp <slot>/<port> current
Below is an example of setting the INP value and checking the configuration results.
(config)# dsl (config-dsl)# vdsl inp 3/1 ds 1 us 2 (config-dsl)# end # show vdsl inp 3/1-10 configured 3/1 3/1 Impulse Noise Protection ds/us : 0.5/1.0 current protection(ds/us) : 0.0/0.0 DMT Symbols # show vdsl inp 3/1-10 current
Configuring Ports
6-23
Setting the UPBO (Upstream Power Backoff)

In order to set the VDSL UPBO (Upstream Power Backoff), execute the below procedures in the Global configuration mode.
Table 6-16 Setting the VDSL UPBO
Command dsl 1. GO TO DSL MODE.
Operation
vdsl upbo <slot>/<port> (disable | enable)
2. Set the VDSL option band. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y enable y disable 3. Go to Privileged mode. 4. CHECK THE VDSL CONFIGURATION RESULTS. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
end show vdsl upbo <slot>/ <port> configured
Below is an example of enabling the UPBO of the VDSL port 3/1, and confirming the results.
Setting the PSD (Power Spectral Density)

In order to set the VDSL PSD (Power Spectral Density), execute the below procedures in the Global configuration mode.
Table 6-17 Setting the VDSL PSD Mask
Operation
vdsl psd <slot>/<port> (ds|us) <1-32> freq <0-10000> psd <0-255>
2. Set the VDSL link speed. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y ds (1-32) y us (1-32) y Breakpoint(ds | us) y freq (0-10000) y psd (0-255) 3. Go to Privileged mode. 4. CHECK THE VDSL CONFIGURATION RESULTS. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
end show vdsl psd <slot>/ <port> configured
6-24
R1P-VD User's Guide
Below is an example of setting the PDS Mask at the VDSL port 3/1.
Setting the PSD (Power Spectral Density) Mask

In order to set the VDSL PSD (Power Spectral Density), execute the below procedures in the Global configuration mode.
Table 6-18 Setting the VDSL PSD Mask
Operation
2. Set the VDSL PSD Mask. y <slot> Slot Number (3) <port> Port Number (1 ~ 16, 24)
01 ANSI_M1_CAB 02 ANSI_M2_CAB 03 ETSI_M1_CAB 04 ETSI_M2_CAB 05 ANNEX_F
vdsl psdmask <slot>/<port> {01~14)
06 ANSI_M1_EX 07 ANSI_M2_EX 08 ETSI_M1_EX_P2 09 ETSI_M2_EX_P2 10 RESERVED 11 PSD_K 12 PSD_CHINA 13 ETSI_M1_EX_P1 14 ETSI_M2_EX_P1
end show vdsl psdMask <slot>/ <port> configured
3. Go to Privileged mode. 4. CHECK THE VDSL CONFIGURATION RESULTS. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
Below is an example of setting the PDS Mask in the VDSL port 3/1.
# configure terminal (config)# dsl (config-dsl)# vdsl psdMask 3/1 01 (config)# end # show vdsl psdMask 3/1-10 configured 3/1 PSD MASK name : 01
Configuring Ports
6-25
Setting the RFI (Radio Frequency Interference) notch

In order to set the VDSLs RFI (Radio Frequency Interference) notch, execute the below procedures in the Global configuration mode.
Table 6-19 Setting the VDSL RFI notch
Command dsl vdsl rfi-notch <slot>/<port> <notch_no> {enable|disable} end show vdsl rfi-notch <slot>/ <port> configured 1. GO TO DSL MODE.
Operation
2. Set the VDSL PSD Mask. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y notch_val RFI NOtch value (01-21) 3. Go to Privileged mode. 4. CHECK THE VDSL CONFIGURATION RESULTS. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
# configure terminal (config)# dsl (config-dsl)# vdsl rfinotch 3/1 01 enable (config)# end # show vdsl rfinotch 3/1 configured 3/1 1) RFI-BAND01: OFF 1.810 - 1.825 MHz : ANNEX F 2) RFI-BAND02: OFF 1.810 - 2.000 MHz : ETSI, T1E1 3) RFI-BAND03: OFF 1.9075 - 1.9125 MHz : ANNEX F 4) RFI-BAND04: OFF 3.500 - 3.575 MHz : ANNEX F 5) RFI-BAND05: OFF 3.500 - 3.800 MHz : ETSI 6) RFI-BAND06: OFF 3.500 - 4.000 MHz : T1E1 7) RFI-BAND07: OFF 3.747 - 3.754 MHz : ANNEX F 8) RFI-BAND08: OFF 3.791 - 3.805 MHz : ANNEX F 9) RFI-BAND09: OFF 7.000 - 7.100 MHz : ANNEX F, ETSI 10) RFI-BAND10: OFF 7.000 - 7.300 MHz : T1E1 11) RFI-BAND11: OFF 10.100 - 10.150 MHz : ANNEX F, ETSI, T1E1 12) RFI-BAND12: OFF 14.000 - 14.350 MHz : ANNEX F, ETSI, T1E1 13) RFI-BAND13: OFF 18.068 - 18.168 MHz : ANNEX F, ETSI, T1E1 14) RFI-BAND14: OFF 1.800 - 1.825 MHz : HAM Band 1 15) RFI-BAND15: OFF 3.500 - 3.550 MHz : HAM Band 2 16) RFI-BAND16: OFF 3.790 - 3.800 MHz : HAM Band 3 17) RFI-BAND17: OFF 1.800 - 1.810 MHz : RFI Notch
6-26
R1P-VD User's Guide
18) RFI-BAND18: OFF 21.000 - 21.450 MHz : ANNEX F, ETSI, T1E1 19) RFI-BAND19: OFF 24.890 - 24.990 MHz : ANNEX F, ETSI, T1E1 20) RFI-BAND20: OFF 28.000 - 29.100 MHz : ANNEX F, ETSI, T1E1 21) RFI-BAND21: OFF 28.000 - 29.700 MHz : ANNEX F, ETSI, T1E1 #
Setting the Maximum Frame Size

In order to set the maximum frame size, execute the below procedures in the Global configuration mode.
Table 6-20 Setting the VDSL mtu
Command dsl 1. Go to dsl mode
Operation
vdsl mtu <slot>/<port> <mtu_val>
2. Set the VDSL PSD Mask. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24) y mtu_val MTU size (1522-9000) 3. Go to Privileged mode. 4. CHECK THE VDSL CONFIGURATION RESULTS. y <slot> Slot Number (3) y <port> Port Number (1 ~ 16, 24)
end show vdsl rfi-notch <slot>/ <port> configured
# configure terminal (config)# dsl (config-dsl)# vdsl mtu 3/1 9000 (config)# end # show vdsl mtu 3/1 configured 3/1 MTU 9000 bytes #
Setting the VDSL carrier

In order to set the VDSL carrier, perform the below procedures in the Global Configuration mode.
Table 6-21 Setting the VDSL carrier
Command vdsl carrier <slot>/<port> {I43|V43|A43|B43} enable|disable
Operation y I43 I43 G.hs Carrier y V43 V43 G.hs Carrier y A43 A43 G.hs Carrier
Configuring Ports
6-27
y B43 B43 G.hs Carrier
The following example is setting the carrier in the VDSL port 3/4
R1P-VD(config-dsl)# vdsl carrier 3/4 I43 enable
Setting the VDSL default

In order to set the VDSL carrier, perform the below procedures in the Global Configuration mode.
Table 6-22 Setting the VDSL default
Command vdsl defult <slot>/<port>
Operation Enable setting the VDSL default
The following example is setting the default in the VDSL port 3/4
R1P-VD(config-dsl)# vdsl default 3/4 3/4 : default config success
Setting the VDSL powermode

In order to set the VDSL powermode, perform the below procedures in the Global Configuration mode.
Table 6-23 Setting the VDSL powermode
Command vdsl powermode <slot>/<port> high|low
Operation high: high power mode low: low power mode
The following example is setting the powermode in the VDSL port 3/4
R1P-VD(config-dsl)# vdsl powermode 3/4 high
Setting the VDSL psdnoise

In order to set the VDSL psdnoise, perform the below procedures in the Global Configuration mode.
Table 6-24 Setting the VDSL psdnoise
Command vdsl psdnoise <slot>/<port> breakpoint {ds|us} y Breakpoint(ds | us) y ds (0-32) y us (0-32)
Operation
6-28
R1P-VD User's Guide
The following example is setting the podnoise in the VDSL port 3/4 R1P-VD(config-dsl)# vdsl psdnoise 3/4 breakpoint ds <0-32> breakpoint num R1P-VD(config-dsl)# vdsl psdnoise 3/4 breakpoint ds 32
Setting the VDSL upboparam

In order to set the VDSL upboparam, perform the below procedures in the Global Configuration mode.
Table 6-25 Setting the VDSL upboparam
Command vdsl upboparam <slot>/<port> u1 <100-900> u2 <100-900> u3 <100-900>
Operation u1 range: 100~900 u2 range: 100~900 u3 range: 100~900
The following example is setting the upboparam in the VDSL port 3/4 R1P-VD(config-dsl)# vdsl upboparam WORD slot/port, ex. 3/4,3/6-9 or 3/1-24,3/1-24 R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 upstream band 1 26 AWG reference length R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 upstream band 1 26 AWG reference length R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 100 100M k1=[0 -60 -60 -60 0 0] k2=[0 -2.63 -2.68 -2.7 0 0] 200 200M k1=[0 -60 -60 -60 0 0] k2=[0 -5.25 -5.35 -5.4 0 0] 300 300M k1=[0 -60 -60 -60 0 0] k2=[0 -7.88 -8.03 -8.1 0 0] 400 400M k1=[0 -60 -60 0 0 0] k2=[0 -10.54 -10.71 0 0 0] 500 500M k1=[0 -60 -60 0 0 0] k2=[0 -13.15 -13.39 0 0 0] 600 600M k1=[0 -60 -60 0 0 0] k2=[0 -15.78 -16.06 0 0 0] 700 700M k1=[0 -60 -60 0 0 0] k2=[0 -18.41 -18.74 0 0 0] 800 800M k1=[0 -60 -60 0 0 0] k2=[0 -21.05 -21.42 0 0 0] 900 900M k1=[0 -60 -60 0 0 0] k2=[0 -23.68 -24.09 0 0 0] R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 200 u2 upstream band 2 26 AWG reference length R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 200 u2 100 100M k1=[0 -60 -60 -60 0 0] k2=[0 -2.63 -2.68 -2.7 0 0] 200 200M k1=[0 -60 -60 -60 0 0] k2=[0 -5.25 -5.35 -5.4 0 0] 300 300M k1=[0 -60 -60 -60 0 0] k2=[0 -7.88 -8.03 -8.1 0 0]
Configuring Ports
6-29
400 400M k1=[0 -60 -60 0 0 0] k2=[0 -10.54 -10.71 0 0 0] 500 500M k1=[0 -60 -60 0 0 0] k2=[0 -13.15 -13.39 0 0 0] 600 600M k1=[0 -60 -60 0 0 0] k2=[0 -15.78 -16.06 0 0 0] 700 700M k1=[0 -60 -60 0 0 0] k2=[0 -18.41 -18.74 0 0 0] 800 800M k1=[0 -60 -60 0 0 0] k2=[0 -21.05 -21.42 0 0 0] 900 900M k1=[0 -60 -60 0 0 0] k2=[0 -23.68 -24.09 0 0 0] R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 200 u2 200 u3 upstream band 3 26 AWG reference length R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 200 u2 200 u3 100 100M k1=[0 -60 -60 -60 0 0] k2=[0 -2.63 -2.68 -2.7 0 0] 200 200M k1=[0 -60 -60 -60 0 0] k2=[0 -5.25 -5.35 -5.4 0 0] 300 300M k1=[0 -60 -60 -60 0 0] k2=[0 -7.88 -8.03 -8.1 0 0] 400 400M k1=[0 -60 -60 0 0 0] k2=[0 -10.54 -10.71 0 0 0] 500 500M k1=[0 -60 -60 0 0 0] k2=[0 -13.15 -13.39 0 0 0] 600 600M k1=[0 -60 -60 0 0 0] k2=[0 -15.78 -16.06 0 0 0] 700 700M k1=[0 -60 -60 0 0 0] k2=[0 -18.41 -18.74 0 0 0] 800 800M k1=[0 -60 -60 0 0 0] k2=[0 -21.05 -21.42 0 0 0] 900 900M k1=[0 -60 -60 0 0 0] k2=[0 -23.68 -24.09 0 0 0] R1P-VD(config-dsl)# vdsl upboparam 3/4 u1 200 u2 200 u3 100 <cr>
Resetting the VDSL Port

In order to reset a specific VDSL port, execute the below procedures.
Table 6-26 Resetting the VDSL Port
Command
Operation 1. Go to the DSL configuration mode. 2. Reset the VDSL port. y <port> Port Number (1 ~ 24, 48) y <slot> Slot Number (2)
dsl vdsl reset <port>/<slot>
Note: Executes operations similar to that of reset port vdsl commands or vdsl resent commands..
Below is an example of resetting the VDSL 3/1 port.

(config)# dsl (config-dsl)# VDSL reset 3/1
6-30
R1P-VD User's Guide
OK! #
Controlling the VDSL Modem

In order to control the CPE modem using a specific VDSL port, the below commands must be executed.
Table 6-27 Resetting the VDSL Port
Command dsl vdsl modem <port>/<slot> clearCount vdsl modem <port>/<slot> autoNego (on | off) link-dup (full | half) speed (10 | 100) agc (on | off) flowctl (off | full | half | both) loop (on | off) vdsl modem <port>/<slot> downImage WORD vdsl modem <port>/<slot> imageActive vdsl modem <port>/<slot> reset
Operation Go to DSL configuration mode. Initializes the various counts to 0 that are connected with the corresponding ports
Sets the Ethernet ports of the modem connected to the corresponding ports
Downloads the program images to the modem connected to the corresponding ports Activates the program images downloaded to the modem connected to the corresponding ports Resets the modems connected to the corresponding ports.
Configuring Ports
6-31
Configuring Profile
Configuring Profile
Profile is an automatic function that can be applied as a batch to the ports where same settings are necessary by making the setting applied to one port as a batch file. ID's that can be made as profile are from 2 to 10 and create the name by selecting an ID to set up the profile.
Creating Profile
The following is an example of creating selected name (test) in profile ID 2.
localhost(config-dsl)# vdsl profile 2 optionband create delete bandplan inp intlvdelay linetype minmargin psd psdmask rfinotch speed targetmargin upbo WORD <cr> localhost(config-dsl)# vdsl profile 2 create test OptionBand create profile delete profile band plan profile impulse noise protect profile intleavedelay line type profile min margin psd psd mask RFI notch profile speed profile target margin profile upbo name length 1-24
localhost(config-dsl)# vdsl profile 2 create localhost(config-dsl)# vdsl profile 2 create test
6-32
R1P-VD User's Guide
Configuring Profile
The following is an example of saving after setting the bandpan parameter as 18 at profile 2.
localhost(config-dsl)# vdsl profile 2 bandplan 03 04 05 06 07 08 09 11 12 18 19 20 21 998-138-8500 Long Reach 998-138-12000 High Data Rate 998-640-30000 100/100 997-138-8500 Flex-138-4400 998-138-4400 997-138-4400 998-138-4400-optBand 997-138-4400-optBand 998-138-12000 4K Tones 997-138-12000 4K Tones 998-138-17000 4K Tones 998-138-30000 4K Tones 30A
localhost(config-dsl)# vdsl profile 2 bandplan 18 <cr> localhost(config-dsl)# vdsl profile 2 bandplan 18 localhost(config-dsl)# end
Profile Mapping
The following is an example of selecting the ports to be applied and applying them as a batch using the created profile.
localhost(config-dsl)# vdsl profile 3/1-3 mapping <1-10> <cr> localhost(config-dsl)# vdsl profile 3/1-3 mapping 2 3/1 profile : test config success 3/2 profile : test config success 3/3 profile : test config success localhost(config-dsl)# end profile id 1-10 localhost(config-dsl)# vdsl profile 3/1-3 mapping 2
Configuring Ports
6-33
Configuring Profile
The profile that has completed being applied is as follows.

localhost# sh vdsl profile 3/1-5 mapping <cr> localhost# sh vdsl profile 3/1-5 mapping slot/port : 3/1 profile mapping id : 2 name: slot/port : 3/2 profile mapping id : 2 name: slot/port : 3/3 profile mapping id : 2 name: slot/port : 3/4 profile mapping id : 0 none slot/port : 3/5 profile mapping id : 0 none localhost# test test test mapping infomation localhost# sh vdsl profile 3/1-5 mapping
6-34
R1P-VD User's Guide
Chapter 7
Configuring VLAN
This chapter overviews Virtual LAN and describes how to configure VLAN using several examples. The tagged VLAN and overlapped VLAN are described in this chapter. 9 9 9 9 9 9 VLAN (Virtual LAN) Configuring VLAN Configuring Q-in-Q 7-2 7-6 7-17
Displaying VLAN Configuration 7-20 VLAN Configuration Commands 7-22 Pass-through 7-23
VLAN (Virtual LAN)
VLAN (Virtual LAN)

A VLAN (Virtual LAN) is a group of ports designated by the switch as belonging to the same broadcast domain. A VLAN enables the communication only between the devices which belongs to the same VLAN. A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as a physical LAN, but you can group end stations even if they are not located physically on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered as a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or bridge. Because a VLAN is considered a separate logical network and can support its own implementation of the Spanning Tree Protocol (STP). VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. To communicate between two VLANs on the Corecess R1P-VD series, the external router is needed.
Corecess R1P-VD Series
Router
Vlan1 Port: 2/1 ~ 2/12
Vlan2 Port: 2/13 ~ 2/24
7-2
R1P-VD User's Guide
VLAN (Virtual LAN)
Types of VLAN
This section describes the types of VLAN can be configured on the Corecess R1P-VD series.
Port-Based VLAN
On the Corecess R1P-VD series, you can configure port-based VLANs. A port-based VLAN is a subset of ports on the device that constitutes a broadcast domain. By default, all the ports on the Corecess R1P-VD series are members of the default VLAN. Thus, all the ports on the Corecess R1P-VD series constitute a single broadcast domain. You can configure multiple port-based VLANs. When you configure a port-based VLAN, the device automatically removes the ports you add to the VLAN from the default VLAN.
Marketing Port: 3/17 ~ 24
Corecess R1P-VD24
Sales Port: 3/1 ~ 8
Finance Port: 3/9 ~ 16
Note: A port can belong to only one port-based VLAN, unless you apply 802.1q tagging to the port. For detail information about 802.1q tagging, refer to the Tagged VLAN description.
Configuring VLAN
7-3
VLAN (Virtual LAN)
Default VLAN
By default, all ports on the Corecess R1P-VD series belong to the default VLAN (ID: 1). Therefore, all ports on the Corecess R1P-VD series belong to same broadcast domain. To divide the ports into multiple broadcast domains, define VLANs and assign the port in the default VLAN to new defined VLANs. After assigning ports to new VLAN, that ports will be removed from the default VLAN. The default VLAN should exist on the system and can not be deleted by user. Therefore, you define a VLAN, there are two VLAN, default VLAN and new VLAN, are on the system. You can define up to 4094 VLANs on the Corecess R1P-VD series including default VLAN.
DEFAULT
Corecess R1P-VD24
7-4
R1P-VD User's Guide
VLAN (Virtual LAN)
Tagged VLAN
Tagged VLAN is specified in the IEEE 802.1Q standard. 802.1Q tagging allows a networking device add a tag header to frames that are sent across the network. A tag header is used to indicate to which VLAN a frame belongs. This insures that the networking device forwards the frame to only those ports that belong to that VLAN. Tagging must be used when connecting two or more Corecess R1P-VD series that share a common VLAN. With tagging, the two devices can logically separate traffic from different VLANs. The following figure shows an example of two Corecess R1P-VD24 As that share the same port-based VLANs configured across them.
Sales
1/1*
Tagged link
1/1*
Corecess R1P-VD24
Corecess R1P-VD24
Accounting
* : Tagged Port
Each switch in the figure above shares two VLANs through the Gigabit Ethernet port 1/1. The frames must be tagged between the two devices to determine the frame destination. The tagging allows the transmittal of frames from the Sales department on the Corecess R1P-VD24A-A to the Sales department on the Corecess R1P-VD24A-B and the Accounting department in the Corecess R1P-VD24A-A to the Accounting department in the Corecess R1P-VD24A-B. Once the switch knows the destination of the frame, the tagging is removed and the frame is sent untagged to the VLAN.
Configuring VLAN
7-5
Configuring VLAN
Configuring VLAN
You can configure VLAN on the Corecess R1P-VD series when it is starting or running. If you change the VLAN configuration on running, all MAC address that have been learned by the ports in the VLAN will be deleted. To configure the VLAN at gigabit port, it is available to use VLAN command. At DSL port, it is available to use dot1q command to configure the VLAN.
Default VLAN Configuration

Table 7-1 shows the default VLAN configuration for the Corecess R1P-VD series:
Table 7-1 Default VLAN configuration
Feature VLAN name VLAN ID Ports MTU STP status Private Promisc port Tagged VLAN DEFAULT 1
Default Value
All ports belong to the default VLAN. 1500 Enable Disable None Untagged
When change the VLAN configurations, the change becomes part of the running configuration. The change does not automatically become part of the startup configuration file in Flash memory. If you do not save your changes to Flash memory, they are lost when the system restarts. To save the VLAN configuration changes to Flash memory, you must enter the write memory command in Privileged mode.
7-6
R1P-VD User's Guide
Configuring VLAN
VLAN Configuration Procedure

You can configure VLAN on the Corecess R1P-VD series when it is starting or running. If you change VLAN configuration on running, all MAC address that have been learned by the ports in VLAN will be deleted. You can configure VLAN on the Corecess R1P-VD series using the following procedures:
y y y y Creating VLANs (Deleting VLANs) Assigning ports to the VLAN (Removing ports from the VLAN) Assigning IP Address to a VLAN Saving the VLAN configuration
Creating a VLAN
In the factory default configuration, all the ports on the Corecess R1P-VD series belong to a single logical broadcast domain, which is given the name DEFAULT. You can partition the default broadcast domain into multiple logical broadcast domains by adding one or more additional VLANs and moving ports from the default VLAN to the new VLANs. Because the default VLAN permanently exists in the Corecess R1P-VD series, adding new VLANs results in multiple VLANs existing in the Corecess R1PVD series. To create a new VLAN, perform this task in Global configuration mode:
Table 7-2 Creating a VLAN
Command vlan id <vlan-id> name <vlan-name> end show vlan
Tasks 1. Define a new VLAN. y <vlan-id>: VLAN ID y <vlan-name>: VLAN name 2. Exit from Global configuration mode. 3. Verify that a new VLAN is created.
The following example shows how to create white VLAN on the Corecess R1P-VD24A:
(config)# vlan id 2 name white (config)# end # show vlan VLAN Name Status Slot/Port(s)
Configuring VLAN
7-7
Configuring VLAN
---- ---------------- -------- -----------------------------------1 DEFAULT active 1/1-2 3/2-24 2 white VLAN active Interface IGMPs STP Private Promisc Port(s)
---- ---------- -------- -------- -------- -----------------------1 disable disable enable 2 disable disable enable # Disable None Disable None
To delete a VLAN, use the no vlan command in Global configuration mode. The following example deletes the VLAN:
(config)# no vlan id 2 (config)#
Assigning Ports to a VLAN

You should add ports that belong to the default broadcast domain to a VLAN after defining a VLAN. When ports are assigned to a VLAN, a broadcast domain with assigned ports is created. If you add ports belonging to the default VLAN to other VLAN, the ports are deleted from the default VLAN and are added to other VLAN. To assign ports to a VLAN, perform this task in Global configuration mode:
Table 7-3 Assigning ports to a VLAN
Command
Tasks 1. Assign ports to a VLAN. y <vlan-id>: VLAN ID. y <vlan-name>: VLAN name. y <port-type> : Port type (gigabitethernet) y <slot>/<port>: slot number / port number to be added to the VLAN. 2. Exit from Global configuration mode. 3. Verify that the ports are assigned. y <vlan-id>: ID of the VLAN to verify. y <vlan-name>: Name of the VLAN to verify.
vlan {id <vlan-id> | name <vlan-name>} port <porttype> <slot>/<port>
end show vlan {id <vlan-id> | name <vlan-name>}
The following example shows how to assign 1/2 Gigabit Ethernet ports to the white VLAN:
(config)# vlan name white port gigabitethernet 1/2 (config)# end
7-8
R1P-VD User's Guide
Configuring VLAN
# show vlan VLAN Name 1 DEFAULT Status active Slot/Port(s) 1/1 2/1-24 2 white active STP disable enable 1/2 Private Disable Disable Promisc None None Port(s) ---- ---------------- -------- ------------------------------------
VLAN Interface IGMPs 1 2 disable disable disable disable
---- ---------- -------- -------- -------- ------------------------
To remove ports from the VLAN, use the no vlan command in Global configuration mode. The following example removes the port 1/2 from the white VLAN:
(config)# no vlan name white port gigabitethernet 1/2 (config)# end # show vlan VLAN Name 1 DEFAULT Status active Slot/Port(s) 1/1-2 2/1-24 2 white active STP disable enable Private Disable Disable Promisc None None Port(s) ---- ---------------- -------- ------------------------------------
VLAN Interface IGMPs 1 2 # disable disable disable disable
---- ---------- -------- -------- -------- ------------------------
Configuring VLAN
7-9
Configuring VLAN
Assigning IP Address to a VLAN

Once you have defined a VLAN and assigned ports, you need to set the IP address to the VLAN for managing the VLAN via Telnet or SNMP. Only one IP address of interface can be assigned to the system. To assign IP address to a VLAN, perform this task in Global configuration mode:
Table 7-4 Assigning IP address to a VLAN
Command interface vlan {id <vlan-id> | name <vlan-name>}
Tasks 1. Enter Interface configuration mode. y <vlan-id>: ID of the VLAN to configure. y <vlan-name>: Name of the VLAN to configure. 2. Assign IP address to a VLAN. y <ip-address>: IP address for the VLAN. y <M>: Subnet mask. 3. Return to Privileged mode. 4. Verity the IP address assigned to the VLAN. y <vlan-id>: ID of the VLAN to display. y <vlan-name>: Name of the VLAN to display.
ip address <ip-address>/<M> end show vlan {id <vlan-id> | name <vlan-name>}
The following example shows how to assign IP address and subnet mask, 172.16.1.1/16, to the default VLAN and verify the result:
(config)# interface vlan id 1 (config-if)# ip address 172.16.1.100/16 (config)# end # show interface vlan id 1 Interface vlan1 index 52 kernel index 4 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:90:a3:cc:fb:e6 inet 172.16.1.100/16 broadcast 172.16.255.255 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 72, bytes 3312, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 ...
7-10
R1P-VD User's Guide
Configuring VLAN
To remove the IP address of a VLAN, use the no ip address command in Interface configuration mode. The following example shows how to remove the IP address of the default
(config)# interface vlan id 1 (config-if)# no ip address 172.16.1.100/16 (config-if)#
VLAN:
Assigning Secondary IP address to a VLAN

You can specify another IP address to a VLAN. This is called secondary IP address. The secondary IP address is useful for configuring DHCP server with many DHCP hosts (more than 256 hosts). Only one secondary IP address can be set to the system. To specify the secondary IP address to the VLAN, use the following command in Global configuration mode:
Table 7-5 Assigning IP address to a VLAN
Command interface vlan {id <vlan-id> | name <vlan-name>} ip address <ip-address>/<M> secondary end show interface vlan id <vlan-id>
Tasks 1. Go to Interface configuration mode. y <vlan-id>: ID of the VLAN to configure. y <vlan-name>: Name of the VLAN to configure. 2. Specify the secondary IP address of the VLAN. y <ip-address>: Secondary IP address for the VLAN. y <M>: Subnet mask. 3. Return to Privileged mode. 4. Verity the secondary IP address assigned to the VLAN. y <vlan-id>: ID of the VLAN to display. y <vlan-name>: Name of the VLAN to display.
This example shows how to specify the secondary IP address of the VLAN whose id is 1:
(config)# interface vlan id 1 (config-if)# ip address 172.16.2.100/16 secondary (config-if)# end # show interface vlan id 1 Interface vlan1 index 52 kernel index 4 metric 1 mtu 1514 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:90:a3:cc:fb:e6 inet 172.16.1.100/16 broadcast 172.16.255.255 inet 172.16.2.100/16 broadcast 172.16.255.255 secondary input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
Configuring VLAN
7-11
Configuring VLAN
output packets 72, bytes 3312, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 ...
To remove the secondary IP address of a VLAN, use the no ip address secondary command in Interface configuration mode. The following example shows how to remove the secondary IP address of the default VLAN:
(config)# interface vlan id 1 (config-if)# no ip address 172.16.2.100/16 secondary (config-if)#
Saving VLAN Configuration

When you finish the VLAN configuration, you should save the VLAN configuration to use it after rebooting the system. To save the current VLAN configuration, use the write memory command in Privileged mode.
# write memory Building Configuration... [OK] #
7-12
R1P-VD User's Guide
Configuring VLAN
VLAN Configuration Example

This section describes how to configure port-based VLANs using the example of configuring the following network. If you configure the network as follows, PCs in each subnet can communicated between, but not possible with other subnets.
DEFAULT y ID : 1 y Port : 2/1~8
sub-1 y ID : 2 y Port : 2/9~16
Corecess R1P-
sub-2 y ID : 3 y Port : 2/17~24
sub-3 y ID : 4 y Port : 1/1-2
(config)# vlan id 2 name sub-1 (config)# vlan id 3 name sub-2 (config)# vlan id 4 name sub-3 (config)# port VDSL 2/9-16.1 pvc 0/35 (config)# port VDSL 2/9-16.1 qos-service unshape (config)# port VDSL 2/17-24.1 pvc 0/35 (config)# port VDSL 2/17-24.1 qos-service unshape (config)# dot1q port VDSL 2/9-16.1 pvid 2 (config)# dot1q port VDSL 2/17-24.1 pvid 3 (config)# vlan id 4 port gigabitethernet 1/1-2 (config)# exit # show dsl vc 2/9.1 VirtualPortIndex: 3/1 IfIndex: 58 BridgeIndex: 129 Name: DEFAULT VPI/VCI 0/35 VLAN: 2
Configuring VLAN
7-13
Configuring VLAN
Service Category : unshape Traffic Parameters : PCR/SCR/MBS/CDV 2320/2320/2320/0 2/10.1 VirtualPortIndex: 3/2 IfIndex: 59 BridgeIndex: 130 Name: DEFAULT VPI/VCI 0/35 Service Category : unshape Traffic Parameters : PCR/SCR/MBS/CDV 2320/2320/2320/0 . . 2/23.1 VirtualPortIndex: 3/15 IfIndex: 72 BridgeIndex: 143 Name: DEFAULT VPI/VCI 0/35 Service Category : unshape Traffic Parameters : PCR/SCR/MBS/CDV 2320/2320/2320/0 2/24.1 VirtualPortIndex: 3/16 IfIndex: 73 BridgeIndex: 144 Name: DEFAULT VPI/VCI 0/35 Service Category : unshape Traffic Parameters : PCR/SCR/MBS/CDV 2320/2320/2320/0 Note: To activate the state of new VLANs, enter the interface vlan id <vlan-id> command in Global configuration mode. VLAN: 3 VLAN: 3 VLAN: 2
7-14
R1P-VD User's Guide
Configuring VLAN
Tagged VLAN Configuration

The following number of tagged VLANs are supported on the Corecess R1P-VD series:
y y y 200 per Gigabit Ethernet 32 per VDSL port 1536 per system
To configure 802.1Q tagged port on the Corecess R1P-VD series, use the following commands in Privileged mode:
Table 7-6 Configuring tagged port
Command configure terminal
Task 1. Enter Global configuration mode. 2. If need, create VLANs and assign ports to the VLANs.
vlan id <vlan-id> name <vlan-name>
2-1. Create a VLAN. y <vlan-id>: VLAN ID (1 ~ 4094) y <vlan-name>: VLAN name 2-2. Assign the ports to the VLAN. y <vlan-id>: VLAN ID (1 ~ 4094) y <vlan-name>: VLAN name. y <port-type>: Port type (gigabitethernet) y <slot>/<port>: Slot number/port number to be added to the VLAN. 3. Set the specified port or PVC to a tagged port.
vlan {id <vlan-id> | name <vlan-name>} port <port-type> <slot>/<port>
dot1q port gigabitethernet <slot>/<port> tag <tag-id> dot1q port VDSL <slot>/<port> vc <vci>/<vpi> tag <tag-id> end show dot1q port
3-1. Set the specified Gigabit Ethernet port to a tagged port. y <slot>/<port>: Slot number/port number of the Ethernet port y <tag-id>: The VLAN ID to be tagged (1 ~ 5, 100, 105 ~ 200) 3-2. Set the specified PVC on the specified VDSL to a tagged port. y <slot>/<port>: Slot number/port number of the VDSL port y <vpi>/<vci>: VCI/VPI value of this PVC y <tag-id>: The VLAN ID to be tagged (1 ~ 5, 100, 105 ~ 200) 4. Return to Privileged mode. 5. Verify the 802.1Q tagged port configuration.
Configuring VLAN
7-15
Configuring VLAN
The following example describes how to configure the Gigabit Ethernet port 1/1 to an 802.1Q tagged port for VLANs vlan1 and vlan2:
Tagged link 1/1* 1/1*
Corecess R1P-VD24
y VLAN ID y Ports Eth t) vlan2 :2 : 1/1-2 (Gigabit vlan1 y VLAN ID :1 y Ports : 2/1-24 (VDSL)
Corecess R1P-VD24
y VLAN ID y Ports Eth t) vlan2 :2 : 1/1-2 (Gigabit vlan1 y VLAN ID :1 y Ports : 3/1-24 (VDSL)
# configure terminal (config)# vlan id 2 name vlan2 (config)# vlan id 2 port gigabitethernet 1/1-2 (config)# dot1q port gigabitethernet 1/1 tag 1-2 (config)# end # show dot1q Port -------1/1 Port ---------1/1 Port -------1/1 # allowed 802.1q VLAN TAGs ----------------------------------------------------------------1-2 PVID ---2 Acceptable frame types Ingress filter ---------------------all -------------off
# show dot1q port gigabitethernet 1/1
allowed 802.1q Vlans ----------------------------------------------------------------1-2
7-16
R1P-VD User's Guide
Configuring Q-in-Q
Configuring Q-in-Q
The 802.1Q-in-802.1Q technology which is commonly called Q-in-Q is able to raise extensibility as the number of VLAN's managed as a whole is reduced by dividing the 802.1Q grouping VLAN into many 802.1Q's once again.
Q-in-Q Features
The Q-in-Q function provided in this equipment is operated by having the following features.
1. The value of 802.1Q VLAN Tag brought from subscriber is irrelevant. 2. The PVID value of subscriber port is used as VLAN value of Outer VLAN Tag. 3. The PVID value of subscriber must be set as VLAN Tag at the Uplink Port connected to ISP network.
Configuring VLAN
7-17
Configuring Q-in-Q
Q-in-Q Setup
The Q-in-Q setup assigns subscriber port and assigns the PVID of corresponding subscriber port as a tag at the ISP Uplink port.
Command configure terminal vlan id <1-4095> port vdsl <Port Number> dot1q-tunnel port vdsl <Port Number> dot1q port <Port Type> <Port Number> tag <1-4095> Enter Privileged mode. Task
Assigns the PVID of subscriber port.
The Q-in-Q is activated at the subscriber port. The PVID of subscriber port is assigned as a tag at the ISP Uplink port.
The following is an example of setup to provide the Q-in-Q service by adding the VLAN Tag 1000 times for VLAN Tag attached packets that are coming up from the subscriber port.
r1p# configure terminal r1p(config)# vlan id 1000 port vdsl 3/1-24 r1p(config)# dot1q-tunnel port vdsl 3/1-24 r1p(config)# dot1q port gigabitethernet 1/1 tag 1000 r1p(config)# dot1q port gigabitethernet 1/2 tag 1000 r1p(config)#
Transparent Switching Setup

Even for the BPDU packets such as STP and LACP that must be processed at Control Plane, the Transparent Switching must be activated on BPDU and Q-in-Q packets for specific VLAN's and specific port using following commands for the Q-in-Q processing.
Task Enter Global configuration mode.
7-18
R1P-VD User's Guide
Configuring Q-in-Q
vlan id <1-4095> pass-thru (bpdu|q-in-q) port <Port Type> <Port Number> pass-thru (bpdu|qin-q)
Enable Transparent Switching on BPDU or Q-in-Q packet at a specific VLAN Enable Transparent Switching on BPDU or Q-in-Q packet at a specific port.
The above is an example of activating the BPDU Transparent Switching function for subscribers of vdsl 3/1 port among the example above.
r1p(config)# r1p(config)# vlan id 1000 pass-thru bpdu r1p(config)# port vdsl 3/1 pass-thru bpdu r1p(config)# port gigabitethernet 1/1-2 pass-thru bpdu r1p(config)# vlan id 1000 pass-thru q-in-q r1p(config)# port vdsl 3/1 pass-thru q-in-q r1p(config)# port gigabitethernet 1/1-2 pass-thru q-in-q r1p(config)#
Priority Copy Setup

The command is necessary if the priority value set at the VLAN Tag of packets that came in from the subscriber port has to be used as a priority value of outer VLAN Tag added through Q-in-Q.
Command configure terminal port <Port Type> <Port Number> priority-copy Task Enter Global configuration mode.
Enable priority copy function at a specific port.
The above is an example of setting up Priority Copy on the vdsl 3/2 port.
r1p(config)# r1p(config)# port vdsl 3/2 priority-copy r1p(config)#
Configuring VLAN
7-19
Displaying VLAN Configuration

This section describes how to display VLAN configuration on the Corecess R1P-VD series:

To display the current VLAN configuration on the Corecess R1P-VD series, enter the show vlan command in Privileged mode:
# show vlan VLAN ---1 2 Name --------------DEFAULT vlan1 Status -------active active STP enable enable Slot/Ports -----------------------------------1/1-2 2/-24 Private Disable Disable Promisc Port(s) None None
VLAN Interface IGMPs 1 2 # enable disable disable disable
---- ---------- -------- -------- -------- ------------------------
The following table describes the fields shown by the show vlan command:
Table 7-7 show vlan field descriptions
Field VLAN Name Status Slot/Ports Interface IGMPs STP Private VLAN id. VLAN name. Administrative status of the VLAN. Member ports of the VLAN. Running status of the VLAN interface.
Description
Whether to use the IGMP on the VLAN interface. Whether to use the STP on the VLAN interface. Whether to configure the VLAN as a private VLAN.
7-20
R1P-VD User's Guide
Displaying VLAN Tagging Configuration

To display the 802.1Q tagging configuration, use the show dot1q command in Privileged mode. The following example displays the 802.1Q tagging configuration of the Corecess R1P-VD24A:
# show dot1q Port -------1/1 # allowed 802.1q Static and Dynamic Vlans created by GVRP ----------------------------------------------------------------1-2
The following example displays 802.1Q tagging configuration of the Gigabit Ethernet port 1/1:
# show dot1q port gigabitethernet 1/1 Port ---------1/1 Port -------1/1 # PVID ---2 Acceptable frame types Ingress filter ---------------------all -------------off
allowed 802.1q Vlans ----------------------------------------------------------------1-2
The table below describes the fields in the show dot1q command output:
Table 7-8 Show dot1q field descriptions
Field Port PVID Acceptable frame types Ingress filter Allowed 802.1q vlans
Description Slot number and port number of the port Port VLAN ID Whether to allow tag only, untag packet Whether to enable or disable Ingress filter Tag IDs (VLAN IDs)
Configuring VLAN
7-21
VLAN Configuration Commands
VLAN Configuration Commands

The following table lists the commands for configuring VLAN on the Corecess R1P-VD series:
Table 7-9 VLAN configuration commands
Command interface vlan vlan id name vlan port dot1q port ip address show dot1q show vlan
Description Enter Interface configuration mode. Creates a VLAN. Adds ports to the VLAN. Configures 802.1Q tagging on a port. Assigns an IP address and subnet mask to the VLAN interface. Displays 802.1q tagging configuration. Displays the VLAN configuration.
7-22
R1P-VD User's Guide
Pass-through
Pass-through
Pass_through is the function that supports the cisco tunneling for the specific BPDU(Bridge Protocol Data Unit)of cisco and the general BPDU, when R1P products of Corecess are between cisco equipment. We support following commands for pass-through function. commands
port <port_type> <slot/port> pass-through cisco port <port_type> <slot/port> pass-through bpdu
Description
Configuring cisco tunnel about cisco bpdu to relevant port. Configuring cisco tunnel about normal bpdu to relevant port.
Cisco bpdu tunneling

Configuring the cisco bpdu tunnel on specific ports, you set following command. Cisco bpdu that support tunneling is CDP, VTP, PAGP, PVSTP. localhost# configure terminal localhost(config)# port vdsl 3/1 pass-through cisco localhost(config)# exit Setting confirmation localhost# show run | include pass-through port vdsl 3/1 pass-through cisco localhost#
bpdu tunneling
It supports the cisco tunneling function for the general BPDU. If you configure this function on specific ports, set follwing command. localhost# configure terminal localhost(config)# port vdsl 3/1 pass-through bpdu localhost(config)# exit
Configuring VLAN
7-23
Pass-through
Setting confirmation localhost# show run | include pass-through port vdsl 3/1 pass-through bpdu localhost#
7-24
R1P-VD User's Guide
Chapter 8
Configuring SNMP and RMON
This chapter describes how to configure SNMP and RMON on the Corecess R1P-VD series. 9 9 9 Configuring SNMP 8-2
Configuring RMON 8-17 SNMP and RMON Configuration Commands 8-26
Configuring SNMP
Configuring SNMP
SNMP (Simple Network Management Protocol) Overview
The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
SNMP Basic Components

SNMP consists of the following three key components:
y y y Managed Device SNMP Agent and Management Information Base (MIB) SNMP Manager
SNMP Manager
Managed Device
Managed Device
Managed Device
SNMP Agent MIB
SNMP Agent MIB
SNMP Agent MIB
8-2
R1P-VD User's Guide
Configuring SNMP
Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.
SNMP Agent and MIB

The SNMP agent is a network management module running in the managed device. The SNMP agent responds to SNMP manager requests as follows:
y Get a MIB variable: The SNMP agent initiates this function in response to a request from the NMS. The agent retrieves the value of the requested MIB variable and responds to the NMS with that value. y Set a MIB variable: The SNMP agent initiates this function in response to a message from the NMS. The SNMP agent changes the value of the MIB variable to the value requested by the NMS.
The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event has occurred on the agent. Examples of traps conditions include, but are not limited to, when a port or module goes up or down, when spanning-tree topology changes occur, and when authentication failures occur. The MIB is the information base, the SNMP agent must keep available for the managers. This information base contains objects whose values provide information on the status of the checked system or objects whose values can be modified by a manager to control the system. Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB and enterprise-specific MIB.
SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP agent and sometimes sends warning messages depending on the each SNMP agent relations. In other words, the actual data is collected from SNMP agent and this data will be processed by management module and saved. To request information or configuration changes, respond to requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages (Get, GetNext, Set, and trap). For more information on these messages, refer to the following section.
8-3
Configuring SNMP
SNMP Messages
The SNMP manger and SNMP agent use the following SNMP messages to request information or configuration changes, respond to requests, and send unsolicited alerts. y y y y Get-Request / Get-Response Message GetNext-Request / GetNext-Request Message Set-Request Message Trap Message
Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it requests information about a single MIB entry on an SNMP agent. For example, the amount of free drive space.
GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse the entire tree of management objects. When processing a Get-next request for a particular object, the agent returns the identity and value of the object which logically follows the object from the request. The Getnext request is useful for dynamic tables, such as an internal IP route table.
Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated MIB value to the agent.
Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects that a certain type of event has occurred locally on the managed device. For example, a trap message might be sent on a system restart event.
8-4
R1P-VD User's Guide
Configuring SNMP
SNMP Community Strings

SNMP community strings authenticate access to MIB objects and function as embedded passwords. In order for the NMS to access the system, the community string definitions on the NMS must match at least one of the three community string definitions on the system. A community string can have one of the following attributes:
Table 8-1 Community Strings
Types Read-only Read-write
Access Right Gives read access to authorized management stations to all objects in the MIB except the community strings, but does not allow write access. Gives read and write access to authorized management stations to all objects in the MIB, but does not allow access to the community strings.
Trap
Trap is a defined status of event or system. For example, event generated when port configuration is changed or a host having not-allowed IP address accesses can be defined as a trap. You can configure the level of trap according to the kind of events. If a trap occurs on the system, the SNMP agent send SNMP trap message to the registered trap host.
8-5
Configuring SNMP
Configuring SNMP
SNMP configuration set as a default in the Corecess R1P-VD series is as follows:
Table 8-2 Default SNMP Configuration
SNMP Configuration Element Agent contact information (MIB-II System Contact variable) Agent location information (MIB-II System Location variable) Community strings Trap Trap Host RMON
Default Value None configured None configured None configured Disabled None configured RMON statistics group
Setting the System Contact and Location Information

In the system group of MIB-II (Public MIB) supported by the Corecess R1P-VD series has System Contact variable and System Location variable displaying the system contact information and system location information. The values of these variables can be browsed or modified via ViewlinX, NMS of the Corecess or NMS of other companies. To set the system contact and location information, use the following command in Global configuration mode:
Table 8-3 Setting system contact and location information
Command snmp-server contact <string> snmp-server location <string> End show snmp-server
Task 1. Set the system contact information. y <string>: String that describes the system contact information. 2. Set the system location information. y <string>: String that describes the system location information. 3. Return to Privileged mode. 4. Verify the system contact and location information.
8-6
R1P-VD User's Guide
Configuring SNMP
The following example shows how to set the agent contact and location information:
(config)# snmp-server contact Dial System Administrator at phone #2734 (config)# snmp-server location 1st floor lab (config)# end # show snmp-server RMON: Extended RMON: sysContact sysLocation : : # Dial 1st floor lab Disabled Extended RMON module is not present System Operator at phone
Configuring Community Strings

You use the SNMP community string to define the relationship between the SNMP manager and the agent. The community string acts like a password to permit access to the agent on the system. The Corecess R1P-VD series has no default community string. Therefore you should add a new readwrite community string before accessing to the Corecess R1P-VD series via SNMP. To define SNMP community strings, use the following command in Global configuration mode:
Table 8-4 Adding new community string
Command
Task 1. Add a new community string. y <string>: A string that acts like a password and permits access to the SNMP protocol. You can configure one or more community strings of any length. y ro: (Optional) Specifies read-only access. Authorized management stations are only able to retrieve MIB objects. y rw: (Optional) Specifies read-write access. Authorized management stations are able to both retrieve and modify MIB objects. 2. Return to Privileged mode. 3. Verify new community string.
snmp-server community <string> {ro | rw}
end show snmp-server community-list
The following example shows how to add a new community string, admin, with the rights to read and
8-7
Configuring SNMP
write.
(config)# snmp-server community public ro (config)# snmp-server community corecess rw (config)# end # show snmp-server community-list Community -----------------------------public corecess # write memory Building Configuration... [OK] Access ---------Read-Only Read-Write
To delete a community string, use the no snmp-server community <string> command in Global configuration mode as follows:
(config)# no snmp-server community corecess (config)# end # show snmp-server community-list Community -----------------------------public # Access ---------Read-Only
8-8
R1P-VD User's Guide
Configuring SNMP
Configuring Trap Type

Traps are system alerts that the Corecess R1P-VD series generates when certain events occur. The Corecess R1P-VD series supports the following types of traps:
Table 8-5 Types of trap supported by Corecess R1P-VD series
Trap Types chassis module port bridge repeater ip_permit sysconfig entity cpuload auth sysauth bgp dhcp
Description Sends a trap message when power supply is installed or uninstalled, temperature limitations are exceeded, or fan errors occur. Sends a trap message when a module goes up or down. Sends a trap message when a port goes up or down. Sends a trap message when there is spanning tree topology changes. Sends a trap message when Ethernet hub repeater state is changed. Sends a trap message when there are access attempts with unauthorized IP address. Sends a trap message when the system backup configuration is changed. Sends a trap message when there is Entity Management Information Base (MIB) change. Sends a trap message when CPU load limitations are exceeded. Sends a trap message when there are access attempts with unauthorized community string. Sends a trap message when unauthorized user attempts access to the system. Sends a trap message when Border Gateway Protocol (BGP) state is changed. Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is changed.
When trap is set to enable state, if an error occurs in the device where corresponding trap is set to enable or if problem occurs in the part defined by the trap, such error status (trap message) are transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are disabled. To send traps to the trap hosts, the trap types should be enabled. To enable a trap type, perform this task in Global configuration mode:
Table 8-6 Enabling a trap type
Command snmp-server enable traps end show snmp-server 1. Enable a trap. 2. Return to Privileged mode. 3. Verify the trap status.
Task
8-9
Configuring SNMP
The following example shows how to enable port and sysconfig traps to send trap notifications:
(config)# snmp-server enable traps port (config)# snmp-server enable traps sysconfig (config)# end # show snmp-server ... Traps ------------------------chassis module port bridge repeater ip_permit sysconfig entity cpuload auth ... disabled disabled disabled enabled disabled disabled disabled Enabled -----------------disabled disabled enabled
To disable the trap type, use the no snmp-server enable traps command as follows:
(config)# no snmp-server enable traps port (config)#
8-10
R1P-VD User's Guide
Configuring SNMP
Configuring Trap Receiver Hosts

Trap receiver host is the host receiving the information (trap message) when an error occurs in the device with trap in enable status or when becomes a certain status. By default, no trap receiver host is configured. Generally trap host includes NMS and etc. To receive the trap generated on your managed device using NMS, you must add the NMS as a trap receiver host. Trap receiver host is the host to receive traps from an SNMP agent. Trap is message sent by an SNMP agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such as a specifically defined condition or a threshold that was reached. By default, no trap receiver host is configured. To receive the trap generated on your managed device using NMS, you must add the NMS as a trap receiver host. You can specify up to twenty trap hosts on the Corecess R1P-VD series. To add or modify trap receiver host, use the following commands in Global configuration mode:
Table 8-7 Adding a trap receiver host
Command
Task 1. Add a trap receiver host. y <host-addr>: IP address of the host (the targeted recipient). y <community>: Password-like community string sent with the notification operation. Though you can set this string by using the snmp-server host command, we recommend you define this string by using the snmp-server community command before using the snmp-server host command. y default: Uses the default UDP port number (162). y <udp-port>: User Datagram Protocol (UDP) port number of the host for sending traps (1 ~ 65535, default) 2. Return to Privileged mode. 3. Verify that the trap receiver host is added.
snmp-server host <host-addr> <community> port {default | <udp-port>}
end show snmp-server traphost
The following example shows how to enable the system to send all traps to the host 172.168.10.65:
(config)# snmp-server host 172.168.10.65 private port default (config)# end # show snmp-server traphost Host udp:172.160.10.65:162 Trap Source IP ------------------------Default # : 0.0.0.0 Version v2c Community private ------------------------- -------- ----------
8-11
Configuring SNMP
Displaying SNMP Information

The section describes how to display SNMP configuration information, SNMP community strings, SNMP trap hosts, and SNMP statistics.
Displying SNMP Configuration Information

To display SNMP configuration information, use the show snmp-server command in Privileged mode. The following example is a sample output of the show snmp-server command:
localhost# sh snmp-server RMON: Extended RMON: sysContact sysLocation Access ---------read-only read-write Community -------------------public corecess Enabled Extended RMON module is not present support@corecess.com Corecess Inc. Source -------------------any any Version ------Enabled -----------------disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled Trap-Rec-Community ----------------------
Trap-Rec-Address ---------------------------Traps ------------------------chassis module port bridge repeater ip-permit sysconfig entity cpuload auth sysauth bgp
8-12
R1P-VD User's Guide
Configuring SNMP
dhcp atm adslAtuc adslAtur mac-flood igmp-snoop memoryload Group ID| localhost# Node ID|
disabled disabled disabled disabled disabled disabled disabled Group Community| Node Community| Mode
------------------------------------------------------------------------------
The table below describes the fields shown by the show snmp-server command:
Table 8-8 show snmp-server field descriptions
Field RMON Extended RMON sysContact sysLocation CommunityAccess CommunityString Trap-RecAddress Version Trap-RecCommunity Traps Enabled
community
TrapReceiver
Trap
Description Status of whether RMON is enabled or disabled Status of whether extended RMON is enabled or disabled SNMP system contact string SNMP system location string Configured SNMP communities - read-only - read-write SNMP community strings associated with each SNMP community IP address of trap receiver hosts and UDP port number for sending trap messages. SNMP version of trap host SNMP community string used for trap messages to the trap receiver. Trap types Status of whether trap type is enabled or disabled
Default enabled not supported unknown unknown
none
disabled
8-13
Configuring SNMP
Displaying SNMP Community Strings

To display SNMP community strings, use the show snmp-server community-list command in Privileged mode. The following example shows how to display SNMP community strings:
# show snmp-server community-list community:pubilc community:private community:corecess # access: ro access: rw access: ro
The table below describes the fields shown by the show snmp-server community-list command output:
Table 8-9 show snmp-server community-list field descriptions
Field
community access
Description
SNMP community strings Access right of the community strings - ro : Read-only - rw : Read-write
Displaying SNMP Statistics

To display SNMP statistics, use the show snmp-server statistics command in Privileged mode. The following is sample output from the show snmp-server statistics command:
# show snmp-server statistics 10090 0 96 0 0 28051 12 9854 83 12 9994 SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested variables Number of altered variables Get-request PDUs Get-next PDUs Set-request PDUs SNMP packet output
8-14
R1P-VD User's Guide
Configuring SNMP
0 3 0 0 9994 0 #
Too big errors (Maximum packet size 1500) No such name errors Bad values errors General errors Response PDUs Trap PDUs
The table below describes the fields shown by the show snmp-server statistics command output:
Table 8-10 show snmp-server statistics field descriptions
Field
SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested variables Number of altered variables Get-request PDUs Get-next PDUs Set-request PDUs SNMP packet output Too big errors No such name errors Bad values errors
Description
Total number of SNMP packets input. Number of packets with an invalid SNMP version. Number of SNMP packets with an unknown community name. Number of packets requesting an operation not allowed for that community. Number of SNMP packets that were improperly encoded. Number of variables requested by SNMP managers. Number of variables altered by SNMP managers. Number of get requests received. Number of get-next requests received. Number of set requests received. Total number of SNMP packets sent by the router. Number of SNMP packets which were larger than the maximum packet size. Number of SNMP requests that specified an MIB object which does not exist. Number of SNMP set requests that specified an invalid value for an MIB object. Number of SNMP set requests that failed due to some other error. (It was not a noSuchName error, badValue error, or any of the other specific errors.) Number of responses sent in reply to requests. Number of SNMP traps sent.
General errors Response PDUs Trap PDUs
8-15
Configuring SNMP
Displaying SNMP Trap Hosts

To display the list of the trap receiver hosts, use the show snmp-server traphost command in Privileged mode. The following example shows how to display the list of the trap receiver hosts:
# show snmp-server traphost Host udp:172.168.2.23:162 Trap Source IP ------------------------Default # : 0.0.0.0 Version v2c Community R1PVD24 ------------------------- -------- ----------
The table below describes the fields shown by the show snmp-server traphost command output:
Table 8-11 show snmp-server traphost field descriptions
Field host Version commmunity Trap Source IP
Description Protocol : IP address of a trap receiver host: port number. SNMP version of trap host SNMP community strings of the trap receiver host. In several interface among appointed Source IP
8-16
R1P-VD User's Guide
Configuring RMON
Configuring RMON
RMON (Remote MONitoring) Overview
The RMON is a standard MIB that defines current and historical MAC-layer statistics and control objects, allowing you to capture real-time information across the entire network. The RMON standard is an SNMP MIB definition described in RFC 1757 (formerly 1271) for Ethernet. The RMON MIB provides a standard method to monitor the basic operations of the Ethernet, providing inoperability between SNMP management stations and monitoring agents. The RMON also provides a powerful alarm and event mechanism for setting thresholds and for notifying you of changes in network behavior. You can use the RMON to analyze and monitor network traffic data within remote LAN segments from a central location. This allows you to detect, isolate, diagnose, and report potential and actual network problems before they escalate to crisis situations. For example, the Corecess R1P-VD series can identify the hosts on a network that generate the most traffic or errors. The RMON allows you to set up automatic histories, which the RMON agent collects over a period of time, providing trending data on such basic statistics as utilization, collisions, and so forth. The RMON monitors nine MIB groups including network statistics. The following table lists the RMON MIB groups: The Corecess R1P-VD series supports the following four groups of the nine groups: 1) Statistics (RMON group 1) Collects the number of packets/bytes, the number of broadcast/multicast packets, the number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length, and long-length) on an interface. 2) History (RMON group 2) Collects a history group of statistics on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces for a specified polling interval. 3) Alarm (RMON group 3) Monitors a specific management information base (MIB) object for a specified interval, triggers an alarm at a specified value (rising threshold). 4) Event (RMON group 9) Determines the action to take when an event is triggered by an alarm. The action can be to generate a log entry or an SNMP trap.
8-17
Configuring RMON
Configuring RMON
Process that compose RMON in Corecess R1P-VD series is as following.
y y Configuring Event Group Configuring Alarm Groups
Configuring Event Group

The RMON Event group allows for the generation of an SNMP trap, the generation of a log entry, or both, for any event you choose. An event can occur when the sample variable exceeds the alarm threshold or a channel match event generated. Traps can be delivered by the RMON agent to multiple management stations. In order for RMON to generate trap events, you must set up the SNMP managers table based on the SNMP community strings (for example, public) you are using with the network management application and the hosts on which you are running applications. If you fail to make these changes, the system will be unable to send trap events to the network management station. When you set up the SNMP managers table, you can use the SNMP community strings that the network management application uses and modify the trap receiving tables on the router to use these names. Or, you can configure the router to use specific SNMP community strings and modify the network management software to use these strings. To set an RMON event, use the following commands in Global configuration mode:
Table 8-12 Configuring RMON event group
Command
Task 1. Set an event group. y <index>: Assigned event number (1 ~ 65535) y description <string>: A description of the event y log: Option for generating an RMON log entry when the event is triggered. y trap <community>: Option for generating SNMP trap with the <community> community string when the event occurs. y owner <owner>: Option for specifying an owner for the event. 2. Return to Privileged mode. 3. Verify the configuration.
rmon event <index> description <string> {trap <community> | log | owner <owner>}
end show rmon
8-18
R1P-VD User's Guide
Configuring RMON
The following example shows how to configure an event group on the Corecess R1P-VD24A and how to verify that they are configured:
Parameter Event index Event description Event type Community Owner 10 Event to create log entry and SNMP notification log, trap Public 172.1.1.1 Value
Because the following uses show rmon instruction, is example that display RMON event group which compose with upside.
(config)# end # show rmon RMON: Extended RMON: [etherstats] index ----1 2 3 4 status -------------valid valid valid valid dataSource ----------------------------ifIndex.1 (gigabitethernet 18/1) ifIndex.2 (gigabitethernet 18/2) ifIndex.3 (gigabitethernet 18/3) ifIndex.4 (gigabitethernet 18/4) Enabled Extended RMON module is not present
[history] index ----1 [alarm] index ----[event] index ----10 . . #
status -------------valid
dataSource ----------------------------ifIndex.1 (Gi 1/1)
status --------------
sample -----------------------------
type --------------logandtrap
8-19
Configuring RMON
To display the detail information on an event group, enter the show rmon events command with the event number:
# show rmon events 10 Event 10 is valid, owned by 172.1.1.1 Description is Event to create log entry and SNMP notification Event firing causes log and trap to community public last fired 0days 00:00:00:00 #
To delete an event group, enter the no rmon event command in Global configuration mode:
(config)# no rmon event 10 (config)#
Configuring Alarm Groups

The RMON Alarm group allows you to set an alarm threshold and a sampling interval to enable the RMON agent to generate alarms on any network segment it monitors. Alarm thresholds can be based on absolute or delta values so that you can be notified of rapid spikes or drops in a monitored value. Each alarm is linked to an event in the event group. An event defines an action that will be triggered when the alarm threshold is exceeded. The alarm group periodically takes statistical samples from variables and compares them to previously configured thresholds. The Alarm Table stores configuration entries that define a variable, a polling period, and threshold parameters. If the RMON agent determines that a sample crosses the threshold values, it generates an event. You can specify rising or falling thresholds, indicating network faults such as slow throughput or other network-related performance problems. You specify rising thresholds when you want to be notified that an alarm has risen above the threshold you specified. You specify falling thresholds when you want to be notified that the network is behaving normally again. For example, you might specify a falling threshold of 30 collisions per second to indicate a return to acceptable behavior. When you configure an alarm condition, you must define the following values:
y y y The monitoring interval over which data is sampled. The variable to be sampled. Rising and falling thresholds used to detect when network trouble starts and when it ends.
8-20
R1P-VD User's Guide
Configuring RMON
y y
The event that takes place when a rising threshold is crossed. The event that takes place when a falling threshold is crossed.
An RMON event is the action that occurs when an associated RMON alarm is triggered. When an alarm event occurs, it can be configured to generate a log event, a trap to an SNMP network management station, or both. An RMON alarm allows you to monitor a MIB object for a desired transitory state. An alarm periodically takes samples of the object's value and compares them to the configured thresholds. RMON allows you to configure two types of sampling, absolute and delta: y Absolute sampling compares the sample value directly to the threshold. This sampling is similar to a gauge, recording values that go up or down. y Delta sampling subtracts the current sample value from the last sample taken, and then compares the difference to the threshold. This sampling is similar to a counter, recording a value that is constantly increasing. To set an RMON alarm, use the following commands in Global configuration mode:
Table 8-13 Configuring RMON alarm group
Command
Task
1. Set an alarm group. y <index>: Alarm number (1 ~ 65535) y <interval>: MIB object monitoring interval (1 ~ 2147483647 seconds) y <variable>: OID number of the MIB object to monitor y <type>: Value to monitor. Select one of the following values:
rmon alarm <index> <interval> {<type> <StatisticsIndex> |<variable>} {delta | absolute} {rising | falling | both} threshold <rising-threshold> <falling-threshold> event-index <risingevent-number> <falling-event-number> owner <alarm-owner>
- multicastPkts: The number of incoming multicast packets. - cRCAlignErrors: The number of incoming packets with CRC errors. - collisions: The number of times a collision occurs while the packet is received. - octets: The total number of incoming octets. - pkts: The total number of incoming packets. - broadcastPkts: The number of incoming broadcast packets - pkts256to511: The number of incoming packets 256 to 511 bytes in length. - pkts512to1023: The number of incoming packets 512 to 1023 bytes in length. - pkts1024to1518: The number of incoming packets 1024 to 1518 bytes in length. - pkts64: The number of incoming packets 64 bytes in length - pkts65to127: The number of incoming packets 65 to 127 bytes in length. - pkts128to255: The number of incoming packets 128 to 255 bytes in length.
y <StatisticsIndex>: The number of statistics group to get the selected value from <type>option (0 ~ 65535). y <variable>: OID number of the MIB object to monitor. y absolute: Option for testing each MIB variable directly.
8-21
Configuring RMON
y delta: Option for testing the change between MIB variables y rising: Option for triggering alarm when the monitored value exceeds the rising threshold y falling: Option for triggering alarm when the monitored value exceeds the falling threshold y both: Option for triggering alarm when the monitored value exceeds the rising or falling threshold.
(Continued) Command Task

y <rising-threshold>: Value at which the alarm is triggered (0 ~ 2147483647) y <falling-threshold>: Value at which the alarm is reset (0 ~ 2147483647) y <rising-event-number>: Event number to trigger when the rising threshold exceeds its limit. (0 ~ 65535) y <falling-event-number>: Event number to trigger when the falling threshold exceeds its limit. (0 ~ 65535) y owner <alarm-owner>: option for specifying an owner for the alarm. end show rmon 2. Return to Privileged mode. 3. Verify the configuration.
The following example shows how to configure RMON alarm group:

# configure terminal (config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index 1 1 owner aaa (config)#
Before configure RMON alarm group, you should verify that the statistics group (<StatisticsIndex>) is defined. If you specify undefined statistics group, the Can't fetch the MIB values message will be displayed:
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 eventindex 1 1 owner aaa Can't fetch the MIB values (config)#
Because the following uses show rmon instruction, is example that display RMON alarm group which compose.
# show rmon RMON:
Enabled
8-22
R1P-VD User's Guide
Configuring RMON
Extended RMON:
Extended RMON module is not present
[etherstats] index status dataSource ---------------------------------------------1 valid ifIndex.1 (gigabitethernet 18/1) 2 valid ifIndex.2 (gigabitethernet 18/2) 3 valid ifIndex.3 (gigabitethernet 18/3) 4 valid ifIndex.4 (gigabitethernet 18/4) [history] index ----1 [alarm] index ----1 [event] index ----10 . . #
status dataSource -----------------------------------------valid ifIndex.1 (Gi 1/1)
status sample -------------- ----------------------------valid etherStatsPkts.1
status type -------------- --------------valid logandtrap
To display the detail information on an alarm group, enter the show rmon alarm command with the alarm number:
# show rmon alarm 1
Alarm 1 is valid, owned by aaa Monitors iso.3.6.1.2.1.16.1.1.1.5.1 every 10 seconds Taking absolute samples, last value was 2 Rising threshold is 1000, assigned to event 1 Falling threshold is 100, assigned to event 1 On startup enable rising or falling alarm # To delete a RMON alarm group, enter the no rmon alarm command in Global configuration mode:
(config)# no rmon alarm 1 (config)#
8-23
Configuring RMON
Displaying RMON Information

To display the current RMON configuration, enter the show rmon command in Privileged mode. You can execute the show rmon command with the following options:
y y y y alarm events history etherstats Displays the RMON alarm table. Displays the RMON event table. Displays the RMON history table. Displays the RMON etherstats table.
If you do not specify any option, the contents of the RMON alarm table, event table, history table, and statistics
table are displayed. The following is a sample output of the show rmon command: # show rmon RMON: Extended RMON: Enabled Extended RMON module is not present
[etherstats] index status dataSource ---------------------------------------------1 valid ifIndex.1 (gigabitethernet 18/1) [history] index ----1 [alarm] index ----1 [event] index ----10 #
dataSource ----------------------------ifIndex.1 (Gi 1/1)
sample ----------------------------etherStatsPkts.1
type --------------logandtrap
The table below describes the fields in the show rmon command output:
8-24
R1P-VD User's Guide
Configuring RMON
Table 8-14 show rmon field descriptions
Field RMON Index etherstats Status dataSource Index history Status dataSource Index alarm Status Sample Index event Status Type
Description Running status of the RMON. Index of the RMON statistics entry into the statisticsTable. Status of the RMON statistics entry. Data source of the RMON statistics entry. Index of the RMON history entry into the historyTable. Status of the RMON history entry. Data source of the RMON history entry. Index of the RMON alarm entry into the alarmTable. The owner of the RMON alarm entry. Data source of the RMON alarm entry. Index of the RMON event entry into the eventTable. Status of the RMON event entry. Type of event.
8-25
SNMP and RMON Configuration Commands
SNMP and RMON Configuration Commands

The following table lists the commands for configuring SNMP and RMON on the Corecess R1P-VD series:
Table 8-15 SNMP & RMON Configuration Commands
Command show snmp-server show snmp-server community-list show snmp-server statistics show snmp-server traphost show snmp-server write-interval show rmon snmp-server community snmp-server contact snmp-server disable traps snmp-server enable traps snmp-server group access snmp-server host snmp-server location snmp-sever trap Displays SNMP parameters.
Function
Displays SNMP community configuration. Displays SNMP statistics. Displays the list of the trap receiver hosts. Save the system configuration automatically at least 24 hour intervals Displays the contents of the RMON alarm table, event table, history table, and statistics table. Configures the SNMP community strings. Specifies the system contact information. Disable a SNMP trap. Enables a SNMP trap. Limits hosts which can access to the system through SNMP based on the access list. Specifies hosts to receive SNMP notifications. Specifies the system location information. Specifies souce IP of a trap
8-26
R1P-VD User's Guide
Chapter 9
Configuring QoS
This chapter describes how to configure QoS (Quality of Service) on the Corecess R1P-VD Series. 9 QoS Overview 9 Configuring QoS 9-2 9-17
9 Configuring Non-Class-map QoS Features 9-31 9 Organizing Transmission Bandwidth Monitoring 9-38 9 QoS Configuration Commands 9-48
QoS Overview
QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess R1P-VD Series.
QoS (Quality of Service)

QoS can classify traffic into several levels and provide graded quality of service. QoS function can give high priority to traffic that should transmit important information or be processed in real-time, so high priority traffic is transmitted first, then low priority traffic is transmitted. It makes the limited network resource such as bandwidth use efficiently. QoS consists of the Classifier and the Traffic manager. The Classifier classifies traffic, and the Traffic Manager processes the classified traffic as follows:
Packet In
Classifier
Marker
Policer
Buffer Manager
Queue Scheduler
Packet Out
Traffic Manager
The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic manager marks the QoS level to the packet header or processes a packet that is in permitted bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or prefers which packet transmits first. The following section describes parameters to classify packets and how to classify packet.
9-2
R1P-VD User's Guide
QoS Overview
Classifier
Classification Standard
The classifier uses the following values to decide the packet level.
y Layer 1 : Number of Input/output port
The input/output ports in Layer 1 packet is a port that a packet is received and transmitted. It is also called as ingress/egress port.
y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number from zero to seven is stuffed in the three bit field.
y Layer 3 : Source/Destination IP Address, Protocol ID, TOS/DSCP Field
Protocol ID in the header of Layer 3 packet is a field that marks which packet of protocol is. The field is set by values that have been defined (TCP: 6, UDP: 17, ICMP:1, IGMP:2). The following values are set in the eight bit of TOS field - also called DSCP field - in the header of Layer 3 packet.
IP Type of Service (RFC 1349)
bits
IP DiffServ Code Point (RFC 2474)

7
bits
IP-Prec D
TOS T R C
MRZ
DSCP Class Selector
C U
- MRZ -C
: Must Be Zero : Minimize Cost
-D -R - CU
: Minimum Delay : Maximum Reliability : Currently Unused
- T : Maximum Throughput
Layer 4 : Source/Destination Port Number, TCP Flag
The port number in TCP/UDP header of Layer 4 packet notifies what the packet of application is. The classifier can classify the following types of category with the classification standard.
y Subscriber (packet sender) Classification: Who send the packet?
- Packet Classification using Input Port Number, Source MAC Address and Source IP Address
y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
Configuring QoS
9-3
QoS Overview
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address and TCP/UDP Port Number
y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port Number, Destination MAC Address and Destination IP Address
y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port Number, Destination MAC Address and Destination IP Address and TCP/UDP Port Number
y Class based Classification: QoS level is marked in the packet?
- Packet Classification using the value of the 802.1p field and IP TOS/DSCP/IP-Prec field
Classification Table
The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate) classifier that recognizes the packet decided QoS level. MF classifier uses the following table to decide QoS level and to recognize a QoS profile.
level Classification standard
Source Destination Source Destination Protocol TOS TCP/UDP TCP/UDP IP IP ID Port # Port #
Service Contents
Rule#
Input Output Source Destination 802.1P Port # Port # MAC MAC
VLAN ID
TCP Flag
QoS Profile
1 2 3 4 5 6 7 . . .
9-4
R1P-VD User's Guide
QoS Overview
A QoS profile has information what actions (marking, policing and assigning queue) should be done to the packet decided QoS level through classification standard. The traffic manager actually applies the actions to the packet.
BO
For example, the classification table is defined as follows. There is a packet that source IP address is 1.1.1.0/24, and destination IP address id 20.1.1.0/24. When the classifier receives the packet, the classifier recognizes that the packet matches rule number four, and applies the packet to be processed by the QoS profile.
1.1.1.0/24 20.1.1.0/24 HQ HTTP Packet
Rule#
Input Output Port # Port #
Source MAC
Destination 802.1P MAC
VLAN ID
Source IP
Destination IP
Source Destination Protocol TCP TOS TCP/UDP TCP/UDP ID Flag Port # Port #
QoS Profile
1 2 3 4 5 6 * * * * 0x0800 * 1.1.1.0/24 20.1.1.0/24 6 * * 80 *
The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of 802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following field values are defined. One of the profiles is applied to the packet by the field values.
802.1p Table
802.1p Field Value QoS Profile
TOS/DSCP/IP-Prec Table
ToS Field Value QoS Profile
0 1 2 3 4 5 6 7
0 1 2 3 4 5 255
The following section describes the traffic manager.
Configuring QoS
9-5
QoS Overview
Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the value decided by the classifier or be changed by QoS profiles. It is called remarking that the first decided level is changed and marked by QoS profiles.
Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged bandwidth. Policer consists of metering and action block. Metering measures traffic flow rate and compares the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action block. Action block decide how to process traffic depending on the result. There are three methods to process the result as follows:
y y y Pass: transmits packets without the result. Drop: Discard packets which exceed bandwidth. Mark: Remark packets which exceed bandwidth.
Policer Variables
To use Policer function, you should understand the following variables.
y CIR (Committed Information Rate) Engaged Bandwidth. It is also called Average rate or Guaranteed rate. y PIR (Peak Information Rate) Maximum bandwidth y CBS (Committed Burst Size) Packet size that can be received for one time. It is also called Average burst size. y PBS (Peak Burst Size) Maximum packet size that can be received for one time y EBS (Excessive Burst Size) Gap between received packet size and CBS
9-6
R1P-VD User's Guide
QoS Overview
The following graph shows the variables.

Information Rate(bps) Burst Size (Bytes)
EBS
CI R
PIR
PBS
CBS
time
Token Bucket
There are several implementation of policer function, and the typical implementation is the token bucket. The token bucket contains tokens, each of which can represent a unit of bytes. Token is filled up in the token bucket for a certain rate. When packets are arrived, the same amount of tokens is removed from the token bucket.
Packet
The same amount of tokens is removed from the bucket.
Bucket Size
Token Bucket
Token Rate Token
The variables of policer can be substituted for the element of token bucket as follows:
y y CIR : Token Rate CBS : Bucket Size
Configuring QoS
9-7
QoS Overview
If tokens are full in the token bucket, no token is provided. When packets are received, the same amount of token are removed. If the number of tokens is less than size of a packet, the packet is specified as non-conforming packet. And, if the number of tokens is more than size of a packet or is the same as the size of packet, the packet is specified as conforming packet. The packet specified as non-conforming packet is processed by QoS profile of the packet. There are two method of token bucket - single token bucket, dual token bucket. Single token method uses only one bucket, and dual token method uses two bucket. In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally becomes the nonconforming packet. If a packet that is specified as conforming in the first bucket becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming packet. Dual token bucket method can control the packet with detailed classification above. The following graph shows the dual token bucket method.
Bucket Size = PBS
Bucket Size = CBS
Token Rate = PIR
Token Rate = CIR
9-8
R1P-VD User's Guide
QoS Overview
Queue Scheduler
The output port is generally slower than the input port because the output port transmits packets that are received from the several input ports. In the output port, at least one queue is assigned, and packets that have to be processed by the output port are saved. When saved packets in a queue are more than bandwidth that can transmit packets - it means congestion, what packets are transmitted first should be defined in the output port. This is called queue scheduling. There are various queues scheduling method, and the following methods are generally used.
y y y y Strict Priority Queuing WRR (Weight Round Robin) WFQ (Weight Fair Queuing) DWRR (Deficit Weight Round Robin)
SPQ (Strict Priority Queuing)

In this method, each queue has assigned priorities (high, medium, low), and packets in the high priority queue are transmitted first. After packets in the high priority are transmitted completely, packets in the next priority queue are transmitted.
[Q1] Priority: High
200B 300B 400B
100B 300B
[Q2] Priority: Medium

400B 500B 500B 400B 300B 600B 400B
Output Port
500B 500B 200B 300B 400B
100B 300B
[Q3] Priority: Low

400B 300B 600B
SPQ Scheduler
This method is easy to implement, but if there are plenty of packets that flows into the high priority queue, packets in the low priority queue can not be transmitted at all. This is called starvation.
Configuring QoS
9-9
QoS Overview
WRR (Weight Round Robin)

WRR method processed every queue in sequence to remove starvation that happens in SPQ (Strict Priority Queuing). The packet size that process packets each time can be set for each queue instead. A value, called weight, is used to set the packet size. The weight represents the ratio of packets that is serviced through the queues.
[Q1] Weight: 2
200B 300B 400B
100B 300B
[Q2] Weight: 1
400B 500B 500B
Output Port
[Q3] Weight: 1
400B 300B 600B
WRR Scheduler
If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It means that two packets are transmitted through the first queue (Q1), and a packet is transmitted through the second queue (Q2), then a packet is transmitted through the third queue (Q3). WRR method can specify priority to each queue and prohibit starvation as above. The disadvantage of WRR is not useful in IP network that packet size is variable because weight is ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is 1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but the 1500byte data packet can be sent through the low weight queue.
9-10
R1P-VD User's Guide
QoS Overview
WFQ (Weight Fair Queuing)

WFQ method divides whole packet in queue into bit unit to solve the problem of WRR and transmits the bits at weight ratio of queues, then reassembles the bits.
[Q1] Weight: 2
Packet Segmentation
200B 300B 400B
100B 300B
1 bit
Last bit of 400B Pkt Last bit of 400B Pkt Last bit of 500B Pkt Last bit of 300B Pkt Last bit of 600B Pkt Last bit of 500B Pkt
[Q2] Weight: 1
400B 500B 500B
Packet Reassembler
[Q3] Weight: 1
400B 300B 600B
Bit-by-Bit WRR Scheduler
Bit-by-Bit Service Ratio Last bit of = Q1:Q2:Q3 = 2:1:1 200B Pkt
Last bit of 300B Pkt
Last bit of 400B Pkt
Last bit of 300B Pkt Last bit of 100B Pkt
400B
400B
500B
300B
200B
600B
300B
500B
400B
100B 300B
Output Port
This method can transmit packets without the packet size at the ratio that is specified in the queue, but it is complicated to implement.
DWRR (Deficit Weight Round Robin)

DWRR method enhances disadvantage of WRR and WFQ. DWRR defines weight, quantum and deficit counter to each queue. Quantum is the maximum packet size that is processed by weight ratio. Deficit counter is set to 0 by default. Deficit counter is merged with quantum when data of a queue is serviced. The packet of queue can be serviced up to deficit counter. After the packet is serviced, deficit counter is decreased to the packet size. For example, there is a queue that quantum value is 1000bytes. If 500byte packet, 300byte packet, and 300byte packet are in a queue, only 500byte packet and 300byte packet can be processed because the queue can process up to 1000bytes. Then, deficit counter becomes 200. After other queues process their packet, the queue become in the order. The deficit counter value becomes 1200, and the queue can process up to 1200byte. Deficit counter memorizes the size of packet that was not transmitted as the ratio of weight, and transmits the packet next time. Lets look at the operation principal of DWRR. There are three queues in an output port as below. In each queue, 2:1:1 of weight is assigned. The quantum values of each queue are set as 1000byte, 500byte and 500byte. The deficit counter values are set as 0 (Picture 1).
Configuring QoS
9-11
QoS Overview
[Q1] Weight: 2 Quantum=1000, DeficiCounter=0B 200B 300B 400B

100B 300B
[Q1] Weight: 2 Quantum=1000, DeficiCounter=200B 200B 300B
1000B - 300B - 100B - 400B
[Q2] Weight: 1 Quantum=500, DeficitCounter=0B 400B 500B 500B
Output Port
Output Port 400B

100B 300B
DWRR Scheduler
DWRR Scheduler
[Picture 1]
[Picture 2]
The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes 1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the transmission, the deficit counter value becomes 200 (Picture 2). The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter value becomes 0. The next time the number 3 of queue should be processed, but the first packet in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case, deficit counter is not changed, and no packet is transmitted. The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be transmitted, then deficit counter becomes 700 (Picture 3).
[Q1] Weight: 2 Quantum=1000, DeficiCounter=700B
1200B - 300B - 200B
[Q1] Weight: 2 Quantum=1000, DeficiCounter=0B
[Q2] Weight: 1 Quantum=500, DeficitCounter=0B 400B 500B
Output Port 200B 300B
[Q2] Weight: 1 Quantum=500, DeficitCounter=0B 400B [Q3] Weight: 1 Quantum=500, DeficitCounter=100B 400B
Output Port 300B 600B
DWRR Scheduler
DWRR Scheduler 1000B - 600B - 300B
[Picture 3]
[Picture 4]
There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2 of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets previous time, the
9-12
R1P-VD User's Guide
QoS Overview
deficit count becomes 1000byte, and 600byte and 300byte packet are transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of packets are processed as above.
Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted.
Bandwidth(bps) Bandwidth(bps)
Offered Traffic
Buffered
Target Traffic Rate time
Rate Shaped Traffic time
This method is more flexible than policing, but is not useful in real-time traffic such as voice traffic because transfer delay occurs.
WC Scheduler and NWC Scheduler

WC (Work Conserving) scheduler can use whole bandwidth of output port until congestion occurs. SPQ, WRR, DWRR and WFQ are WC method. On the other hand, even if there is no congestion, NWC (Non Work Conserving) scheduler does not service more than bandwidth that is assigned queue. Shaping is this method.
Configuring QoS
9-13
QoS Overview
Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow into the queue, the packets are discarded as a particular rule. Buffer manager is the function that discards received packets selectively to solve the congestion of the queue. This section introduces that buffer manager methods.
Tail Drop
In Tail drop method, if there is no space to store packets, packets that arrived after full of the queue are discarded. The ratio that packets are discarded is 1 when the amount of packet in the queue becomes the size of the queue (Max Size) as the right graph. Retransmission requests are sent to senders continuously because packets are discarded after the queue is full. The host that received retransmission requests considers that of whole network is slower. This problem is called TCP global synchronization.
0 Max Size Queue Size 1 Drop Probability
the link is not stable and makes transmission speed slow. If this situation occurs repetitively, the speed
9-14
R1P-VD User's Guide
QoS Overview
QoS on the Corecess R1P-VD Series

This section describes QoS features supported by the Corecess R1P-VD Series. The following figure shows QoS structure on the Corecess R1P-VD Series:
Q0 Q1
. .
Output port #1
TC #1 TC #1 TC #1
Classifier
Input port #1 match match match . . . . . .
Q6 Q7
. .
.
. .
. . .
Input port #n
Q0 Q1
. .
Output port #n
TC #216 TC #217 TC #218
Q6 Q7
The Corecess R1P-VD Series classifies the packets from ingress (incoming) port according to the criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.
Packet Classification
Packet classification partitions traffic into multiple priority levels, or classes of service. The Corecess R1P-VD Series uses the values in the following fields of the layer 1 ~ layer 4 IP packet header as a criterion to classify packets:
y y y y Layer 1: Layer 2: Layer 3: Layer 4: Input/output port number Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID Source/destination IP address, protocol ID, TOS/IP Precedence/DSCP filed Input/output port number, TCP flag
Configuring QoS
9-15
QoS Overview
Marking & Remarking

Marking is a way to identify packet flows to differentiate them. Packet marking allows you to partition your network into multiple priority levels or classes of service. The Corecess R1P-VD Series supports marking based on the following bits in the CoS (Class of Service) filed for the packet:
y y y DSCP value CoS value VLAN priority
Policing
The Corecess R1P-VD Series supports Policing. Policing is the process by which the system limits the bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic flow by using a policy map or limit the full bandwidth of a port.
Transmit Queue
The Corecess R1P-VD Series provides eight transmit queues for each engress port. These transmit queues are scheduled by the Strict Priority Queueing (SPQ) mechanism. You can use the following value to determine queue priority:
y
Users priority (The value that is set by using the priority command in Policy-map class configuration
mode)
y y y
DSCP CoS VLAN priority
When the transmit queue is full, frames at the end of the queue are dropped (tail drop).
9-16
R1P-VD User's Guide
Configuring QoS
Configuring QoS
This section describes how to configure QoS on the Corecess R1P-VD Series.
Configuring QoS Service Policy

A QoS service policy consists of a classification policy and QoS policies that are applied to a particular interface. The Corecess R1P-VD Series supports the use of class maps and policy maps to create or modify a QoS service policy. The following diagram shows steps for configuring QoS service policy:
Defining Class Map
A class map consists of criteria for classifying traffic into several classes. The first task for configuring QoS service policy is defining class maps.
Defining Policy Map
A policy map consists of classes which have actions to apply to the traffic class. The second step for configuring QoS service policy is defining policy maps.
Configuring Policy Map Class
A policy map class consists of actions to apply to the specified class of traffic (bandwidth priority, filtering, rate limiting). The third step for configuring QoS service policy is configuring policy map class.
Applying Service Policy
A service policy consists of a policy-map and ingress/egress ports which the policy map will be applied to. The last step of configuring the QoS Service policy is defining service policies.
The sections which describe how to configure each step follow.
Configuring QoS
9-17
Configuring QoS
Configuring a Class Map

A class-map is a mechanism that you use to name and to isolate a specific traffic flow (or class) from all other traffic. The class-map defines the criteria used to match against a specific traffic flow to further classify it. If you have more than one type of traffic that you want to classify, you can create another class-map and use a different name. After a packet is matched against the class-map criteria, you further classify it through the use of a policy-map. You can classify packets and assign them to specific queues based on the following criteria:
Table 9-1 Criteria for packet classification
Criterion cos dsap dscp tos ip-prec ip-sa ip-da mac-sa mac-da tcp-dpn tcp-flag tcp-spn udp-spn udp-dpn ether-type input-port output-port protocol vlan-sid vlan-did
Description The CoS (Class of Service) value The DSaP (Destination Service Access Point) value The DSCP (DiffServe Code Point) value The ToS (Type of Service) value The IP precedence value The source IP address The destination IP address The source MAC address The destination MAC address The destination TCP port number The TCP flag value The source TCP port number The source UDP port number The destination UDP port number The Ethernet Type filed value The input port number The output port number The L4 Protocol field value The VLAN ID that the input port belongs to. The VLAN ID that the output port belongs to. 0 ~ 255 1 ~ 4094 1 ~ 4094 0~7 0 ~ 255 0 ~ 63 0~7 0~7
Value
0 ~ 65535
0 ~ 65535 0 ~ 65535 0 ~ 65535 0 ~ 65535
CoS field can not be included with DSCP or IP precedence in the same class-map. To make the CoS field available, enable IEEE 802.1p using 802.1p classification enable command. If IEEE 802.1p is enabled, DSCP and IP precedence criteria in class-maps are not available. To use the DSCP or
9-18
R1P-VD User's Guide
Configuring QoS
IP precedence instead of CoS, disable the IEEE 802.1p using 802.1p classification disable command. By default, IEEE 802.1p is disabled. After creating class-maps, system checks the inbound or outbound packets by the criteria in class-maps. QoS actions defined in the policy-map for the class will be applied to the classified packets into classes. You can create a class-map by using the class-map command in QoS configuration mode. When you enter the class-map command, the Corecess R1P-VD Series enters the class-map configuration mode. In this mode, the match criterion is defined for the traffic by using the match command. To create a class-map and add the criteria to the class-map, use the following command in the Privileged mode: To create a class map and specify the way in which the Corecess R1P-VD Series should classify traffic, enter the following commands in Global configuration mode:
Table 9-2 Creating a class map
Command qos
Task 1. Enter QoS configuration mode. 2. (Optional) Enables IEEE 802.1p. If IEEE 802.1p is enabled, CoS field is available for the criterion of the class-map. If IEEE 802.1p is disabled (default setting), IP precedence and DSCP fields become available instead of CoS field. 3. Create a class map and enters class-map configuration mode. y<class-map-name>: Class map name. 4. Setting the classification standards. y <cos-value> Class of Service value of the packet y <dsap-value> Destination Service Access Point value of the packet y <dscp-value> DiffServe Code Point value of the packet y <ether-type> Ethernet Type value of the packet y <port-type> Type of port (fast ethernet, gigabit ethernet) y <slot>/<port> slot number of the port (1~4)/port number (1~8) y <dest-ip> destination network address of the packet y <sour-ip> source network address of the packet y <wildcard> <dest-ip>/<sour-ip> wildcard bit to be applied to the item
8021p classification enable
class-map <class-map-name> match cos <cos-value> match dsap <dsap-value> match dscp <dscp-value> match ether-type <ether-type> match input-port <port-type> <slot>/<port> match ip-da <dest-ip> <mask> match ip-prec <ip-prec-value> match ip-sa <sour-ip> <wildcard> match mac-da <dest-mac> match mac-sa <sour-mac> match output-port <port-type> <slot>/<port> match protocol <protocol-id> match tcp-dpn <tcp-port-num>
Configuring QoS
9-19
Configuring QoS
Command match match match match match match tcp-flag <flag-num> tcp-spn <tcp-port-num> udp-dpn <udp-port-num> ucp-spn <udp-port-num> vlan-did <vlan-id> vlan-sid <vlan-id>
Task y <ip-prec-value> IP precedence value of the packet y <dest-mac> destination MAC address of the packet y <sour-mac> source MAC address of the packet y <protocol-id> L4 Protocol field value of the packet y <tcp-port-num> TCP port number of the packet y <udp-port-num> UDP port number of the packet y <flag-num> TCP flag value of the packet y <vlan-id> VLAN ID of packet (1 ~ 4094) 5. Return to the Privileged mode. 6. Verify the class map configuration. y <class-map-name>: Class map name. 7. Save the configuration changes.
end show classmap <class-map-name> write memory
Note: If the 8021p classification enable command is executed while match dscp or match ipprec conditions are present in the class map applied to the system, the system will treat it as a command recognizing CoS fields instead of DSCP or IP precedence fields. Likewise, in the basic state or after executing the 8021p classification disable command, the match cos command in the class map will be treated as a command comparing DSCP and IP precedence value, which can bring about a result that the user could have never anticipated. In order to prevent such risk, be careful to use only DSCP(or IP precedence) or only CoS in all class maps that apply to the system.
The following example shows how to create a class map and define a classification criterion by using the source IP address:
(config)# qos (config-qos)# class-map class1 (config-cmap)# match ip-sa 172.27.2.16 0.0.255.255 (config-cmap)# end # show classmap ClassMap -------------------------------------------------Name Match Content Total Entries = 1 # write memory Building Configuration... [OK] : class1 : ip-sa 172.27.2.16/0.0.255.255
9-20
R1P-VD User's Guide
Configuring QoS
The following example shows how to create a class map and define the criteria by using the destination IP address and the destination TCP port number:
(config)# qos (config-qos)# class-map class2
(config-cmap)# match ip-da 10.10.10.1 0.0.0.255

(config-cmap)# match tcp-dpn 25 (config-cmap)# end # show classmap class2 ClassMap -------------------------------------------------Name Match Content : ip-da : class2 10.10.10.1/0.0.0.255 : tcp-dpn Total Entries = 2 # write memory Building Configuration... [OK] 25
To delete a class-map, use the no class-map <class-map-name> command in the QoS configuration mode. To remove a criterion from a class-map, use no match command in the classmap configuration mode.
Configuring QoS
9-21
Configuring QoS
Configuring a Policy Map

A policy-map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class; or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Before a policy-map can be effective, you must attach it to an interface through defining a service policy. Multiple policy-maps can be attach to an interface and each policy-map should be applied to different traffic class. The followings are QoS actions which can be included in a policy-map: y filter: Action for deciding whether the traffic is discarded or forwarded. y mark: Action for configuring the values to be set in the DSCP, IP precedence, ToS, or 802.1P field of the packets which belong to the traffic class. y police: Action for configuring the rate-limiting feature. y priority: Action for configuring the priority(high or low) of the traffic. The priority is used for selecting the traffic to be discarded when the system congestion. y bandwidth: Action for configuring the minimum transmission bandwidth for the traffic class. y weight: Action for configuring the ration of the minimum transmission bandwidth for the traffic class. To apply multiple QoS actions to a traffic class, multiple QoS actions can be included in a policy-map.
9-22
R1P-VD User's Guide
Configuring QoS
Creating a Policy-map
To create a policy-map and configure QoS actions for a traffic class, perform this task in the Global configuration mode:
Table 9-3 Creating a policy map
Command qos 1.
Task Enter QoS configuration mode.
policy-map <policy-map-name>
2. Create a policy map and enter the policy-map configuration mode. <policy-map-name>: Name of a y policy map to define. 3. Specify the class to which the policy map applies and enter the policy-map-class configuration mode. <class-name>: The name of the class to which y the policy map applies.
class <class-name> mark {cos|dscp|ip-prec} <value> filter {deny|permit|to-proc} bandwidth <bandwidth> weight <percentage> priority <value> rate-limit rate <target-rate> tcflow monitoring end show policymap write memory
4. Configures Qos actions for the class. Refer to the following sections for configuring QoS actions in the policy-map class configuration mode.
5. Return to the Privileged mode. 6. Verify the policy map configuration. 7. Save the configuration changes.
The sections which describes how to add the QoS actions in the Step 4 and how to verify the policy map configuration in Step 5 will follow. The following example shows how to create a policy map and specify a class map to which the policy map applies:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class1 (config-pmap-c)# priority 7 (config-pmap-c)# end # show policymap policy1 PolicyMap -------------------------------------------------Name : policy1 Linked ClassMap : class1
Configuring QoS
9-23
Configuring QoS
Policy #
: priority 7
Configuring Policy-Map Class Remarking (CoS, IP Precedence, or DSCP)

The QoS fields such as the Layer 2 CoS (802.1p field) or Layer 3 IP precedence, ToS, or DSCP fields are used for classifying the traffic class. Depending on the network state or QoS policy, user can set these fields to the specified values which can change the priority of traffic. To set the QoS fields of packets, which belong to the policy-map class to the specified values, perform this task in the Global configuration mode.
Table 9-4 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map
Command
Task Specify the value and type of the field to change. <value>: Specify the value of the CoS field (0 ~ 7). y cos <value>: Specify the value of the DSCP field. (0 ~ 64). y dscp <value>: Specify the value of the IP precedence field(0 ~ y ip-prec 7).
mark {cos | dscp | ip-prec} <value>
Note: If CoS field does marking, ToS field is changed together.
This example configure remarking feature to set the CoS field to 7 of the traffic class class1 in the policy map policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class1 (config-pmap-c)# mark cos 7 (config-pmap-c)#
9-24
R1P-VD User's Guide
Configuring QoS
Configuring Packet Filtering

In a policy-map, you can add criteria for filtering a traffic class or forwarding it to the internal system processor. To add a criterion for deciding whether filtering packets or forwarding, perform this task in the Global configuration mode.
Table 9-5 Configuring packet filtering of a traffic class in a policy map
Command filter {deny|
Task Select the filtering method of the traffic class. y deny: Discard the traffic. y permit: Forward the traffic. y to-proc: Send the traffic to the CPU.
permit|to-proc}
This example configure to discard the traffic class class2 in the policy map policy1:
(config)# qos
(config-qos)# policy-map policy1 (config-pmap)# class class2 (config-pmap-c)# filter deny

(config-pmap-c)#
Configuring QoS
9-25
Configuring QoS
Configuring Minimum Transmission Bandwidth

The Corecess R1P-VD Series can specify the minimum transmission bandwidth which should be guaranteed for a specific traffic class when congestion occurs. You can set this minimum transmission bandwidth to either speed or ratio. Beyond the guaranteed bandwidth, the traffic will be dropped in the event of congestion. To configure the minimum transmission bandwidth for a traffic class in a policy-map, perform this task in the Global configuration mode.
Table 9-6 Configuring a transmission queue for a traffic class
Command bandwidth <bandwidth>
Task Specifies minimum bandwidth guarantee, in Kbps, for the traffic class. y <bandwidth>: The minimum bandwidth (0 ~ 100000Kbps). Specify the bandwidth ratio of the transmission queue for the traffic class. y <percentage> : Percentage of available bandwidth to be assigned to the class (0 ~ 100)
weight <percentage>
Both bandwidth and weight cannot be applied together. You can set only one command between bandwidth command and weight command. This example configures the bandwidth of the transmission queue for the traffic class class1 in the policy map class policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class1 (config-pmap-c)# bandwidth 10000 rate is adjusted to 9984 kbps (config-pmap-c)#
This example designates 25% for the bandwidth ratio of the transmission queue for the traffic class class2 in the policy map class policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class2 (config-pmap-c)# weight 25 (config-pmap-c)#
9-26
R1P-VD User's Guide
Configuring QoS
Configuring Policy-Map Class Priority

The priority command in the policy-map configuration mode can assign the user-defined priority to a traffic class. This user-defined priority is used for selecting one of eight transmission queues in an output port for buffering packets. It is also used as the value for CoS field. By default, a transmission queue is select by this user-defined priority. However, you can use the CoS, DSCP, or VLAN ID when selecting a transmission queue. To do this, use the queue-precedence command in the QoS configuration mode. The following is a procedure for specifying the user-defined priority for a traffic class:
Table 9-7 Specifying a priority of a traffic class in a policy map
Command priority <value>
Task Gives priority to a class of traffic belonging to a policy-map. y <value>: Priority (0 ~ 7). 0 is the highest priority queue and 7 is the lowest priority queue.
This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map policy1:
(config)# qos
(config-qos)# policy-map policy1 (config-pmap)# class class4 (config-pmap-c)# priority 7

(config-pmap-c)#
Configuring QoS
9-27
Configuring QoS
Configuring Policy-Map Class Policing (Rate-Limiting)

In a policy map, you can configure the rate limiting feature which discards the packets that exceed the bandwidth limits. Rate limiting is the process by limiting the bandwidth consumed by a flow of traffic. After a packet is classified, the rate limiting process can begin. The rate limiting involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are dropped. To configure the rate limiting feature in a policy map, perform this task in the Global configuration mode:
Table 9-8 Configuring rate-limint of a traffic class in a policy map
Command
Task 4. Specifies the limited rate to be applied to traffic of the class in the specific policy-map y <target-rate>: Average rate to be applied to the traffic which meets the condition of the class(0 ~ 1000000Kbps). The value must be in increments of 64 kbps.
rate-limit rate
<target-rate>
Note : Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit commandin the QoS configuration mode sepcifies the target bandwdith to be applied to both incoming and outgoing traffic through a port. How to configure policing for a port will be described later in this chapter.
This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in the policy map policy1:
(config)# qos
(config-qos)# policy-map policy1 (config-pmap)# class class5 (config-pmap-c)# rate-limit rate 640
(config-pmap-c)#
9-28
R1P-VD User's Guide
Configuring QoS
Configuring Service Policy

The service policy is a process of mapping the policy maps and physical ports. After configuring policy maps and QoS actions for the policy-map classes, attach the policy maps to the physical input/output ports to apply the QoS action. By default, the Corecess R1P-VD Series can apply the QoS policy to both inbound and outbound traffic on all interfaces. You can attach a single policy map to one or more ports to specify the service policy for those ports. The class policies comprising the policy map are then applied to packets that satisfy the class map match criteria for the class. To apply a policy map to the ports, enter the following command in the Global configuration mode:
Table 9-9 Applying QoS service policy
Command qos service-policy <service-name> policy-map <policy-map-name> [input-port <port-type> <slot>/<port>] [output-port <port-type> <slot>/<port>] end show service-policy [<service-name>]
Task 1. Enter the QoS configuration mode. 2. Attach a policy map to an input port or an output port, to be used as the service policy for that port. y <service-name>: Name of the service map. y <policy-map-name>: Name of the policy map to be applied. y input-port: Attach the policy map to input traffic. y output-port: Attach the policy map to output traffic. y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number(1~8) and port number (1~4) of the port. 3. Return to the Privileged mode. 4. Verify the service policy configuration. y <service-name>: Name of the service map.
Note: The port assigned when defining service policy is the aggregated ID. In other words, if port number 1/1 and port number 1/2 are tied to LACP, QoS rules can be applied to port number 1/1, the main of these two ports (aggreated ID), but they cannot be applied to port number 1/2. Of course, the rules applied to port number 1/1 can also be applied to port number 1/2. Moreover, the QoS rules that applied to the port before grouping with LACP are no longer valid afterwards. However, the moment it is released from LACP the former QoS rules apply. Please refer to Chapter 14 Setting Up Port Tracking (LACP) in this manual for more detailed information on LACP
Configuring QoS
9-29
Configuring QoS
This example applies the policy map named policy1 to the Gigabit Ethernet port 1/2 and verifies the configuration:
(config)# qos (config-qos)# service-policy service1 policy-map policy1 input-port gigabitethernet 1/2 output-port gigabitethernet 1/2 (config-qos)# end # show service-policy ServicePolicy -------------------------------------------------Name Linked PolicyMap Port(In ) Port(Out) Total Entries = 1 # : 1/2 : 1/2 : service1 : policy1
9-30
R1P-VD User's Guide
Configuring Non-Class-map QoS Features

The previous sections describe QoS features for the traffics classified by class maps(classifiers). The Corecess R1P-VD Series has QoS features which can be applied without classifiers. This section describes how to configure these non-class-map QoS features.
Configuring CoS (Class of Service)

QoS classifies traffic by assigning priority-indexed 802.1p class of service (CoS) values to frames at ingress ports. If traffic is tagged with a CoS value at the ingress port, the switch forwards the value. If traffic is native, then the switch can rewrite the CoS tag. QoS implements scheduling on supported egress ports based on the 802.1p CoS values to give preference to higher-priority traffic. By default, 802.1p CoS is disabled on the Corecess R1P-VD Series. When the 802.1p CoS is disabled, the IP precedence and DSCP values are used for QoS. To enable the 802.1p CoS and assign the priority to a interface for 802.1p class of service, perform this task in the Global configuration mode:
Table 9-10 Configuring CoS value
Command qos 8021p enable 8021p user-priority <priority> vlan <vlan-id> [port <port-type> <slot>/<port>] 8021p enable end show user-priority 1. Enter QoS configuration mode.
Task
2. If necessary, enable 802.1p class of service on the system. 3. Assigns the priority to the specific VLAN interface. y <priority>: The priority (0 ~ 7) y <vlan-id>: VLAN ID (1 ~ 4094) y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number and port number of the port. 4. Apply the configuration of step 2 to the system. After this command is executed, the priority is applied. 5. Return to the privileged mode. 6. Verify the assigned CoS value.
Note: If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.
The following example shows how to assign a priority of 6 to the Gigabit Ethernet port 1/1 which belongs to the default VLAN:
Configuring QoS
9-31
(config)# qos (config-qos)# 8021p user-priority 6 vlan 1 port gigiabitethernet 1/1 (config-qos)# 8021p enable (config-qos)# end # show user-priority Default User Priority -------------------------------------------------Entry[ 1] Vlan Priority Port # : : : 1 6 1/1
9-32
R1P-VD User's Guide
Configuring Rate Limiting on a Port

Rate limiting can be applied to individual port. This feature allows you to control the maximum bandwidth of traffic transmitted or received on a port. The packets that exceed the bandwidth limits are discarded. Enter the following command in Global configuration mode to configure rate limiting on a specific port:
Table 9-11 Configuring rate limiting on a port
Command qos rate-limit input-port <port-type> <slot>/<port> [output-port <porttype> <slot>/<port>] rate <target-rate> end show rate-limit 1. Enter QoS configuration mode.
Task
2. Configure the maximum bandwidth of a specific port. y input-port: Applies rate limiting on an input port. y output-port: Applies rate limiting on a output port. y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number and port number of the port. y <rate>: The maximum bandwidth (0 ~ 1000000Kbps, in 64Kbps step). 3. Return to Privileged mode. 4. Verify the configuration.
The following example shows how to configure input rate limiting for the class:
(config)# qos (config-qos)# rate-limit input-port fastethernet 2/1 output-port fastethernet 2/1 rate 24000 (config-qos)# end # show rate-limit RateLimit -------------------------------------------------Rate Port(In ) Port(Out) Total Entries = 1 # : 24000 : 2/1 : 2/1
Configuring QoS
9-33
Specifying Precedence of Values for CoS Field

You can specify the precedence of the values which can be filled with the CoS field of the packet when the packet is transmitted through the port. The available values for the CoS field are as follows.
y y y tos: Value of ToS field (IP-precedence or DSCP) user: User-defined priority (default) valn: Destination VLAN priority
To configure the precedence of the values for the CoS field of the outgoing packet, perform the following task in the Global configuration mode:
Table 9-12 Configring the precedence of values for CoS field
Command
qos 8021p-precedence <value1> <value2> <value3> end show 8021p-precedence
Task
1. Enter QoS configuration mode. 2. Input the values (tos, user, vlan) in the order of high priority. y <value1>: Specify the highest priority value to be used in CoS field. y <value2>: Specify the second-highest priority value. This value is used when the <vlaue1> can not be used. y <value3>: Specify the third-highest priority value. This value is used when the <vlaue1> and <vlaue2> can not be used. 3. Return to Privileged mode. 4. Verify the configuration.
The following example shows how to configure the precedence of the values for the CoS field to the order of VLAN priority Tos CoS:
(config)# qos (config-qos)# 8021p-precedence vlan tos user (config-qos)# end # show 8021p-precedence 8021p precedence odering vlan tos user #
9-34
R1P-VD User's Guide
Specifying Priority for a Transmission Queue

The transmission queue for a packet is selected from eight transmission queues in a port according to priority of the packet. By default, the packet priority for choosing a transmission queue is the userdefined priority. However, CoS, IP precedence, DSCP, or VLAN priority can be used as the packet priority.
y y y y
class : Priority order of class tos user vlan : Value of ToS field (IP-precedence or DSCP) : User-defined priority order (default value) : Transmission area VLAN priority order
The following is a procedure for specifying a value used as the packet priority for choosing a packet transmission queue:
Table 9-13 Specifying priority for transmission queue
Command
qos
Task
1. Enter QoS configuration mode. 2. Input the values (tos, user, vlan, or class) in the order of high priority. y <value1>: Specify the highest priority value. y <value2>: Specify the second-highest priority value. This value is used when the <vlaue1> can not be used. y <value3>: Specify the third-highest priority value. This value is used when the <vlaue1> and <vlaue2> can not be used. y <value4>: Specify the lowest priority value. This value is used when the <vlaue1>, <vlaue2>, and <vlaue3> can not be used. 3. Return to Privileged mode. 4. Verify the configuration.
queue-precedence <value1> <value2> <value3> <value4>
end show queue-precedence
The following example shows how to configure the precedence of the values used for transmission queue priority to the order of VLAN priority Users priority Class ToS:
(config)# qos (config-qos)# queue-precedence vlan user class tos (config-qos)# end # show queue-precedence queue precedence odering vlan user class tos #
Configuring QoS
9-35
Configuring Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted. To configure shaping in the Corecess R1P-VD Series, use following commands.
Table 9-14 Configuring Shaping
Command
qos shaping output-port <port-type> <slot>/<port> rate <target-rate> end show shaping
Task
1. Enter QoS configuration mode. 2. Configure shaping for traffic that transmits through the specified output port. y<port-type> Port type (fastethernet, gigabitethernet) y <slot>/<port> Slot number and port number y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step) 3. Return to Privileged mode. 4. Verify shaping configuration.
The following example shows how to configure shaping for the traffic that is transmitted through the Gigabit Ethernet port 1/1.
(config-qos)# shaping output-port gigabitethernet 1/1 rate 128000 (config-qos)# end # show shaping Shaping -------------------------------------------------Shaping Port(In ) Port(Out) Total Entries = 1 # : 128000 : : 1/1
9-36
R1P-VD User's Guide
Configuring Broadcast Suppression

Broadcast suppression prevents LAN interfaces from being disrupted by a broadcast storm. A broadcast storm occurs when broadcast or multicast packets flood the subnet, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm. Broadcast suppression uses filtering that measures broadcast activity in a subnet over a 1-second interval and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration the interval. Broadcast suppression is disabled by default. To enable broadcast suppression, enter the broadcaststorm-control command in QoS configuration mode:
Table 9-15 Configuring broadcast suppression
Command qos broadcast-storm-control [port <port-type> <slot>/<port> | vlan id <vlan-id>] pps <packet-number> end show running-config 1. Enter QoS configuration mode.
Task
2. Enables broadcast suppression on a VLAN interface. y <port-type> Port type (fastethernet, gigabitethernet) y <slot>/<port> Slot number and port number y <vlan-id>: VLAN ID to enable the broadcast storm control (1 ~ 4094). y <packet-number>: The maximum number of broadcast packet per second. Valid range is from 16 to 1048560. 3. Return to Privileged mode. 4. Verify the configuration.
The following example enables the broadcast storm on the default VLAN:
(config)# qos (config-qos)# broadcast-storm-control vlan id 1 pps 4096 (config-qos)# end # show running-config Building configuration... Current configuration: . . qos broadcast-storm-control vlan id 1 pps 4096 queue-precedence vlan user class tos 8021p-precedence vlan tos user 8021p enable 8021p user-priority 6 vlan 1 port fastethernet 2/1 ! #
Configuring QoS
9-37
Organizing Transmission Bandwidth Monitoring

Transmission bandwidth monitoring is a function that monitors the bandwidth of certain downstream/upstream traffic that is transmitted through a designated port. In the QoS setup mode, class is defined using the class-map command, then the policy-map command and service-policy command are used to manually set equipment. Therefore, transmission bandwidth monitoring starts only after service-policy command is executed. Based on the diverse conditions provided in match command, traffic flow to be monitored can be classified, and the downstream/upstream traffic that is transmitted through all uplink ports can be monitored. The transmission bandwidth monitoring is set in the following order. 1. Setting the class to monitor the transmission bandwidth Set the class to monitor transmission bandwidth using match classification standards. 2. Setting policy Set to monitor the transmission bandwidth of the packet corresponding to the newly created class. 3. Setting service policy Set to actually apply the transmission bandwidth monitoring policy. 4. Monitoring transmission bandwidth Check the information transmission bandwidth monitoring of the defined class setup or monitor the transmission bandwidth of the class. This section explains how to set the class, policy, and service policy to monitor transmission bandwidth following the above steps, then how to check these settings.
9-38
R1P-VD User's Guide
Create class to monitor transmission bandwidth

A class map is the definition of the basis to sort out one traffic flow from other traffic. In a class map, the classification standards can be defined for the packet to be classified using more than one match command. In order to set the class to monitor transmission bandwidth, execute the following command in the QoS setup mode.
Table 9-16 To config class using match classification standard
Command class-map <class-map-name> match cos <value> match dscp <value> match ether-type <value> match input-port <port-type> <slot>/<port> match ip-da <dest-ip> <mask> match ip-prec <value> match ip-sa <source-ip> <wildcard> match mac-da <dest-mac> match mac-sa <source-mac> match output-port <port-type> <slot>/<port> match protocol <protocol> match tcp-dpn <tcp-port-num> match tcp-flag <flag-num> match tcp-spn <tcp-port-num> match udp-dpn <udp-port-num> match ucp-spn <udp-port-num> match vlan-sid <vlan-id> match vlan-did <vlan-id> end show classmap
Task 1. Define class map and enter class-map setup mode. y <class-map-name> name of the class map to be defined
2. Define classification standards of the class.
3. Define classification standards of the class.
4. Return to privileged mode. 5. Check the setting of the class map.
Note: upstream/downstream traffic monitoring y To monitor upstream traffic, set the output port using match-output port command only. y To monitor downstream traffic, set both input port and output port using match input-port and match output-port commands.
Configuring QoS
9-39
The following is an example of how to create a class in order to monitor traffic with transmission IP address 172.27.2.16/16, and TCP port number 12 of the traffic uploaded to the 1/1 Gigabit Ethernet port. If monitoring upstream traffic, set the output port only.
(config-qos)# class class1 (config-cmap)# match ip-sa 172.27.2.16 0.0.0.0 (config-cmap)# match tcp-spn 12 (config-cmap)# match output-port gigabitethernet 1/1 (config-cmap)# end # show classmap ClassMap -------------------------------------------------Name Match Content : class1 : ip-sa : tcp-spn : port(out) Total Entries = 1 # 1/1 172.27.2.16/0.0.0.0 12
The following is an example of how to create a class in order to monitor traffic port with transmission IP address 10.10.10.3/8, and destination IP address 10.10.20.1/8 of the traffic that is downloaded from a 1/1 Gigabit Ethernet port to a 2/1 Fast Ethernet traffic. If monitoring downstream traffic, set both the input port and the output port.
(config-qos)# class class2 (config-cmap)# match ip-sa 10.10.10.3 0.0.0.0 (config-cmap)# match ip-da 10.10.20.1 0.0.0.0 (config-cmap)# match input-port gigabitethernet 1/1 (config-cmap)# match output-port fastethernet 2/1 (config-cmap)# end # show classmap ClassMap -------------------------------------------------Name : class2 Match Content : ip-sa 10.10.10.3/0.0.0.0 : ip-da 10.10.20.1/0.0.0.0 : port(in ) 1/1 : port(out) 2/1 Total Entries = 1 #
9-40
R1P-VD User's Guide
Creating a Policy-map
To create a policy-map and configure QoS actions for a traffic class, perform this task in the Global configuration mode:
Table 9-17 Creating a policy map
Command
Task 2. Create a policy map and enter the policy-map configuration mode. <policy-map-name>: Name of a y policy map to define. 3. Specify the class to which the policy map applies and enter the policy-map-class configuration mode. <class-name>: The name of the class to which y the policy map applies.
policy-map <policy-map-name>
class <class-name> mark {cos|dscp|ip-prec} <value> filter {deny|permit|to-proc} bandwidth <bandwidth> weight <percentage> priority <value> rate-limit rate <target-rate> tcflow monitoring end show policymap
4. Configures Qos actions for the class. Refer to the following sections for configuring QoS actions in the policy-map class configuration mode.
5. Return to the Privileged mode. 6. Verify the policy map configuration.
Note: Can create together all policies except tcflow monitoring in policy map.
The following is example that compose policy that is tcflow to enable transmission bandwidth monitoring function of class1.
(config-qos)# policy-map tcflow (config-pmap)# class class1 (config-pmap-c)# tcflow monitoring (config-pmap-c)# end # show policymap PolicyMap -------------------------------------------------Name Linked ClassMap Policy Total Entries = 1 # : tcflow : class1 : tcflow monitoring
Configuring QoS
9-41
Configuring Service Policy

The service policy is a process of mapping the policy maps and physical ports. After configuring policy maps and QoS actions for the policy-map classes, attach the policy maps to the physical input/output ports to apply the QoS action.
Table 9-18 Applying QoS service policy
Command
Task 1. Attach a policy map to an input port or an output port, to be used as the service policy for that port. y <service-name>: Name of the service map. y <policy-map-name>: Name of the policy map to be applied. y input-port: Attach the policy map to input traffic. y output-port: Attach the policy map to output traffic. y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number(1~8) and port number (1~4) of the port.
service-policy <service-name> policy-map <policy-map-name> [input-port <port-type> <slot>/<port>] [output-port <port-type> <slot>/<port>]
end show service-policy [<service-name>] write memory
2. Return to the Privileged mode. 3. Verify the service policy configuration. y <service-name>: Name of the service map. 4. Save the configuration changes.
Note : When executing service-policy command y To monitor upstream traffic, the output-port must be set as uplink port. y To monitor downstream traffic, the output-port must be set as the output port designated by the class.
The following is example that apply policy that is tcflow in R1P-VD series.
(config-qos)# service-policy service1 policy-map tcflow output-port gigabitethernet 1/1 (config-qos)# end # show service-policy ServicePolicy -------------------------------------------------Name Linked PolicyMap Port(In ) Port(Out) : : 1/1 : service1 : tcflow
9-42
R1P-VD User's Guide
Total Entries = 1 # write memory Building Configuration... [OK]
Configuring QoS
9-43
Monitoring Transmission Bandwidth

To check the transmission bandwidth monitoring setting information, or to monitor the transmission bandwidth of the class using the class-map command, execute the show tcflow command in the Privileged mode. When the show tcflow command is executed, the bandwidth (Kbps) information for the last 5 sec., 1 min., and 5 min. can be monitored for each class divided into IP, Application, and IP+Application.
# show tcflow Uplink gigabitethernet 1/1 [IP Monitoring] Address 5min Name ------ ----- --------- ------- ------- -------- -------------------Total entry:0 Up(Kbps):0 Down(Kbps):0 [Application Monitoring] Name 5min ------------- ------ ------ -------- -------- ------ -------Total entry:0 Up(Kbps):0 Down(Kbps):0 [IP+Application Monitoring] Name -------------ftp-flow class1 Total entry:2 Up(Kbps):277 Down(Kbps):250 Other Uplink(Kbps):558 Other Downlink(Kbps):904 # iPort -----2/1 Any oPort -----1/1 1/1 Kbytes --------0 0 5s(Kbps) -------86 88 1min -------86 88 5min ----86 88 iPort oPort Kbytes 5s(Kbps) 1min iPort oPort Kbytes 5s(Kbps) 1min
9-44
R1P-VD User's Guide
Transmission Bandwidth Monitoring Setting Example

The following are instructions on how to set the transmission bandwidth monitoring for a network with the following settings.
FTP server 172.20.10.16 Router Internet or LAN Uplink port: 1/1 R1P-VD Series
Downlink port: 3/1
Downlink port: 3/2
Host A 10.10.20.3
Host B 10.10.20.4
Execute the following command to monitor the transmission bandwidth of traffic flow downloaded from the FTP server to host A.
(config)# qos (config-qos)# class-map ftp-flow-to-hosta (config-cmap)# match ip-sa 172.20.10.16 0.0.0.0 (config-cmap)# match ip-da 10.10.20.3 0.0.0.0 (config-cmap)# match tcp-spn 21 (config-cmap)# match input-port gigabitethernet 1/1 (config-cmap)# match output-port fastethernet 2/1 (config-cmap)# exit (config-qos)# policy-map ftp-flow-to-hosta (config-pmap)# class ftp-flow-to-hosta (config-pmap-c)# tcflow monitoring (config-pmap-c)# exit (config-pmap)# exit (config-qos)# service-policy ftp-flow-to-hosta policy-map ftp-flow-to-hosta output-port fastethernet 2/1 (config-qos)# end
Configuring QoS
9-45
# show tcflow Uplink (not defined) [IP Monitoring] Address iPort oPort Kbytes 5s(Kbps) 1min 5min Name ------------ ------ ------ --------- -------- -------- -------- -------Total entry:0 Up(Kbps):0 Down(Kbps):0 [Application Monitoring] Name iPort oPort Kbytes 5s(Kbps) 1min 5min ------------ ------ ------ --------- -------- -------- -------Total entry:0 Up(Kbps):0 Down(Kbps):0 [IP+Application Monitoring] Name ---------------ftp-flow-to-hosta Total entry:1 Up(Kbps):131 Down(Kbps):259 Other Uplink(Kbps):558 Other Downlink(Kbps):904 # iPort 1/1 oPort 2/1 Kbytes 0 5s(Kbps) 17 1min 17 5min 23 ------ -------- ----------- -------- ------ --------
Execute the following command to monitor the transmission bandwidth of traffic flow uploaded from host B to the FTP server.
(config)# qos (config-qos)# class-map ftp-flow-from-hostb (config-cmap)# match ip-sa 10.10.20.4 0.0.0.0 (config-cmap)# match ip-da 172.20.10.16 0.0.0.0 (config-cmap)# match tcp-spn 21 (config-cmap)# match output-port gigabitethernet 1/1 (config-cmap)# exit (config-qos)# policy-map ftp-flow-from-hostb (config-pmap)# class ftp-flow-from-hostb (config-pmap-c)# tcflow monitoring (config-pmap-c)# exit (config-pmap)# exit (config-qos)# service-policy ftp-flow-from-hostb policy-map ftp-flow-fromhostb output-port gigabitethernet 1/1
9-46
R1P-VD User's Guide
(config-qos)# end # show tcflow . . [IP+Application Monitoring] Name iPort oPort 1/1 Kbytes 0 5s(Kbps) 39 1min 39 5min 40 ------------------- -----ftp-flow-from-hostb Any Total entry:1 Up(Kbps):131 Down(Kbps):259 Other Uplink(Kbps):558 Other Downlink(Kbps):904 # ------ --------- -------- -------- --------
Configuring QoS
9-47
QoS Configuration Commands

The following table lists the commands for configuring QoS on the Corecess R1P-VD Series:
Table 9-19 QoS configuration commands
Command 8021p enable 8021p user-priority bandwidth class class-map dhcp-offer filter discard filter mark match cos match dscp match ip-da match ip-prec match ip-sa match mac-da match mac-sa match tcp-dpn match tcp-flag match tcp-spn match tos match udp-dpn match udp-spn netbios filter discard
Function Enables QoS based on IEEE 802.1p CoS (Class of Service) on the Corecess R1PVD Series. Assigns the priority for 802.1p class of service to a port or a VLAN Specifies the minimum bandwidth of a traffic class. Enters Policy-map class configuration mode to specify a previously created class map to be included in the policy map. Enters the class-map configuration mode to configure class maps. Filters the DHCP server packets received from the specified port. Configures filtering a class of traffic which belongings to a policy map. Configures the remarking feature which modifies the CoS, IP precedence, or DSCP field of a traffic class. Specifies the CoS as a match criterion of a class map. Specifies the DSCP as a match criterion of a class map. Specifies the destination IP address as a match criterion of a class map. Specifies the IP precedence as a match criterion of a class map. Specifies the source IP address as a match criterion of a class map. Specifies the destination MAC address as a match criterion of a class map. Specifies the source MAC address as a match criterion of a class map. Identifies destination TCP port numbers as match criteria. Specifies the TCP flag as a match criterion of a class map. Identifies source TCP port numbers as match criteria. Specifies the ToS as a match criterion of a class map. Identifies destination UDP port numbers as match criteria. Identifies source UDP port numbers as match criteria. Filters the NetBIOS packets received from the specified port.
9-48
R1P-VD User's Guide
Command policy-map priority rate-limit rate-limit service-policy weight
Function Enters QoS policy map configuration mode to configure the QoS policy map. Specifies the priority of a traffic class during network congestion condition. Configures the rate limiting to a traffic class. Applies the rate limiting feature to the specified port. Defines a service policy to attach a policy map to the input/output ports. Specifies the ratio of the bandwidth to be assigned to a traffic class.
Configuring QoS
9-49
9-50
R1P-VD User's Guide
Chapter 10
Configuring Security
This chapter describes how to configure security features on the Corecess R1P-VD Series. 9 9 9 9 Configuring Password and Session Timeouts 10-2 Configuring Access Lists Configuring Packet Filtering 10-6 10-11
Security Configuration Commands 10-22
Configuring Password and Session Timeouts

This section describes how to prevent unauthenticated users from logging in to the Corecess R1P-VD Series.
Configuring Password
You can provide access control on a terminal line by entering the password and establishing password checking.
Setting the Login Password

By default, the Corecess R1P-VD Series requires a user name or password when you log in to the CLI. The default user name and password are corecess. To change the default login password, perform the following tasks in User mode:
> passwd Changing password for corecess Old password:: ********
Enter the current password.
Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. New password: ******** Re-enter new password: ******** Password changed. >
Enter the new password. Enter the new password again.
The User mode is signified on the system by the > prompt. In this mode, you can enter a variety of commands to view statistics on the system, but you cannot change the configuration of the system.
10-2
R1P-VD User's Guide
Setting the Privileged Mode Password

You can set the Privileged mode password that controls access to privilege mode. By default, the Corecess R1P-VD Series does not require the Privileged mode password for entering the Privileged mode. You can specify the password for the Privileged mode using enable passwd command in the Global configuration mode. The following example sets the Privileged mode password to R1PVDSL by the enable passwd command configuration in the Global mode.
(config)# enable passwd R1PVDSL (config)#
After setting the Privileged mode password, you should enter the password to go to the Privileged mode from user mode as follows:
> enable Password: R1PVDSL
Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all commands to view statistics and configure the system.
#
The privileged mode prompt
10-3
Password Encryption
All passwords on the system can be viewed by using the write terminal command in Privileged mode. You can hide clear-text passwords by storing passwords in an encrypted manner so that anyone entering write terminal commands will not be able to determine the clear-text password. The following example shows how to encrypt a user password and display the password on the terminal line:
# configure terminal (config)# username guest passwd guest (config)# end # write terminal Building configuration... Current configuration: ! ! version ! hostname localhost username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/ : : 0.75
10-4
R1P-VD User's Guide
Session Timeouts
The timeout for an unattended telnet session provides an additional security measure. If the telnet line is left unattended in Privileged mode, any user can modify the system configuration. The default timeout for an unattended telnet session is 10 minutes. To change the login timeout, enter the following command in the global configuration mode:
Table 10-1 Changing timeout for an unattended telent session
Command line vty exec-timeout <minute> end write memory
Task 1. Enter the VTY-line configuration mode. 2. Set the login timeout. y <minute>: Timeout in minutes ( 1 ~ 600) 3. Return to the privileged mode. 4. Save the configuration changes.
The following commands change the timeout to 1 minute:

(config)# line vty (config-line)# exec-timeout 1 (config-line)# end # write memory Building Configuration... [OK]
10-5
Configuring Access Lists

Access Lists
Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the system's interfaces. Your system examines each packet to determine whether to forward or drop the packet, based on the criteria you specified within the access lists. Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper layer protocol, or other information. Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required. You can use standard access lists to control the Telnet or SNMP access methods to management functions on the Corecess R1P-VD Series.
Server A Router Internet or LAN
Server B
R1P-VD24L2B Access list x Source IP address : 172.20.128.64 x Permit/deny : Permit x Flow : Out Host A IP: 172.20.128.10 Host B IP: 172.20.128.64
In the above example, the access list allows access from the 172.20.128.64 host. Therefore the host B connected to the Corecess R1P-VD Series can access to the Server A or Server B and the host A cant access to the Servers.
10-6
R1P-VD User's Guide
Defining Access Lists

The Corecess R1P-VD Series provides basic traffic filtering capabilities with access control lists. You can configure access lists at your system to control access to a network: access lists can prevent certain traffic from entering or exiting a network. To define access lists, enter the following command in Privileged mode:
Table 10-2 Defining access lists
Command
configure terminal
Task
1. Enter the Global configuration mode. 2. Configure an ACL with the IP addresses you want to allow or deny to access the system. y <list-number>: Number of the standard access list (1 ~ 99, 1300 ~ 1999) y permit: Permits the frame whose source address matches the condition. y deny: Denies the frame whose source address matches the condition. y dynamic: Permits the frame whose source address matches the condition dynamically. y <source-ip>: The IP address of the source network or host in hexadecimal form (xxx.xxx.xxx.xxx). y <wildcard>: Wildcard bit to be applied to <source-ip>. The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros. Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value matches. y host: Indicates only the specified IP address for which the access actions are available. y any: Configures the policy to match on all host addresses. 3. Return to the Privileged mode. 4. Verify the defined access lists.
access-list <list-number> {permit|deny} <source-ip> [<wildcard>]
access-list <list-number> {permit|deny} host <host-addr>
access-list <list-number> {permit|deny} any
end show access-list
Note: x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros. Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value matches. For example, the <source-ip> and <wildcard> values 209.157.22.26 0.0.0.255 mean that all hosts in the Class C sub-net 209.157.22.x match the policy. x The packets that do not match any entries in an access list are denied.
The following example shows how to define an access list which permit the access from hosts in the specified network:
10-7
# configure terminal (config)# access-list 1 permit 192.5.34.0 0.0.0.255 (config)# access-list 1 permit 128.88.0.0 0.0.255.255 (config)# access-list 1 permit 36.0.0.0 0.255.255.255 (config)# end # show access-list Standard IP access list 1 permit 192.5.34.0, wildcard bits 0.0.0.255 permit 128.88.0.0, wildcard bits 0.0.255.255 permit 36.0.0.0, wildcard bits 0.255.255.255 #
The following example shows how to define an access list which deny the access from the specified host:
# config t (config)# access-list 2 deny host 171.69.198.102 (config)# access-list 2 permit any (config)# end # show access-list Standard IP access list 2 deny # # write memory Building Configuration... [OK] 171.69.198.102 permit any
10-8
R1P-VD User's Guide
Applying the Access List to Terminal Line

After you create an access list, you can apply it to terminal line. In this case, access lists can be applied on both outbound and inbound flows. To restrict terminal line access to the system using access lists, enter commands such as the following:
Table 10-3 Applying the access list to terminal line
Command line vty access-class <list-number> {in | out} end write memory
Task 1. Enter the VTY-line configuration mode. 2. Apply the access lists to terminal line. 3. Return to Privileged mode. 4. Save the configuration.
The following example shows how to apply the access list to terminal line. The Corecess R1P-VD Series allows Telnet access to all IP addresses except the hosts listed in access list 2.
(config)# line vty (config-line)# access-class 2 in (config-line)# end # write memory Building Configuration... [OK]
The following example show how to apply the access list to terminal line. The Corecess R1P-VD Series denies connections to networks other than network 192.89.55.0:
# configure terminal (config)# access-list 12 permit 192.89.55.0 0.0.0.255 (config)# line vty 0 5 (config-line)# access-class 12 out (config-line)# end # write memory Building Configuration... [OK]
Note: To remove access restrictions, use the no access-class <list-number> {in | out} command.
10-9
Applying the Access List to SNMP Access

After you create an access list, you can apply it to SNMP access. In this case, access lists can be applied on inbound flow. To restrict SNMP access to the system using access lists, enter commands such as the following:
Table 10-4 Applying the access list to SNMP access
Command configure terminal snmp-server group access <list-number> end write memory
Task 1. Enter the global configuration mode. 2. Apply the access list to SNMP access. y <list-number>: Standard access list number (1 ~ 99, 1300 ~ 1999) 3. Return to the privileged mode. 4. Save the configuration changes.
The following example shows how to apply the access list to SNMP access. The Corecess R1P-VD Series allows SNMP access to all IP addresses except the hosts listed in access list 2.
# configure terminal (config)# snmp-server group access 2 (config)# end # write memory Building Configuration... [OK]
10-10
R1P-VD User's Guide

Packet filtering can help limit network traffic and restrict network use by certain users or devices. This section describes packet filtering feature on the Corecess R1P-VD Series.
Packet Filtering
Type of Packet Filtering
The Corecess R1P-VD Series supports the following types of packet filtering:
DHCP Packet Filtering

Filters DHCP Offer packets received from hosts to prevent the hosts from operating hosts private DHCP server.
File and Resource Sharing Protocol Filtering

Filter the following protocols to prevent file and resource sharing among hosts in the same VLAN. - Apple FileSharing Protocol - Rendezvous Protocol - NetBIOS Protocol - UpnP (Universal Plug & Play) Protocol
Default Traffic Filtering

Filter default traffic that is not classified by class map.
Broadcast Packet Filtering

Filter broadcast packets of a particular port to prevent unnecessary broadcast packets from hosts.
10-11
Filtering DHCP Offer Packets

You can filter DHCP Offer packets received from host to prevent the hosts from being assigned invalid IP address by another hosts private DHCP server. If a host connected to the Corecess R1P-VD Series runs a private DHCP server, other hosts connected to the Corecess R1P-VD Series may receive an invalid IP address from that private DHCP server. To prevent this, you can filter DHCP Offer packets received from a host.
Internet or LAN
Filters DHCP Offer packets received from hosts.
Corecess R1P-VD S i
DHCP server
DHCP server
DHCP server
To discard the all DHCP OFFER packets, enter the following command in Global configuration mode:
Table 10-5 Filtering DHCP offer
Command qos dhcp-offer filter discard [port <port-type> <slot>/<port>] end show dhcp-offer-filter write memory 1. Enter QoS configuration mode.
Task
2. Configure the specified port to filter DHCP OFFER packets received. y <port-type>: Type of the port (fastethernet, gigabitethernet) y <slot>/<port>: Slot number and port number of the port. 3. Return to Privileged mode. 4. Display the ports configured to filter the DHCP packets received from hosts. 5. Save the changed configuration.
10-12
R1P-VD User's Guide
The following example configures to discard all the DHCP OFFER packets received:
(config)# qos (config-qos)# dhcp-offer filter discard (config-qos)# end # show dhcp-offer-filter Dhcp Offer Filter Ports -------------------------------------------------Discard # : All Ports
10-13
File and Resource Sharing Protocol Filtering

To prevent hosts that are connected on the same VLAN from sharing files and resources, the R1P-VD Series can filter protocols as follows:
Ethernet Switch
Internet or LAN
Corecess R1P-
Host
Host
To filter the packet of file and resource sharing protocol, use the following commands.
Table 10-6 Filtering File and Resource Sharing Protocol
Command qos 1. Enter QoS configuration mode.
Task
2. Set to deny receiving particular protocol packets. apple-filesharing-protocol filter discard netbios filter discard [port <port-type> <slot>/<port>] rendezvous filter discard upnp filter discard end show running-config 2-1. Refuse Apple FileSharing packets. This command is applied to all ports. 2-2. Refuse NetBIOS packet received to the specified port. y <port-type> Port type (fastethernet, gigabitethernet) y <slot>/<port> Slot number and port number 2-3. Refuse Rendezvous packets. This command is applied to all ports. 2-4. Refuse UPnP packets. This command is applied to all ports. 3. Return to Privileged mode. 4. Verify the filtering configuration.
The following example shows how to filter the file and resource sharing protocols received to all ports.
10-14
R1P-VD User's Guide
(config)# qos (config-qos)# apple-filesharing-protocol filter discard (config-qos)# netbios filter discard (config-qos)# rendezvous filter discard (config-qos)# upnp filter discard (config-qos)# end # show running-config . . ! qos netbios filter discard rendezvous filter discard apple-filesharing-protocol filter discard upnp filter discard hsrp filter discard ! . .
10-15
Default Traffic Filtering

Default traffic is traffic that is not classified with defined class map in the Corecess R1P-VD Series. If default traffic is filtered, traffic that is not specified by network operators is discarded, so it can prevent traffic that is not permitted from receiving. To filter default traffic, use the following commands.
Table 10-7 Filtering Default Traffic
Command qos default traffic deny end show default-traffic-policy 1. Enter QoS configuration mode. 2. Set default traffic to be refused. 3. Return to Privileged mode.
Task
4. Verify the filtering configuration..
The following example shows how to refuse default traffic that is not classified with class map.
(config)# qos (config-qos)# default traffic deny (config-qos)# end
# show default-traffic-policy Default QoS Traffic Policy

--------------------------------------------------
Deny #
10-16
R1P-VD User's Guide
CIFS (Cognitive Information Filtering System)

You can filter the particular class of traffic by using the QoS policy supported by the Corecess R1P-VD Series. The following is the steps for configure filtering policy on the Corecess R1P-VD Series. 1. Creating Classes Create a class map and define the classification criteria for the class map. 2. Creating a Policy Create a policy map, specify the class to which the policy map applies, and define the actions that you want the system to take for the particular class of traffic. 3. Applying the Service Policy Apply the policy map to both inbound and outbound traffics on the system. This section describes how to create a QoS service policy according to the above steps.
Note : For more detail information about QoS (Quaility of Service), refer to the Chapter 9/ Configuring QoS in this manual..
10-17
Creating a Class Map

To create a class map and specify the way in which the Corecess R1P-VD Series should classify traffic, enter the following commands in the Global configuration mode:
Table 10-8 Creating a class map
Command qos class-map <class-map-name> match ip-da <destination-ip> <wildcard> match ip-sa <source-ip> <wildcard> match tcp-dpn <tcp-port-num> match tcp-spn <tcp-port-num> match udp-dpn <udp-port-num> match ucp-spn <udp-port-num> end show classmap [<class-map-name>] write memory
Task 1. Enter the QoS configuration mode. 2. Create a class map and enter class-map configuration mode.
y <class-map-name>: Class map name.

3. Specify the destination IP address as a match criterion of a class map. y <destination-ip>: The destination IP address y <wildcard>: Wildcard bit to be applied to <dest-ip>. 4. Specify the source IP address as a match criterion of a class map.
y <source-ip>: The source IP address y <wildcard>: Wildcard bit to be applied to <source-ip>.

5. Specify the destination TCP port number as a match criterion of a class map.
y <tcp-port-num>: The destination TCP port number (0 ~ 65535)

6. Specify the source TCP port number as a match criterion of a class map.
y <tcp-port-num>: The source TCP port number (0 ~ 65535)

7. Specify the destination UDP port number as a match criterion of a class map. y <udp-port-num>: The destination UDP port number (0 ~ 65535) 8. Specify the source UDP port number as a match criterion of a class map.
y <udp-port-num>: The source UDP port number (0 ~ 65535)

9. Return to the Privileged mode. 10. Verify the class map configuration. 11. Save the configuration changes.
The following example shows how to create a class map and define a classification criterion by using the destination IP address and the destination TCP port number:
(config)# qos (config-qos)# class-map class101 (config-cmap)# match ip-da 10.10.10.1 0.0.0.255 (config-cmap)# match tcp-dpn 25 (config-cmap)# end # show classmap class101 ClassMap --------------------------------------------------
10-18
R1P-VD User's Guide
Name Match Content
: class101 : ip-da : tcp-dpn 10.10.10.1/0.0.0.255 25
# write memory Building Configuration... [OK]
10-19
Creating a Policy Map

To create a policy map and define the actions that you want the system to take for the particular class of traffic, enter the following commands in the global configuration mode:
Table 10-9 Creating a policy map for packet filtering
Command qos policy-map <policy-map-name> class <class-name>
Task 1. Enter the QoS configuration mode. 2. Create a policy map and enter the policy-map configuration mode. y <policy-map-name>: Name of a policy map to define. 3. Specify the class to which the policy map applies and enter the policy-mapclass configuration mode. y <class-name>: Class map name. 4. Specify whether to filter the traffic class or not. y deny: Discards the class of traffic belonging to a policy map. y permit: Permits the class of traffic belonging to a policy map. 5. Return to the Privileged mode. 6. Verify the QoS policy. y <policy-map-name>: Name of a policy map to verify. 7. Save the configuration changes.
filter {deny | permit} end show policymap [<policy-map-name>] write memory
The following example shows how to define QoS policy that you want the system to filter that particular class of traffic:
(config)# qos (config-qos)# policy-map filter-policy (config-pmap)# class class101 (config-pmap-c)# filter deny (config-pmap-c)# end # show policymap filter-policy PolicyMap -------------------------------------------------Name Linked ClassMap Action # write memory Building Configuration... [OK] : filter-policy : class101 : Deny
10-20
R1P-VD User's Guide
Applying Service Policies to the System

After you create the service policies, you must apply the service policies to the packets arriving and departing the interface.
Table 10-10 Applying service policies
Command qos service-policy <service-policy-name> policy-map <policy-map-name> end show service-policy [<service-policy-name>] write memory
Task 1. Enter the QoS configuration mode.
2. Applies the service policy you specify to both inbound and outbound traffic.
3. Return to the Privileged mode. 4. Verify that the policy map is applied to the system. 5. Save the configuration changes.
The following example shows how to apply a policy map, filter-policy, to the inbound and outbound traffic:
(config)# qos (config-qos)# service-policy service1 policy-map filter-policy (config-qos)# end # show service-policy service1 ServicePolicy -------------------------------------------------Name Linked PolicyMap Port(In ) Port(Out) # write memory Building Configuration... [OK] : service1 : filter-policy : :
10-21
Security Configuration Commands
Security Configuration Commands

The following table lists the commands for configuring security on the Corecess R1P-VD Series:
Table 10-11 Security configuration commands
Command access-class access-list (Standard) apple-filesharingprotocol filter discard class class-map Default traffic deny dhcp-offer filter discard enable passwd exec-timeout filter match netbios filter discard passwd policy-map rendezvous filter discard service-policy snmp-server group access Upnp filter discard
Function Restricts incoming and outgoing connections between the Corecess R1PVD Series virtual terminal and the addresses in an access list. Defines a standard IP access list using source addresses for filtering packets received/transmitted through the specific interface. Refuse the apple filesharing packets. Enters Policy-map class configuration mode to specify a previously created class map to be included in the policy map. Enters the class-map configuration mode to configure class maps. Discard all packets that is not classified by class map. Discards the all DHCP OFFER packets received (packets received through the UDP port 67). Sets the Privileged mode password. Sets the interval that the EXEC command interpreter waits until user input is detected. Configures filtering a class of traffic which belongings to a policy map. Specifies a match criterion for a class map. Filters NetBIOS packets Specifies or changes the CLI login password Enters QoS policy map configuration mode to configure the QoS policy map. Refuse rendezvous packets. Applies a policy map to all packets received or sent to the system. Limits hosts which can access to the system through SNMP based on the access list. Refuse UPnP packets.
10-22
R1P-VD User's Guide
Chapter 11
Configuring IGMP Snooping
This chapter describes how to configure IGMP snooping for the Corecess R1P-VD series to manage the multicast traffic. 9 9 9 9 Multicast and IGMP Configuring IGMP Snooping 11-2 11-6 11-14
Displaying IGMP Snooping Information
IGMP Snooping Configuration Commands 11-18
Multicast and IGMP
Multicast and IGMP

Multicast Transmission Mode
Multicast is a transmission mode which transmits the copy of packets to multiple destination. It is a special mode of broadcast transmission mode which transmits the copy of packets to all destinations. There are three Internet transmission mode - unicast, broadcast, and multicast. Unicast transmission mode transmits data from one source to one destination. It is used in general Internet application program such as Telnet or ftp. Unicast transmission mode must repeatedly transmit as many data packets as the number of the receivers, therefore not an appropriate mode for communication such as image conference or internet broadcasts since it reduces the effectiveness of the communication network and the transmission pressure of the transmitter increases.
300K x 3 = 900K
Video Server
Multicast Router
300K x 2 = 600K 300K
300K
300K
300K
Service User
Broadcast transmission mode is the transmission of the copy of packet to all receivers in the same network from one transmitter.
11-2
R1P-VD User's Guide
Multicast and IGMP
Multicast transmission mode is used in application programs of Internet image conference and etc, as a mode of more than one transmitters transmitting data to more than one certain receivers. When a transmitter transmits the pack to a multicast group address, only the receivers belonging to that multicast group can receive the copy of the packet transmitted by the transmitter. Multicast transmission mode minimizes the network resource loss due to repetitive transmission of the data like the broadcast transmission mode and thus can save network bandwidth, and can save transmission time since there is no need to transmit the packet to all receivers separately like the unicast transmission mode.
300K
Video Server
Multicast Router
300K 300K
300K
300K
300K
Multicast User
For the unicast transmission, there is a receiver address displayed on the packet header. But for the multicast transmission, there is a marks which contains the multicast group address receivers belong. D class IP address is used for multicast group address. The range of D class is 224.0.0.0 ~ 239.255.255.255, and IP address 224.0.0.0 ~ 224.0.0.255 among this range is assigned for other uses and cannot be used.
11-3
Multicast and IGMP
IGMP Snooping
IGMP snooping manages multicast traffic at Layer 2 on the Corecess R1P-VD series by allowing directed switching of IP multicast traffic. Switches can use IGMP snooping to configure Layer 2 interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces associated with IP multicast devices. Without IGMP snooping, multicast traffic is treated in the same manner as broadcast traffic, that is, it is forwarded to all ports. With IGMP snooping, multicast traffic of a group is only forwarded to ports that have members of that group. IGMP Snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch.
Joining a Multicast Group

When a host wants to join a multicast group, it sends an IGMP Report message specifying the IP multicast group it wants to join. The IGMP snooping switch will recognize the IGMP Report message and add a IP multicast group MAC address of associated port in the MAC Filtering Database. While multicast traffic is transmitted to the switch next time, it will directly forward the traffic to the ports associated with this IP multicast group MAC address regarding the Filtering Database.
Leaving a Multicast Group

For IGMP version 2, if a host does not want to receive the IGMP traffic any more, it sends a Leave Group message. As long as the IGMP snooping switch receives this Leave Group message, it sends an IGMP group specified query message to determine if any device behind that port is interested in the specific multicast group traffic. If the switch doesn't receive any IGMP Report message, it removes the IP multicast group MAC address from the associated port in the MAC Filtering Database. For IGMP version 1, if a host does not want to receive the IGMP traffic, it just silently quit the group. IGMP multicast routers periodically send Host Membership Query messages to discover if any member is still interesting in the specific multicast group traffic. As long as the IGMP snooping switch receives this Query Group message, it forwards the message to the associated port including in the multicast group. If the switch doesn't receive Report Group message for 3 times, it delete the IP multicast group MAC of associated port in the MAC Filtering Database.
Fast-Leave Processing
IGMP snooping fast-leave processing allows the switch processor to remove an interface from the portmask of a forwarding-table entry without first sending out group specific queries to the interface.
11-4
R1P-VD User's Guide
Multicast and IGMP
The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message. Fast-leave processing ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are in use simultaneously.
11-5

IGMP Snooping is a function that keeps track of the membership status of the multicast group by transmitting a Query message to each port in the local network, and when the router transmits an IGMP Query message independently from the IGMP function of the multicast router, instead of broadcasting this message, refers to the multicast group membership status and transmits a Report message about each multicast group. When the IGMP Snooping function is used, a multicast packet is delivered based on MAC data managed by each port, preventing the waste of bandwidth. This section describes how to configure the IGMP snooping on the Corecess R1P-VD Series. To configure the IGMP snooping, perform the following tasks:
y y y y y y Enabling IGMP snooping Enabling IGMP fast-leave processing Configuring a multicast router port statically Defining a multicast group Configuring membership timeout Configuring the maximum number of multicast group
Note:
Multicast network must be a tree structure with the multicast router as a root.
11-6
R1P-VD User's Guide
Enabling IGMP Snooping

By default, IGMP snooping is disabled on the Corecess R1P-VD series. You can enable IGMP snooping on the system globally or on a VLAN. By default IGMP snooping is disabled on the Corecess R1P-VD series.
Enabling IGMP Snooping Globally

To enable IGMP on the Corecess R1P-VD series, enter the ip igmp snoop command in Global configuration mode:
Command ip igmp snoop [vlan id <vlan-id>] Description y <vlan-id>: ID of a VLAN to enable IGMP snooping.
The following example show how to globally enable IGMP snooping:

# configure terminal (config)# ip igmp snoop (config)#
Enabling IGMP Snooping on a VLAN

To enable IGMP on a VLAN, enter the ip igmp snoop vlan id command in Global configuration mode:
Table 11-1 Enabling IGMP snooping on a VLAN
Command ip igmp snoop vlan id <vlan-id>
Description y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to enable IGMP snooping on the default VLAN:
# configure terminal (config)# ip igmp snoop vlan id 1 (config)# Note: You can disable IGMP snooping on a VLAN by using the no ip igmp snoop vlan id in the global configuration mode.
11-7
Enabling IGMP Fast-leave Processing

When you enable IGMP fast-leave processing in a VLAN, the system immediately removes an interface from the multicast group when it detects an IGMP version 2 leave message on that interface. To enable IGMP fast-leave processing on a port interface, enter the ip igmp snoop fast-leave command in Global configuration mode:
Table 11-2 Enabling IGMP fast-leave processing
Command ip igmp snoop fastleave port <porttype> <slot>/<port>
Description 1. Enable IGMP fast-leave processing on a specific port. y <port-type>: The type of the port to enable IGMP fast-leave. ( gigabitethernet, VDSL) y <slot>/<port>: The slot number and port number of the port.
This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 1/1:
# config terminal (config)# ip igmp snoop fast-leave port gigabitethernet 1/1 (config)#
11-8
R1P-VD User's Guide
Configuring Static Router Port

If membership query messages are forwarded from the Corecess R1P-VD Series to a multicast router, there is a possibility that the router may not operate normally. According to IGMP rules, if there are two or more IGMP querier in one LAN, the IGMP querist with the smaller IP address operates as the IGMP querier. This is because if two or more multicast routers are connected to one LAN, the two routers both receive multicast traffic from outside the network, and transfer the traffic to inside the network, resulting in the same data redundantly received and transferred. However, if a multicast router receives a membership query message from the Corecess R1P-VD Series, which is not a multicast route, but a system that provides IGMP snooping functions, and recognizes it as a multicast router, it may stop its role as the IGMP querier (if the IP address of the Corecess R1P-VD Series is smaller than the IP address of the multicast router). If this happens, a problem may occur in which the multicast router stops forwarding multicast traffic from outside the network into the LAN. Therefore, membership query messages must not be sent from the Corecess R1P-VD Series to the multicast router. In order to do so, the port connected to the multicast router must be manually set as a router port. To configure a static router port, use the command in the Global configuration mode:
Table 11-3 Configuring a static router port
Command configure terminal ip igmp snoop mrouter port <port-type> <slot>/<port> vlan id <vlanid> end show ip igmp snoop mrouter
Task 1. Enter Global configuration mode. 2. Configure a specified port as a router port. y <port-type>: The type of the port to configure as a router port. ( gigabitethernet, VDSL) y <slot>/<port>: The slot number and port number of the port. y <vlan-id>: VLAN ID 3. Return to Privileged mode. 4. Verity the static router port.
The following example shows how to add the Gigabit Ethernet port 1/1 as a router port:
# config terminal (config)# ip igmp snoop mrouter port gigabitethernet 1/1 vlan id 1 (config)# end
11-9
# show ip igmp snoop mrouter ---------port ---------Internal 1/1 ------------------# Note: Multicast routers that support only IGMPv1 cannot process host membership report messages received from devices that support IGMPv2. In addition, multicast routers which support only IGMPv1 cannot understand Leave messages, which are sent by hosts leaving multicast groups. Since there is no way for IGMP snooping devices, such as the Corecess R1P-VD Series, to automatically recognize ports connected to these IGMPv1 multicast routers, the user must manually specify them. ----vlan ----N/A 1 ----------------------router ip --------------0.0.0.0 0.0.0.0 -----------------------------
Total Number : 2
11-10
R1P-VD User's Guide
Defining a Multicast Group

Hosts normally join multicast groups dynamically, but you can also configure a host statically on an interface. To define a multicast group, perform this task in the privileged mode:
Table 11-4 Defining a multicast group
Command configure terminal no ip igmp snoop ip igmp snoop mgroup <group-address> port <port-type> <slot>/ port> [vlan <vlan-id>] end show ip igmp snooping
Task 1. Go to global configuration mode. 2. If IGMP snooping is enabled globally, disable IGMP snooping. 3. Define a multicast group. y <group-address>: Address of the multicast group. y <port-type>: The type of the port to configure of a member port. ( gigabitethernet, VDSL) y <slot>/<port>: The slot number and port number of the port. 4. Return to Privileged mode. 5. Verify the IGMP multicast group.
Reference: This command is only valid when the IGMP snooping function is not active.
The following example shows how to add the VDSL 2/1 ~ 2/5 as a member of group 01:00:5e:02:02:02:
# config terminal (config)# no ip igmp snoop (config)# ip igmp snoop mgroup 225.2.2.2 port VDSL 2/1-5 vlan id 2 (config)# end # show ip igmp snoop 1 1 # 224.0.255.1 225.2.2.2 0.0.0.0 0.0.0.0 2/5-8 1/1-5 static static 0 0
11-11
Configuring Membership Timeout

Group membership timeout defines how long a group will remain active on an interface in the absence of a group report. Possible values are from 1 - 260 seconds and the default value is 260 seconds. To configure IGMP group membership timeout, perform this task in the privileged mode:
Table 11-5 Configuring Membership timeout
Command configure terminal ip igmp snoop membership timeout <second> end show ip igmp snoop mgroup 1. Enter Global configuration mode.
Task
2. Set IGMP group membership timeout. y <second>: IGMP group membership time in seconds (1 ~ 260) 3. Return to Privileged mode. 4. Verify the IGMP group membership timeout.
The following example shows how to change IGMP membership time to 240 seconds:
# config terminal (config)# ip igmp snoop membership timeout 240 (config)# end # show ip igmp snoop membership timeout 240 #
11-12
R1P-VD User's Guide
Configuring the Maximum Number of IGMP Groups

Each port on the Corecess R1P-VD series can join up to 1024 multicast groups at time. To configure the maximum number of IGMP groups that a port can join, perform this task in the privileged mode:
Table 11-6 Configuring the maximum number of IGMP groups
Command configure terminal ip igmp snoop groupnumber-limit <number> port <port-type> <slot>/<port> 1. Enter Global configuration mode.
Task
2. Specify the maximum number of IGMP groups that a port can join. y <group-number>: Maximum number of IGMP groups that the specified port can join (1 ~ 4094). y <port-type>: The type of the port to configure. ( gigabitethernet, VDSL) y <slot>/<port>: The slot number and port number of the port.
The following example shows how to specify the number of multicast groups for the Fast Ethernet port 2/1 to 2048 and verify the result:
(config)# ip igmp snoop group-number-limit 2049 port fastethernet 2/1 2048 (config)# end # show ip igmp snoop port fastethernet 2/1 Port 2/1(2/1) BridgeIndex(65) (link down) ref(2) fast-leave (off), access-group (none) group(s): host(s): 0 stats : received (report/leave/query) 0/0/0 : sent (report/leave/query) 0/0/0 # static/dynamic/mrouter (0/0/0) limit(2048)
To restore the default value, enter the no ip igmp snoop group-number-limit command in Global configuration mode. (config)# no ip igmp snoop group-number-limit port fastethernet 2/1 (config)#
11-13

This section describes how to display IGMP configuration:
y y y y Displaying Multicast Group Information Displaying Multicast Router Interface Displaying the List of Interfaces IGMP Fast-leave is Enabled Displaying IGMP Group Membership Time
Displaying IGMP Snooping information

IGMP snooping information can be seen by executing show ip igmp snoop command in the Privileged mode,.
Command show ip igmp snoop [vlan id <vlan-id>] Description y <vlan-id> VLAN's ID (1 ~ 4094) . Display VLAN's IGMP snooping information that specify.
This section describes displaying IGMP snooping information. To displays the multicast groups that are directly connected to the system and that were learned via IGMP, enter the show ip igmp snoop command in Privileged mode:
# show ip igmp snoop ---vlan ---1 2 ------# --------------mac group --------------1:0:5e:64:64:65 ------------------------------------------group ip --------------239.100.100.101 -------------------------------------ports ---------2/5-8 2/1-4 ------------------------type ------static static ------------------timeout ------N/A 240 -------------
0:a0:cc:77:a1:8d 224.1.2.3
Total number : 2
The following example displays the multicast groups for the default VLAN:
11-14
R1P-VD User's Guide
# show ip igmp snoop vlan id 1 ---vlan ---1 ------# --------------- --------------mac group group ip --------------- --------------1:0:5e:64:64:65 239.100.100.101 --------------- ----------------------------- -----------------------ports ---------1/1-4,2/1 ------------------------type ------static ------------------timeout ------N/A -------------
Total number : 1
The following table describes the fields in the show ip igmp snoop command output:
Table 12-17 show ip igmp snoop field descriptions
Filed vlan mac group group ip ports type VLAN ID of the multicast group. MAC Address of the multicast group.
Description
IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed. Interface through which the group is reachable. How the multicast group is registered. - static : Multicast groups that are directly connected to the system. - dynamic : Multicast groups that were learned by IGMP snooping. How long in seconds until the entry is removed from the IGMP groups table. In case of a static multicast group, 0 is displayed.
timeout left
11-15
Displaying Multicast Router Interface

When you enable IGMP snooping, the Corecess R1P-VD Series automatically learns to which interface a multicast router is connected. To display information on dynamically learned and manually configured multicast router interfaces, use the show ip igmp snoop mrouter command in Privileged mode. The following example shows how to display information on all multicast router interfaces on the Corecess R1P-VD Series:
# show ip igmp snoop mrouter ---------port ---------2/1 ------------------# ----vlan ----1 ----------------------router ip --------------172.19.2.1 -----------------------------
Total Number : 1
The following table describes the fields in the show ip igmp snoop mrouter command output:
Table 11-7 show ip igmp snoop mrouter field descriptions
Filed port vlan router ip Total Number
Description Slot number and port number of the multicast router port ID of the VLAN that the multicast router port belongs to. IP address of multicast router that the multicast port is connected to. The number of multicast router ports that are registered to the system.
11-16
R1P-VD User's Guide
Displaying the List of Interfaces IGMP Fast-leave is Enabled

To display the list of the VLANs and ports which IGMP fast-leave feature is enabled on, use the show ip igmp snoop fast-leave command in Privileged mode. If you enable IGMP fast-leave feature, the system immediately removes a port when it detects an IGMP version 2 leave message on that VLAN or port. The following is the sample output from show ip igmp snoop fast-leave command:
# show ip igmp snoop fast-leave vlan : 1 port : 1/1 #
Displaying IGMP Group Membership Time

To display IGMP group membership time which defines how long a group will remain active on an interface in the absence of a group report, use the show ip igmp snoop membership timeout command in Privileged mode.
# show ip igmp snoop membership timeout 260 #
11-17
IGMP Snooping Configuration Commands
IGMP Snooping Configuration Commands

The following table lists the commands for configuring IGMP snooping on the Corecess R1P-VD series:
Table 11-8 IGMP snooping configuration commands
Command ip igmp snoop ip igmp snoop fast-leave ip igmp snoop group-number-limit ip igmp snoop membership timeout ip igmp snoop mgroup ip igmp snoop mrouter ip igmp snoop vlan id show ip igmp snoop show ip igmp snoop fast-leave show ip igmp snoop membership timeout show ip igmp snoop mrouter show ip igmp snoop vlan
Description Globally enables IGMP snooping. Enables IGMP fast-leave processing which the function is the system immediately removes a port when it detects an IGMP version 2 leave message on that port. Sets the maximum number of IGMP groups that the port can join. Specifies IGMP group membership time which defines how long a group will remain active on an interface in the absence of a group report. Hosts normally join multicast groups dynamically, but you can also configure a host statically on an interface. Adds a router port. Enables IGMP snooping on the specified VLAN. Displays the multicast groups that are directly connected to the system and that were learned via IGMP. Lists the ports which IGMP fast-leave processing is enabled on. Displays IGMP group membership time which defines how long a group will remain active on an interface in the absence of a group report. Displays multicast router ports. Displays the information of the multicast groups of the specified VLAN.
11-18
R1P-VD User's Guide
Chapter 12
Configuring DHCP & ARP Snooping
This chapter describes how to configure DHCP snooping and ARP snooping for the Corecess R1P-VD series to manage the DHCP traffic and ARP traffic. 9 9 9 DHCP Snooping ARP Snooping L2DhcpRelay 12-2 12-17 12-20
DHCP Snooping
DHCP Snooping
DHCP Snooping Overview
The DHCP server uses a client-server model that allocates IP address and other optional setup parameters to the client (host) when client is booting. These setup parameters are leased by the server to the client for a set amount of time. When the host is booted, TCP/IP stack within the host delivers the broadcast message (DHCPDISCOVER) acquires the IP address and subnet mask from a variety of other setup parameters. This starts message exchange between the DHCP server and the host. DHCP is composed of DHCP client, DHCP server, and DHCP relay agent. The DHCP client demands that the DHCP server allocates resources. The DHCP server allocates network resources according to the DHCP client requests. The DHCP relay agent newly delivers the request and reply packets between the DHCP client and the DHCP server. DHCP Client
Network resources IP
DHCP Server
address and so on
DHCP relay DHCPACK
DHCPREQUEST
DHCP relay agent DHCPREQUEST
DHCP Client DHCP snooping uses the following types of ports:

y Server port (Uplink port)
Server port relays the DHCP messages between the client ports and the transparent ports. No policy is applied to the server port. If no server port is specified, the DHCP messages will be sent to CPU.
12-2
R1P-VD User's Guide
DHCP Snooping
y Client port
Client port generates, deletes, or manages the dynamic binding entries using DHCP messages which are passed through and transmits the DHCP messages (DHCPDISCOVER, DHCPREQUEST, and so on) to the server ports. If there is no server port, client port sends the messages to CPU.
y Transparent port
Transparent port does the same functions as the client port. But no policy and limitation are applied. DHCP snooping uses the following filtering rules:
y System base rule System base rule is the global filtering rule applied to the whole system. There are two system base rules, permit and deny. If the system base rule is set to deny, all packets except DHCP messages will be denied on all ports. If the system base rule is set to permit, all packets will be forwarded on all ports. The default system base rule is deny. y Port base rule
Port base rule is the filtering rule applied to a specific port. It overrides the system base rule. There are two port base rules, permit and deny. If the port base rule is set to deny, all packets except DHCP messages will be denied on the specified port. If the port base rule is set to permit, all packets will be forwarded on the specified port. The following picture illustrates the flow of the DHCP authentication process. From the viewpoint of DHCP server, the client sends the DHCPDISCOVER message using datalink-level broadcasting. When the server has allocated network resources (such as IP address), the DHCP server that received the DHCPDISCOVER message relays the DHCPOFFER message to the client. Then the client (if the client receives a reply from more than one server) selects a server, and relays the DHCPREQUEST. The DHCP server that received the DHCPREQUEST message sends the client the DHCPACK message which includes information about the allocated resources. Finally, the client uses this information to connect to the network.
12-3
DHCP Snooping
DHCP Server (Not selected)
DHCP Client
DHCP Server (Selected)
The switch drops DHCP packets if any of the following situations arises:
The switch receives a packet such as DHCPOFFER, DHCPACK, DHCPNAK from the DHCP server, or a DHCPLEASEQUERY packet from outside the network or firewall.
The switch receives the packet on an unsecured connection, and the source MAC address and DHCP client hardware address do not coincide.
The switch has received DHCPRELEASE or DHCPDECLINE message that has MAC address within the DHCP snooping binding table, but the data in the connection data in the binding table and the connection data of the received message do not coincide.
The switch has received DHCP packet with a relay agent IP address other than 0.0.0.0.
12-4
R1P-VD User's Guide
DHCP Snooping
DHCP snooping uses the following filtering rules:

System base rule
The system base rule is a global filtering rule that applies to the entire system. There are two system base rules, permit and deny. If the system base rule is set to deny, all packets other than DHCP message packets will be denied in all ports. If the system base rule is set to permit, all packets will be transmitted in all ports. The default system base rule is deny.
Port base rule
The port base rule is a filtering rule that applies to specific ports. This rule overrules the system base rule. There are also two port base rules, permit and deny. If the port base rule is set to deny, all packets other than DHCP message packets will be denied in a specific port. If the port base rule is set to permit, all packets will be transmitted in a specific port.
12-5
DHCP Snooping
DHCP Messages
These DHCP messages are used to determine the DHCP snooping action:
Table 12-1 DHCP snooping action according to DHCP message type
DHCP Message
DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK
DHCP Snooping Action

Forwards this message to the server port or the CPU. Forwards this message to the client ports. Forwards this message to the server port or the CPU. Forwards this message to the client ports.
When DHCP snooping is enabled, the system base rule is set to deny which means no packets can be received or sent except DHCP messages. The DHCP messages received from the client ports will be forwarded to the server port or the CPU. If the CPU detects DHCPACK message is received from the DHCP server, DHCP snooping saves the binding information (such as the MAC address, the IP address, the lease time, and so on) in the database, and then forwards the message to the client ports.
DHCP Snooping Operation

DHCP snooping dynamically creates binding entries using the information included in DHCPACK message sent to a DHCP client and applies filtering rule to the binding entries. DHCP snooping also activates timer for the binding entries using the lease time included in DHCPACK message. DHCP clients that permit filtering rule is applied can communicate. Binding entices can be manually added using the CLI command. Binding entries are removed when DHCPRELEASE messages are received from the client ports or when the lease time has expired. Binding entries can be manually deleted using the CLI command or SNMP manger. When a link of a DHCP client is down, DHCP snooping applies deny filtering rule to the binding entry and keep maintaining information on the binding entry instead of deleting it immediately. When the link is up again, DHCP snooping applies permit filtering rule and restart the service for the DHCP client. If DHCPREQUEST message is received again from a DHCP client and the DHCP server sends DHCPACK message in response to DHCPREQUEST message, the timer for this binding entry is updated to the lease time include in new DHCPACK message.
12-6
R1P-VD User's Guide
DHCP Snooping
Configuring DHCP Snooping

This section describes the following DHCP snooping configuration tasks:
y y y y y y y y y Enabling DHCP snooping Specifying DHCP snooping ports Configuring the system filtering rules Configuring port filtering rules Configuring information policy Specifying the maximum number of DHCP clients Adding static binding entries Clearing dynamic binding entries Enabling DHCP option 82 data insertion
Enabling DHCP Snooping

If you enable DHCP snooping, the system base rule is set to deny which is no packet can be received or sent except DHCP messages. To enable DHCP snooping on the Corecess R1P-VD series, use the following command in Privileged mode:
Table 12-2 Enabling DHCP snooping
Commands configure terminal ip dhcp snoop
Task 1. Enter the Global configuration mode. 2. Enable the DHCP snooping.
The following example enables DHCP snooping on the Corecess R1P-VD16:

# configure terminal (config)# ip dhcp snoop (config)#
To disable DHCP snooping on the Corecess R1P-VD series, use the no ip dhcp snoop command in Global configuration mode.
(config)# no ip dhcp snoop (config)#
12-7
DHCP Snooping
Specifying DHCP Snooping Ports

To specify DHCP snooping ports, use the following command in Global configuration mode:
Table 12-3 Specifying DHCP snooping ports
Commands
Description Specifies DHCP snooping port. ( <port-type>: Type of the port to be configured as a DHCP snooping port. ( <slot>/<port>: Slot number and port number of the port to be configured as a DHCP snooping port. ( <snoopport-type>: Type of the DHCP snooping port. Select one of the following types: - client: Sets the specified port as a client port (default). - server: Sets the specified port as a server port. - transparent: Sets the specified port as a transparent port.
ip dhcp snoop port <port-type> <slot>/<port> [<snoopport-type>]
Note: If you enable DHCP snooping, all packets except DHCP messages will be discarded on all ports. If you do not want to apply this limitation to a port, configure the port as a transparent port.
The following example specifies the Gigabit Ethernet ports 1/1-2 as a server port:
(config)# ip dhcp snoop port gigabitethernet 1/1-2 server (config)#
The following example specifies the VDSL ports 3/1 as DHCP snooping ports:
(config)# ip dhcp snoop port VDSL 3/1 (config)#
12-8
R1P-VD User's Guide
DHCP Snooping
Configuring the System Filtering Rules

To configure DHCP snooping filtering rule applied to the system, use the following commands in Global configuration mode:
Table 12-4 Configuring the system filtering rules
Commands ip dhcp snoop base-rule {deny | permit}
Task 1. Configure DHCP snooping filtering for the whole system. y permit: Disables the DHCP snooping filtering (all permit rule). y deny: Enables the DHCP snooping filtering (all deny rule). 2. Specify the type of DHCP snooping filtering rule. y <type>: The type of DHCP snooping filtering rule. - ip: Applies IP-based filtering rule. - mac: Applies MAC-based filtering rule. - non: DHCP session tracking mode
ip dhcp snoop rule-type <type>
The following example shows how to enable DHCP snooping filtering for the whole system:
(config)# ip dhcp snoop base-rule deny (config)#
The following example shows how to set the type of DHCP snooping filtering rule:
(config)# ip dhcp snoop rule-type ip (config)#
12-9
DHCP Snooping
Configuring Port Filtering Rules

To configure DHCP snooping filtering rule applied to a specific port, use the following commands in Global configuration mode:
Table 12-5 Configuring port filtering rules
Commands
Task 1. Configures DHCP snooping filtering rule for the specified port. y <port-type>: Type of the port to configure the filtering rule. y <slot>/<port>: Slot number and port number of the port to configure the filtering rule. y permit: Disables the DHCP snooping filtering (all permit rule). y deny: Enables the DHCP snooping filtering (all deny rule). 2. Configure the packet type allowed on the specified port. y <port-type>: Type of the port y <slot>/<port>: Slot number and port number of the port. y <packet-type>: The type of packets allowed on the port Select one of the followings: - all: all types of packets (multicast, unicast, and unknown unicast). - unicast: all types of packets except the multicast packets (unicast and unknown unicast). - strict-unicast: unicast packets only
ip dhcp snoop port <port-type> <slot>/<port> base-rule {deny | permit}
ip dhcp snoop port <port-type> <slot>/<port> port-rule <packet-type>
The following example shows how to disable DHCP snooping filtering for the VDSL port 3/1:
(config)# ip dhcp snoop port VDSL 3/1 base-rule deny (config)#
The following example configures the VDSL port 3/1 to receive the only unicast packets from the DHCP clients:
(config)# ip dhcp snoop port VDSL 3/1 port-rule unicast (config)#
12-10
R1P-VD User's Guide
DHCP Snooping
Configuring Information Policy

You can configure the policy for the information about the binding of IP addresses to clients. By default, the Corecess R1P-VD series ignores the information which is different from the existing information (drop policy). To configure the information reforwarding policy, use the following command in Global configuration mode:
Table 12-6 Configuring information policy
Commands ip dhcp snoop information policy {drop | replace}
Description y drop: Ignores the information which is different from the existing information. y replace: Replace and forwards the information which is different from the existing information.
The following example shows how to change the information reforwarding policy to replace:
(config)# ip dhcp snoop information policy replace (config)#
Specifying the Maximum Number of DHCP Clients

To specify the maximum number of DHCP clients for a specific port, use the following command in Global configuration mode:
Table 12-7 Specifying the maximum number of DHCP clients
Commands ip dhcp snoop port <port-type> <slot>/<port> clientlimit <number>
Description Specify the maximum number of DHCP clients for a specific port. y <port-type>: Type of the port. y <slot>/<port>: Slot number and port number of the port. y <number>: Maximum number of the DHCP clients (1 ~ 255).
The following example specifies the maximum number of the DHCP clients for the VDSL ports 3/1:
(config)# ip dhcp snoop port VDSL 3/1 clients-limit 10 (config)#
12-11
DHCP Snooping
Adding Static Binding Entries

To add static binding entries, use the following command in Global configuration mode:
Table 12-8 Adding static binding entries
Commands ip dhcp snoop port <port-type> <slot>/<port> static <mac-addr> <ip-addr>
Description Add a static DHCP snoop binding entry. y <port-type>: Type of the port to add a binding entry. y <slot>/<port>: Slot number and port number of the port. y <mac-addr>: MAC address of a DHCP client. y <ip-addr>: IP address of a DHCP client.
The following example shows how to add a static binding entry to the VDSL port 3/1:
(config)# ip dhcp snoop port VDSL 3/1 static 0:4:23:24:bb:6f 10.10.10.1 (config)#
Clearing Dynamic Binding Entries

To clear all dynamic binding entries, use the following command in Privileged mode:
Table 12-9 Clearing dynamic binding entries
Commands clear ip dhcp snoop port <port-type> <slot>/<port> *
Description Clears all dynamic binding entries. y <port-type>: Type of the port to clear dynamic binding entries. y <slot>/<port>: Slot number and port number of the port.
The following example shows how to clear all dynamic binding entries generated on the VDSL port 3/124:
# clear ip dhcp snoop port VDSL 3/1-24 * #
12-12
R1P-VD User's Guide
DHCP Snooping
Enabling DHCP Option 82 Data Insertion

You can enable Corecess R1P-VD series to insert DHCP relay agent information (option-82 field) in DHCPREQUEST messages forwarded from DHCP clients to the DHCP server. The DHCP server can use this information to implement security and IP address assignment policies. Option 82 communicates information to the DHCP server using a suboption of the DHCP relay agent information option. There are three types of suboptions supported by the Corecess R1P-VD series, ATMVC, NAS, and Switch.
The following shows the format of the suboption when you select ATM-VC encoding: for example, 00120-DSL01-001/00-0/01-0/03/2/32@HRl-C.
<location:5>-<DSLAM type:5>-<DSLAM sequence:3>/ <shelf:2>-<subshelf:1>/<slot:2>/<port:2>/<vpi:3>/<vci:5>@ <MDF>
n o p
Each field is expressed in the <field name:bits> form. Each part means location code (n), port information (o), and site code (p). You can set the location code and site code using the ip dhcp
snoop opt82-attr in Global configuration mode. If you set the Circuit ID for a port or a PVC
using ip dhcp snoop port circuit-id command, the Circuit ID is used for DHCP option 82 data instead of the above suboption format. The following figure shows the format of the suboption when you select NAS encoding:
Port type (1 byte) Version (1 byte) Reserved (2 bytes) NAS IP address (4 bytes) N/A (1 byte) Slot (1 byte) Port (2 bytes)
The following figure shows the format of the suboption when you select Switch encoding:
Type (1 byte) Length (1 byte) Ifindex (4 bytes) Type (1 byte) Length (1 byte) Switch-mac (6 bytes)
To configure the information reforwarding policy, use the following command in Global configuration mode:
12-13
DHCP Snooping
Table 12-10 Enabling DHCP option 82 data insertion
Command
Task 1. Enables DHCP option 82 data insertion. y atm-vc: DHCP option 82 field is encoded based on ATM-VC. y nas <ip-address>: DHCP option 82 field is encoded based on the IP address of NAS. y switch: DHCP option 82 field is encoded based on the interface index and MAC address of the switch. 2. When you select atm-vc option in the above step, set DHCP option 82 data using the following commands.
ip dhcp snoop opt82 {atm-vc | nas <ip-address> | switch}
ip dhcp snoop opt82-attr {location-code | sitecode} <string>
2-1. Sets DHCP option 82 data that is globally used. y location-code: Defines location code for ATM-VC encoding. ( site-code: Defines site code for ATM-VC encoding. ( <string>: Strings defining the specified attribute. 2-2. Sets DHCP option 82 data that is used for a specific port or PVC (Circuit ID). y <port-type>: Type of the port to set DHCP option 82 data. y <slot>/<port>: Slot number and port number of the port. y <channel>: The logical channel number of a PVC (1 ~ 8). y <string>: Strings defining the Circuit ID
ip dhcp snoop port <port-type> <slot>/<port> [.<channel>] circuit-id <string>
Note: If you not specify the DHCP option 82 data for a port or a PVC (Circuit ID) using the ip dhcp snoop port circuit-id command, the global DHCP option 82 data defined using the ip dhcp snoop opt82-attr command is used.
The following example shows how to enable the system to insert DHCP option 82 data based on ATMVC and how set the location code and site code that is used globally:
(config)# ip dhcp snoop opt82 atm-vc (config)# ip dhcp snoop opt82-attr location-code 00120-DSL01-001 (config)# ip dhcp snoop opt82-attr site-code HRl-C (config)#
This example shows how to specify the Circuit ID for the VDSL port 3/1:
(config)# ip dhcp snoop port VDSL 3/1 circuit-id DSL1/04/01/0/35/01@MDF1 slotport 2/1 circuit_id(DSL1/04/01/0/35/01@MDF1) (config)#
12-14
R1P-VD User's Guide
DHCP Snooping
Displaying DHCP Snooping Configuration

Displaying DHCP Snooping Configuration
To display the DHCP snooping configuration, use the show ip dhcp snoop command in Privileged mode. The following is the sample output from show ip dhcp snoop command:
# show ip dhcp snoop ip dhcp snoop is enable system's base rule : deny option82 insertion mode : atm-vc option82 NAS ip : 0.0.0.0 option82 attribute location-code : 00120-DSL01-001 option82 attribute site-code : HR1-C #
Displaying DHCP Snooping Binding Information

To displays the DHCP snooping binding configuration, use the show ip dhcp snoop binding command in Privileged mode.
Table 12-11 Displaying DHCP snooping binding information
Command show ip dhcp snoop binding {port <port-type> vlan id <slot>/<port> | <vlan-id> <ip-address>}
Description y <port-type>: Type of the port to display the IP address binding information y <slot>/<port>: Slot number and port number of the port. y <vlan-id>: VLAN ID (1 ~ 4094). y <ip-address>: IP address assigned to a DHCP client.
The following is the sample output from show ip dhcp snoop binding command:
# show ip dhcp snoop binding port VDSL 3/1 port 2/1 IP address binding information Hardware address : 0:4:23:24:bb:6f, ip address: 10.10.10.1 client status : established, lease expiration : 3 minutes rule : permit is applied # operation status : request (2 minutes 39 seconds elapsed)
server ip : 10.10.10.254, router ip : 10.10.10.254
12-15
DHCP Snooping
Displaying DHCP Snooping Port Information

To displays the DHCP snooping port configuration, use the show ip dhcp snoop port command in Privileged mode.
Table 12-12 Displaying DHCP snooping port information
Command show ip dhcp snoop port <port-type> <slot>/<port>
Description y <port-type>: Type of the port to display the DHCP snooping information. y <slot>/<port>: Slot number and port number of the port to display the DHCP snooping information.
The following is the sample output from show ip dhcp snoop port command:
# show ip dhcp snoop port VDSL 3/1 DHCP snooping port 2/1 is disable ref(3) type(L:A) link up, vlan 0, clients limit 10 (serviced 0) base port rule: deny, port snooping type: client port traffic rule: unicast port timer-id: off opt82 circuit-id (none) #
12-16
R1P-VD User's Guide
ARP Snooping
ARP Snooping
Configuring ARP Snooping
This section describes the following ARP snooping configuration tasks:
y Enabling ARP snooping
y Configuring secure-reply check type y Configuring secure-request type
Enabling ARP Snooping

To enable ARP snooping on the Corecess R1P-VD series, use the following commands in Privileged mode:
Table 12-13 Enabling ARP snooping
Commands configure terminal ip arp snoop
Task 1. Enter the Global configuration mode. 2. Enable the DHCP snooping.
The following example shows how to enable ARP snooping on the Corecess R1P-VD24:
# configure terminal (config)# ip arp snoop (config)#
To disable ARP snooping on the Corecess R1P-VD series, use the no ip arp snoop command in Global configuration mode.
(config)# no ip arp snoop (config)#
12-17
ARP Snooping
Configuring Secure-Reply Check Type

To set sanity check referred to DHCP binding information for ARP source and target address, use the following commands in Global configuration mode:
Table 12-14 Configuring Secure-Reply Check Type
Commands ip arp snoop reply {all|source|target}
Task Configure secure-reply check type. y all: Check source and target address. y source: Check source address. y target: Check target address.
The following example shows how to set sanity check on the Corecess R1P-VD24:
(config)# ip arp snoop reply source (config)#
Configuring Secure-Request Type

There four type of secure-request types as follows: y Broadcast: Broadcast ARP request packets to bridge ports. y Protected-broadcast: Broadcast ARP packets to only server ports and router ports. Thus, local proxy ARP should be enabled. Protected-broadcast is only operating when the base rule of DHCP snooping is set to deny (ip dhcp snoop base-rule deny command). y Restrict-broadcast: Check the match of a source IP and a source hardware address referred to NetSnoopIpPool table. If the source IP and a source hardware address are not matched, the ARP request is discarded. On the other hand, matched ARP request packets are broadcasted. y Secure-broadcast: Operation of this method is the same as restrict-broadcast. But, if a dest-ip, exists in the NetSnoopIpPool table, is requested, the dest-ip is translated to unicast MAC and is requested for ARP. This method can reduce the amount of broadcast and secure the information of subscribers. In addition, it makes usage ratio of DSL line are increased.
12-18
R1P-VD User's Guide
ARP Snooping
To configure secure-request type, use the following commands in Global configuration mode.
Table 12-15 Configuring Secure-Request Type
Commands configure terminal ip arp snoop request {broadcast| protected-broadcast| restrict-broadcast| secure-broadcast} 1. Enter Global configuration mode.
Task
2. Configure secure-request type. y broadcast: No ARP check. Broadcast ARP request. y protected-broadcast: Broadcast ARP requests to only sever and router ports. y restrict-broadcast: Check source address if source is valid or not. y secure-broadcast: Convert ARP request to unicast request.
The following example shows how to configure secure-request type on the Corecess R1P-VD24:
# configure terminal (config)# ip arp snoop request secure-broadcast (config)#
Displaying ARP Snooping Configuration

Displaying ARP Snoop Table
To display the ARP Snoop table (NetSnoopIpPool), use the show ip arp snoop table command in Privileged mode. The following is the sample output from the show ip arp snoop table command:
# show ip arp snoop table ip arp snoop $Revision: 1.2 $ vlan 1 Status(A:Auth, R:Router, S:Static, I:Incomplete) vlan 1 total entries = 0 #
12-19
L2DhcpRelay
L2DhcpRelay
L2DhcpRelay is the fuction that relay DHCP packet to DHCP server in L2 Switch. Usually, When there is no DHCP server to subnet with client that receive actual IP, it is that 'L2Dhcprelay' relay packet between DHCP client and DHCP server. Therefore, this function acts in gateway. However, you should offer DHCP Relay function in L2 switch if it is situation that operate each DHCP server because several subnets share single gateway mounting and ISP exists in each subnet. In this case you need DHCP Relay function in L2 switch. Command
[no] vlan [no] vlan ip id ip id dhcp <id> dhcp <id> snoop l2-relay gateway ip <ip> snoop l2-relay helper-address <ip>
Task
To relevant vlan giaddr l2-relay that do <ip> action. To vlan that l2-relay is acting helper-address addition.
The setting example is as follows; localhost# configure terminal localhost(config)# ip dhcp snoop localhost(config)# ip dhcp snoop l2-relay vlan id 10 gateway ip 10.1.1.254 localhost(config)# ip dhcp snoop l2-relay vlan id 10 helper-address 20.1.1.1 localhost(config)# ip dhcp snoop l2-relay vlan id 20 gateway ip 30.1.1.254 localhost(config)# exit Setting confirmation. localhost# show ip dhcp l2-relay Corecess L2-Relay Configurations -----------------------------------------------------------------VLAN 10 Status enable Helper-address 20.1.1.1 ------------------------------------------------------------------
12-20
R1P-VD User's Guide
L2DhcpRelay
20 30 localhost#
enable disable
NULL NULL
------------------------------------------------------------------
12-21
L2DhcpRelay
12-22
R1P-VD User's Guide
Chapter 13
Accounting).
Configuring AAA
This chapter describes how to configure PPPoE snooping and AAA(Autentication Authorization
9 9 9 9
PPPoE Snooping
13-2
RADIUS Management 13-7 802.1X 13-11
Pass-through 13-19
PPPoE Snooping
PPPoE Snooping
This solution is designed for the PPPoE access method and is based on the Access Node implementing a PPPoE intermediate agent function in order to insert access loop identification. This functionality is described in the following. The PPPoE Intermediate Agent intercepts all upstream PPPoE discovery stage packets, i.e. the PADI, PADR and upstream PADT packets, but does not modify the source or destination MAC address of these PPPoE discovery packets. Upon reception of a PADI or PADR packet sent by the PPPoE client, the Intermediate Agent adds a PPPoE TAG to the packet to be sent upstream. The TAG contains the identification of the access loop on which the PADI or PADR packet was received in the Access Node where the Intermediate Agent resides. If a PADI or PADR packet exceeds 1500 octets after adding the TAG containing the access loop identification, the Intermediate Agent must not send the packet to the Broadband Network Gateway. In response to the received PADI or PADR packet, the PPPoE Intermediate Agent should issue the corresponding PADO or PADS response with a Generic-Error TAG to the sender.
PPPoE Client
PADI
Corecess PPPoE Snoop agent
PPPoE+ support server
PADI+tag ge
d msg
PADO
PAD O
PADR PADR + ta gged msg
PADS
P AD S
PADT
PADT
13-2
R1P-VD User's Guide
PPPoE Snooping
The concept of PPPoE Snooping function can know through above figure. Existent PPPoE Service could not send identification informations to PPPoE Server. PPPoE Snooping fuction can send message adding Circuit ID or Remote-ID from PPPoE client server configured PPPoE or PPPoE+ to
0x0105 (Vendor-Specific)
TAG_LENGTH
0x00000DE9 or Corecess ID
0x01
length
Agent Circuit ID value
0x02
length
Agent Remote ID vlaue
PPPoE Snooping fuction send Corecess ID, Circuit ID and Remote-ID and so on to PPPoE or PPPoE+ server Using verdor-specfi-tag among one of TLV value
Configuring AAA
13-3
PPPoE Snooping
Configuring PPPoE Snooping

The PPPoE Snooping is set up as a pair of Server Port/Client port. This setup is enabled using the following commands.
Commands configure terminal
Task Enter Global configuration mode.
pppoe-snoop pppoe-snoop port <Port Type> <Port Number> server/client pppoe-snoop port <Port Type> <port Number> tag dsl
Enable PPPoE snooping. Sets up whether the port to be determined as .PPPoE snooping isServer Port or Client Port. The PPPoE snoop agent sets up the DSL tag.
The following is an example of PPPoE Snooping setup. (During DSL tag setup)
Localhost# configure terminal Localhost(config)# pppoe-snoop Localhost(config)# pppoe-snoop port fastethernet 3/7 server Localhost(config)# pppoe-snoop port fastethernet 3/1-3 client Localhost(config)# pppoe-snoop port fastethernet 3/1-3 tag dsl Localhost(config)# end
PPPoE Snooping Client Session confirming

At PPPoE snooping, the current state of Client, Client MAC address and Server MAC address can be confirmed with a command used for checking subscribers connected to the Client port.
Commands Show pppoe-snoop client session
Task Enable the confirmation of Client Session currently at the PPPoE Snooping
The following is an example of confirming the PPPoE Snooping Client Session.
13-4
R1P-VD User's Guide
PPPoE Snooping
Right_Router# show pppoe-snoop client session

PPPoE Snoop Session Client Codes: I :The client sends PADI and waits for PADO O :The server send PADO and waits for PADR R :The client sends PADR and waits for PADS S :The client receives PADS from the server T :PADT is sent by either the client or the server ---- ---- ---- ------------------- ------------------ ----- ------Slot Port Vid Client mac-address Server mac-address State Timeout 00:0X:XX:XX:XX:XX 00:0X:XX:XX:XX:XX IORS IORS 783377 482377 ---- ---- ---- ------------------- ------------------ ----- ------0003 0002 0000 00:X0:00:XX:XX:XX 0003 0001 0000 00:X0:00:XX:XX:XX Total PPPoE Snoop Sesson 2
---- ---- ---- ------------------- ------------------ ----- -------
Setting Up the Compatibility between PPPoE Snooping and Cisco Equipment

Commands configure terminal pppoe-snoop port <Port Type> <Port Number> compact cisco Task Enter Global configuration mode. Setup is done at the Client Port and gets set up if the PPPoe-Server is Cisco equipment.
The following is an example of setting up compatibility between PPPoE Snooping and Cisco equipment.
Localhost# configure terminal Localhost(config)# pppoe-snoop port fastethernet 3/1-3 compact cisco Localhost(config)# end
Configuring AAA
13-5
PPPoE Snooping
Setting up node-id, circuit-id, remote-id with PPPoE Snooping

Commands configure terminal pppoe-snoop port node-id <WORD> Task Enter Global configuration mode.. Decide ID that go out commonly to PPPoE Packet to Client port that leave equipment. When is not established, specify Circuit-id as Corecess_PPPoE+_Node by default
Commands configure terminal pppoe-snoop port <Port Type> <Port Number> circuit-id <WORD>
Task Enter Global configuration mode.. Configure ID entering to remote-id of PPPoE Packet to Client port to leave equipment. If it is configued to port, Each Circuit-ID has priority more than global ID
Commands configure terminal pppoe-snoop port <Port Type> <Port Number> remote-id <WORD>
Task Enter Global configuration mode. Configure ID entering to remote-id of PPPoE Packet to Client port to leave equipment. Remote-id is optional
The following is an example of setting up node-id, circuit-id and remote-id with PPPoe Snooping
Localhost# configure terminal Localhost(config)# pppoe-snoop port node-id Corecess Localhost(config)# pppoe-snoop port fastethernet 3/1 circuit-id Corecess_3_1_CIRCUIT_ID Localhost(config)# pppoe-snoop port fastethernet 3/1 remote-id Corecess_3_1_REMOTE_ID Localhost(config)# end
13-6
R1P-VD User's Guide
RADIUS Management
RADIUS Management
Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for controlling access to network resources by Server/Client method. Corecess R1P product series support RADIUS server and Proxy Server functions for Dot1x and PPPoE Authentication Service.
RADIUS Server Registration

RADIUS Servers divide by two types as follows; Authentication Server: Authentication/Authorization Accounting Server: Accounting
You register server using following commands. localhost(config)# radius auth-server ip 192.168.10.1 key corecess realm corecess localhost(config)# radius acct-server ip 192.168.10.2 key corecess realm corecess As following, you can confirm that servers are registered. localhost# show radius config RADIUS Configuration. ========================== Query time-out = 5 Max. # of retries = 5 <Authentication Server> = 192.168.10.1 corecess <Accounting Server> = 192.168.10.2 corecess ========================== @corecess @corecess
Configuring AAA
13-7
RADIUS Management
RADIUS Client Configuration

Equipment must set following parameters to act by RADIUS Client. NAS-IP-Address: IP Address of equipment(representative)
Above parameters can set as follows; localhost(config)# radius nas-ip 192.168.1.254
RADIUS Accounting Configuration

The Accounting about subscriber consists according to RADIUS Accounting standard. When each subscriber's connection is created, it send Accounting-Start packet to server and when connetion is ended, it send Accounting-Stop packet. Also, it can send Interim packet that report in the midst of subscriber's connection is continued to do optional.
Accounting start
If do Accounting, you must enable function in relevant interface. You must execute command at interface node as follows. localhost(config-if)# aaa accounting If disable function, you use following command. localhost(config-if)# no aaa accounting
13-8
R1P-VD User's Guide
RADIUS Management
Interim-Report
Interim Report's execution availability and setting of time frame can do separatively in each interface. If you do following setting, it send Interim-Report to Accounting server every 5 minutes. localhost(config-if)# aaa accounting interim-report 300 If disable function, you use following command. localhost(config-if)# no aaa accounting interim-report
Framed-IP-Address
Subscriber can send attaching Internet Protocol Address that subscriber is using on accounting packet when offer L3 service. locahost(config)# radius accounting framed-ip-addr If disable function, you use following command. locahost(config)# no radius accounting framed-ip-addr
Nas-Port/Nas-Port-Type
Service Manager recognizes each subscriber of interface and apply setting of the interface to subscriber. These point businessman can configure account to unique policy by interface. The present subscriber attaches interface and type of relevant interface on Service Manager's accounting packet to help this. localhost(config)# radius accounting nas-port localhost(config)# radius accounting nas-port-type vlan 90 If disable function, you use following command. locahost(config)# no radius accounting nas-port
Configuring AAA
13-9
RADIUS Management
RADIUS Proxy Server Registration

Service Manager provides service that is preceded such as that offer each interface RADIUS Proxy Server function. Integration of Wireless Terminals Web Authentication
Enable RADIUS Proxy Server

Each interface executes unique RADIUS Proxy Server. This time, relevant interface is activated state and L3 interface that have Internet Protocol Address. You can set as follows; localhost(config-if)# radius-proxy port 1812
Setting confirmation localhost# show running-config service-manager ! ! interface management ! interface vlan id 1 ! interface vlan id 200 radius-proxy port 1812 !
13-10
R1P-VD User's Guide
RADIUS Management
Parameters
* Shared Secret Each Proxy RADIUS Server processes RADIUS Client's Request that have unique Key and have Key that agree. Each interface has independent Key and can keep the best security state. localhost(config-if)# radius-proxy key corecess * realm-stripping RADIUS Proxy Server finds server to do Forwarding using Realm that is included in Request's Username field that arrive. This time, you can remove request's user-name field realm that do forwarding. localhost(config-if)# radius-proxy realm-stripping * Access List Service Manager supports that register Access List by RADIUS Proxy Server of each interface and elutriate packet to control illegal RADIUS Client's access. localhost(config)# access-list 99 permit 192.168.123.0 0.0.0.255 localhost(config)# access-list 99 deny any localhost(config)# interface vlan id 200 localhost(config-if)# radius-proxy list 99 in
Configuring AAA
13-11
802.1X
802.1X
All the setting of 802.1X of Corecess products is on interfaces each. It means that each of interfaces gives us specific services. The 802.1X of Corecess products does not support the port-based athentication that certifies a specific port, but also supports mac-based athenitication that certifies subscribers each. The 802.1X of Corecess products can be configured per interfaces independently. The type of interfaces for configuring 802.1X is as follows;
y y
L2 Ethernet Interface: VLAN interface L3 IP Interface: No L3 tunner interface of IP GRE, IP-in-IP
Setting Port trust-mode

Before set 802.1X in interface, you set relevant Port's trust-mode by untrusted as following to intercept communication that do not receive authentication in Port to use service. localhost(config)# port vdsl 3/1 trust-mode untrusted localhost(config)# The interface 802.1X setting supports 2 CLI command.
y y
dot1x port-based :
Setting 802.1X as port-based athentication
dot1x mac-based : Setting 802.1X as mac-based athentication
localhost# localhost# configure terminal localhost(config)# interface vlan id 100 localhost(config-if)# dot1x port-based localhost(config-if)# end
13-12
R1P-VD User's Guide
802.1X
Setting confirmation localhost# show dot1x interface vlan100 L2 Address: 0:90:a3:0:0:3 quietPeriod = 60 reAuthMax = 2 txPeriod = 30 keyTxEnabled = Disabled reAuthPeriod = 3600 reAuthEnabled = Enabled localhost#
Configuring AAA about 802.1X

* Back-end Authentication Server Corecess 802.1X takes charge IEEE 802.1X's Supplicant. You must specify back-end's Authentication Server for correct action of Authenticator. Corecess 802.1X supports present RADIUS by Authentication Server. You can specify back-end Authentication Server using following CLI commands.
localhost# configure terminal localhost(config)# interface vlan id 100 localhost(config-if)# aaa authentication dot1x radius localhost(config-if)# end * RADIUS Configuring back-end Radius of 802.1X is as follows;
y y y
nas-ip setting : Nas-ip of equipment for communication with radius server setting . auth-server setting : Authentication server for authentication setting . acct-server setting : Accounting server for accounting setting .
Configuring AAA
13-13
802.1X
localhost# configure terminal localhost(config)# radius nas-ip 10.1.1.254 localhost(config)# "com" localhost(config)# "com" radius auth-server ip 20.1.1.8 key "aaa" realm radius auth-server ip 20.1.1.7 key "aaa" realm
Parameters
y Re-authentication
IEEE 802.1X can request re-autoentication about single subscriber. Setting of Re-authentication is as follows; localhost(config-if)# dot1x reauthentication vlan100) Reauthentication Enabled localhost(config-if)# dot1x timeout re-authperiod 1800 vlan100) Reauthentication Period = 1800 localhost(config-if)# dot1x max-reauth 5 vlan100) Maximum number of Reauthentication = 5 Whenever re-authperiod does expire, Corecess 802.1X sends EAP-Request Identity frame to subscriber and re-authentication does beginning (trigger). Once re-authentication beside such periodic reauthentication is available. Administrator can do as receive authentication newly using following command when catch abnormal operation from specification subscriber. localhost# configure terminal localhost(config)# dot1x re-authenticate a:b:c:d:e:f Subscriber at the same time that command is executed changes and begins authentication newly by state (unauthorized) that authentication does not become.
13-14
R1P-VD User's Guide
802.1X
* MAC Control Corecess 802.1X does access control by subscriber unit that physical port unit is not with that is described to white paper.This time, about specification subscriber, you can do fixed setting (Authorized/Unauthorized). localhost# conf t localhost(config)# inter vl id 100 localhost(config-if)# dot1x mac-control force-authorized a:b:c:d:e:f localhost(config-if)# dot1x mac-control force-unauthorized 0:0:ff:ee:aa While subscriber a:b:c:d:e:f becomes in authentication success state at the same time connection, 0:0:ff:ee:aa is impossible authentication. These setting can be terminated through following CLI command. Relevant subscriber passes through general IEEE 802.1X authentication procedure and receive authentication since the terminated moment. localhost(config-if)# dot1x mac-control auto 0:0:ff:ee:aa * Quiet Period & Tx Period The Quiet Period and the Tx Period do following function by FSM parameter of IEEE 802.1X. Parameter Quiet Period Tx Period Description
Subscriber who fail in authentication can not begin new authentication during Quiet Period interval. After send EAP-Response, think that subscriber disappears in case there does not exist when sent as Tx Period.
Setting of each parameter is as follows; localhost(config-if)# dot1x timeout quiet-period 120 localhost(config-if)# dot1x timeout tx-period 60
Configuring AAA
13-15
802.1X
Status
Corecess 802.1X supplies following state information to administrator.
y y y interface setting information session(subscriber) information statistics information
localhost# show dot1x interface vlan100 L2 Address: 0:90:a3:0:0:3 quietPeriod = 60 reAuthMax = 2 txPeriod = 30 keyTxEnabled = Disabled reAuthPeriod = 3600 reAuthEnabled = Enabled localhost# show dot1x session
802.1X Session --------------------------------------------------------------------0a:0b:0c:0d:0e:0f(static entry) Identity: Interface: vlan100 FORCE_AUTHORIZED REAUTH_INITIALIZE localhost# show dot1x statistics EAPoL ============================= Received Sent = 0 = 1
EAPoL Success = 1
13-16
R1P-VD User's Guide
802.1X
EAPoL Fail EAPoL Start
= 0 = 0
EAPoL Log-off = 0 EAPoL Resp/ID = 0 EAPoL Req/ID Length Error Last Version = 0 = 0 = 0 EAPoL Invalid = 0
Last Source MAC= 00:00:00:00:00:00 Back-end ============================= Received = 0 Sent = 0 Timeout = 0
Node
Enable
Command
show running-config dot1x show dot1x interface show dot1x session show dot1x statististics debug dot1x (event|packet|error|fatal|all)
Descriptions Displays the current configuration of 802.1X Displays the 802.1X-enabled interface and configurations Lists the 802.1X Supplicants and their status Displays packet counts involved in 802.1X Turns on the debug flag Triggers the reauthentication of the 802.1X supplicant whose ethernet address is A:B:C:D:E:F Enable/Disables port-based dot1x Enable/Disables mac-based dot1x Enable/Disables reauthentication feature of IEEE 802.1X Re-authenticates the subscriber every chosen seconds Sets the subscriber's authentication status. forceauthorized and force-unauthorized statically set the subscriber's status. auto, however, removes the statical setting of the subscriber Limits the maximum number of reauthentication
Config Interface
dot1x re-authenticate A:B:C:D:E:F (no) dot1x port-based (no) dot1x mac-based (no) dot1x reauthentication dot1x timeout re-authperiod <60-86400> dot1x mac-control (auto|forceauthorized|force-unauthorized) A:B:C:D:E:F dot1x max-reauth <1-10>
Configuring AAA
13-17
802.1X
per a subscriber. by multiplying the max-reauth and the re-authperiod, it is possible to know the maximum life time of each subscriber session
dot1x timeout quiet-period <0300> dot1x timeout tx-period <1300>
during quiet-period, any packet from the subscriber is ignored 802.1X Authenticator changes the status of the subscriber when tx-period expires since its last packet sent
13-18
R1P-VD User's Guide
Pass-through
Pass-through
Pass_through is the function that supports the cisco tunneling for the specific BPDU(Bridge Protocol Data Unit)of cisco and the general BPDU, when R1P products of Corecess are between cisco equipment. We support following commands for pass-through function. commands
port <port_type> <slot/port> pass-through cisco port <port_type> <slot/port> pass-through bpdu
Description
Configuring cisco tunnel about cisco bpdu to relevant port. Configuring cisco tunnel about normal bpdu to relevant port.
Cisco bpdu tunneling

Configuring the cisco bpdu tunnel on specific ports, you set following command. Cisco bpdu that support tunneling is CDP, VTP, PAGP, PVSTP. localhost# configure terminal localhost(config)# port vdsl 3/1 pass-through cisco localhost(config)# exit Setting confirmation localhost# show run | include pass-through port vdsl 3/1 pass-through cisco localhost#
bpdu tunneling
It supports the cisco tunneling function for the general BPDU. If you configure this function on specific ports, set follwing command. localhost# configure terminal localhost(config)# port vdsl 3/1 pass-through bpdu localhost(config)# exit
Configuring AAA
13-19
Pass-through
Setting confirmation localhost# show run | include pass-through port vdsl 3/1 pass-through bpdu localhost#
13-20
R1P-VD User's Guide
Chapter 14
Configuring LACP
For high bandwidth connection, use trunking group which allows several ports to be connected together to operate as a single link. This chapter describes how to configure a trunking group by using LACP (Link Aggregation Control Protocol). 9 9 LACP (Link Aggregation Control Protocol) 14-2 Configuring Link Aggregation 14-4
LACP (Link Aggregation Control Protocol)

In the Corecess R1P-VD Series, several physical links can be configured to single logical link to connect backbone devices that request high bandwidth or to connect networks that bottle neck of traffic might occur. This feature is called port trunking or link aggregation, and the group of port in the same trunk is called trunk group. The one logical port supports the same amount of bandwidth as the total amount of bandwidth that adds each physical port. For example, the maximum bandwidth of the port that connects the system A and the system B is 1Gbps, but the amount of data that receives and transmits between two systems can exceed 1Gbps. In this case, it is considered that several ports are connected between two systems. But, if there are several connections (links) between systems, only one link is used automatically by STP protocol because a loop can occur. If STP protocol is not used to prevent this situation, communication might not operate because loops can not be detected. Port trunking can be used in the case. Several ports act as single port, so it can be easily managed by VLAN, STP and IGMP. Port trunking also effects stability of the system. Even if some ports that are included in a trunking group are not operating normally, communication can be continued by rest ports. In the Corecess R1P-VD Series, port trunking can be implemented by 802.ad link aggregation, and 802.3ad link aggregation uses LACP (Link Aggregation Control Protocol). LACP allows ports that have the same link aggregation key value to configure themselves into a trunking group.
14-2
R1P-VD User's Guide
Notes for LACP Trunk Configuration

When configuring and connecting the LACP trunk on the Corecess R1P-VD Series, be aware of the following:
y y y You can configure up to 256 trunking groups on the Corecess R1P-VD Series. You can configure up to 16 ports in a trunking group. All trunk group members (ports) should have the same media type (10/100Base-T or Gigabit Ethernet). y All trunk group members (ports) should be set to the same port speed, tramsmission mode, and flow control. y y All trunk group members (ports) should be set to the full-duplex mode. If LACP operation mode is set to active on a port that is located in the end of a trunk, trun k is set automatically. y y STP, IGMP and QoS are applied to all trunks. Configured trunking groups by LACP can be connected, regardless a device vendor.
QoS of Trunk Group

When QoS is configured, a trunk group acts as single port. Instead, the maximum bandwidth that is the same as total bandwidth of ports can be specified to the trunk group. QoS configuration that was configured to ports before aggregation is not applied after aggregation. If ports are released from the trunk group, previous QoS configuration is applied to ports again. When a QoS trunk is specified, the aggregated ID of the trunk group is used. The aggregated ID is decided by the following rules.
y y
Odd number of port > Gigabit Ethernet port > Even number of port (Up Down) The same add or even number : Higher number of port (Right Left)
For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, odd number of ports (1/1, 1/3) is selected properly, then higher port (1/3) is decided to the aggregated ID.
Configuring LACP
14-3
Configuring Link Aggregation

This section describes how to configure link aggregation on the Corecess R1P-VD Series. 1. 2. Setting LACP Key and Operation Mode Setting LACP Partner Key
Setting LACP Key and Operation Mode

Link aggregation support is disabled by default. You can enable link aggregation on the Corecess R1PVD Series by assigning the LACP admin key and by setting the LACP mode.
LACP Admin Key LACP administrative key is used to identify each aggregation link. An aggregation link will only be formed between ports having the same administrative key.
LACP Mode You can enable the feature on an individual port basis, in active, passive, or passive manual mode.
Active mode (Default) When you enable a port for active link aggregation, the Corecess R1P-VD Series port can exchange standard LACP Protocol Data Unit (LACPDU) messages to negotiate trunk group configuration with the port on the other side of the link. In addition, the Corecess R1P-VD Series port actively sends LACPDU messages on the link to search for a link aggregation partner at the other end of the link, and can initiate an LACPDU exchange to negotiate link aggregation parameters with an appropriately configured remote port.
Passive mode When you enable a port for passive link aggregation, the Corecess R1P-VD Series port can exchange LACPDU messages with the port at the remote end of the link, but the Corecess R1P-VD Series port cannot
14-4
R1P-VD User's Guide
search for a link aggregation port or initiate negotiation of an aggregate link. Thus, the port at the remote end of the link must initiate the LACPDU exchange.
Manual mode When you enable a port for manual link aggregation, you can manually configure aggregate links containing multiple ports
To configuring a dynamic aggregation link, one end of the aggregation link should be configured to LACP active mode and the other end of the aggregation link should be configured to LACP active or LACP passive mode.
Switch A Port X : LACP mode : Active Port Y : LACP mode : Active
Active Active Active Passive
Switch B Port X : LACP mode : Active Port Y : LACP mode : Passive
To configure an aggregation link manually, both ends of the aggregation link should be configured to LACP manual mode.
Switch A Port X : LACP mode : Manual
Passive Passive
Switch B Port X : LACP mode : Manual
To assign the LACP admin key and set LACP mode, perform this task in the Privileged mode:
Table 14-1 Configuring link aggregation
Task 1. Go to the global configuration mode.
Configuring LACP
14-5
lacp key <key-num> port <port-type> <slot>/<port> mode {active|passive| manual}
2. Assign LACP admin key and specify the LACP mode for the specific ports. y <key-num>: LACP key value (0 65535). y <port-type>: The type of the port. - fastethernet : Fast Ethernet port. - gigabitethernet : Gigabit Ethernet port. y <slot>/<port>: The slot number and port number of the port. y active: Enables active mode. y passive : Enables passive mode. y manual : Enables manual mode. You can manually configure an aggregation link, which will enable the aggregation of multiple ports without LACP protocol. 3. Return to the privileged mode. 4. Verify the configuration. y <port-type>: Type of the port to display the 802.3ad link aggregation configuration information. - fastethernet : Fast Ethernet port. - gigabitethernet : Gigabit Ethernet port. y <slot>/<port>: Slot number and port number.
end
show lacp port <port-type> <slot>/<port>
write memory
5. Save the configuration change.
The following example shows how to configure link aggregation parameters for the 2/1 Fast Ethernet port:
# configure terminal (config)# lacp key 10 port fastethernet 2/1 mode active (config)# end # show lacp port fastethernet 2/1 Link State: Port Index: Oper Mode: Actor Port Admin Key: Actor Admin State: Partner Port Admin Key: Partner Admin State: # write memory Building Configuration... 0x07 769 0x06 769 Active 10 down
14-6
R1P-VD User's Guide
[OK] #
Setting LACP Partner Key

When you connect the Corecess R1P-VD Series and other manufactures device, you may need to configure LACP partner key. All LACP ports in an aggregate link have both actor key and partner key. The Corecess R1P-VD Series uses these keys internally but some other devices dont. These devices can configure an aggregation link only when the partner key of the port on the device matches the actor key of the port on the other side of the link. To connect the Corecess R1P-VD Series and these devises, you should set the partner key.
Switch A (Corecess) Port X :
Switch B (Riverstone) Aggregation Port X :
y Actor key : 10 y Partner key : 33
y Actor key : 33 y Partner key : 10
* Actor key is the operational key value assigned to the port by the Actor. * Partner key is the operational key value assigned to the port associated with this link by the Partner.
To configure LACP partner key to be assigned to the port on the other side of the aggregation link, perform this task in the Privileged mode:
Table 14-2 Configuring LACP partner key
Command configure terminal lacp force-partner-key <key-num> port <port-type> <slot>/<port> end show lacp lag all write memory
Task 1. Enter Global configuration mode. 2. Configure LACP partner key of the specified port. y <key-num>: Link aggregation to be assigned (1 ~ 65535). y <port-type>: The type of the port. - fastethernet : Fast Ethernet port. - gigabitethernet : Gigabit Ethernet port. y <slot>/<port>: The slot number and port number of the port. 3. Return to Privileged mode. 4. Verify the LACP configuration. 5. Save the configuration change.
Configuring LACP
14-7
The following example assigns 15 to the port connected to the Fast Ethernet port 2/1 for link aggregation key:
# configure terminal (config)# lacp force-partner-key 15 port fastethernet 2/1 (config)# end # show lacp port fastethernet 2/1 Link State: Port Index: Oper Mode: Actor Port Admin Key: Actor Admin State: Partner Port Admin Key: Partner Admin State # 0x06 down 769 Active 10 0x07 15
14-8
R1P-VD User's Guide
LACP Configuration Example

The following link aggregation configuration example configures a link aggregation between two Corecess R1P-VD Seriess.
Switch A
Active <-----> Passive
Trunk group y Port : 2/1-4 on Switch A 2/1-4 on Switch B y LACP admin key : 33
Switch B
Switch A
The following shows how to configure link aggregation on the switch A:
Switch A # configure terminal Switch A(config)# lacp key 33 port fastethernet 2/1-4 mode active Switch A(config)# end Switch A# write memory Building Configuration... [OK]
Switch B
The following shows how to configure link aggregation on the switch B:
Switch B# configure terminal Switch B(config)# lacp key 33 port fastethernet 2/1-4 mode passive Switch B(config)# end Switch B# write memory Building Configuration... [OK]
Configuring LACP
14-9
14-10
R1P-VD User's Guide
Chapter 15
Configuring STP/RSTP
This chapter describes how to configure STP (Spanning Tree Protocol) on the Corecess R1P-VD Series. 9 9 9 9 Understanding STP Configuring STP Configuring RSTP STP Configuration Commands 15-2 15-8 15-21 15-29
Understanding STP
Understanding STP
This section introduces some basic information on STP (Spanning Tree Protocol) and RSTP (Rapid STP).
STP Overview
Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can be transmitted through other paths even if one of paths can not be used on the network. But, loops might occur on the network. If a loop is occurs between two nodes, when packets are broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can be congested, then the network becomes instable. In the following network configuration, there are two paths from Switch A to Switch C. One of the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B. A loop is formed in this network because multiple active paths exist between Switch A and Switch C. In this network, end stations might receive duplicate messages. For example, if Switch A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A broadcast the packets again.
Switch A
Path 1
Path 2
Path 3 Switch B Switch C
STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost settings determine which interface is put in the forwarding state and which is put in the blocking state. Spanning tree forces redundant data paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only transmitted through paths of non-blocking state.
15-2
R1P-VD User's Guide
Understanding STP
If the path 3 is blocked in the network configuration mentioned previously, you can have a loop-free path between Switch A and Switch C as follows:
Switch A
Path 1 (Forwarding)
Path 2 (Forwarding)
Switch B
Path 3 (Blocking)
Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at regular intervals. The switches do not forward these frames, but use the frames to construct a loop-free path. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path.
BDPU(Bridge Data Protocol Unit)

Spanning tree consists of a root switch, designated switches, root port, and designated ports. The root switch is the logical center of the spanning-tree topology in a switched network. A designated switch is a switch used to forward packets from that LAN to the root switch. A root port is a forwarding port elected for the spanning-tree topology. A designated port is a forwarding port elected for every switched LAN segment.
Root Switch
Root Port
Root Port
Designated Switch
Designated Switch
Designated Port
Designated Switch
15-3
Understanding STP
When the switches in a network are powered up, each function operates as the root switch. Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains this information:
y y y y y y Unique bridge ID of the switch that the sending switch identifies as the root switch Spanning-tree path cost to the root Bridge ID of the sending switch Aging time of BPDU Interface ID that transmits BPDU Spanning tree timer values (Hello, Forward delay, Max-age)
Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-byte
bridge ID; the two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC address. The switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch.
Path cost determines the selection of the root port and designated switch. The port that provides the best
path (lowest cost) when the switch forwards packets to the root switch is called the root port. The switch that provides the lowest path cost when forwarding packets from that LAN to the root switch is called the designated switch. The port through which the designated switch is attached to the LAN is called the designated port. BPDU has three spanning-tree timers (hello, forward delay, max age). The following table describes the timers that affect the entire spanning-tree performance:
Table 15-1 STP Timers
Timer Hello timer Forward delay timer Max age timer
Description When this timer expires, the interface sends out a Hello message to the neighboring nodes. Determines how long each of the listening and learning states last before the interface begins forwarding. Determines the amount of time the switch stores protocol information received on an interface.
15-4
R1P-VD User's Guide
Understanding STP
Spanning-Tree Port States

Each port on the switch using spanning tree exists in one of these states:
y y Blocking: The port does not participate in frame forwarding. (Default state) Listening: The first transitional state after the blocking state when the spanning tree determines that the port should participate in frame forwarding. y y y Learning: The port prepares to participate in frame forwarding. Forwarding: The port forwards frames. Disabled: The port is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port.
The following picture shows process of five port states.

Blocking State BPDU Transmission
Listening State Forward delay
Disabled State (Listening State)
Learning State Forward delay
Forwarding State
A port that STP is operating always starts at the blocking state. When a switch is initialized, the switch assumes that the switch is the root switch and transmits BPDU to connected devices through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive BPDU become the listening state. Ports of the listening state exchange BPDUs with other devices and select the root switch. Then, after forward delay time is passed, the listening state becomes the learning state.
15-5
Understanding STP
Ports of the learning state learn MAC addresses to transmit frames. Then, after forward delay time is passed, the learning state becomes the forwarding state. Frames that are received before ports become the forwarding state are discarded. After the forwarding, received frames are transmitted through ports. Ports of the disabled state do not participate in the spanning tree. These ports neither transmit or receive BPDUs and do not transmit frames.
Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology. When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost settings determine which interface is put in the forwarding state and which is put in the blocking state. The port priority value represents the location of an interface in the network topology and how well it is located to pass traffic. The path cost value represents media speed. Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path.
15-6
R1P-VD User's Guide
Understanding STP
RSTP (Rapid Spanning Tree Protocol)

While STP is enabled, and BPDU is spread, topology is changed continuously on other parts of the network. It takes a lot of time that the changed topology is applied to spanning tree. RSTP 802.1W improve disadvantage of STP. The key difference between STP and RSTP is the transition states of a port. STP moves a port from the blocking state to the forwarding state after the listening and the learning state. RSTP reduces the transition steps by moving directly a port from the blocking state to the forwarding state. This allows rapid reconfiguration capability when the topology has changed.
Port State of RSTP

There are three port states - discarding, learning, forwarding - in RSTP 802.1W. The learning state and the forwarding state are the same as the states of STP, and the discarding state includes the disable state, the blocking state and the listening state of STP. The following table provides a comparison of STP and RSTP port states.
Table 15-2 Comparison of STP and RSTP port states
STP Port State Blocking Listening Learning Forwarding Disabled
RSTP Port State Discarding Discarding Learning Forwarding Discarding
Operational Status Enabled Enabled Enabled Enabled Disabled
Is Port Included in the Active Topology? No No No Yes No
Is port learning MAC Addresses? No No Yes Yes No
For RSTP, set the root port and the designated port to forwarding, and set the alternate port and backup port to discarding. BPDU transmission only goes through the root port and the designated port. Refer to the next section for further explanation regarding alternate port and backup port.
15-7
Configuring STP
Configuring STP
These sections describe how to configure spanning-tree features on the Corecess R1P-VD Series.
Default STP Configuration

The following table shows the default STP configuration.
Table 15-3 Default STP configuration
Feature
VLAN STP State Port STP State VLAN ID (Switch priority) Spanning-tree port priority 10Mbps Spanningtree port cost 100Mbps 1Gbps 10Gbps Incoding method for port cost Hello time Timer Forward delay Max age Admin Edge STP Version Disabled 32768 128 2,000,000 200,000 20,000 2,000 32 bit (1 ~ 200,000,000) 2 seconds 15 seconds 20 seconds Disabled RSTP version 2
Default Setting
RSTP is enabled by default on all VLANs.
15-8
R1P-VD User's Guide
Procedures for STP Configuration

You can configure the following STP features on the Corecess R1P-VD Series:
y y y y y y y Enabling or disabling STP on a VLAN Enabling or disabling STP on a Port Configuring the bridge ID Configuring the path cost Configuring STP encoding mode Configuring the port priority Setting spanning tree timers (Hello time, Max age, Forward delay)
Examine in detail about each configuration process.
Enabling or Disabling STP on a VLAN

You can enable or disable STP on a per-VLAN basis. RSTP is enabled by default on the default VLAN and on all newly created VLANs. To reenable STP on a VLAN after disabling it, perform this task in Privileged mode:
Table 15-4 Enabling STP on a VLAN
Command configure terminal stp id> vlan id <vlan-
Task 1. Enter global configuration mode. 2. Enable STP on the specific VLAN. y <vlan-id>: VLAN ID (1 ~ 4094) 3. Set spanning tree protocol to STP. y <vlan-id> VLAN ID (1 ~ 4094) 4. Return to privileged mode. 5. Verify the STP configuration. y <vlan-id>: VLAN ID (1 ~ 4094)
stp protocol-version stp vlan id <vlan-id> end show stp vlan {all | id <vlan-id>}
The following example shows how to enable STP on a VLAN:
15-9
# configure terminal (config)# stp vlan id 1 (config)# stp protocol-version stp vlan id 1 (config)# end # show stp vlan id 1 LAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: . . . # 1 enabled yes stpCompatible(0) 32bit 0x8000-00905ACC0201
Time since topology change: 2453(s)
Disable STP only if you are sure there are no loops in the network topology . When STP is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance. To disable STP on a per-VLAN basis, enter the no stp vlan command in Global configuration mode. The following example shows how to disable STP on the VLAN whose ID is 1:
(config)# no stp vlan id 1 (config)#
If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.
15-10
R1P-VD User's Guide
Enabling or Disabling STP on a Port

If you enable STP on a VLAN, the change does not affects all ports belong to the VLAN. Therefore you should enable STP on all Ethernet ports within the VLAN. To enable STP on a port, perform this task in Privileged mode:
Table 15-5 Enabling STP on a port
Task 1. Enter global configuration mode. 2. Enable STP on a specific Ethernet port. y <port-type>: The type of Ethernet port to enable STP on. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port>: The slot number and port number of the Ethernet port. 3. Return to privileged mode. 4. Verify the STP configuration. y <port-type>: The type of Ethernet port - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port>: The slot number and port number of the Ethernet port.
port <port-type> <slot>/ <port> stp
end
show stp port <port-type> <slot>/<port>
The following example enables STP on the port 1/1 and 2/1:
(config)# port gigabitethernet 1/1 stp (config)# port fastethernet 2/1 stp (config)# end # show stp port fastethernet 2/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: . up enabled 32bit 65 0x08
15-11
To disable STP on a specific port, enter the no stp port command in Global configuration mode. The following example disables STP on the Fast Ethernet port 2/1: (config)# no stp port fastethernet 2/1 (config)#
Setting the Bridge ID (Priority)

You can configure the bridge ID for individual VLANs. Bridge ID is used to identify the root bridge in a spanning tree. The default bridge priority for all VLANs on the Corecess R1P-VD Series is 32768. The bridge with the lowest value has the highest priority and is the root. To make the switch the root bridge, set the bridge ID to the lowest value. If you change the bridge ID, the spanning tree for the VLAN is reconfigured. To change the bridge ID of a VLAN, perform this task in Privileged mode:
Table 15-6 Configuring the bridge ID for a VLAN
Command configure terminal stp bridge-priority <priority> vlan id <vlan-id> end show stp <vlan-id> vlan id 1. Enter global configuration mode.
Task
2. Set the bridge ID for a specific VLAN. y <priority>: Bridge ID (0 ~ 65535). A higher numerical value means a lower priority; thus, the highest priority is 0. y <vlan-id>: VLAN ID (1 ~ 4094) 3. Return privileged mode. 4. Verify the STP configuration change. y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to set bridge ID for a VLAN to 3000 (hexa-decimal : 0x0BB8):
# configure terminal (config)# stp bridge-priority 3000 vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: 2 enabled yes rstp(2) 32bit 0x0BB8-00905ACC0202
15-12
R1P-VD User's Guide
Time since topology change: Topology changes: Designated Root BridgeID: . . #
281(s) 0 0x8000-00905ACC0202
To restore the bridge ID for a VLAN to the default priority (32768, hexa decimal : 0x8000), enter the no stp bridge-priority command in Global configuration mode:
(config)# no stp bridge-priority vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: Time since topology change: . . . # 2 enabled yes rstp(2) 32bit 0x8000-00905ACC0202 1968(s)
15-13
Configuring the Path Cost

If a loop occurs, spanning tree uses cost when selecting a port to put in the forwarding state. You can assign lower cost values to ports that you want selected first and higher cost values to ports that you want selected last. If all ports have the same cost value, spanning tree puts the port with the lowest interface number in the forwarding state and blocks the other ports. If you want to rarely use a port that is high speed because of a lack of stability or other reasons, you specify high path cost of the port. To configure the path cost for an Ethernet port, perform this task in Privileged mode:
Table 15-7 Configuring the path cost
Task 1. Enter global configuration mode. 2. Set the path cost for a specific Ethernet port. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port>: The slot number and port number to set the path cost. y <path-cost>: The port's cost as a path to the spanning tree's root bridge (STP: 1~65525) 3. Return to privileged mode. 4. Verify the STP configuration change. y <port-type>: The type of Ethernet port. y <slot>/<port>: The slot number and port number.
port <port-type> <slot>/ <port> pathcost <path-cost>
end show stp port <port-type> <slot>/<port>
The following example shows how to set the path cost for the Fast Ethernet port 2/1 running STP protocol:
(config)# port fastethernet 2/1 pathcost 10 (config)# end # show stp port fastethernet 2/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: up enabled 32bit 129 0x8
15-14
R1P-VD User's Guide
Designated Path Cost: AdminEdge: #
10 false
Recommand: We recommand that you set the path cost as follows according to the running STP prottocol version and the media speed of the port:
Port Speed 10Mbps 100Mbps 1Gbps 10Gbps
STP 50~ 600 10 ~ 60 3 ~ 10 1~5
15-15
Configuring STP Encoding Mode

While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits (1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. You can not configure the STP encoding mode for individual VLANs and the change affects to all spanning trees. By default, RSTP is enabled on the Corecess R1P-VD Series and the default STP encoding mode is 32 bits. To configure the type of STP encoding mode, perform this task in Privileged mode:
Table 15-8 Configuring STP encoding mode
Command configure terminal stp pathcost-encoding stp8021d1998 end show stp vlan id <vlan-id>
Task 1. Enter global configuration mode. 2. Configure the type of STP encoding mode. y stp8021d1998: Calculates STP cost using 16 bits. 3. Return to privileged mode. 4. Verify the STP configuration change. y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to configure the type of STP encoding mode to 16 bits:
(config)# stp pathcost-encoding stp8021d1998 (config)# end # show stp vlan id 1 1 enabled yes stpCompatible(0) 16bit 0x8000-00905ACC0201
VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: . . #
15-16
R1P-VD User's Guide
Configuring the Port Priority

If all ports have the same path cost, spanning tree uses the port priority when selecting a port to put into the forwarding state. You can assign higher priority values (lower numerical values) to ports that you want selected first, and lower priority values (higher numerical values) that you want selected last. To configure the port priority of an Ethernet port, perform this task in Privileged mode:
Table 15-9 Configuring the port priority
Task 1. Enter global configuration mode. 2. Sets the spanning-tree port priority for a specified Ethernet port. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port>: The slot number and port number of the Ethernet port. y <priority>: The value of the STP port priority (0 ~ 15, default:8) 3. Return to privileged mode. 4. Verify the STP configuration change. y <port-type>: The type of Ethernet port. y <slot>/<port>: The slot number and port number of the Ethernet port .
port <port-type> <slot>/ <port> priority <priority>
end show stp port <port-type> <slot>/<port>
The following examples shows how to configure the port priority of the Fast Ethernet port 2/1 to 1:
(config)# port fastethernet 2/1 priority 1 (config)# end # show stp port fastethernet 2/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: . 32bit 129 0x1 up enabled
15-17
Setting Spanning Tree Timers

BPDU contains spanning tree timers (hello, forward delay, and max-age timers) that affect the performance of the entire spanning tree. By default, the following values are set to the timers:
y y y Hello Timer Max age Timer : 2 seconds : 20 seconds
Forward delay Timer : 15 seconds
You can set spanning tree timers for individual VLANs. To set spanning tree timers for a specific VLAN, perform this task in Privileged mode:
Table 15-10 Setting spanning tree timers
Task
stp hello-time <value> vlan id <vlan-id>
2. Set the STP hello time for a VLAN. y <value>: The STP hello time. The hello time is the interval between the generation of configuration messages by the root switch (1 ~ 10 seconds, default: 2 seconds) y <vlan-id>: VLAN ID (1 ~ 4094) 3. Sets the STP maximum aging time for a VLAN. y <value>: The STP maximum aging time. The maximum aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration. (6 ~ 40 seconds, default: 20 seconds) y <vlan-id>: VLAN ID (1 ~ 4094) 4. Set the STP forward delay for a specific VLAN. y <value>: The STP forward time . The forward delay is the number of seconds a port waits before changing from its spanning-tree learning and listening states to the forwarding state. (4 ~ 30 seconds, default: 15 seconds) y <vlan-id>: VLAN ID (1 ~ 4094) 5. Return to privileged mode. 6. Verify the STP configuration change. y <vlan-id>: VLAN ID (1 ~ 4094)
stp max-age <value> vlan id <vlan-id>
stp forward-delay <value> vlan id <vlan-id> end show stp vlan <vlan-id>
The following example shows how to set STP hello timers to 5 seconds for a VLAN:
# configure terminal (config)# stp hello-time 5 vlan id 2 (config)# end
15-18
R1P-VD User's Guide
# show stp vlan id 2 VLAN ID: . . . ForwardDelay: Bridge MaxAge: Bridge HelloTime: Bridge ForwardDelay: 15(s) . . # 15(s) 20(s) 5(s) 2
To return the STP hello timers to the default value, use the no form of these command in Global configuration mode:
(config)# no stp hello-time vlan id 2 (config)#
The following example shows how to set STP forward delay timers to 20 seconds for a VLAN:
# configure terminal (config)# stp forward-delay 20 vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: . . Bridge HelloTime: . . # 5(s) Bridge ForwardDelay: 20(s) 2 enabled
To return the STP forward delay timers to the default value, use the no form of these command in Global configuration mode:
(config)# no stp forward-delay vlan id 2 (config)#
15-19
The following example shows how to set STP max age timers to 25 seconds for a VLAN:
(config)# stp max-age 30 vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: . . HelloTime: ForwardDelay: Bridge MaxAge: Bridge HelloTime: Bridge ForwardDelay: . . # 2(s) 15(s) 25(s) 5(s) 20(s) 2
To return the STP max age timers to the default value, use the no form of these command in Global configuration mode:
(config)# no stp max-age vlan id 2 (config)#
15-20
R1P-VD User's Guide
Configuring RSTP
Configuring RSTP
This section describes how to configure RSTP on the Corecess R1P-VD Series.
Configuration Procedure of RSTP

The following procedure describes how to configure RSTP.
y y y y y y y y y Enabling RSTP on a VLAN Enable STP on a port Setting the bridge ID Configuring the path cost Configuring STP encoding Configuring the port priority Setting spanning tree timers (Hello time, Max age, Forward delay) Configuring spanning tree protocol type Configuring edge port
In the configuration procedure, Enable STP on a port, Setting the bridge ID, Configuring the port
priority and Setting spanning tree timers (Hello time, Max age, Forward delay) are explained in the
previous section.
15-21
Configuring RSTP
Enabling RSTP on a VLAN

You can enable or disable RSTP on a per-VLAN basis. RSTP is enabled by default on all VLANs and on all newly created VLANs. Because RSTP is enabled by default, there is no additional configuration. If you disable RSTP and enable RSTP again on a VLAN, use the following commands.
Table 15-11 Enabling RSTP on a VLAN
Command configure terminal stp vlan id <vlan-id> end show stp vlan {all | id <vlan-id>}
Task 1. Enter Global configuration mode. 2. Enable RSTP on a specified VLAN. y <vlan-id> VLAN ID (1 ~ 4094) 3. Return to Privileged mode. 4. Verify STP configuration.
The following example shows how to enable RSTP on the VLAN whose ID is 2:
# configure terminal (config)# stp vlan id 1 (config)# end # show stp vlan id 1 VLAN ID: Protocol Operation: STP version: Pathcost Encoding: BridgeID: Time since topology change: Topology changes: . . . # 0 1 enabled rstp(2) 32bit 0x8000-0001020000DB 1539(s)
15-22
R1P-VD User's Guide
Configuring RSTP
Disable RSTP only if you are sure there are no loops in the network topology . When RSTP is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance. To disable RSTP on a per-VLAN basis, enter the no stp vlan command in Global configuration mode. The following example shows how to disable RSTP on the VLAN whose ID is 2:
(config)# no stp vlan id 1 (config)#
If you disable RSTP on a VLAN, STP is disabled on all ports belongs to the VLAN.
15-23
Configuring RSTP
Configuring the Path Cost

When spanning tree is configured, if there are over two paths, lower cost of the path is selected. By default, path cost of a port is decided by physical link speed as follows:
y y y Ethernet link (10Mbps): 2,000,000 Fast Ethernet link (100Mbps): 2000,000 Gigabit Ethernet link (1Gbps): 20,000
If you want to rarely use a port that is high speed because of a lack of stability or other reasons, you specify high path cost of the port. To configure the path cost for the specified port, use the following commands.
Table 15-12 Configuring the path cost
Task
port <port-type> <slot>/<port> pathcost <path-cost>
2. Set the path cost for a specific port.. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port> slot/port number of a port y <path-cost> path cost of a port (1 ~ 200000000). 3. Return to Privileged mode. 4. Verify the configuration result.
end show stp port <porttype> <slot>/<port>
The following example shows how to set the path cost for the Fast Ethernet port 2/1 to 20000:
(config)# port fastethernet 2/1 pathcost 20000 (config)# end # show stp port fastethernet 2/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: Designated Path Cost: AdminEdge: up enabled 32bit 129 0x8 20000 false
15-24
R1P-VD User's Guide
Configuring RSTP
# Recommendation: We recommend that you set the path cost as follows according to the running RSTP protocol version and the media speed of the port: Port Speed 10Mbps 100Mbps 1Gbps 10Gbps Range 200000 ~ 20000000 20000 ~ 2000000 2000 ~ 200000 200 ~ 20000
15-25
Configuring RSTP
Configuring RSTP Encoding

While STP calculates path cost using 16 bits (1~65,535), RSTP calculates path cost using 32 bits (1~200,000,000). Therefore the path cost is not compatible between STP and RSTP. By default, RSTP is enabled, so path cost of 32 bits are used in the Corecess R1P-VD Series, but encoding of path cost can generally be changed to 16 bits for STP compatible. To change path cost to 16 bits, refer table 15-8 Configuring STP encoding mode. You can not configure the STP encoding mode for individual VLANs and the change affects to all spanning trees. To change path cost of 16 bits to path cost of 32 bits again, use the following commands.
Table 15-13 Configuring RSTP encoding mode
Command configure terminal stp pathcost-encoding stp8021t2001 end show stp vlan id <vlan-id> 1. Enter Global configuration mode.
Task
2. Configure the type of RSTP encoding mode. 3. Return to Privileged mode. 4. Verify the configuration result.
The following example shows how to configure the type of STP encoding mode to 32 bits:
(config)# stp pathcost-encoding stp8021t2001 (config)#
15-26
R1P-VD User's Guide
Configuring RSTP
Configuring Spanning Tree Protocol Type

The Corecess R1P-VD Series supports both 802.1D STP and 802.1W RSTP. By default, spanning tree protocol that is operating on a VLAN is 802.1W TSTP. For compatible of other device or other reasons, you can set STP to operate on a particular VLAN. To set spanning tree protocol to STP on a particular VLAN, use the following commands.
Table 15-14 Configuring Spanning Tree Protocol Type
Command configure terminal stp protocol-version stp vlan id <vlanid> end show stp vlan id <vlanid> 1. Enter Global configuration mode.
Task
2. Set spanning tree protocol to STP on the specified VLAN. y <vlan-id> VLAN ID (1 ~ 4094) 3. Return to Privileged mode. 4. Verify the configuration result.
The following example shows how to set spanning tree protocol to STP on the VLAN whose ID is 2:
(config)# stp protocol-version stp vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: . . . # Note: I RSTP is automatically compatible with STP. When equipment with active RSTP receives STP BPDU from binded equipment, it also transmits STP BPDU instead of RSTP BPDU. Therefore, if RSTP is activated in the VLAN, it is not necessary to execute stp protocol-version stp command for compatibility. 2 enabled yes stpCompatible(0) 32bit 0x8000-0001AB0DEF11
15-27
Configuring RSTP
Configuring an Edge Port

The Corecess R1P-VD Series allows ports that are configured as Edge ports to be present in an RSTP topology. STP edge ports are bridge ports that do not need STP enabled, where loop protection is not needed out of that port or an STP neighbor does not exist out of that port. Edge ports assume designated port roles. Port flapping does not cause any topology change events on Edge ports since RSTP does not consider Edge ports in the spanning tree calculations. However, if any incoming BPDU is received from a previously configured Edge port, RSTP automatically makes the port as a non-edge port. This is extremely important to ensure a loop free Layer 2 operation since a non-edge port is part of the active RSTP topology. To configure an edge port, use the following commands:
Table 15-15 Configuring an Edge Port
Command configure terminal stp adminEdge port <port-type> <slot>/<port> end show stp port <port-type> <slot>/<port> 1. Enter Global configuration mode.
Task
2. Configures a port as an Edge port. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port> The slot number and port number of the port 3. Return to Privileged mode. 4. Verify the configuration result.
The following example shows how to configure the Gigabit Ethernet port 2/1 as an Edge port:
(config)# stp adminEdge port fastethernet 2/1 (config)# end Corecess # show stp port fastethernet 2/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: AdminEdge: # up enabled 32bit 1 0x8 true
15-28
R1P-VD User's Guide
STP Configuration Commands

The following table lists the commands for configuring STP on the Corecess R1P-VD Series:
Table 15-16 STP configuration commands
Command
port pathcost port priority port stp show stp port show stp vlan stp adminEdge port stp bridge-priority stp forward-delay stp hello-time stp max-age stp pathcost-encoding stp protocol-version stp vlan
Description
Sets the spanning-tree port path cost for the specified Ethernet port. Sets the spanning-tree port priority for the specified Ethernet port. Enables or disables STP(Spanning Tree Protocol) on the specified Ethernet port. Displays spanning-tree information for the specified port. Displays spanning-tree information for the specified VLAN interface. Configures a port as an Edge port. Sets the bridge ID for a VLAN. Sets the bridge forward delay for a VLAN. Sets the bridge hello time for a VLAN. Sets the bridge maximum aging time for a VLAN. Configures the type of Spanning Tree Protocol encoding mode. Configure the type of Spanning Tree Protocol mode to run for a specific VLAN. Enables the spanning tree algorithm for a specific VLAN.
15-29
15-30
R1P-VD User's Guide
Appendix A Product Specifications
Appendix A describes the specifications of the Corecess R1P-VD series. 9 9 Hardware Specifications Software Specifications A-2 A-3
Hardware Specifications
Hardware Specifications
Table A-1 Corecess R1P-VD series hardware specifications
Switching Fabric y Switching throughput y Performance y MAC address Memory y Main memory : 128MB (SDRAM) y Flash memory : 64MB(OneNAND) Hardware System Dimension and Weight y Size : 440 x 44 x 290mm (W x H x D) AC Power Supply y Frequency : 50/60Hz y Input Voltage : 100 ~ 240VAC y Input Voltage Range : 88 ~ 264VAC DC POWER y Input Voltage : -48VDC y Input Voltage Range: -40~-56VDC Temperature Operational Environment y Operating Range : -20 ~ 60(Commercial) (OPT-P1W -20 ~ 50C) -40 ~ 65(Industrial) y Storage Range : -40 ~ 75C Humidity y Operating Range : 10 ~ 95% (40C, non-condensing) Rack Installation Kit y Four binder-head screws Cables Packages y Console Cable (RJ-45 DB-9), Power cable Manual y Users Guide : 12.8Gbps full-duplex : 19Mpps (64 byte packets) : Maximum 16K (Layer 2)
A-2
R1P-VD User's Guide
Software Specifications
Table A-2 Corecess R1P-VD series software specifications
Function
VDSL Standard y Modulation/Demodulation: Discrete Multi-Tone(DMT) y T1.424-2004, G.993.1-2004, G.993.2, TS 101 270-1, 270-2, T1.424-2004 LAYER 2 FUNCTION y IEEE 802.1p/q, IEEE 802.1w, IEEE 802.3ad, IEEE 802.3x y PPPoE/PPPoE+ y GVRP, Port mirroring, Rate limiting, NTP y STP, RSTP. y Q-in-Q y Cisco Flex Link QoS y MFC, CoS, DSCP, ToS marking/remarking, y Policing, Shaping, Rate control y Congestion Control (RED, WRED), y Scheduling (SP, WRR) SECURITY y MAC filtering, y DHCP Relay y IGMP/DHCP/ARP Snoop filtering y DHCP filtering, NetBEUI/NetBIOS/NBT filtering y HOL blocking prevention, y ACL(Acces Control List) MULTICAST y IGMP snooping y Fast leave support MANAGEMENT y SNMP v1 and v2c, y RMON 4 Groups y Telnet, FTP, TFTP EMS y Equipment Management System: Java based equipment management system. y Operating System: Solaris, Linux, Windows (98/2000/XP) which supports JAVA VM.
y ITU-T G.993.1-2004 VDSL standard y ITU-T G.993.2 VDSL2 standard y ETSI TS 101 270-1 and TS 101 270-2 y ANSI T1.424-2004 y IEEE 802.1D Bridging y IEEE 802.1D/P Priority Queuing y IEEE 802.1p CoS (Class of Service) 8 queues per port y IEEE 802.1q VLAN (VLAN tagging) y IEEE 802.1q VLAN Tunnelng (Q-in-Q) y IEEE 802.1x Flow Control y IEEE 802.3u Fast Ethernet, 10Base-T Standard for Control path (Backplane) y IEEE 802.3z 1000Base-X Standard for Data path (Backplane) y RFC 1165 NTP y RFC 1907 SNMPv2 MIB (private MIB) y RFC 2236 IGMPv2 (igmp snooping) y RFC 2516 PPPoE
Standard
A-3
A-4
R1P-VD User's Guide
Appendix B Connector & Cable Specifications

Appendix B describes the specifications of the ports on the Corecess R1P-VD series. In addition, the kinds and specifications of cables needed for the connection of each port. 9 9 Connector Specifications Cable Specifications B-2 B-5
Connector Specifications
Champ Connector
The VDSL port and the PSTN port on the Corecess R1P-VD series are 50-pin Champ connector. The cable used for connecting 50-pin Champ connectors is Telco cable with 50-pin Champ connectors on both ends.
PSTN port
VDSL port
The figure below shows connector pin locations for the VDSL connectors.
25 1
50
26
B-2
R1P-VD User's Guide
RJ-45 Connector
10/100/1000Base-T Port
10/100/1000Base-T ports on the uplink modules have the 8-pin RJ-45 connector. The cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1
connectors at both ends.
Pin configuration of 10/100/1000Base-T port is as follows:

Table B-1 Pin Configuration of 10/100/1000Base-T Port
Pin 1 2 3 4
Signal Tx, Rx+ (1 pair) Tx, Rx- (1 pair) Tx, Rx+ (2 pair) Tx, Rx- (3 pair)
Pin 5 6 7 8
Signal Tx, Rx+ (3 pair) Tx, Rx- (2 pair) Tx, Rx+ (4 pair) Tx, Rx- (4 pair)
Console Port
1 8
The CONSOLE port on the front panel of the Corecess R1P-VD series has an 8-pin RJ-45 connector. The cable used for connecting console port is serial cable with an RJ-45 connector and a DB-9 at each end.
Pin configuration of Console port is as follows:

Table B-2 Pin Configuration of Console Port
Pin 3 6 4 or 5
Signal Tx Rx GND
B-3
LC Connector
1000Base-SX Port
1000Base-SX ports on the uplink modules have Duplex LC connectors. The ca ble used for connecting these LC connectors is multi mode fiber optic cable (transmit ting/receiving wavelength: 850nm).
1000Base-LX Port
1000Base-LX ports on the uplink modules have Duplex LC connectors. The ca ble used for connecting these LC connectors is single mode fiber optic cable (transmi tting/receiving wavelength: 1310nm).
SC Connector
1000Base-PX Port
1000Base-PX ports have simplex SC connectors. The cable used for connecting t hese SC connectors is single mode fiber optic cable (transmitting/receiving wavelength : 1310/1490nm).
Caution : This document described general setup and connection of equipment. Did not describe about various transceiver and compatibility of fiber optic connectors. Detailed item requires to technical support team (support@corecess.com)
B-4
R1P-VD User's Guide
Cable Specifications
Telco Cable
Telco cables are made up of 25 twisted-pair cooper wires. One end of a Telco cable is 50-pin Champ connector and the other end of it is 50-pin Champ connector or wire wrapping pins. Telco cable is variable according to its length. Before ordering cables, investigate the installation environment to choose proper length of cables. You can purchase this Telco cable from the product provider. The figure below shows connector pin locations for the champ connectors of Telco cable.
50 38 37 26
25
13 12
Twisted Pair Cable

The 10/100/1000Base-T ports on the uplink modules are connected by using twisted pair ca bles with RJ-45 connectors at both ends. There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP (shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45 connectors at both ends.
B-5
According to the speed of devices to be connected: Category-3, 4, 5, 5+, 6

The category of twisted pair cable to be used is determined by the speed of the devices to be connected to RJ-45 port. In case of connecting with a device that operates at 10Mbps, category 3 and 4 cable is used. In case of connecting with a device that operates at 100Mbps, category 5 cable is used. In case of connecting with a device that operates at 1000Mbps, category 5+ or category 6 cable is used.
According to the kinds of devices to be connected: Straight-through, Crossover

Either straight-through cable or crossover cable is used according to the kinds of devices to be connected to RJ-45 port. In case the device to be connected is such terminal (MDI) as PC equipped with NIC (Network Interface Card), straight-through cable is used. On the other hand, crossover cable is used for connecting the ports of network devices (MDI-X) such as hub or switch.
Note : The 10/100.1000Base-T port of the uplink module supports automatic MDIX function. Ports that support automatic MDIX function crossover cable or straightthrough cable can be used regardless of the type of linking equipment.
B-6
R1P-VD User's Guide
Fiber Optic Cable

The system modules with fiber optic ports are connected using fiber optic cables as follows:
Table B-3 System Modules with Fiber Optic Ports
Module OPT-P1ES1CD OPT-P1EL1CD
Connector
Interface
Fiber Optic Cable Single mode Multi-mode Single mode Multi-mode Single mode Single mode
Wave Length(nm) y Rx : 1310nm y Tx : 1490nm y Rx/Tx : 850nm y Rx/Tx : 1310nm y Rx/Tx : 850nm y Rx/Tx : 1310nm y Rx/Tx : 1530~1565nm
Simplex SC
1000Base-PX 100Base-SX
OPT-P1ES1CD OPT-P1EL1CD OPT-P2CD
Duplex LC
100Base-LX 1000Base-SX 1000Base-LX
OPT-P1W
Simplex SC
GW-PON
Duplex LC Fiber Optic Cable

The cable used for connecting the 1000Base-SX/LX SFP ports on the uplink modules is fiber-optic cable with duplex LC connectors at both ends (transmitting/receiving wavelength: 1310nm).
B-7
Simplex SC Fiber Optic Cable

The cable used for connecting the 1000Base-PX SFP port on the OPT-P1ES1CD and OPTP1EL1CD module is fiber-optic cable with simplex SC connectors at both ends (transmitting/receiving wavelength: 1310/1490nm).
Simplex SC/APC Fiber Optic Cable

The cable used for connecting the GW-PON port on the OPT-P1W module is fiber-optic cable with simplex SC/APC connectors at both ends (transmitting/receiving wavelength: 1530~1565nm)
Caution : This document described general setup and connection of equipment. Did not describe about various transceiver and compatibility of fiber optic connectors. Detailed item requires to technical support team (support@corecess.com)
B-8
R1P-VD User's Guide
Console Cable
Console cable is used to connect the console port to a console terminal (ASCII terminals or PCs equipped with terminal emulation programs). Console cable has an RJ-45 connector and a DB-9 connector at each ends.
Note : Before connecting the console port, ensure that console terminal is configured as follows:
Baud rate 9600 Data bit 8 Parity None Stop bit 1 Flow control None
B-9
B-10
R1P-VD User's Guide

R1P-VD Series 0002 Eng

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

R1P-VD Series 0002 Eng

Transféré par

Droits d'auteur :

Formats disponibles

Edition : 0002 Distribution : 3/2008

Corecess Symmetric VDSL2 IP DSLAM

Notations in Console Screen

Notations in Command Syntax

R1P-VD User's Guide

Recommendation: Introduces recommendatory item for the use of product..

Chapter 2 Hardware Description

Chapter 3 Before Installation

Chapter 5 Basic Configuration

Chapter 6 Configuring Ports

Chapter 7 Configuring VLAN

Chapter 8 Configuring SNMP and RMON

R1P-VD User's Guide

Chapter 9 Configuring QoS

Chapter 10 Configuring Security

Chapter 11 Configuring IGMP Snooping

Chapter 12 Configuring DHCP & ARP Snooping

Chapter 13 Configuring AAA

Chapter 14 Configuring LACP

Chapter 15 Configuring STP/RSTP

Appendix A describes the specifications of the Corecess R1P-VD series.

Connector & Cable Specifications

R1P-VD User's Guide

Chapter 2 Hardware Description

Chapter 3 Before Installation

Chapter 5 Basic Configuration

R1P-VD User's Guide

Chapter 6 Configuring Ports

Creating Profile........................................................................................................................... 6-32 Profile Mapping .......................................................................................................................... 6-33

Chapter 7 Configuring VLAN

Chapter 8 Configuring SNMP and RMON

Chapter 9 Configuring QoS

R1P-VD User's Guide

Chapter 10 Configuring Security

Chapter 11 Configuring IGMP Snooping

Chapter 12 Configuring DHCP & ARP Snooping

Chapter 13 Configuring AAA

R1P-VD User's Guide

Chapter 14 Configuring LACP

Chapter 15 Configuring STP/RSTP

Hardware Specifications ....................................................................................................... A-2 Software Specifications ........................................................................................................ A-3

Connector & Cable Specifications

R1P-VD User's Guide

R1P-VD User's Guide

R1P-VD User's Guide

Table A-2 Table B-1 Table B-2 Table B-3

R1P-VD User's Guide

R1P-VD User's Guide

Supported Line Interfaces

Flexible Uplink Interfaces

Table 1-1 Types of Uplink module

Uplink Module OPT-P1ES1CD OPT-P1EL1CD OPT-P2CD OPT-P1W

Layer 2 Switching Function

QoS (Quality of Service)

R1P-VD User's Guide

Improved Switching Functions

R1P-VD User's Guide

Corecess R1P-VD series Network

Gigabit Ethernet Or GEPON Or SuperPON

Edge Router Management

R1P-VD: RT/Building 1RU access node Cascading or L3 Aggregation

Gigabit Ethernet Or GEPON Or SuperPON

R1P-VD: Street Cabinet CPE