Vous êtes sur la page 1sur 307

ZXR10 2900E Series

Easy-Maintenance Secure Switch


Configuration Guide

Version: 2.05.11

ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright 2013 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided as is, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History

Revision No. Revision Date Revision Reason

R1.0 2013-11-27 First edition

Serial Number: SJ-20130731155059-002

Publishing Date: 2013-11-27 (R1.0)

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Contents
About This Manual ......................................................................................... I
Chapter 1 Safety Instructions.................................................................... 1-1
1.1 Safety Instructions.............................................................................................. 1-1
1.2 Safety Signs ...................................................................................................... 1-1

Chapter 2 System Overview ...................................................................... 2-1


Chapter 3 Usage and Operation................................................................ 3-1
3.1 Configuration Modes .......................................................................................... 3-1
3.2 Command Modes............................................................................................... 3-6
3.3 Common Command Parameters ........................................................................3-11
3.4 Usage of Command Line .................................................................................. 3-12

Chapter 4 System Management ................................................................ 4-1


4.1 File System Management ................................................................................... 4-1
4.2 Configuring the TFTP Server............................................................................... 4-3
4.3 Configuring the FTP Server................................................................................. 4-4
4.4 Importing and Exporting the Configuration File ..................................................... 4-7
4.5 Backing Up and Recovering Files ........................................................................ 4-7
4.6 Downloading the Software Version Automatically ................................................. 4-8
4.7 Configuring Automatic Saving of a Configuration File.......................................... 4-10
4.8 Upgrading the Software Version .........................................................................4-11
4.9 File System Configuration Commands ............................................................... 4-15

Chapter 5 Service Configuration............................................................... 5-1


5.1 Management Configuration ................................................................................. 5-2
5.2 Port Configuration .............................................................................................. 5-6
5.3 PoE Configuration .............................................................................................. 5-8
5.4 Port Mirroring ....................................................................................................5-11
5.5 MAC Address Table Operation .......................................................................... 5-13
5.6 LACP Configuration.......................................................................................... 5-17
5.7 IGMP Snooping Configuration ........................................................................... 5-20
5.8 MLD Snooping Configuration ............................................................................ 5-24
5.9 IPTV Configuration ........................................................................................... 5-27
5.10 STP Configuration .......................................................................................... 5-34
5.11 ACL Configuration .......................................................................................... 5-43
5.12 QoS Configuration .......................................................................................... 5-53

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


5.13 PVLAN Configuration...................................................................................... 5-60
5.14 Layer 2 Protocol Transparent Transmission Configuration ................................. 5-63
5.15 IPv4 Layer 3 Configuration.............................................................................. 5-65
5.16 IPv6 Layer 3 Configuration.............................................................................. 5-68
5.17 DAI Configuration ........................................................................................... 5-69
5.18 Access Service Configuration.......................................................................... 5-71
5.19 MAC Authentication Configuration ................................................................... 5-79
5.20 QinQ Configuration......................................................................................... 5-80
5.21 SQinQ Configuration....................................................................................... 5-82
5.22 VLAN Configuration........................................................................................ 5-84
5.23 VLAN Mapping Configuration .......................................................................... 5-87
5.24 Syslog Configuration....................................................................................... 5-89
5.25 NTP Configuration .......................................................................................... 5-91
5.26 GARP/GVRP Configuration............................................................................. 5-93
5.27 DHCP Configuration ....................................................................................... 5-95
5.28 DHCPv6 Configuration...................................................................................5-101
5.29 VBAS Configuration.......................................................................................5-104
5.30 PPPoE-PLUS Configuration ...........................................................................5-106
5.31 ZESR Configuration.......................................................................................5-108
5.32 ZESS Configuration.......................................................................................5-121
5.33 OAM Configuration ........................................................................................5-126
5.34 sFlow Configuration.......................................................................................5-132
5.35 PP Configuration ...........................................................................................5-133
5.36 LLDP Configuration .......................................................................................5-135
5.37 Single Port Loop Detection Configuration ........................................................5-137
5.38 UDLD Configuration ......................................................................................5-140
5.39 TACACS+ Configuration ................................................................................5-143
5.40 Time Range Configuration .............................................................................5-145
5.41 Voice VLAN Configuration..............................................................................5-146
5.42 802.1ag Configuration ...................................................................................5-148
5.43 Y.1731 Configuration .....................................................................................5-154
5.44 MAC-based VLAN Command Configuration ....................................................5-159
5.45 DHCP Relay Configuration.............................................................................5-160
5.46 MFF Configuration.........................................................................................5-164
5.47 SSL Configuration .........................................................................................5-167
5.48 ERPS Configuration ......................................................................................5-171
5.49 Debug Module Configuration ..........................................................................5-178

II

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management .............................................................................. 6-1
6.1 Remote-Access.................................................................................................. 6-1
6.2 SSH .................................................................................................................. 6-3
6.3 Privilege ...........................................................................................................6-11
6.4 SNMP ............................................................................................................. 6-13
6.5 RMON ............................................................................................................. 6-18
6.6 ZGMP ............................................................................................................. 6-21
6.7 sFlow .............................................................................................................. 6-28
6.8 Web ................................................................................................................ 6-29
6.9 M_Button ......................................................................................................... 6-49
6.10 Telnet ............................................................................................................ 6-52

Chapter 7 Maintenance .............................................................................. 7-1


7.1 Routine Maintenance.......................................................................................... 7-1
7.2 Virtual Circuit Tester ........................................................................................... 7-2
7.3 Common Fault Handling ..................................................................................... 7-3
7.3.1 Overview ................................................................................................. 7-3
7.3.2 Configuration Through the Console Port Failed .......................................... 7-3
7.3.3 Telnet Connection Failed .......................................................................... 7-4
7.3.4 Web Management Failed .......................................................................... 7-4
7.3.5 Login Username or Password Lost ............................................................ 7-5
7.3.6 Enable Password Lost .............................................................................. 7-6
7.3.7 Two Devices in the Same VLAN Cannot Communicate............................... 7-7
7.3.8 Authentication Timed Out in Campus Network............................................ 7-7
7.3.9 Solution to ARP Attacks in Campus Network.............................................. 7-9

Figures............................................................................................................. I
Tables ...........................................................................................................VII
Glossary ........................................................................................................IX

III

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


IV

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


About This Manual
Purpose
This manual is applicable to the ZXR10 2900E (V2.05.11) series easy-maintenance secure
switches, which include the following products:
l ZXR10 2910E-PS easy-maintenance secure switch
l ZXR10 2918E-PS easy-maintenance secure switch
l ZXR10 2918E easy-maintenance secure switch
l ZXR10 2928E easy-maintenance secure switch
l ZXR10 2928E-PS easy-maintenance secure switch
l ZXR10 2952E easy-maintenance secure switch

Intended Audience
This document is intended for:
l Software debugging engineers
l Date configure engineers
l Maintenance engineers

What Is in This Manual


This manual contains the following chapters:

Chapter Summary

1, Safety Instructions Describes safety instructions and signs.

2, System Overview Provides an overview about the ZXR10 2900E series switches.

3, Usage and Operation Describes configuration modes, command modes and usage of
command line.

4, System Management Describes system management.

5, Service Configuration Describes service configuration.

6, Management Describes management configuration.

7, Maintenance Describes routine maintenance, virtual line detection and common


fault handling.

Conventions
This manual uses the following typographical conventions:

Typeface Meaning

Italics Variables in commands. It may also refer to other related manuals and documents.

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Typeface Meaning

Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.

Constant Text that you type, program codes, filenames, directory names, and function names.
width

[] Optional parameters.

{} Mandatory parameters.

| Separates individual parameters in a series of parameters.

Caution: indicates a potentially hazardous situation. Failure to comply can result in


moderate injury, equipment damage, or interruption of minor services.

Note: provides additional information about a certain topic.

II

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 1
Safety Instructions
Table of Contents
Safety Instructions......................................................................................................1-1
Safety Signs ...............................................................................................................1-1

1.1 Safety Instructions


Only duly trained and qualified personnel can install, operate and maintain the devices.
During the device installation, operation and maintenance, please abide the local safety
specifications and related operation instructions, otherwise physical injury may occur
or devices may be broken. The safety precautions mentioned in this manual are only
supplement of local safety specifications.
ZTE Corporation will assume no responsibility for consequences resulting from violation
of general specifications for safety operations or of safety rules for design, production and
use of the devices.

1.2 Safety Signs


The contents that users should pay attention to when they install, operate and maintain
devices are explained in the following formats:

Warning!
Indicates the matters needing close attention. If this is ignored, serious injury accidents
may happen or devices may be damaged.

Caution!

Indicates the matters needing attention during configuration.

1-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Note:
Indicates the description, hint, tip and so on for configuration operations.

1-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 2
System Overview
The ZXR10 2900E series switches are an important part of the ZXR10 series Ethernet
switches. The ZXR10 2900E series products are Gigabit L2+ (between layer 2 and layer 3)
Ethernet switches used for Gigabit network access and convergence, and 1 Gb is available
for uplinks. The ZXR10 2900E provides different types of Ethernet access ports, thus
providing a high-speed, effective, and cost-effective access and convergence scheme.
The switches are used in the access layer of the carrier and enterprise networks.
For the ports that the ZXR10 2900E supports, refer to the following table.

Switch Type Fixed Port Description

ZXR10 2918E 16 10/100 BASE-TX Ethernet Two 10/100/1000BASE-T Ethernet


ports ports and two 100/1000BASE-FX
Two 10/100/1000BASE-T ports are combo electro-optic
Ethernet ports multiplex ports.
Two 100/1000BASE-FX ports

ZXR10 2928E 24 10/100 BASE-TX Ethernet Two 10/100/1000BASE-T Ethernet


ports ports and two 100/1000BASE-FX
Two 10/100/1000BASE-T ports are combo optical-electrical
Ethernet ports multiplexing ports.
Two 100/1000BASE-FX ports
Two 1000BASE-FX interfaces

ZXR10 2952E 48 10/100BASE-TX Ethernet -


ports
Four 1000BASE-FX ports

ZXR10 2910E-PS Eight 10/100 BASE-TX Ethernet Two 10/100/1000BASE-T Ethernet


ports ports and two 100/1000BASE-FX
Two 10/100/1000BASE-T ports are combo optical-electrical
Ethernet ports multiplexing ports.
Two 100/1000BASE-FX ports

ZXR10 2918E-PS 16 10/100 BASE-TX Ethernet Two 10/100/1000BASE-T Ethernet


ports ports and two 100/1000BASE-FX
Two 10/100/1000BASE-T ports are combo optical-electrical
Ethernet ports multiplexing ports.
Two 100/1000BASE-FX ports

2-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Switch Type Fixed Port Description

ZXR10 2928E-PS 24 10/100 BASE-TX Ethernet RS-29EC-4GE-SFP subcards,


ports RS-29EC-4GE-RJ45 subcards, and
One subcard slot RS-29EC-4FE-SFP subcards are
supported.

Switching Capability
The ZXR10 2900E series switches support layer-2 wire-speed switching on all ports. The
data packets can be forwarded at wire-speed after being filtered and classified. The ports
provide high throughput, low packet loss rate, and low time delay and jitter, which satisfy
application requirements of key services.

Reliability
l The ZXR10 2900E supports the Spanning Tree Protocol (STP), Rapid Spanning
Tree Protocol (RSTP), and Multiple Spanning Tree Protocol MSTP, and implements
redundancy backup and fast switching of links.
l The ZXR10 2900E supports the 802.3ad Link Aggregation Control Protocol (LACP)
function, and provides load balancing and link backup.
l The ZXR10 2900E supports the ZTE Ethernet Switch Ring (ZESR) to provide fast
protection switching, which ensures that user services are not interrupted.

Service Features
The ZXR10 2900E provides the following service features:
l Provides a flexible Virtual Local Area Network (VLAN) classification mode. The VLANs
can be classified by port or protocol type.
l Provides a layer-2 Virtual Private Network (VPN) through QinQ to control outer-layer
labels flexibly.
l Supports user port locating technologies, such as Virtual Broadband Access Server
(VBAS), Dynamic Host Configuration Protocol (DHCP) Option82, and Point to Point
Protocol over Ethernet (PPPoE)+.
l Provides layer-2 multicast technologies, including Internet Group Management
Protocol (IGMP)-snooping and its proxy function, the fast-leaving feature, and the
Multicast VLAN Switching (MVS) function, which provide a support for enabling the
Internet Protocol Television (IPTV) service.

Security Control
The ZXR10 2900E provides the following security control functions:
l User-level security control

It supports IEEE 802.1x, which implements dynamic and port-based security and
provides the user ID authentication function.

2-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 2 System Overview

It supports MAC/IP/VLAN/Port combination at random, which effectively prevents


illegal users from accessing the network.
Port isolation ensures that a user can neither monitor traffic of another user on
the same switch nor obtain the user's information.
It supports the GuestVlan and anti-proxy function, which facilitates its applications
in educational networks and other complex network environments.
Dynamic Host Configuration Protocol (DHCP) monitoring prevents malicious
users from deceiving the DHCP server and sending spurious address information.
It can also enable IP source protection and create a binding table for the IP
address, MAC address, and port of the client and the VLAN to prevent a user
from accessing or using the IP address of another user.
l Equipment-level security control
The CPU security control technology prevents Denial of Service (DoS) attacks.
The Secure Shell (SSH)/Simple Network Management Protocol (SNMP)v3
ensures network management security.
Multi-level access security of the console prevents unauthorized users from
changing the switch configuration.
The Remote Authentication Dial In User Service (RADIUS)/Terminal Access
Controller Access-Control System Plus (TACACS+) identification authentication
puts the switch under centralized control and prevents unauthorized users from
modifying the configuration.
l Network security control
The Access Control List (ACL) based on ports and VLANs makes it possible for
users to apply security strategies to each port or trunk of the switch.
MAC address binding and source- or destination-based filtering provide effective
address-based traffic control.
The port mirroring function provides an effective tool for network management
analysis.

QoS Guarantee
The ZXR10 2900E provides the following applications of Quality of Service (QoS):
l Provides Standard 802.1p Class of Service (CoS) and Differentiated Services Code
Point (DSCP) field sorting. Single group-based labeling and re-sorting can be
performed by using source and destination IP addresses, source and destination
MAC addresses, and Transfer Control Protocol (TCP)/User Datagram Protocol
(UDP) port numbers.
l Provides queue scheduling algorithms including Strict Priority (SP) and Weighted
Round Robin (WRR).
l Supports the Committed Access Rate (CAR) function. It manages asynchronous
uplink and downlink data flows from uplinks by ingress strategy control and egress

2-3

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

shaping. The ingress strategy control provides bandwidth control with the minimum
increment of 8 kbps. It can satisfy QoS requirements of packet loss, time delay and
jitter even if network congestion occurs, thus avoiding queue congestion effectively.

Management Modes
The ZXR10 2900E provides the following management modes:
l Supports the SNMPv1/v2c/v3 and Remote Monitoring (RMON).
l Supports the ZXNM01 unified network management platform.
l Supports accessing the switches through CLI command lines, including Console,
Telnet and SSH.
l Supports network management through Web.
l Supports the ZTE Group Manage Protocol (ZGMP).

Functions
The ZXR10 2900E uses the Store and Forward mode, and supports layer 2 wire-speed
switching. Full wire-speed switching is implemented on all ports.
The ZXR10 2900E provides the following functions:
1. The 100 M ports support 10/100 M auto-sensing and Media-Dependent
Interface/Media-Dependent Interface-crossover (MDI/MDIX) auto-sensing.
2. The Gigabit electrical ports support 10/100/1000 M auto-sensing and MDI/MDIX
auto-sensing.
3. It supports port-based 802.3x traffic control (full duplex) and back-pressure traffic
control (half duplex).
4. It supports Virtual Circuit Tester (VCT) function.
5. It supports 802.1q VLANs. The maximum number of VLANs is 4094.
6. It supports the VLAN stack function (QinQ), and outer labels are optional (Selective
QinQ (SQinQ)).
7. It supports GARP VLAN Registration Protocol (GVRP) dynamic VLANs. The full name
GARP of is Generic Attribute Registration Protocol.
8. It has the capability of MAC address self-learning. The maximum size of the MAC
address table is 16 KB.
9. It supports port MAC address binding and addresses filtering.
10. It supports the automatic fixing function of MAC addresses. The MAC addresses can
be recovered if the device is powered off.
11. It supports port security and port isolation.
12. It supports the 802.1d STP, 802.1w RSTP, and 802.1s MSTP. The MSTP provides at
most four instances.
13. It supports the ZESR technology and the linkhello/linkdown mechanism.
14. It supports 802.3ad LACP port binding and static port binding. At most 15 port groups
can be bound and each group contains at most eight ports.
15. It supports 1,024 multicast groups, cross-VLAN IGMP snooping and Multicast VLAN
Switching (MVS).
16. It supports the single port loop test.

2-4

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 2 System Overview

17. It supports 802.1x user authentication.


18. It supports the VBAS, DHCP-OPTION82 and PPPOE+.
19. It supports the DHCP-SNOOPING.
20. It supports the DHCP client function to request a management interface from the DHCP
server automatically.
21. It supports the DHCP relay function, which allows an access device to request the
DHCP server for a host address across different network segments.
22. It supports the Dynamic ARP Inspection (DAI) technology, which prevents Address
Resolution Protocol (ARP) attacks.
23. It supports broadcast storm suppression.
24. It supports port ingress and egress mirroring, and flow-based ingress mirroring and
statistics.
25. It supports the Remote Switched Port Analyzer (RSPAN).
26. It supports the ACL function based on ports and VLANs. The ACL rules take effect in
specified time periods.
27. It supports the IETF-DiffServ and IEEE-802.1p. Queues of eight priorities are provided
on all ports. The ingress supports the CAR function and the egress supports shaping
and tail drop. The queue scheduling supports SP and WRR.
28. It supports port-based speed control, including ingress speed limit and egress speed
limit. The ingress speed limit supports flow rate limit of multiple buckets, and the speed
limit types of each bucket are configurable. The minimal granularity of speed limit is 8
Kbps.
29. It provides detailed port flow statistics.
30. It supports 802.3ah Ethernet Operation, Administration and Maintenance (OAM).
31. It supports the sFlow.
32. It supports layer-2 transparent protocol transmission.
33. It supports the syslog function.
34. It supports the Network Time Protocol (NTP) client function.
35. It supports the network management static route configuration.
36. It supports the ZGMP.
37. It supports the SNMPv1/v2c/v3 and RMON.
38. It supports configuration through the Console and remote login through Telnet.
39. It supports the SSHv2.0.
40. It supports the Web function.
41. It supports the ZXNM01 unified network management.
42. It supports version/configuration upload and download through the Trivial File Transfer
Protocol (TFTP).
43. It supports version/configuration upload and download through the FTP .
44. The ZXR10 2910E-PS/2918E-PS/2928E-PS supports the 802.3af Power over
Ethernet (PoE) function. The power supply of at most 30 W is supported.

2-5

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

This page intentionally left blank.

2-6

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3
Usage and Operation
Table of Contents
Configuration Modes ..................................................................................................3-1
Command Modes .......................................................................................................3-6
Common Command Parameters ..............................................................................3-11
Usage of Command Line..........................................................................................3-12

3.1 Configuration Modes


The ZXR10 2900E supports various configuration modes, see Figure 3-1. A user should
select a proper configuration mode based on the network that the user accesses.

Figure 3-1 ZXR10 2900E's Configuration Modes

The configuration modes are as follows:


1. Console port mode: This mode is used as a primary mode for configuring a switch.
2. Telnet/SSH mode: This mode is used to configure the ZXR10 2900E at any place of
a network.
3. Network management workstation mode: This mode requires the use of the
SNMP-capable network management software.
4. FTP/TFTP/WEB mode: This mode is used to manage the file system of a switch.

Configuration Through the Console Port


A serial configuration cable is delivered along with the ZXR10 2900E. One end of the cable
is connected to the Console port of the ZXR10 2900E, and the other end is connected to
the serial port of a debugging PC. The VT100 terminal mode is applied in the Console port
connection configuration. The following use the Windows HyperTerminal configuration as
an example to illustrate the connection configuration.
1. Start the HyperTerminal program on the PC.

3-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Select Start > All programs > Accessories > Communications > HyperTerminal
in the Windows operating system to start the HyperTerminal program.
2. Establish a connection.
Enter a name and select an icon for the connection, and then click OK, see Figure 3-2.

Figure 3-2 Connection Description Dialog Box

3. Set the interconnection port.


In the Connect To dialog box, select desired options from the Connect using list and
then click OK, see Figure 3-3.

Figure 3-3 Connect To Dialog Box

4. Set communication parameters.


In the COM1 Properties dialog box, click the Restore Defaults button to set the COM1
property, and then click OK, see Figure 3-4.

3-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

Figure 3-4 COM1 Properties Dialog Box

5. Click the OK button. After the ZXR10 2900E is powered on, enter the configuration
mode for further operations.

Configuration Through Telnet


The Telnet mode is often used for configuring a remote switch. A user can log in to a
remote switch through an Ethernet port of the local computer. The login username and
password for the switch must be configured and the IP address of the layer-3 port on the
switch can be pinged successfully from the local computer, refer to Table 3-1.

For configuration of the IP address of the layer-3 port, refer to 5.15 IPv4 Layer 3
Configuration and 5.16 IPv6 Layer 3 Configuration.

Table 3-1 Configuration Command

Command Function

create user <name>{admin | guest}[<0-15>] Create a new user, The user <name> parameter
value consists of at most 15 characters.

set user local <name> login-password [<string>] Set the login password, The login-password
<string> parameter value consists of at most 16
characters.

set user {local | radius| tacacs-plus}<name> Set the administrator password, The
admin-password <string> admin-password <string> parameter value
consists of at most 16 characters.

3-3

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Note:
The default username is admin and the password is zhongxing. The default administrator
password is empty.

It is assumed that the IP address of the layer-3 port is 192.168.3.1 and this address can be
pinged successfully from the local computer. Perform the following remote configuration
operations:
1. Select Start > Run on the local computer. Run the Telnet command in the displayed
Run dialog box, see Figure 3-5.

Figure 3-5 Running Telnet

2. Click OK. A Telnet window is displayed, see Figure 3-6.

Figure 3-6 Telnet Window

3. Enter the username and password to enter user mode of the switch.

Configuration Through the SNMP Connection


The SNMP is the most popular network management protocol at present. With this
protocol, all devices in the network can be managed by a network management server.

3-4

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

The SNMP uses the server/client management mode. The back-end network management
server serves as the SNMP server. The front-end network device serves as the SNMP
client. The front end and back end share one Management Information Base (MIB) and
communicate with each other through SNMP.
The back-end network management server must be installed with the network
management software supporting SNMP. The switch is configured and managed by the
network management software. For the detailed SNMP configuration on the ZXR10
2900E, refer to 6.4 SNMP.

Configuration Through the Web Connection


Web is another way to implement remote switches management and is similar to Telnet.
A user can log in to a remote switch through an Ethernet port of the local computer. The
login username, login password and administrator password must be configured and the
Web function must be enabled. The IP address of the layer-3 port on the switch can also
be pinged successfully from the local computer. For configuration of the IP address of the
layer-3 port, refer to 5.15 IPv4 Layer 3 Configuration and 5.16 IPv6 Layer 3 Configuration.
1. Create a new management user.

Command Function

create user <name>{admin | guest}[<0-15>] The user <name> parameter value consists of
at most 15 characters.

2. Set a login password.

Command Function

set user local <name> login-password <string> The login-password <string> parameter value
consists of at most 16 characters.

3. Set an administrator password.

Command Function

set user {local|radius}<name> admin-password The admin-password <string> parameter value


<string> consists of at most 16 characters.

4. Enable the web network management function (by default, this function is disabled)
and set a listening port.

Command Function

set web enable Enable the web network management function


(by default, this function is disabled).

set web listen-port < 80,1025-49151 > Set a listening port.

3-5

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Note:
The default username is admin and the password is zhongxing. The administrator
password is empty. If you log in as the administrator, the administrator password cannot
be empty. Set the administrator password in advance. The default HTTP listening port
is 80.

For the detailed remote login and configuration through Web, refer to 6.8 Web.

3.2 Command Modes


To facilitate the configuration and management of the switch, the commands of the
ZXR10 2900E series switches are allocated to different modes according to functions and
permissions. A command can be executed only in the specified mode.

The command modes are listed as follows:

User Mode
After logging in to the switch through HyperTerminal, Telnet or SSH, you can enter user
mode after entering your login username and password. The prompt in user mode is the
host name followed by >, which is shown as follows:
zte>

The default host name is zte. You can modify the host name by running the hostname
<name> command. The name length consists of at most 200 characters.
In user mode, you can run the exit command to exit the switch configuration or run the
show command to view the system configuration and operation information.

Note:

The show command can be executed in any mode.

Global Configuration Mode


In user mode, you can enter the enable command and the corresponding password to enter
global configuration mode, which is shown as follows:

zte>enable
Password:***
zte(cfg)#

3-6

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

In global configuration mode, you can configure various functions of the switch. The
password for entering global configuration mode must be set by running the set user local
<name> admin-password [<string>] command to prevent login of unauthorized users.
To return to user mode from global configuration mode, run the exit command.

SNMP Configuration Mode


In global configuration mode, you can run the config snmp command to enter SNMP
configuration mode, which is shown as follows:
zte(cfg)#config snmp
zte(cfg-snmp)#

In SNMP configuration mode, you can set the SNMP and RMON parameters.
To return to global configuration mode from SNMP configuration mode, run the exit
command or press Ctrl+Z.

Layer-3 Configuration Mode


In global configuration mode, you can run the config router command to enter layer-3
configuration mode, which is shown as follows:
zte(cfg)#config router
zte(cfg-router)#

In layer-3 configuration mode, you can configure the layer-3 port, static router, and ARP
entity.
To return to global configuration mode from layer-3 configuration mode, run the exit
command or press Ctrl+Z.

File System Configuration Mode


In global configuration mode, you can run the config tffs command to enter file system
configuration mode, which is shown as follows:
zte(cfg)#config tffs
zte(cfg-tffs)#

In file system configuration mode, you can perform the following operations on the file
system of the switch, including
l adding files or directories
l deleting files or directories
l modifying file names
l displaying files or directories
l changing file directories
l uploading/downloading files through TFTP
l uploading/downloading files through FTP
l copying files
l formatting the Flash memory

3-7

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

l upgrading firmware
To return to global configuration mode from file system configuration mode, run the exit
command or press Ctrl+Z.

NAS Configuration Mode


In global configuration mode, you can run the config nas command to enter NAS
configuration mode, which is shown as follows:
zte(cfg)#config nas
zte(cfg-nas)#

In NAS configuration mode, you can configure the access service of the switch, including
user access authentication and management.
To return to global configuration mode from NAS configuration mode, run the exit command
or press Ctrl+Z.

Cluster Management Configuration Mode


In global configuration mode, you can run the config group command to enter cluster
management configuration mode, which is shown as follows:
zte(cfg)#config group
zte(cfg-group)#

In cluster management configuration mode, you can configure the cluster management
service of the switch.
To return to global configuration mode from cluster management configuration mode, run
the exit command or press Ctrl+Z.

Basic Ingress ACL Configuration Mode


In global configuration mode, you can run the config ingress-acl basic number <1-99>
command to enter basic ingress ACL configuration mode, which is shown as follows:
zte(cfg)#config ingress-acl basic number 10
zte(ingress-basic-acl)#

In basic ingress ACL configuration mode, you can add, delete and move rules for a
specified basic ingress ACL.
To return to global configuration mode from basic ingress ACL configuration mode, run the
exit command or press Ctrl+Z.

Extended Ingress ACL Configuration Mode


In global configuration mode, you can run the config ingress-acl extend number <100-199>
command to enter extended ingress ACL configuration mode, which is shown as follows:
zte(cfg)#config ingress-acl extend number 100
zte(ingress-extend-acl)#

3-8

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

In extended ingress ACL configuration mode, you can add, delete and move rules for a
specified extended ingress ACL.
To return to global configuration mode from extended ingress ACL configuration mode, run
the exit command or press Ctrl+Z.

Layer-2 Ingress ACL Configuration Mode


In global configuration mode, you can run the config ingress-acl link number <200-299>
command to enter layer-2 ingress ACL configuration mode, which is shown as follows:
zte(cfg)#config ingress-acl link number 200
zte(ingress-link-acl)#

In layer-2 ingress ACL configuration mode, you can add, delete and move rules for a
specified layer-2 ingress ACL.
To return to global configuration mode from layer-2 ingress ACL configuration mode, run
the exit command or press Ctrl+Z.

Hybrid Ingress ACL Configuration Mode


In global configuration mode, you can run the config ingress-acl hybrid number <300-399>
command to enter hybrid ingress ACL configuration mode, which is shown as follows:
zte(cfg)#config ingress-acl hybrid number 333
zte(ingress-hybrid-acl)#

In hybrid ingress ACL configuration mode, you can add, delete and move rules for a
specified hybrid ingress ACL.
To return to global configuration mode from hybrid ingress ACL configuration mode, run
the exit command or press Ctrl+Z.

Global Ingress ACL Configuration Mode


In global configuration mode, you can run the config ingress-acl global command to enter
global ingress ACL configuration mode, which is shown as follows:
zte(cfg)#config ingress-acl global
zte(ingress-global-acl)#

In global ingress ACL configuration mode, you can add, delete and move rules for a
specified global ingress ACL.
To return to global configuration mode from global ingress ACL configuration mode, run
the exit command or press Ctrl+Z.

Basic Egress ACL Configuration Mode


In global configuration mode, you can run the config egress-acl basic number <400-499>
command to enter basic egress ACL configuration mode, which is shown as follows:
zte(cfg)#config egress-acl basic number 400
zte(egress-basic-acl)#

3-9

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

In basic egress ACL configuration mode, you can add, delete and move rules for a basic
egress ACL.
To return to global configuration mode from basic egress ACL configuration mode, run the
exit command or press Ctrl+Z.

Extended Egress ACL Configuration Mode


In global configuration mode, you can run the config egress-acl extend number <500-599>
command to enter extended egress ACL configuration mode, which is shown as follows:
zte(cfg)#config egress-acl extend number 500
zte(egress-extend-acl)#

In extended egress ACL configuration mode, you can add, delete and move rules for a
specified extended egress ACL.
To return to global configuration mode from extended egress ACL configuration mode, run
the exit command or press Ctrl+Z.

Layer-2 Egress ACL Configuration Mode


In global configuration mode, you can run the config egress-acl link number <600-699>
command to enter layer-2 egress ACL configuration mode, which is shown as follows:
zte(cfg)#config egress-acl link number 600
zte(egress-link-acl)#

In layer-2 egress ACL configuration mode, you can add, delete and move rules for a
specified layer-2 egress ACL.
To return to global configuration mode from layer-2 egress ACL configuration mode, run
the exit command or press Ctrl+Z.

Hybrid Egress ACL Configuration Mode


In global configuration mode, you can run the config egress-acl hybrid number <700-799>
command to enter hybrid egress ACL configuration mode, which is shown as follows:
zte(cfg)#config egress-acl hybrid number 700
zte(egress-hybrid-acl)#

In hybrid egress ACL configuration mode, you can add, delete and move rules for a
specified hybrid egress ACL.
To return to global configuration mode from hybrid egress ACL configuration mode, run
the exit command or press Ctrl+Z.

Mac-Based-Vlan Configuration Mode


In global configuration mode, you can run the config mac-based-vlan session <1-64>
command to enter Mac-Based-Vlan configuration mode, which is shown as follows:
zte(cfg)#config mac-based-vlan session 1
zte(mac-based-vlan)#

3-10

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

In Mac-Based-Vlan configuration mode, you can add or delete rules for a specified session.
To return to global configuration mode from Mac-Based-Vlan configuration mode, run the
exit command or press Ctrl+Z.

User-Defined Ingress ACL Configuration Mode


In global configuration mode, you can run the config ingress-acl user-define number <801-
828> command to enter user-defined ingress ACL configuration mode, which is shown as
follows:
zte(cfg)#config ingress-acl user-define number 811
zte(ingress-user-define-acl)#

In user-defined ingress ACL configuration mode, you can add, delete, or move the rules
of ACLs with the specified ACL numbers.
To return to global configuration mode from user-defined ingress ACL configuration mode,
run the exit command or press Ctrl+Z.

3.3 Common Command Parameters


For common command parameters of the ZXR10 2900E, refer to Table 3-2.

Table 3-2 Common Command Parameters

Parameter Description

<portlist> Port number, port name or port number range separated by a


comma, for example:
l 1, 2, 4-8, 18
l p1, pp2, 4-8, port18
The p1, pp2, port18 are port names created by users.
Slot ID is added before the port ID of the devices supporting
subcards. For example, for the ZXR10 2928E-PS device, the
port list is as follows:
l 1/1, 1/2, 1/4-8, 1/18
l 2/1, 2/2

<vlanlist> VLAN ID, VLAN name or VLAN range separated by a comma,


for example:
l 1-19,77,88,100-900
l vlan1,v1,10,100-200

<trunklist> Trunk ID or trunk range separated by a comma, for example,


1-5, 7, 10.

<portname> One port number or port name can be entered once.

<vlanname> One VLAN ID or VLAN name can be entered once.

<trunkid> One trunk ID can be entered once.

3-11

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Parameter Description

<HH.HH.HH.HH.HH.HH> MAC address, for example, 00.22.33.44.55.66.

<A.B.C.D> IP address, for example, 10.40.47.254.

<A.B.C.D/M> IP address and mask bits. M must be an integer from 1 to 32,


for example, 10.40.47.254/24.

<string> String without spaces.

<mib-oid> Dotted decimal numeral with a variable length, for example,


1.3.6.2.19.2.

<name> String without spaces.

<sessionlist> Session list.

3.4 Usage of Command Line


Online Help
In any command mode, enter a question mark (?) at the system prompt. A list of available
commands in the command mode will be displayed. You can also use the online help to
get keywords and parameters of any command.
1. In any command mode, enter a question mark "?" at the system prompt. A list of all
commands in the mode and a brief description of the commands are displayed. For
example,
zte>?
enable enable configure mode
exit exit from user mode
help description of the interactive help system
show show config information
list print command list
zte>
2. Enter a question mark (?) after a character or string. A list of commands or keywords
starting with the character or string is displayed. It is noted that there is no space
between the character (string) and the question mark. For example,
zte(cfg)#c?
cfm clear config cpu-threshold createconfig clear create
zte(cfg)#c
3. Enter a question mark (?) after a command, keyword or parameter. The next keyword
or parameter to be entered is listed, and its brief description is also displayed. For
example,
zte(cfg)#config ?
egress-acl enter egress acl config mode
group enter group management config mode
ingress-acl enter ingress acl config mode

3-12

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

mac-based-vlan enter mac-based vlan config mode


nas enter nas config mode
router enter router config mode
snmp enter SNMP config mode
tffs enter file system config mode

Note:
A space must be entered before the question mark (?).

4. If a wrong command, keyword, or parameter is entered, and the Enter key is pressed,
a message Command not found is displayed. For example,
zte(cfg)#conf ter
% Command not found (0x40000034)

In the following example, the online help is used to create a username.


zte(cfg)#cre?
zte(cfg)#create ?
acl create descriptive name for acl
cfm create CFM information
port create descriptive name for port
protocol-protect create a rule for protocol protect
user create a user
vlan create descriptive name for vlan
zte(cfg)#create user
% Parameter not enough (0x4000003f)
zte(cfg)#create user ?
<string>
user name(maxsize:15)
zte(cfg)#create user houyx ?
admin create an administrator
guest create a guest
zte(cfg)#create user houyx guest ?
<cr>
<0-15> specify user's priviledge
zte(cfg)#create user houyx guest
zte(cfg)#
<cr>

Command Abbreviations
In the ZXR10 2900E, a command or keyword can be abbreviated as a character or string
that uniquely identifies this command or keyword. For example, the command exit can be
abbreviated as ex, and the command show port abbreviated as sh por.

3-13

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command History
The user interface supports the function of recording entered commands. A maximum of
20 historical commands can be recorded. The function is very useful for recalling a long
or complicated command.
To recall commands from the history buffer, perform one of the following actions.

Keystroke Function

Ctrl+P or the up arrow key Recall commands in the history buffer, beginning with the most
recent command. Repeat the key sequence to recall successive
older commands.

Ctrl+N or the down arrow key Return to more recent commands in the history buffer after
recalling commands with Ctrl+P or the up arrow key. Repeat the
key sequence to recall successively more recent commands.

Editing Commands Through Keystrokes


For the keystrokes that you need to edit command lines, refer to Table 3-3.

Table 3-3 Editing Commands Through Keystrokes

Keystroke Purpose

Ctrl+P or the up arrow key Recall commands in the history buffer, beginning with the
most recent command. Repeat the key sequence to recall
successive older commands.

Ctrl+N or the down arrow key Return to more recent commands in the history buffer
after recalling commands with Ctrl+P or the up arrow key.
Repeat the key sequence to recall successively more recent
commands.

Ctrl+B or the left arrow key Move the cursor back one character.

Ctrl+F or the right arrow key Move the cursor forward one character.

Tab After entering a character or string, if there is only one


command starting with the character or string, pressing this
key will show the complete command.

Ctrl+A Move the cursor to the beginning of the command line.

Ctrl+E Move the cursor to the end of the command line.

Ctrl+K Delete all characters from the cursor to the end of the
command line.

Backspace or Ctrl+H Delete the character on the left of the cursor.

Ctrl+C Cancel the command and display the prompt.

Ctrl+L Redisplay the current command line.

Ctrl+Y Recall the most recent entry in the buffer.

3-14

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 3 Usage and Operation

Keystroke Purpose

Ctrl+H Return to global configuration mode.

If the command output has more lines than can be displayed on the terminal screen, the
output is split into several pages automatically and the prompt more Press Q or
<Ctrl+C> to break is displayed at the bottom of the current page. You can press
Return to scroll down one line, or Space to scroll down one screen. To stop the output,
press Q or Ctrl+C.

3-15

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

This page intentionally left blank.

3-16

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4
System Management
Table of Contents
File System Management...........................................................................................4-1
Configuring the TFTP Server......................................................................................4-3
Configuring the FTP Server ........................................................................................4-4
Importing and Exporting the Configuration File ...........................................................4-7
Backing Up and Recovering Files...............................................................................4-7
Downloading the Software Version Automatically .......................................................4-8
Configuring Automatic Saving of a Configuration File ...............................................4-10
Upgrading the Software Version ...............................................................................4-11
File System Configuration Commands......................................................................4-15

4.1 File System Management


In the ZXR10 2900E, the Flash memory is the major storage device. Both the version file
and configuration file of the switch are saved in the Flash memory. Operations, such as
version upgrade and configuration saving, should be conducted in the Flash memory.
l The name of the version file is zImage. By default, it is saved in the /img directory.
l The name of the configuration file is startrun.dat. By default, it is saved in the
/cfg directory.
The ZXR10 2900E supports backing up and restoring versions and configuration files
through TFTP, FTP and SFTP. For SFTP configuration and operation, refer to 6.2 SSH.
When the zImage file is downloaded or uploaded), or when the zImage_bak file is
restored to the ZXR10 2900E, CRC is performed after file transmission is completed. If a
file does not pass the check, the file is deleted.

Directory Management
The file system can be used to create and delete directories, display the current working
directory, and display the information about subdirectories or files under a specified
directory.
For the procedure to manage file system directories, refer to the table below:

Step Command Function

1 zte(cfg)#config tffs Enters file system


configuration mode.

2 zte(cfg-tffs)#md <directory name> Creates a directory.

4-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Step Command Function

3 zte(cfg-tffs)#rename <file-name> <file-name> Modifies the directory name.

4 zte(cfg-tffs)#cd <directory name> Changes the current directory,


and opens this directory.

5 zte(cfg-tffs)#ls Lists the current directories.

You can run the remove <file-name> command to delete a specified directory. The img, cf
g, and data directories created by default and all non-empty directories cannot be deleted.

File Management
The file system can be used to delete a specified file, rename a file name, copy a file and
display the file information.
For the procedure to manage file system files, refer to the table below:

Step Command Function

1 zte(cfg)#config tffs Enters file system


configuration mode.

2 zte(cfg-tffs)#rename <file-name> <file-name> Changes a file name.

3 zte(cfg-tffs)#copy <source-pathname> <dest-pathname> Copies a file.

4 zte(cfg-tffs)#ls Lists current files.

You can run the remove <file-name> command to delete a specified file.

Version Download/Upload Through TFTP


Start the TFTP server, enter file system configuration mode, and back up or recover the
version file and configuration file of the switch through TFTP.
For the procedure to download or upload a version file through TFTP, refer to the table
below:

Step Command Function

1 zte(cfg)#config tffs Enters file system


configuration mode.

2 zte(cfg-tffs)#cd <directory name> Enters the directory.

3 zte(cfg-tffs)#tftp <A.B.C.D> download Downloads or uploads the


<remote-file-name>[<local-file-name>] version file through TFTP.

zte(cfg-tffs)#tftp <A.B.C.D> upload <local-file-name


>[<remote-file-name>]

4-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

Version Download/Upload Through FTP


Start the FTP server, enter file system configuration mode, and back up or recover the
version file and configuration file of the switch through FTP.
For the procedure to download or upload a version file through FTP, refer to the table
below:

Step Command Function

1 zte(cfg)#config tffs Enters file system


configuration mode.

2 zte(cfg-tffs)#cd <directory name> Enters the directory.

3 zte(cfg-tffs)#ftp <A.B.C.D><remote-file-name>{do Downloads or uploads the


wnload|upload}<local-file-name> username <string> version file through FTP.
password <string>

Flash Formatting

Caution!
After the Flash memory is formatted, all system software and configurations will be cleared.

For the procedure to format the Flash memory, refer to the table below:

Step Command Function

1 zte(cfg)#config tffs Enters file system configuration mode.

2 zte(cfg-tffs)#format Formats the Flash.

4.2 Configuring the TFTP Server


The switch version file and configuration file can be backed up or recovered through TFTP.
The TFTP server application software is started at the back end to communicate with the
switch (TFTP client) to implement file backup and recovery. This procedure describes
how to configure the back-end TFTP server using TFTP server software (TFTPD) as an
example.

Steps
1. Run the Tftpd software at the back-end computer. The TFTP server window is
displayed, see Figure 4-1.

4-3

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 4-1 TFTP Server

2. Select Tftpd > Configure. The Tftpd Settings dialog box is displayed, see Figure
4-2.

Figure 4-2 Tftpd Settings Dialog Box

3. Click the Browse button on the upper side of the dialog box and select a directory to
save the version file or configuration file.
4. Click the Browse button on the lower side of the dialog box to select a log file, and
then click OK to complete the configuration.
End of Steps

4.3 Configuring the FTP Server


4-4

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

The switch version file and configuration file can be backed up or recovered through FTP.
The FTP server application software is started at the back end to communicate with the
switch (FTP client) to implement file backup and recovery. This procedure describes how
to configure the back-end FTP server using FileZilla Server (FTP server software) as an
example.

Steps
1. Run the FileZilla Server software on the back-end computer. The Connect to Server
dialog box is displayed, see Figure 4-3.

Figure 4-3 Connect to Server Dialog Box

2. Set Server Address, Port and Administration password, and click OK. The FileZilla
Server window is displayed, see Figure 4-4.

Figure 4-4 FileZilla Server Window

3. Select Edit > Users. The Users dialog box is displayed, see Figure 4-5. Create a
user name and password.

4-5

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 4-5 Users Dialog Box

4. Select Shared folders in the left area and set a primary directory for the new user,
see Figure 4-6.

Figure 4-6 Directory Setting

4-6

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

Note:
The application scenarios for FTP and TFTP are the same, including configuration file
import and export, and automatic software version download.

End of Steps

4.4 Importing and Exporting the Configuration File


The ZXR10 2900E switch provides the configuration import/export function, which
facilitates the switch configuration and management.

Exporting the Configuration


In global configuration mode, use the write command to export the current system
configuration to startrun.dat and save it in the Flash memory. This file can also be
uploaded to the TFTP server for view, modification and bulk configuration.
zte(cfg-tffs)#cd cfg
zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat
zte(cfg-tffs)#cd ..

Importing the Configuration


startrun.dat is a configuration file. It can be edited manually as needed and
downloaded to the /cfg directory of the ZXR10 2900E switch by using the tftp command.
After the configuration file is downloaded to the Flash memory of the switch, reboot the
switch to import the configuration.
zte(cfg-tffs)#cd cfg
zte(cfg-tffs)#tftp 192.168.1.102 download startrun.dat
zte(cfg-tffs)#cd ..

4.5 Backing Up and Recovering Files


The files mentioned in this topic refer to the configuration file and version file in the Flash
memory.

Backing Up the Configuration File


If the switch configuration is modified, the data is running in the memory in real-time. If the
switch is restarted, all the new configuration data will be lost. To avoid this, use the write
command to save the current configuration in the Flash memory. The following shows the
write command:
zte(cfg)#write

4-7

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

To prevent damage to the configuration data, back up the configuration data by using the
tftp command.
Run the following commands to upload the configuration file in the Flash memory to the
back-end TFTP server:
zte(cfg-tffs)#cd cfg
zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat
zte(cfg-tffs)#cd ..

Recovering the Configuration File


Run the following commands to download the configuration file in the back-end TFTP
server to the Flash memory:
zte(cfg-tffs)#cd cfg
zte(cfg-tffs)#tftp 192.168.1.102 download startrun.dat
zte(cfg-tffs)#cd ..

Backing Up the Version File


Similar to the configuration file, you can use the tftp command to upload the front-end
version file to the back-end TFTP server. For example:

zte(cfg-tffs)#cd img
zte(cfg-tffs)#tftp 192.168.1.102 upload zImage
zte(cfg-tffs)#cd ..

Recovering the Version File


Version file recovery is used to retransmit the back-end backup version file to the front
end through TFTP. Recovery is very important in the case of upgrade failure. The version
recovery operation is basically the same as the version upgrade procedure.

4.6 Downloading the Software Version Automatically


The automatic software version download function is used for an un-deployed device.
When the switch is powered on for the first time, it identifies that the automatic download
flag is set (factory default setting) in the NVRAM and no configuration file exists, so
automatic download is triggered.
The switch obtains the version file name and/or the configuration file name by interacting
with a DHCP server, and downloads the files by interacting with a TFTP server. If the
download succeeds (even if one file is downloaded successfully), the automatic download
flag in the NVRAM is cleared and the switch is restarted.
For the relation between the file names transferred by the DHCP server and the triggered
download operations, refer to the table below:

4-8

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

Name of the File to be Whether to Download the Whether to Download the


Downloaded Version File Configuration File

zImage Yes No

config.dat No Yes

startrun.dat No Yes

*.dat No Yes

config.dat@zImage Yes Yes

startrun.dat@zImage Yes Yes

*.dat@zImage Yes Yes

In the above table, * is a wildcard indicating a device type. This means the configuration
file automatically adapts according to the device type.
The name of the file to be downloaded is a character string configured on the DHCP server,
and it cannot be modified on the local computer.
By executing the show dhcp command, you can see the configuration file to be downloaded
to the current device. For example, the ZXR10 2928E downloads the ZXR10_2928E.dat
file from the TFTP server.

zte(cfg)#show dhcp
DHCP download flag is disabled, config file is found.
DHCP download will not startup, when system reboot.
DHCP config file(option-67) *.dat will be translated to ZXR10_2928E.dat.
DHCP snooping-and-option82 is disabled.
DHCP client is enabled.
DHCP client broadcast-flag is enabled.

The following table lists the complete adaptation relation:

ID Device Configuration File Name

1 ZXR10 2910E-PS ZXR10_2910E-PS.dat

2 ZXR10 2918E-PS ZXR10_2918E-PS.dat

3 ZXR10 2918E ZXR10_2918E.dat

4 ZXR10 2928E-PS ZXR10_2928E-PS.dat

5 ZXR10 2928E ZXR10_2928E.dat

6 ZXR10 2952E ZXR10_2952E.dat

4-9

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 4-7 Network Architecture for Automatic Configuration File Download

The network architecture is shown in Figure 4-7. Set the TFTP server address and version
file name on the DHCP server. For example, set the TFTP server address to 10.40.89.78,
and the file name to *.dat@zImage. After being powered on, the switch downloads ZXR10
2918E.dat (assuming that the device type is ZXR10 2918E) and zImage from the TFTP
server. After downloading the files successfully, the switch is restarted automatically.

4.7 Configuring Automatic Saving of a Configuration


File
The function of automatic saving of a configuration file helps you to upload the switch
configuration to the back-end server.
The uploaded configuration files include startrun.dat and toPmac.dat. When the
time set by period is counted down to 0, the switch uploads the startrun.dat file to the
TFTP server at a local time between 00:00 and 00:01, and uploads the toPmac.dat file
after one minute. The automatically uploaded files are stored in the flash sub-folder in
the theupload/download directory configured by the TFTP server. The names of the
files respectively are startrun mm_dd_yy.dat and toPmac mm_dd_yy.dat, where
mm, dd, and yy indicate the date on which the upload occurs.

Figure 4-8 Network Structure for Automatic Configuration File Upload

4-10

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

The network is shown in Figure 4-8. Before configuring the following commands, make
sure that the switch can ping the server successfully. Assume that the IP address of the
TFTP server is 10.40.89.78, and the configuration is saved to the server every 10 days.
The configuration commands are as follows:
zte(cfg)#set auto-saveconfig serverip 10.40.89.78
zte(cfg)#set auto-saveconfig period 10
zte(cfg)#set auto-saveconfig enable

Caution!
The enable command should be configured after serverip is configured. If serverip is not
configured, the system displays a message, prompting that the automatic upload function
cannot be enabled. If a communication exception occurred between the switch and the
server when the upload function was triggered last time, the configuration file cannot be
uploaded successfully this time. The system uploads the configuration files when the next
triggering time comes.

4.8 Upgrading the Software Version

Note:
Normally, version upgrade is needed only when the original version does not support some
functions or the switch operates abnormally due to some special causes. Improper version
upgrade operations may result in upgrade failure and startup failure of the system. So,
before version upgrade, get familiar with the principles and operations of the ZXR10 2900E
and master the upgrade procedure.

Version upgrade operations performed in proper and improper switch systems are
different.

Displaying the Version Information


If the system status allows, check the version information before and after the upgrade.

In global configuration mode, use the show version command to display the system
hardware and software version information.
The displayed contents are as follows:

zte(cfg)#show version
ZXR10 Router Operating System Software, ZTE Corporation:
ZXR10 2928E Version Number : 2928E Series V2.05.11B04

4-11

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Copyright (c) 2001-2013 By ZTE Corporation


Compiled: 11:14:25 Aug 27 2013
System uptime is 0 years 1 days 13 hours 20 minutes 46 seconds

Main processor : arm926ejs


Bootrom Version : v2.03 Creation Date : Aug 27 2013
System Memory : 128 M bytes System Flash : 256 M bytes
EPLD Version (Dno.) : V1.0
PCB Version (Dno.) : V1.0
Product Version(Dno.): V1.0
Image Down From : Flash
Image Down Username : N/A
Image Down Time : N/A
Image Down Size : 10262580 bytes
Onboard temperature : 38.0 degree centigrade(100.0 degree fahrenheit)
Startup From : /img/zImage
Switch's Mac Address : 00.d0.d0.ff.00.86
Module 0: ZXR10 2928E; fasteth: 0; gbit: 48;

Upgrading the Version When the System is Normal


If the switch operates properly, upgrade the version as follows:
1. Connect the console port of the switch to the serial port of the back-end computer by
using a provided configuration cable. Connect an Ethernet port of the switch to the
network port of the back-end computer by using a network cable. Ensure that the
connections are correct.
2. Set the IP address of the Ethernet port on the switch. Set the IP address of the
back-end computer used for upgrade. The two IP addresses must be in the same
network segment so that the computer can ping the switch successfully.
3. Start the TFTP server software on the back-end computer and configure it by referring
to 4.2 Configuring the TFTP Server.
4. On the switch, use the show version command to check the information of current
operating version.
5. Enter file system configuration mode and use the remove command to delete the old
version file in the Flash memory. If the Flash memory has sufficient space, change the
name of the old version file and keep it in the Flash memory.
zte(cfg)#config tffs
zte(cfg-tffs)#cd img
zte(cfg-tffs)#remove zImage
zte(cfg-tffs)#cd ..
6. Use the tftp command to upgrade the version. The following shows how to download
the version file from the TFTP server to the Flash memory:
zte(cfg-tffs)#cd img
zte(cfg-tffs)#tftp 10.40.89.78 download zImage
.................................................

4-12

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

.................................................
.................................................
7,384,016 bytes downloaded
zte(cfg-tffs)#ls
zte(cfg-tffs)#ls
/img/
. <DIR>
.. <DIR>
zImage 7,536,884 bytes
240,568,768 bytes free
7. Restart the switch. After successful startup, check the operating version and confirm
whether the upgrade is successful.

Upgrading the Version When the System is Abnormal


If the switch cannot be started normally or runs abnormally, upgrade the version as follows:

1. Connect the console port of the switch to the serial port of the back-end computer by
using a provided configuration cable. Connect an Ethernet port of the switch to the
network port of the back-end computer by using a network cable. Ensure that the
connections are correct.
2. Restart the switch. On the HyperTerminal, press any key as prompted to enter ZXR10
Boot status.
ZXR10 2928E BootRom Version v1.08
Compiled Feb 27 2012 10:32:29
Copyright (c) 2010 by ZTE Corporation.
boot location [0:Net,1:Flash] : 0
actport : 1
serverip : 10.40.89.78
netmask : 255.255.255.0
ipaddr : 10.40.89.100
bootfile : /img/zImage
username : ZXR10
password : 123456
MAC : 00:d0:d0:3c:3b:00
[ZXR10 Boot]
3. Enter c in ZX10 Boot status and press Enter to enter the parameter modification status.
Set the IP addresses of the Ethernet port and the TFTP server. The two addresses
are set to be in the same network segment.
[ZXR10 Boot]: c
boot location [0:Net,1:Flash] : 0
/*start by tftp or Flash */
actport : 1
/*select the port enabled by tftp*/
serverip : 10.40.89.78
/*ftp/tftp server address*/

4-13

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

netmask : 255.255.255.0
/*subnet mask*/
ipaddr : 10.40.89.79
/*local interface address*/
bootfile : /img/zImage
/*version file location*/
username : ZXR10
/*username used when the file is downloaded through ftp*/
password : ZXR10
/*password used when the file is downloaded through ftp*/
MAC : 00:d0:d0:30:20:10
/*MAC address of the switch*/
4. Set the IP address of the back-end computer to be the same as that of the TFTP server.
5. Start the TFTP server software on the back-end computer and configure the TFTP by
referring to 4.2 Configuring the TFTP Server.
6. In ZX10 Boot status, enter zte to enter BootManager status of the switch. Enter ? to
display the command list for this status.
[ZXR10 Boot]:zte
[bootManager]: ?
? - alias for 'help'
cd - change current path
exit - exit from bootManager mode
format - format flash
ftp - get/put file from/to FTP server
help - print online help
l - load zImage
ls - list files in current directory
mv - change [source] name to [destination] name
reboot - perform REBOOT of the CPU
rm - remove file
setBOOTpassword - set password for BOOT mode
setPtype- set packaged type
show - show board information
update - update boot or firmware
[bootManager]:
7. In BootManager status, run the reboot command to restart the switch and load the
new version file. The following shows how to download the version file from the TFTP
server to the Flash memory:
FTP directory format: ftp get<filename>. The file will be downloaded to the current
directory. If you want to check the current directory, use the ls command. The port
address used by FTP and port information can be modified in the c directory in ZX10
Boot. Take port 1 as an example.
boot location [0:Net,1:Flash] : 1
actport : 1

4-14

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 4 System Management

serverip : 10.40.89.78
netmask : 255.255.255.0
ipaddr : 10.40.89.79
bootfile : /img/zImage
username : ZXR10
password : ZXR10
MAC : 00:d0:d0:30:20:10
Hit any key to stop autoboot: 0
[ZXR10 Boot]:
[ZXR10 Boot]:zte
[bootManager]: cd img
[bootManager]: ftp get zImage
............................................
............................................
............................................
Ftp get zImage successfully, 7397428 bytes received.
[bootManager]:
8. In BootManager status, use the reboot command to restart the switch by using the new
version. If the switch is started normally, use the show version command to verify that
the new version is operating in the memory. If the switch cannot be started normally, it
indicates that the version upgrade has failed. In this case, repeat the above upgrade
procedure from step 1.

4.9 File System Configuration Commands


File system configuration includes the following commands:

Command Function

zte(cfg-tffs)#md <directory name> Creates a directory.

zte(cfg-tffs)#remove <file-name> Deletes a file or directory.

zte(cfg-tffs)#rename <file-name><file-name> Modifies a file or directory name.

zte(cfg-tffs)#ls Displays a sub-directory and file.

zte(cfg-tffs)#cd <directory name> Changes the current directory.

zte(cfg-tffs)#tftp <A.B.C.D>{download | upload}<remote-file-n Uploads or downloads files to/from


ame>[<local-file-name>] the TFTP server.

zte(cfg-tffs)#tftp commander {download | upload}<remote Uploads or downloads files to/from


-file-name>[<local-file-name>] the cluster commander.

zte(cfg-tffs)#copy <source-pathname><dest-pathname> Copies files.

zte(cfg-tffs)#format Formats the Flash memory.

zte(cfg-tffs)#update bootrom Updates the bootrom.

4-15

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set dhcp download{enable | disable} Enables or disables the automatic


download function of a DHCP
client.

zte(cfg)#set auto-saveconfig {enable | disable} Enables or disables the system


to automatically upload the
configuration file to a TFTP server.

zte(cfg)#set auto-saveconfig serverip <A.B.C.D> Sets the IP address of the


TFTP server to which the
system automatically uploads the
configuration file.

zte(cfg)#set auto-saveconfig period <1-30> Sets the interval for automatically


uploading the configuration file
(unit: day).

show auto-saveconfig (all configuration modes) Displays the status of the


automatic upload function.

4-16

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5
Service Configuration
Table of Contents
Management Configuration ........................................................................................5-2
Port Configuration ......................................................................................................5-6
PoE Configuration ......................................................................................................5-8
Port Mirroring ...........................................................................................................5-11
MAC Address Table Operation .................................................................................5-13
LACP Configuration..................................................................................................5-17
IGMP Snooping Configuration ..................................................................................5-20
MLD Snooping Configuration....................................................................................5-24
IPTV Configuration ...................................................................................................5-27
STP Configuration ....................................................................................................5-34
ACL Configuration ....................................................................................................5-43
QoS Configuration....................................................................................................5-53
PVLAN Configuration ...............................................................................................5-60
Layer 2 Protocol Transparent Transmission Configuration ........................................5-63
IPv4 Layer 3 Configuration .......................................................................................5-65
IPv6 Layer 3 Configuration .......................................................................................5-68
DAI Configuration .....................................................................................................5-69
Access Service Configuration...................................................................................5-71
MAC Authentication Configuration............................................................................5-79
QinQ Configuration...................................................................................................5-80
SQinQ Configuration ................................................................................................5-82
VLAN Configuration..................................................................................................5-84
VLAN Mapping Configuration ...................................................................................5-87
Syslog Configuration ................................................................................................5-89
NTP Configuration....................................................................................................5-91
GARP/GVRP Configuration ......................................................................................5-93
DHCP Configuration.................................................................................................5-95
DHCPv6 Configuration ...........................................................................................5-101
VBAS Configuration ...............................................................................................5-104
PPPoE-PLUS Configuration ...................................................................................5-106
ZESR Configuration ...............................................................................................5-108
ZESS Configuration................................................................................................5-121
OAM Configuration.................................................................................................5-126
sFlow Configuration................................................................................................5-132
PP Configuration ....................................................................................................5-133
LLDP Configuration ................................................................................................5-135
Single Port Loop Detection Configuration ...............................................................5-137

5-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

UDLD Configuration ...............................................................................................5-140


TACACS+ Configuration.........................................................................................5-143
Time Range Configuration......................................................................................5-145
Voice VLAN Configuration ......................................................................................5-146
802.1ag Configuration ............................................................................................5-148
Y.1731 Configuration ..............................................................................................5-154
MAC-based VLAN Command Configuration ...........................................................5-159
DHCP Relay Configuration .....................................................................................5-160
MFF Configuration..................................................................................................5-164
SSL Configuration ..................................................................................................5-167
ERPS Configuration ...............................................................................................5-171
Debug Module Configuration ..................................................................................5-178

5.1 Management Configuration


Management Configuration Overview
Management configuration includes the following configurations:
1. Mode switching configuration
2. Console attribute configuration
3. Global information configuration
4. Switch user access configuration

Configuring the Management Service


The configuration of management service includes the following commands:

Command Function

zte(cfg)#config group Enters cluster management configuration mode

zte(cfg)#config router Enters layer-3 interface configuration mode.

zte(cfg)#config snmp Enters SNMP configuration mode.

zte(cfg)#config tffs Enters file system configuration mode.

zte(cfg)#config nas Enters service configuration mode.

zte(cfg)#config mac-based-vlan Enters MAC-based VLAN configuration mode.

exit (All configuration mode) Returns to the original command line mode.

zte>enable Enters global configuration mode from user


configuration mode.

list (all configuration modes) Lists all valid configuration commands in the current
mode.

zte(cfg)#set auto-reset <2-120> Sets automatic logout time of the switch console.

zte(cfg)#line-vty timeout <1-12> Sets login timeout time of the Telnet user.

5-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set date <yyyy-mm-dd> time Sets date and time of the switch.
<hh:mm:ss>

zte(cfg)#set date summer-time {one-year | Sets the period when the daylight saving time is used.
repeating}{date <yyyy-mm-dd><hh:mm:ss><y
yyy-mm-dd><hh:mm:ss>| week <week><day
><month><year><hh:mm:ss><week><day><mo
nth><year><hh:mm:ss>}[<60-1440>]

zte(cfg)#clear summer-time Deletes the configuration of the daylight saving time.

zte(cfg)#hostname <name> Sets or changes the host name.

zte(cfg)#promptlen <0-48> Sets the length of the host name.

zte(cfg)#sysLocation <string> Sets the location information of the switch.

zte(cfg)#reboot Reboots the switch immediately.

zte(cfg)#reboot-time <hh:mm> Sets the time when the switch is rebooted.

zte(cfg)#telnet <A.B.C.D>[<A.B.C.D>] Logs in to the Telnet server. You can select the source
address.

zte(cfg)#create user <name>{admin | Creates a new local user.


guest}[<0-15>]

zte(cfg)#set loginauth {local | Sets the login authentication mode.


radius|local+radius|radius+local|tacacs-plus|
local+tacacs-plus | tacacs-plus+local}

zte(cfg)#set user local <name> Sets the login password for the local user.
login-password [<string>]

zte(cfg)#set adminauth {local|radius|lo Sets the management authentication mode.


cal+radius|radius+local|none|tacacs-plus|
local+tacacs-plus|tacacs-plus+local}

zte(cfg)#set user local <name> Sets the management password for the local user.
admin-password [<string>]

zte(cfg)#set user radius purview {admin | Sets the RADIUS authentication user login authority.
guest}

zte(cfg)#set user radius admin-password Sets the management password for the RADIUS user.
[<string>]

zte(cfg)#set user tacacs-plus purview Sets login permissions for the TACACS+
{admin | guest} authentication user.

zte(cfg)#set user tacacs-plus Sets the management password for the TACACS+
admin-password [<string>] user.

zte(cfg)#set user multi-user {enable | Sets the multi-user login function.


disable}

5-3

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#cpu-threshold <30-90> Sets the CPU usage threshold.

zte(cfg)#mem-threshold <60-90> Sets the memory usage threshold.

zte(cfg)#write Saves the current configuration information to the


Flash memory and recovers the information when the
switch is rebooted.

zte(cfg)#clear user <name> Deletes a user.

zte(cfg)#clear reboot-time Clears automatic reboot configuration.

zte(cfg)#terminal monitor {on | off} Allows or forbids printing the real-time alarm log
information to the terminal.

zte(cfg)#terminal log {on | off} Allows or forbids writing logs.

zte(cfg)#terminal log toFile Saves logs in the RAM to the Flash memory.

zte(cfg)#terminal log timer {enable | disable Sets automatic saving of log information.
| interval <1-720>}

zte(cfg)#set bootpassword to <string> Sets the password for logging in to boot mode.

zte(cfg)#set bootpassword clear Deletes the password for logging in to boot mode.

zte(cfg)#set fan mode {auto | manual} Sets the fan operating mode.

zte(cfg)#set fan speed Sets the fan operating speed.

zte(cfg)#readconfig <filename> Reads the local file on the device as the configuration.

zte(cfg)#set temperature-alarm <0-100> Sets the threshold for over-temperature alarms on


the switch.

zte(cfg)#clear terminal-log Clears log information.

zte(cfg)#terminal log module Allows/forbids writing logs of a module.


{all|arp-inspection|dhcp|radius|AAA }{
off | on }

zte(cfg)#terminal monitor module {all| Allows/forbids printing real-time alarm logs of a


arp-inspection|dhcp|radius|AAA }{ off | on } module for the terminal.

show reset-time (all configuration modes) Displays automatic logout time setting of the switch
console.

show line-vty (all configuration modes) Displays Telnet user login timeout time setting.

show loginauth (all configuration mode) Displays login authentication mode.

show adminauth (all configuration modes) Displays management authentication state and
authentication mode.

show terminal (all configuration modes) Displays terminal log configuration information.

show terminal log (all configuration modes) Displays the terminal log information in RAM.

5-4

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show user (all configuration modes) Displays the user configured on the switch and current
login user information.

show version (all configuration modes) Displays the system information.

show running-config [{include | begin}<string>] Displays all non-default configuration of the current
(all configuration modes) system.

show start-config (all configuration modes) Displays all non-default configuration when the
system is written at last.

show date-time (all configuration modes) Displays the current date and time.

show reboot-time (all configuration modes) Displays automatic reboot configuration.

show cpu (all configuration modes) Displays CPU usage at the duration of 5 s, 30 s and 2
m.

show memory (all configuration modes) Displays the current RAM usage.

show fan (all configuration modes) Displays the fan status.

show summer-time (all configuration modes) Displays DST configuration.

show bootpassword (all configuration modes) Displays the password for logging in to boot mode.

show Etag (all configuration modes) Displays the electronic labels of devices.

show temperature (all configuration modes) Displays the device temperature.

list include <string> (all configuration modes) Displays the commands including a specific string.

show terminal log include <string> (all Displays alarm log information including a specific
configuration modes) string.

zte(cfg)#clear login session <sessionlist> Deletes sessions based on a session list.

zte(cfg)#clear running-config Deletes configuration except the device management


IP address configuration (configuration of all
layer-3 interfaces), log configuration, user account
configuration and banner configuration, saves the
modification, and restarts the system.

zte(cfg)#set banner filename Sets the banner displayed on the welcome screen.
The banner is stored in the system file, and spaces
are supported.

zte(cfg)#set banner endwith Sets the end identifier of the banner.

zte(cfg)#clear banner Clears the banner displayed on the welcome screen.

5-5

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

5.2 Port Configuration


Port Configuration Overview
The port parameters can be configured on the ZXR10 2900E. They include
auto-negotiation, duplex mode, rate and line detection. The commands include the
following types:

1. Port basic parameters configuration


2. Port diagnosis
3. Port information view

Configuring a Port
The port configuration includes the following commands:

Command Function

zte(cfg)#set port <portlist>{enable | disable} Enables or disables the port.

zte(cfg)#set port <portlist> work-mode {fiber | Sets the combo port to switch between the
copper | auto [ prefer {first-up | fiber | copper}]} electrical mode and the optical mode.

zte(cfg)#set port <portlist> phy-mode Controls switchover between 1000 Mbps optical
{1000base-x | sgmii}]} ports and electrical internal ports.

zte(cfg)#set port <portlist> speedadvertise Sets the advertisement of the maximum port speed
maxspeed duplex information.

zte(cfg)#set port <portlist> speedadvertise Sets the advertisement of the port speed duplex
{speed10 | speed100 | speed1000}{fullduplex | information.
halfduplex}

zte(cfg)#set port <portlist> duplex {full | half | Sets the working mode of the port to full duplex
auto} or half duplex.

zte(cfg)#set port <portlist> speed {10 | 100 | Sets the speed of the port to 10 Mbps, 100 Mbps,
1000 | auto} or 1000 Mbps, or auto.

zte(cfg)#set port <portlist> mdix {auto | normal Sets the line sequence identification function.
| crossover}

zte(cfg)#set port <portlist> flowcontrol {enable Enables or disables the port flow control function.
| disable}

zte(cfg)#set port <portlist> description Sets port description information.


<string>

zte(cfg)#set port <portlist> accept-frame {tag | Sets the packet type that the port allows to accept.
untag | all}

zte(cfg)#set jumbo port <portlist>{enable | Enables or disables the port jumbo function.
disable }

zte(cfg)#set port <portlist> pvid <1-4094> Sets a default port PVID.

5-6

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set port statistics mode {ingress | Sets packet statistics mode.


egress | both}

zte(cfg)#set sleep-mode {enable | disable} Enables or disables the port sleep mode.

zte(cfg)#create port <portid> name <string> Creates a port name.

zte(cfg)#clear port <portlist>{name | statistics | Clears the port name, port statistics data, port
description| multicast-filter} description, and the multicast filter flag.

show port (all configuration modes) Displays the configuration and status information
of all ports.

show port [<portlist>] (all configuration modes) Displays port configuration and status information.

show port <portlist> statistics (all configuration Displays the statistics of the current port.
modes)

show port <portlist> statistics [1min_unit | Displays port statistics data.


5min_unit] (all configuration modes)

show port <portlist> utilization (all configuration Displays port bandwidth utilization.
modes)

show port <portlist> brief (all configuration Displays port brief information.
modes)

show port <portlist> vlan (all configuration Displays the location of VLAN.
modes)

show jumbo (all configuration modes) Displays the jumbo configuration of all ports.

show jumbo [<portlist>] (all configuration modes) Displays port jumbo configuration information.

show vct port <portid> (all configuration modes) Displays port virtual line detection result.

show cable-diag (all configuration modes) Displays the up/down status of each port and VCT
detection result.

zte(cfg)#set port <portlist> protect {enable | Enables or disables the port protection function.
disable }

zte(cfg)#set port <portlist> protect time Sets the port protection period in port protection
<1-10> status.

zte(cfg)#set cable-diag {enable | disable } Enables or disables the function of virtual cables
detecting logs.

zte(cfg)#set mac protect port <portlist>{enable Enables or disables the port protection function.
| disable}

zte(cfg)#set mac protect port <portlist> action Sets the port protection action.
{shutdown | restrict | protect}

zte(cfg)#show mac protect port <portlist> Displays the port protection state.

5-7

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

5.3 PoE Configuration


PoE Configuration Overview
Power over Ethernet (PoE) is an extended feature that supports network devices with
Ethernet electrical ports. The network devices (switches or routers) supporting the PoE
function can provide power supply through Twisted Pair for remote Powered Devices
(PDs) such as IP phones, WLAN Access Points (APs), or network cameras, which
realizes remote power supply.
Ethernet remote power supply sometimes is named as network power supply. It is a type
of technology that delivers a little electricity and provides power supply through 10 BASE-T
and 100 BASE-TX. When the current Ethernet Cat.5 cabling basic structure is not changed,
PoE can provide DC power supply for IP-based devices (such as IP phones, WLAN APs,
or network cameras) when its data signals are transmitted. PoE technology can reduce
the cost mostly when the current structural cabling security is ensured. Figure 5-1 shows
a typical PoE application.

Figure 5-1 PoE Application

The ZXR10 2900E-PS series switch supports the following PoE features:

5-8

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

l The ZXR10 2900E-PS series switch includes ZXR10 2910E-PS, ZXR10 2918E-PS
and ZXR10 2928E-PS. The device can provide power supply for the PD complying
with 802.3af/802.3at standard, and the single port can provide up to 30 watts of power.
l The ZXR10 2900E-PS series switch supports both DC and AC power input. When
the ZXR10 2900E-PS series switch acts as the power supply, the maximum output
power depends on the Redundant Power System (RPS) if the switch uses DC power
input, or the maximum output power is 250 W if the switch uses AC power input. A
power module provides 400 W output power. To replace a power module, read the
instructions or name plate of the power module.
l The ZXR10 2900E-PS series switch provides the following configuration and
management functions for convenient use.
1. Sets integrated device maximum output power.
2. Sets port maximum output power.
3. Sets port power supply priority. The system provides three types of priorities for
each port. When the total power of all ports exceeds the maximum output power of
the ZXR10 2900E switch, the switch will decide which devices are to be powered
on according to port power supply priority. The port with a high power supply
priority will provide power in advance. The port with the lowest priority will stop
power supply. If the two ports have the same power supply priority, the priority of
port will be decided by its port number. The less the port number is, the higher
the priority is and the port is powered in advance.
4. Provides the monitoring function for fans.
5. Provides various alarm information and exception monitoring and alarm report
mechanisms such as Terminal log, SNMP Trap and Syslog.

Configuring PoE
The PoE configuration includes the following commands:

Command Function

zte(cfg)#set poe port <portlist>{enable | disable} Enables or disables the port


function.

zte(cfg)#set poe port <portlist> pd-max-power {15.4 | 4.0 | 7.0 Sets the maximum power supply
| ext.18 | ext.27 | ext.30} of the port.

zte(cfg)#set poe port <portlist> priority {critical | high | low} Sets the port power supply priority.

zte(cfg)#set poe port <portlist> forcepower {enable |disable} Enables or disables the port
force-power function.

zte(cfg)#set poe port <portlist> extend-detection {enable |disable} Enables or disables the port
extended detection function.

zte(cfg)#set poe power maxvalue <1500>[threshold <0-30>] Sets device maximum output
power and protection threshold.

zte(cfg)#set poe port <port list> enable time-range <word> Enables the port PoE.

5-9

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show poe device (all configuration modes) Displays the PoE status of the
device.

show poe status [port <portlist>] (all configuration modes) Displays the PoE status of the
port.

show poe config [port <portlist>] (all configuration modes) Displays PoE configuration
information.

PoE Configuration Instance


l Configuration Description

A DUT device is directly connected to a PD.


Configure a power supply device of PS type. The ZXR10 2910E-PS, ZXR10
2918E-PS and ZXR10 2928E-PS can be used as a power supply. Take ZXR10
2918E-PS as an example. It provides 15.4 watts of power supply complying with AF
standard for 16 ports, and provides about 13 watts of power to each PD.
l Configuration Procedure
zte(cfg)#set poe port 1-16 pd-max-power 15.4
zte(cfg)#set poe port 1-16 priority low
zte(cfg)#set poe port 1-16 enable
l Configuration Verification
zte(cfg)#show poe status port 12
port: 12
power up : on
power device : delivering power
power device type : standard power device
802.3af classification : class 0
current-power : 12.9 watt
avgerage-power : 12.9 watt
peak-power : 13.0 watt

zte(cfg)#show poe status port 13


port: 13
power up : on
power device : delivering power
power device type : standard power device
802.3af classification : class 0
current-power : 13.2 watt
avgerage-power : 13.2 watt
peak-power : 13.2 watt
zte(cfg)#show poe device
PSE firmware version : ZTE 3.3
PSE max power : 250 watt

5-10

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

PSE power threshold : 10 watt


PSE current power : 207.1 watt
PSE average-power : 207.1 watt
PSE peak-power : 207.2 watt
PSE critical-power : 0 watt

From the results, we can see that the DUT device provides a power supply for the PD
stably.

5.4 Port Mirroring


Port Mirroring Overview
Port mirroring is used to mirror data packets of the switch port (ingress mirroring port) to an
ingress destination port (ingress monitoring port), or mirror the data packets of the switch
port (egress mirroring port) to an egress destination port (egress monitoring port).
By using mirroring, data packets flowing in or out of a certain port can be monitored. Port
mirroring provides an effective tool for the maintenance and monitoring of the switch.
The ZXR10 2900E switch provides the Remote Switched Port Analyzer (RSPAN) function,
that is, when the packet is sent from the destination port, the specified tag such as priority
or VID can be added, which provides support for remote mirroring.

Note:
By default, switches do not have mirroring ports or monitoring ports. The correct data
packets received by the ingress mirroring port are mirrored onto the monitoring ports, but
data packets directly discarded on the ingress port (for example, because of CRC errors)
are not mirrored.

Configuring Port Mirroring


The port mirroring configuration includes the following commands:

Command Function

zte(cfg)#set mirror session <1-3> add source-port Adds an egress or ingress


<portlist>{ingress | egress} mirroring source port according to
the session.

zte(cfg)#set mirror session <1-3> add dest-port <1-28>{ingress Adds an egress or ingress
| egress| rspan} mirroring destination port
according to the session.

5-11

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set mirror session <1-3> delete source-port Deletes an egress or ingress


<portlist>{ingress | egress} monitoring port according to the
session.

zte(cfg)#set mirror session <1-3> delete dest-port Deletes an egress or ingress


<1-28>{ingress | egress| rspan} monitoring (destination) port
according to the session.

zte(cfg)#set mirror rspan-tag vlan-id <1-4094> priority Sets RSPAN tag format including
<0-7>{ingress | egress} VLAN-ID and priority.

zte(cfg)#set mirror statistic sample-interval <1-2047>{ingress | Sets ingress or egress port


egress} mirroring sample frequency.

zte(cfg)#clear mirror session <1-3> Clears the configuration of mirror


in the session .

show mirror [session <1-3>] (all configuration modes) Displays the configuration
information of mirror session.

show mirror rspan (all configuration modes) Displays the ingress or egress
RSPAN configuration information.

show mirror statistical (all configuration modes) Displays ingress or egress


sample frequency configuration
information.

Port Mirroring Configuration Instance


l Configuration Description

This instance describes how to configure port mirroring on a switch, and port 2 can
monitor the packets on port 1, see Figure 5-2.

Figure 5-2 Port Mirroring Configuration Instance

l Configuration Procedure
1. The following example describes how to set port mirroring in ingress direction.
zte(cfg)#set mirror session 1 add source-port 1 ingress
zte(cfg)#set mirror session 1 add dest-port 2 ingress
zte(cfg)#set mirror statistical sample-interval 100 ingress
/*set the port sample-interval of mirror statistic*/

zte(cfg)#set mirror rspan-tag vlan-id 100 priority 7 ingress


/*set VLAN tag added after port mirroring*/

5-12

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

2. The following example describes how to set port mirroring in egress direction.
zte(cfg)#set mirror add source-port 1 egress
zte(cfg)#set mirror add dest-port 2 egress
zte(cfg)#set mirror statistical sample-interval 100 egress
/*set the port sample-interval of mirror statistic*/

zte(cfg)#set mirror rspan-tag vlan-id 100 priority 7 engress


/*set VLAN tag added after port mirroring*/
l Configuration Verification
Check port mirroring configuration.
zte(cfg)#show mirror session 1
Session 1:
Ingress mirror information:
---------------------------
Source port : 1
Destination port: 2
Egress mirror information:
---------------------------
Source port : 1
Destination port: 2
zte(cfg)#show mirror rspan
Ingress Rspan VLAN tag: priority 7, vlan 100
Egress Rspan VLAN tag: priority 7, vlan 100
zte(cfg)#show mirror statistical
Ingress statistical mirror: sample-interval 100
Egress statistical mirror: sample-interval 100

5.5 MAC Address Table Operation


MAC Address Table Overview
MAC address table operations mainly include MAC addition/deletion, MAC aging time
configuration, MAC filtering function, MAC learning control, MAC learning number limit,
MAC alarm control, MAC fixed function and MAC related information display.

MAC address table Function


operation

MAC addition/deletion Users can manually add static and fixed MAC addresses and delete
dynamic, static and fixed MAC address table entry through a command
line.

MAC table aging time MAC table aging time refers to the period from the latest update of
dynamic MAC address in the FDB table to the deletion of this address.

5-13

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

MAC address table Function


operation

MAC filtering function When the switch receives the packets with specified source address
or destination address, it drops them according to the source MAC
address and the destination MAC address.

MAC address learning MAC address learning control means MAC learning can provide
control three types of learning modes including hardware wire-speed
learning, CPU controlled learning and non learning to satisfy various
user requirements. In addition, MAC learning can provide global,
port-based, Trunk-based and VLAN-based independent switches.

MAC learning number limit MAC learning number limit can configure the maximum learning MAC
address number based on global, port, TRUNK and VLAN. When the
value is reached, the new MAC address cannot be learnt.

MAC alarm control MAC alarm control can configure the output of the common alarm
information of MAC function, for example, the number of learnt MAC
addresses is exceeded or the address is drifted.

MAC address fixed function MAC address fixed function can transform a dynamic MAC address
entry to a static or fixed MAC entry in batches. After transformation,
the static entry cannot drift. When the device is rebooted, a fixed MAC
address entry can recover and cannot disappear.

MAC information display MAC information display means the current MAC function configuration
and state information can be checked.

MAC protection function The MAC protection function limits port access. When the number
of MAC addresses learned on a port exceeds the limit, packets with
unknown source MAC addresses are dropped. The protection action
can be set to shutdown, restrict (stopping MAC address learning,
dropping packets with unknown MAC addresses, and sending an
alarm), or protect (stopping MAC address learning, and dropping
packets with unknown MAC addresses).

The MAC address of Ethernet NIC is 48 bits. The 48 bits include two parts. The first
24 bits are used to represent the manufacturer indicating Ethernet NIC. The remaining
24 bits are a group of sequence numbers designated by the manufacturer and named as
Organizationally Unique Identifier (OUI). The lowest bit (the most left bit in the structure)
is named as a private or group bit. If this bit is set to 0, the remaining address is a private
address.
If this bit is set to 1, the remaining address domain identifies the group address requiring
more resolution. If the whole OUI is set to 1, each site of the whole network is a destination.
That is the special engagement supported by OUI.

Configuring a MAC Address Table


The MAC table configuration includes the following commands:

5-14

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set port <portlist> security {enable | disable} Enables or disables the security function
of a port.

zte(cfg)#set port <portlist> multicast-filter {enable | Enables or disables the unregistered


disable} multicast filter function of a port.

zte(cfg)#set port <trunklist> multicast-filter {enable | Enables or disables the unregistered


disable} multicast filtering function of a trunk.

zte(cfg)#set mac add static <HH.HH.HH.HH.HH.HH> Adds a static MAC address entry based
port <1-28> vlan <1-4094> on the port and the VLAN.

zte(cfg)#set mac add static <HH.HH.HH.HH.HH.HH> Adds a static MAC address entry based
trunk <1-15> vlan <1-4094> on the trunk and the VLAN.

zte(cfg)#set mac add permanent <HH.HH.HH.HH.HH. Adds a permanent MAC address entry
HH> port <1-28> vlan <1-4094> based on the port and the VLAN.

zte(cfg)#set mac add permanent <HH.HH.HH.HH.HH. Adds a permanent MAC address entry
HH> trunk <1-15> vlan <1-4094> based on the trunk and the VLAN.

zte(cfg)#set mac delete Deletes all MAC address entries.

zte(cfg)#set mac delete mac-address <HH.HH.HH.HH.H Deletes a MAC address entry.


H.HH> vlan <1-4094>

zte(cfg)#set mac delete {port <1-28>| trunk <1-15>| Deletes all dynamic/static/permanent MAC
vlan <1-4094>}[dynamic | static | permanent] address entries based on port/trunk/VLAN.

zte(cfg)#set mac delete dynamic Deletes all dynamic MAC address entries.

zte(cfg)#set mac delete permanent Deletes all permanent MAC address


entries.

zte(cfg)#set mac delete static Deletes all static MAC address entries.

zte(cfg)#set mac aging-time <60-600> Sets device MAC address aging time.

zte(cfg)#set mac filter {source | destination | Sets the source MAC address or
both}<HH.HH.HH.HH.HH.HH> vlan <1-4094> destination MAC address filter function.

zte(cfg)#set mac learning {global | port <1-28>| trunk Sets MAC address learning mode based
<1-15>| vlan <1-4094>}{enable | disable | mode {automatic on global/port/trunk/VLAN.
| cpu-controlled}}

zte(cfg)#set mac limit {global | port <1-28>| trunk Sets the MAC address number limit
<1-15>| vlan <1-4094>} limit-num <0-16384> function based on global/port/trunk/VLAN.

zte(cfg)#set mac unknown-filter {global | port <1-28>| Sets the function of filtering unknown
trunk <1-15>} limit-num <0-16384> source packets based on global/port/trunk.

zte(cfg)#set mac to permanent {port <1-28>| trunk Sets the function of converting MAC
<1-15>}{enable | disable | max-number <1-128>} addresses as permanent in batches.

5-15

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set mac to permanent auto-save-time Sets the time when MAC addresses
<300-7200> converted to permanent ones are
automatically saved.

zte(cfg)#set mac to static {port <1-28>| trunk <1-15>| Sets the function of converting MAC
vlan <1-4094>}{enable | disable} address to static ones in batches.

zte(cfg)#set mac logging-alarm {station-move | Enables or disables the MAC event alarm
threshold-state}{enable | disable} function.

zte(cfg)#set mac logging-alarm interval <1-256> Sets the MAC event alarm output interval.

zte(cfg)#set mac protect port <1-28> action {shutdown | Sets the MAC protection action.
restrict | protect}

zte(cfg)#set mac protect port <1-28>{enable | disable} Enables or disables the MAC protection
function.

show mac (all configuration modes) Displays MAC address entry content.

show mac running-config (all configuration modes) Displays MAC configuration information.

show mac all-type {port <1-28>| trunk <1-15>| vlan Displays MAC address entry content
<1-4094>} (all configuration modes) based on port/trunk/VLAN.

show mac {dynamic | learning | limit | permanent | Displays various MAC function
static}[port <1-28>| trunk <1-15>| vlan <1-4094>] (all configurations and MAC address
configuration modes) entries based on global/port/trunk/VLAN.

show mac mac-address <HH.HH.HH.HH.HH.HH> (all Displays the MAC address entry content
configuration modes) of a specified MAC address.

show mac unknown-filter [port <1-28>| trunk <1-15>] Displays the filter function of the packet
(all configuration modes) with an unknown source based on
global/port/trunk.

show mac aging-time (all configuration modes) Displays device MAC address aging time.

show mac filter (all configuration modes) Displays source MAC address or
destination MAC address filtering function.

show mac logging-alarm (all configuration modes) Displays MAC event alarm configuration.

zte(cfg)#set mac learning except session <1-100>{clear Sets the function of not learning specified
|mac-address <HH.HH.HH.HH.HH.HH.HH> mac-mask MAC addresses
<HH.HH.HH.HH.HH.HH.HH>[vlan <1-4094>]}

zte(cfg)#set mac learning except {port <portlist>| trunk Unbinds ports/trunks and all sessions.
<trunklist>}session unbind

zte(cfg)#set mac learning except {port <portlist>| trunk Sets the binding relation between
<trunklist>}session <1-100>{bind|unbind} ports/trunks and all sessions.

5-16

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show mac learning except session [<1-100>] Displays the configuration of sessions for
which specified source MAC learning is
not needed.

show mac learning except {port <portlist>|trunk<trunklis Displays the binding relation between
t>} ports/trunks and sessions.

show mac protect [portlist] Displays the MAC protection state to check
whether MAC protection is triggered.

5.6 LACP Configuration


LACP Overview
The Link Aggregation Control Protocol (LACP) is a standard protocol defined in IEEE
802.3ad.
Link aggregation means that physical links with the same transmission media and
transmission rate are bound together, making them look like one link logically. This
concept is also known as Trunk. It allows simultaneous multiplied increase of the
bandwidths of parallel physical links between the switches or between the switch and the
server. As a result, it becomes an important technology in increasing the link bandwidth
and creating link transmission flexibility and redundancy.

An aggregated link is also called trunk. If a port of the trunk is blocked or faulty, the data
packets will be distributed to other ports of this trunk for transmission. If this port recovers,
the data packets will be redistributed to all the normal ports of this trunk for transmission.
The ZXR10 2900E supports up to 15 aggregation groups. In each aggregation group, the
number of aggregated links does not exceed eight.

Configuring LACP
The LACP configuration includes the following commands:

Command Function

zte(cfg)#set trunk <trunklist> pvid <1-4094> Sets the default trunk VID.

zte(cfg)#set lacp {enable | disable} Enables or disables the LACP


function.

zte(cfg)#set lacp aggregator <1-15>{add | delete} port <portlist> Adds or deletes a specified port
to/from an LACP aggregation
group.

zte(cfg)#set lacp aggregator <1-15> mode {dynamic | static | Sets aggregation mode of an
mixed } LACP aggregation group.

5-17

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set lacp port <portlist> mode {active | passive} Sets the mode used by the port to
participate in the aggregation.

zte(cfg)#set lacp port <portlist> timeout {long | short} Sets the timeout information
of the port participating in the
aggregation.

zte(cfg)#set lacp priority <1-65535> Sets the priority of LACP.

zte(cfg)#set lacp load-balance {port | packet {L2 | L3 | L4}} Sets LACP load balancing mode.

show trunk (all configuration modes) Displays the Port VLAN IDs
(PVIDs) of all trunks and
unregistered multicast filtering
configuration.

show trunk [<trunklist>] (all configuration modes) Displays the trunk PVID and
unregistered multicast filtering
configuration.

show trunk <trunklist> vlan (all configuration modes) Displays the VLAN configuration
of trunk.

show lacp (all configuration modes) Displays the LACP global


configuration information.

show lacp aggregator (all configuration modes) Displays brief information of all
LACP aggregation groups.

show lacp aggregator <1-15> (all configuration modes) Displays detailed information of an
LACP aggregation group.

show lacp port (all configuration modes) Displays aggregation status


information of all the LACP
member ports.

show lacp port [<portlist >] (all configuration modes) Displays aggregation status
information of LACP member
ports.

zte(cfg)#clear trunk <trunklist>{ multicast-filter} Clears the flag of the port multicast
filter.

LACP Configuration Instance


l Configuration Description

Switch A and switch B are connected through the aggregation port (binding the port
15 and port 16). Port 1 of switch A and port 2 of switch B belong to VLAN2. Port 3 of
switch A and port 4 of switch B belong to VLAN3. Members of the same VLAN can
communicate with each other. See Figure 5-3.

5-18

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-3 LACP Configuration Instance

l Configuration Procedure
1. The detailed configuration of switch A is as follows:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 3 add port 15-16
zte(cfg)#set lacp aggregator 3 mode dynamic
zte(cfg)#set lacp load-balance packet L2
zte(cfg)#set vlan 2 add trunk 3 tag
zte(cfg)#set vlan 2 add port 1 untag
zte(cfg)#set vlan 3 add trunk 3 tag
zte(cfg)#set vlan 3 add port 3 untag
zte(cfg)#set port 1 pvid 2
zte(cfg)#set port 3 pvid 3
zte(cfg)#set vlan 2-3 enable
2. The detailed configuration of switch B is as follows:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 3 add port 15-16
zte(cfg)#set lacp aggregator 3 mode dynamic
zte(cfg)#set lacp load-balance packet L2
zte(cfg)#set vlan 2 add trunk 3 tag
zte(cfg)#set vlan 2 add port 2 untag
zte(cfg)#set vlan 3 add trunk 3 tag
zte(cfg)#set vlan 3 add port 4 untag
zte(cfg)#set port 2 pvid 2
zte(cfg)#set port 4 pvid 3
zte(cfg)#set vlan 2-3 enable
l Configuration Verification
The results of implementing the following command on the two switches are similar.
zte(cfg)#show lacp
Lacp is enabled.
Lacp priority is 32768.
Load-balance is based on L2 hash mode.

5-19

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

PortNum GroupNum GroupMode LacpTime LacpActive


----------- ----------- ----------- ----------- -----------
15 3 Dynamic Long True
16 3 Dynamic Long True
zte(cfg)#show lacp aggregator 3
Group 3
Actor Partner
---------------------------- ----------------------------
Priority : 32768 32768
Mac : 00.d0.d0.fa.29.20 00.d0.d0.fc.88.63
Key : 258 258
Ports : 16, 15 16, 15

The above displayed result proves that the link aggregation is successful. If it is not
successful, the result is shown as follows after executing the show lacp aggregator 3
command.
zte(cfg)#show lacp aggregator 3
% Group 3 is not active!

The above result is due to physical link failure. It is recommended to check the physical
link status.

5.7 IGMP Snooping Configuration


IGMP Snooping Overview
Because the multicast address is not in the source address of the packet, the switch cannot
learn the multicast address. When the switch receives a multicast message, it sends the
message to all the ports in the same VLAN. If no measure is taken, unwanted multicast
messages may be spread to each node of the network, causing a great waste of network
bandwidth resource.
With the IGMP Snooping function, the IGMP communication between the host and router
is snooped, so that the multicast packets are sent to the ports in the multicast forwarding
table, instead of all ports. This restricts the flooding of multicast messages in the LAN
switch, reduces the waste of network bandwidth, and improves the utilization rate of the
switch.

Configuring IGMP Snooping


The IGMP Snooping configuration includes the following commands:

Command Function

zte(cfg)#set igmp snooping {enable | disable} Enables or disables the IGMP


Snooping function.

5-20

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set igmp snooping {add | delete} vlan <vlanlist> Adds or deletes the IGMP
Snooping function to/from the
specified VLAN.

zte(cfg)#set igmp snooping {add | delete} maxnum Sets or clears the maximum
<1-1024>{vlan <vlanlist>| port <portlist>[replace] multicast group number on the
specified VLAN/port. The replace
keyword means to replace the
query group which does not
respond for the longest period.

zte(cfg)#set igmp snooping delete host Deletes all dynamic multicast


users.

zte(cfg)#set igmp snooping monitor-ring {enable | disable} Enables or disables the IGMP ring
monitoring function.

zte(cfg)#set igmp snooping vlan <1-4094>{add | delete} group Adds or deletes static multicast
<A.B.C.D>[port <portlist>| trunk <trunklist>] group based on the VLAN.

zte(cfg)#set igmp snooping vlan <1-4094>{add | delete} smr Adds or deletes routing port or
{port <portlist>| trunk <trunklist>} trunk on the specified VLAN.

zte(cfg)#set igmp snooping private-group {<A.B.C.D>| enable | Adds private multicast group
disable} and enables or disables private
multicast group function.

zte(cfg)#set igmp snooping timeout {host | router}<time> Sets multicast member or route
time-out.
The value of the <time> parameter
is 0 means no aging. A value
between 100 and 2147483647
(unit: 100 milliseconds).

zte(cfg)#set igmp snooping query-interval <10-2147483647> Sets the snooping interval, unit:
100 milliseconds.

zte(cfg)#set igmp snooping response-interval <10-250> Sets the snooping response


interval, unit: 100 milliseconds.

zte(cfg)#set igmp snooping last-member-query <10-250> Sets the snooping interval for
the last member, unit: 100
milliseconds.

zte(cfg)#set igmp snooping query vlan <vlanlist>{enable | Enables or disables the query
disable} function on the specified VLAN.

zte(cfg)#set igmp snooping query version {v2 | v3} Sets the IGMP version of the query
packet sent by the switch.

zte(cfg)#set igmp snooping fastleave {enable | disable} Enables or disables the fast leave
function.

5-21

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set igmp snooping v3 {enable | disable} Enables or disables the IGMP V3


function.

zte(cfg)#set igmp snooping proxy version {v2 | auto} Sets the IGMP version of the
query message that the switch
responses to the router.

zte(cfg)#set igmp snooping crossvlan {enable | disable} Enables or disables the switch
cross-VLAN function.

zte(cfg)#set igmp filter {enable | disable} Enables or disables the filtering


function.

zte(cfg)#set igmp filter {add | delete} groupip <A.B.C.D.> vlan Adds or deletes the filtering of
<vlanlist> group in the specified VLAN.

zte(cfg)#set igmp filter {add | delete} sourceip <A.B.C.D.> vlan Adds or deletes the filter of source
<vlanlist> in the specified VLAN.

zte(cfg)#set igmp filter {add | delete} query port < portlist> Adds or deletes the query packet
vlan <vlanlist> filter for the specified port.

zte(cfg)#set igmp filter {add | delete} query trunk < trunklist> Adds or deletes the query packet
vlan <vlanlist> filter for the specified trunk port.

show igmp snooping (global configuration modes) Displays IGMP Snooping global
configuration information.

show igmp snooping vlan [<1-4094>[host | route]] (global Displays the configuration of the
configuration modes) IGMP snooping result.

show igmp snooping port [<portlist>] (global configuration modes) Displays the maximum and current
multicast group numbers for the
port.

show igmp snooping v3 {port <1-28>| trunk <1-15>} (global Displays the v3 multicast snooping
configuration modes) results of the port or the trunk.

show igmp filter report (global configuration modes) Displays the configuration of the
IGMP filter.

show igmp filter vlan <vlanlist> (global configuration modes) Displays the specified VLAN
multicast group filtering
configuration.

Displays the configuration of the


show igmp filter query (global configuration modes)
query packet filter.

Displays the configuration of the


show igmp filter query vlan <vlanlist> (global configuration
query packet filter for the specified
modes)
VLAN.

zte(cfg)#set igmp filter {add | delete} grouplist <A.B.C.D.> Adds/removes the group list filter
mask <A.B.C.D.> vlan <vlanlist> to/from the specified VLAN.

5-22

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set igmp snooping multicast-ring {enable | disable} Enables or disables the IGMP
multicast ring network function.

zte(cfg)#set igmp snooping multicast-ring {add | delete} Adds or deletes cascaded ports in
cascade port <portlist> a multicast ring network.

IGMP Snooping Configuration Instance


l Configuration Description
Ports 1, 3, and 5 are connected to the host, port 10 is connected to the router, add
ports 10, 1, 3, and 5 to VLAN200, and users on ports 1, 3, and 5 send multicast
join request packets with multicast addresses 230.44.45.167 and 230.44.45.157
respectively. Add multicast filter group address 230.44.45.167 on VLAN200. The
IGMP Snooping function and IGMP Filter function are enabled and the snooping
results are displayed. See Figure 5-4.

Figure 5-4 Network Topology of IGMP Snooping Configuration Instance

l Configuration Procedure
zte(cfg)#set vlan 200 add port 1, 3, 5, 10 untag
zte(cfg)#set port 1, 3, 5, 10 pvid 200
zte(cfg)#set vlan 200 enable
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 200
zte(cfg)#set igmp snooping vlan 200 add smr port 10
zte(cfg)#set igmp filter enable
zte(cfg)#set igmp filter add groupip 230.44.45.167 vlan 200
l Configuration Verification
Display multicast listening and filtering result.

5-23

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#show igmp snooping vlan


Maximal group number: 1024
Current group number: 1
Num VlanId Group Last_Report PortMember
---- ------- --------------- --------------- ----------------
1 200 230.44.45.157 194.85.1.3 1,3,5,10

zte(cfg)#show igmp filter report


IGMP Filter: enabled
Index Type IpAddress IpMask VlanList
----- -------- ---------------- ---------------- ---------------------
1 Groupip 230.44.45.167 255.255.255.255 200

zte(cfg)#show igmp filter report vlan 200


Index FilterIpAddress FilterIpMask Vlan Type
----- ---------------- ---------------- ----- --------
1 230.44.45.167 255.255.255.255 200 Groupip

5.8 MLD Snooping Configuration


MLD Snooping Overview
Corresponding to the IGMP protocol, MLD is a multicast management protocol in IPv6
environment. MLD v1/v2 is supported.
It is impossible to use a multicast address as a source address in a packet, so a switch
cannot learn the multicast address. When receiving a multicast message, a switch
broadcasts the message on all ports in the same VLAN. If no measure is taken, unwanted
multicast messages may be spread to each node of the network, causing a great waste
of network bandwidth resource.
Multicast Listener Discovery (MLD) snooping monitors MLD protocol communication
between a host and a router. In this way, a multicast message is sent to the ports in the
multicast forwarding table instead of all ports. This limits multicast message spread on
LAN switches, reduces network bandwidth waste, and enhances switch usage.

Configuring MLD Snooping


The MLD snooping configuration includes the following commands:

Command Function

zte(cfg)#set mld snooping {enable | disable} Enables or disables the MLD snooping function
globally.

zte(cfg)#set mld snooping {add | delete} vlan Adds or deletes an MLD snooping VLAN.
<vlanlist>

5-24

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set mld snooping add maxnum <1-256> Sets the maximum number of multicast groups
vlan <vlanlist> of a specific VLAN.

zte(cfg)#set mld snooping vlan <1-4094> add Adds a static group to a specific VLAN and adds
group <ipv6-address> port <portlist> a port to the static group.

zte(cfg)#set mld snooping vlan <1-4094> delete Clears static groups in a specific VLAN and
group <ipv6-address>[port <portlist>] clears the ports in the static groups.

zte(cfg)#set mld snooping vlan <1-4094>{add | Adds or clears a routing portsin a specific VLAN.
delete} mrouter port <port-id>

zte(cfg)#set mld snooping { host-time-out | Sets the time-out period between the router port
mrouter-time-out }<30-65535> and the host port.

zte(cfg)#set mld snooping query-interval Sets the interval for sending query packets.
<30-65535>

zte(cfg)#set mld snooping query-response-inter Sets the interval for sending report packets.
val <1000-25000>

zte(cfg)#set mld snooping last-member-query Sets the time of waiting for a query response
<1-25> when the last member leaves.

zte(cfg)#set mld snooping query vlan Enables or disables the query function in a
<vlanlist>{enable | disable} specific VLAN.

zte(cfg)#set mld snooping query vlan <vlanlist> Sets the MLD version of query packets.
version <1-2>

zte(cfg)#set mld snooping query {enable | Enables or disables the query function.
disable}

zte(cfg)#set mld snooping fastleave {enable | Enables or disables the fast leave function.
disable}

zte(cfg)#set mld snooping robustness <1-7> Sets the MLD robustness value.

zte(cfg)#set mld filter {enable | disable} Enables or disables the filter function globally.

zte(cfg)#set mld filter {add | delete} query port Adds or deletes the query packet filter for the
< portlist> vlan <vlanlist> specified port.

zte(cfg)#set mld filter {add | delete} query trunk Adds or deletes the query packet filter for the
< trunklist> vlan <vlanlist> specified trunk port.

show mld snooping (all configuration modes) Displays global MLD snooping configuration
information.

show mld snooping vlan <1-4094>[group Displays the MLD snooping result.
<ipv6-address>| port-info | group-source-filter |
host-source-filter ] (all configuration modes)

show mld snooping mr-port-info (all configuration Displays MLD router port information.
modes)

5-25

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show mld filter query (all configuration modes) Displays the configuration of the query packet
filter.

show mld filter query vlan <vlanlist> (all Displays the configuration of the query packet
configuration modes) filter for the specified VLAN.

MLD Snooping Configuration Instance


l Configuration Description
See Figure 5-5. Port 1, Port 3 and Port 5 are connected to hosts, Port 10 is connected
to a router, ports 10, 1, 3 and 5 are in VLAN 200, users connected to Ports 1, 3 and 5
send multicast join requests to join the groups ff1e::22 and ff1e::11. Enable the MLD
snooping function on the switch and display the snooping result.

Figure 5-5 MLD Snooping Configuration Instance

l Configuration Procedure
zte(cfg)#set vlan 200 add port 1, 3, 5, 10 untag
zte(cfg)#set port 1, 3, 5, 10 pvid 200
zte(cfg)#set vlan 200 enable
zte(cfg)#set mld snooping enable
zte(cfg)#set mld snooping add vlan 200
zte(cfg)#set mld snooping vlan 200 add mr port 10
l Configuration Verification

Display the snooping result:

zte(cfg)#show mld snooping vlan 200


MLD Snooping : enable
Querier : disable
Working Mode : proxy

5-26

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Max Group Number : 256


Total Group Number : 2
Exist Host Group Number : 2
Index Vlan Group ID Prejoin LiveTime Ports
----- ---- -------------- ------- ---------- --------
1 200 ff1e::11 0 0:00:00:14 D:1,3, 5
2 200 ff1e::22 0 0:00:00:09 D:1,3,

5.9 IPTV Configuration


IPTV Overview
Internet Protocol television (IPTV) is also called Interactive Network TV. IPTV is a method
of distributing television content over IP that enables a more customized and interactive
user experience. IPTV can allow people who are separated geographically to watch a
movie together, while chatting and exchanging files simultaneously. IPTV uses a two-way
broadcast signal sent through the provider's backbone network and servers, allowing
viewers to select content on demand, and take advantage of other interactive TV options.
IPTV can be used through PC or IP Set-top Box (SBT) + TV.

Configuring IPTV
The IPTV configuration mainly includes the following contents:
l Configure channel attributes
l Configure package attributes
l Configure preview-related attributes
l Configure CDR-related attributes
l Configure port-related attributes
The IPTV configuration includes the following commands:

Command Function

zte(cfg-nas)#iptv control {enable | disable} Enables or disables the IPTV


function.

zte(cfg-nas)#iptv channel mvlan <1-4094> groupip Adds one channel (multicast


<A.B.C.D>[name <channel-name>[id <0-1031>]] group) to the specified VLAN and
names the channel and allocates
ID.

zte(cfg-nas)#iptv channel mvlan <1-4094> groupip <A.B.C.D> Adds channel (multicast group) to
count <1-1032>[prename <prename>] the specified VLAN in batch and
names channels in batch.

zte(cfg-nas)#iptv channel name <channel-name> rename Modifies channel name.


<new-name>

5-27

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg-nas)#iptv channel {name <channel-name>| id-list < Enables or disables channel log
channel-list>} cdr {enable | disable} function.

zte(cfg-nas)#iptv channel {name <channel-name>| id-list Specifies the preview configuration


<channel-list>}{viewfile-name <viewfile-name>| viewfile-id file of the channel.
<0-1023>}

zte(cfg-nas)#iptv sms-server <A.B.C.D> Sets the IP address of the Service


Management System (SMS)
server.

zte(cfg-nas)#iptv sms-server-port <1025-65535> Sets SMS server TCP port.

zte(cfg-nas)#iptv cdr {enable | disable} Enables or disables CDR log


function globally.

zte(cfg-nas)#iptv cdr report Manually triggers CDR log report


at one time.

zte(cfg-nas)#iptv cdr create-period <1-65535> Sets the interval for creating CDRs
when users watch programs for a
long time.

zte(cfg-nas)#iptv cdr deny-right {enable | disable} Enables or disables CDR function


when the access authorization is
deny.

zte(cfg-nas)#iptv cdr prv-right {enable | disable} Enables or disables CDR function


when the access authorization is
preview.

zte(cfg-nas)#iptv cdr report-threshold <1-32> Sets the number of CDRs in each


reported packet.

zte(cfg-nas)#iptv cdr report-interval <1-65535> Sets the time interval for CDR
report.

zte(cfg-nas)#iptv cdr max-records <100-5000> Sets CDR maximum record items.

zte(cfg-nas)#iptv cdr warning-threshold <1-100> Sets CDR buffer alarm threshold.

zte(cfg-nas)#iptv package name <package-name>[id Creates multicast package.


<package-id>]

zte(cfg-nas)#iptv package name <package-name> channel Adds channels to the package


{id-list <channel-list>| name <channel-name>}{deny | order | and configures the authority of the
preview} channels in the package.

zte(cfg-nas)#iptv prv {enable | disable} Enables or disables the preview


function.

zte(cfg-nas)#iptv prv reset Resets the preview function.

5-28

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg-nas)#iptv prv autoreset-time <HH:MM:SS> Automatically resets the preview


function.

zte(cfg-nas)#iptv prv recognition-time <1-65534> Sets recognition time. A short time


preview is not counted.

zte(cfg-nas)#iptv prv overcount-cdr {enable | disable} Enables or disables the IPTV


preview overcount-cdr function.

zte(cfg-nas)#iptv view-profile name < viewfile-name>[id Creates IPTV preview


<1-1023>] configuration files.

zte(cfg-nas)#iptv view-profile name <viewfile-name>{count Creates IPTV preview


<1-65535>| duration <2-65535>| blackout<2-65535>} configuration files.

zte(cfg-nas)#iptv cac-rule {enable | disable} Enables or disables the CAC


control.

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] service {start | Sets user service state.
remove | pause | resume}

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] control-mode Sets user multicast control mode.
{package | channel}

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] package Allocates packages for the user.
{name <package-name>| id-list <package-list>}

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] channel Allocates the access permission of


{name <channel-name>| id-list <channel-list>}{deny | order | the channel for the user.
preview | query}

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] cdr {enable | Enables or disables the user CDR
disable} log record function.

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] mac-base Enables or disables the


{enable | disable} management mode based on
the MAC address.

zte(cfg-nas)#iptv port <portlist>{add|delete} mvlan <1-4094> Adds or deletes a duplicate rule.


uvlan <1-4094>

zte(cfg-nas)#clear iptv channel {name <channel-name>| id-list Deletes a channel.


<channel-list>| all}

zte(cfg-nas)#clear iptv package {name <package-name>| id-list Deletes a package.


< package-idlist >| all}

zte(cfg-nas)#clear iptv view-profile{name <viewfile-name>| Deletes a preview configuration


id-list <viewfile-lis>| all} file.

zte(cfg-nas)#clear iptv port <portlist>[vlan <1-4094>] package Deletes the package allocated for
{name <package-name>| id-llist <package-idlist>} users.

5-29

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg-nas)#clear iptv client [index <0-255>| mac Deletes an IPTV user.


<HH.HH.HH.HH.HH.HH>| port <portlist>[vlan <1-4094>]]

show iptv control (all configuration modes) Displays IPTV global configuration.

show iptv channel [name <channel-name>| id <channel-id>] (all Displays channel information (all
configuration modes) channels or some channel detailed
information).

show iptv package [name<package-name>| id <0-127>] (all Without parameters, displays the
configuration modes) package names. With parameters,
this displays all channel lists in the
package.

show iptv prv (all configuration modes) Displays IPTV preview global
configuration information.

show iptv view-profile [name <viewfile-name>| id <0-1023>] (all Displays preview configuration file
configuration modes) information.

show iptv cdr (all configuration modes) Displays global CDR configuration
information.

show iptv client [{channel <0-1031>| index <0-255>| mac Displays IPTV user information.
<HH.HH.HH.HH.HH.HH>| port <portid>| vlan <1-4094>}] (all
configuration modes)

show iptv rule [ port <portid>][vlan <1-4094>][channel | package] Displays IPTV rule information.
(all configuration modes)

show iptv duplicate (all configuration modes) Displays duplicate configuration


information.

zte(cfg-nas)#clear iptv channel-group {name Deletes a channel group.


<channel-group-name>| id-list <channel-group-list>|
all}

zte(cfg-nas)#iptv channel-group mvlan <1-4094> Adds a channel group to a


groupiplist <A.B.C.D>{<A.B.C.D>| mask <A.B.C.D>}}[name specified VLAN, names the
<channel-group-name>[id <0-255>]] channel group, and allocates an
ID to each channel.

zte(cfg-nas)#iptv channel-group name <channel-group-name> Modifies the channel group name.


rename <new-name>

zte(cfg-nas)#iptv channel-group {name <channel-group-name>| Enables/disables the channel


id-list < channel-group-list>} cdr {enable | disable} group log function.

zte(cfg-nas)#iptv channel-group {name <channel-group-name>| Specifies the preview configuration


id-list <channel-group-list>}{viewfile-name <viewfile-name>| file for the channel group.
viewfile-id <0-1023>}

5-30

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] channel-group Allocates an access permission to


{name <channel-group-name>| id-list <channel-group-list>}{deny | the channel group for users.
order | preview | query}

show iptv channel-group [name <channe-groupl-name>| id Displays channel group


<channel-group-id>] (all configuration modes) information (details of one or
all channel groups).

IPTV Configuration Example One


l Configuration Description
Port 1 connects to the user and it subscribes to channel 225.1.1.1. The user vlan
is 100. The multicast vlan is 4000. Router sends data stream of multicast group
225.1.1.1. PC sends request for entering into channel 225.1.1.1. See Figure 5-6.

Figure 5-6 IPTV Configuration Instance 1

l Configuration Procedure
1. Configure VLAN
zte(cfg)#set vlan 100 add port 1
zte(cfg)#set vlan 4000 add port 1, 4
zte(cfg)#set vlan 100, 4000 enable
zte(cfg)#set port 1 pvid 100
zte(cfg)#set port 4 pvid 4000
/*IGMP Snooping*/
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 100, 4000
zte(cfg)#set igmp snooping fastleave enable
2. Configure IPTV
zte(cfg)#config nas
zte(cfg-nas)#iptv control enable
zte(cfg-nas)#iptv cac-rule enable
3. Configure a rule on the port
zte(cfg-nas)#iptv channel mvlan 4000 group 225.1.1.1
name CCTV1 id 1
zte(cfg-nas)#iptv port 1 service start
zte(cfg-nas)#iptv port 1 control-mode channel
zte(cfg-nas)#iptv port 1 channel id-list 1 order
zte(cfg-nas)#iptv port 1 add mvlan 4000 uvlan 100
l Configuration Verification

5-31

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Check configuration
zte(cfg-nas)#show iptv rule
MaxRuleNum:64
CurRuleNum:1
HisRuleNum:1

Id Port Vlan Mbase Mode Service Cdr Order Preview Query PkgNum
-- ---- ---- ----- ------- ------- -------- ----- ------- ----- ------
1 1 false channel in disabled 1 0 0 0

/*view the user online state when the user is online*/


zte(cfg-nas)#show igmp snooping vlan
Maximal group number: 1024
Current group number: 1
Num VlanId Group Last_Report PortMember
---- ------- --------------- --------------- ----------------
1 4000 225.1.1.1 192.85.1.3 1
zte(cfg-nas)#show iptv client index 0

Index :0
Rule :1 Vlan :100
Port :1 ChNum :1
Mac :00.10.94.00.00.01 Ip :192.85.1.3

Channel UserType MultiAddress ElapsedTime


------- ---------- ---------------- --------------
1 order 225.1.1.1 0:0:1:7

IPTV Configuration Example Two


l Configuration Description

Port 1 connects with the user and it is the preview user of channel 225.1.1.1. The
maximum preview time is 20 seconds, the interval is at least 10 seconds and the
maximum preview time is 2. The user vlan is 100. The multicast vlan is 4000. Router
sends data stream of multicast group 225.1.1.1. PC sends request for entering into
channel 225.1.1.1. See Figure 5-7.

Figure 5-7 IPTV Configuration Instance 2

l Configuration Procedure

5-32

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

1. Configure VLAN
zte(cfg)#set vlan 100 add port 1
zte(cfg)#set vlan 4000 add port 1, 4
zte(cfg)#set vlan 100, 4000 enable
zte(cfg)#set port 1 pvid 100
zte(cfg)#set port 4 pvid 4000
/*IGMP Snooping*/
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 100, 4000
zte(cfg)#set igmp snooping fastleave enable
2. Configure IPTV
zte(cfg)#config nas
zte(cfg-nas)#iptv control enable
zte(cfg-nas)#iptv cac-rule enable
zte(cfg-nas)#iptv prv enable
3. Configure a rule on the port
zte(cfg-nas)#iptv channel mvlan 4000 group 225.1.1.1
name CCTV1 id 1
zte(cfg-nas)#iptv port 1 service start
zte(cfg-nas)#iptv port 1 control-mode channel
zte(cfg-nas)#iptv port 1 channel id 1 preview
4. Configure the preview template
zte(cfg-nas)#iptv view-profile name VPF1.PRF
zte(cfg-nas)#iptv view-profile name VPF1.PRF count 2
zte(cfg-nas)#iptv view-profile name VPF1.PRF blackout 10
zte(cfg-nas)#iptv view-profile name VPF1.PRF duration 20
zte(cfg-nas)#iptv channel id 1 viewfile-name VPF1.PRF
l Configuration Verification
Check configuration

/*check the configuration of preview template*/


zte(cfg-nas)#show iptv view-profile name VPF1
ViewProfile Id :1
MaxPrvCount :2
MaxPrvDuration :20
BlackoutInterval :10
/*view the user online state when the user is online*/
zte(cfg-nas)#show iptv client index 0
Index :0
Rule :1 Vlan :100
Port :1 ChNum :1
Mac :00.10.94.00.00.01 Ip :192.85.1.3

Channel UserType MultiAddress ElapsedTime


------- ---------- ---------------- --------------

5-33

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

1 preview 225.1.1.1 0:0:0:16

5.10 STP Configuration


STP Overview
The Spanning Tree Protocol (STP) is applicable to the network with data loops. It uses
certain algorithms to block some redundant links, thus preventing possible network loops.

The Rapid Spanning Tree Protocol (RSTP) is developed on the basis of common STP,
and provides a faster spanning tree convergence by using a mechanism in which the port
state can be rapidly changed from Blocking to Forwarding.

The Multiple Spanning Tree Protocol (MSTP) is developed on the basis of RSTP and STP. It
introduces domains and instances, and recognizes VLAN ID. The whole network topology
structure can be planned into a Common and Internal Spanning Tree (CIST), which is
divided into Common Spanning Tree (CST) and Internal Spanning Tree (IST).
Many devices enabling MSTP construct Multiple Spanning Tree (MST) areas in the
switching network. When the devices satisfy the following conditions, they can be
considered to exist in an MST area. A switching network can cover many MST areas.
Users can divide the switches into an MST area by using MSTP commands.
l Same area name.
l Same reversion level.
l Same mapping relationship between a VLAN and an instance.
l Switches should be connected directly.
Multiple spanning trees can be configured in each MSTP area, and they are independent
from each other. Each spanning tree is an Internal Spanning Tree (IST), and it can be
called as Multiple Spanning Tree Instance (MSTI). Common Spanning Tree connects all
MST areas in the switching network. An MST area can be considered as a switch, a CST
is a spanning tree which is generated by STP and RSTP protocol calculation. All ISTs
and CSTs are called as Common and Internal Spanning Tree (CIST). A CIST is a single
spanning tree used to connect all switches.
In this MSTP topology structure, an IST can serve as a single bridge (switch). In this
way, a CTS can serve as an RSTP for the interaction of configuration information (BPDU).
Multiple instances can be created in an IST area and these instances are valid only in this
area. An instance is equivalent to an RSTP, except that the instance needs to perform
BPDU interaction with bridges outside this area.

For the MSTP topological structure, see Figure 5-8.

5-34

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-8 MSTP Topological Structure

The ports have different roles:


l Master: The port type is introduced in the MSTP protocol. When multiple different
areas exist, the master port is the port with the minimal cost to the root.
l Root: The port that has the minimal cost to the root bridge and takes charge in
forwarding data to the root node. When multiple ports have the same cost to the root
bridge, the port with the lowest port priority becomes to the root port.
l Designated: The port transmits data to the switch downward, and sends the STP
protocol message to maintain the state of STP.
l Backup: The port receives the STP message, which proves that there exists a loop
to the port itself.
l Alternate: The port receives excess STP protocol messages from other equipment.
However, when the original link fails, the port becomes transmitting and maintains the
network taking the place of the faulty port.
l Edged: The port is used to connect the terminal equipment, for example, PC. The
port does not participate in the calculation before the STP is stable, and the state can
be switched fast.

According to the port role, the port state is different after the calculation becomes steady.
For the relationships between the port role and the port state, refer to Table 5-1.

Table 5-1 Port Role and Port State

Port Role Port State

Master Forward

Root Forward

Designated Forward

Backup Discard

5-35

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Port Role Port State

Alternate Discard

Edged Forward

Protection Feature Overview


BPDU Protection on a Port
A boundary port is not expected to receive any BPDUs. Receipt of any BPDUs indicates
a failure in the network. To avoid this situation, BPDU protection can be configured on a
boundary port.
After being configured with BPDU protection, if a port receives a BPDU, the port will be
shut down and a warning message will be displayed. The system waits for some seconds
of user configured and then tries to re-open the port. If it still receives BPDUs, the port will
be shut down again. By doing so, the network can be protected from being attacked by
abnormal BPDUs to maintain the stability of the topology.
Loopback Protection on a Port
When a non-designated ports other than port breaks down and cannot receive any BPDUs,
STP will transit the port to a designated port and its state to Forwarding state, which leads
to loops. To avoid this situation, port loopback protection can be configured on a blocked
port.
After being configured with port loopback protection, if a blocked port no longer receives
any BPDUs, it will enter Loop_Inconsistent state, under which no data will be forwarded
from this port. When it receives BPDUs again, the port will automatically recover to a
blocked port.
Root Protection on a Port
After the network has completed the spanning tree calculation, if a new switch is involved
and the numerical value for its bridge ID is lower than that for the root bridge, the new
switch will become the new root bridge to replace the old root bridge, which causes the
entire network to recalculate the spanning tree. To avoid this situation, port root protection
can be configured on the port where a new switch accesses the network.
The port root protection feature is used to protect the root bridge. After being configured
with root protection, if a port receives a BPDU in which the numerical value for the bridge
ID is lower, the port will enter RootGuard state to avoid spanning tree recalculation. In
this state, no data will be forwarded from this port. Once the port no longer receives any
BPDU in which the numerical value for the bridge ID is lower, it will go through the transitory
states, that is, Listening state and Learning state, and finally transit to Forwarding state.
The recovery is automatic, without any human intervention.

Configuring STP
In the default configuration, the MSTP only has the instance with ins_id being 0. This
instance always exists and users cannot manually delete it. This instance is mapped with
VLANs 1 to 4094.

5-36

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

The STP configuration includes the following commands:

Command Function

zte(cfg)#set stp {enable | disable} Enables or disables the STP.

zte(cfg)#set stp forceversion {mstp | rstp | stp} Sets the forced STP type to
MSTP/RSTP/STP.

zte(cfg)#set stp port <portlist>{enable | disable} Enables or disables the port STP
function.

zte(cfg)#set stp port <portlist> linktype {point-point | shared} Sets port connection type.

zte(cfg)#set stp port <portlist> packettype {IEEE | CISCO | Sets instance port packet type.
HUAWEI | HAMMER | extend }

zte(cfg)#set stp port <portlist> pcheck Checks the current STP protocol
type and selects the best protocol.

zte(cfg)#set stp port <portlist> bpdu-guard {enable | disable} Enables or disables the BPDU
packet protection function on the
port.

zte(cfg)#set stp bpdu-interval <10-65535> Sets an interval for BPDU


protection recovery.

zte(cfg)#set stp trunk <trunklist>{enable | disable} Enables trunk/disables the STP


function.

zte(cfg)#set stp trunk <trunklist> linktype {point-point | shared} Sets trunk connection type.

zte(cfg)#set stp trunk <trunklist> packettype {IEEE | CISCO | Sets packet types sent and
HUAWEI | HAMMER | extend } received by the trunk.

zte(cfg)#set stp edge-port {add | delete} port <portlist> Adds/deletes STP edge port.

zte(cfg)#set stp {hmd5-digest | hmd5-key}{CISCO | Sets hmd5 parameter when the


HUAWEI}<0x00..0-0xff..f> device is connected with CISCO
or HUAWEI.

zte(cfg)#set stp hellotime <1-10> Sets STP notification interval.

zte(cfg)#set stp forwarddelay <4-30> Sets STP forwarding delay time.

zte(cfg)#set stp agemax <6-40> Sets STP aging time

zte(cfg)#set stp hopmax <1-40> Sets the maximum number of hops


between edge equipment and root
switch of MSTP.

zte(cfg)#set stp name <name> Sets the name of the MSTP


domain.

zte(cfg)#set stp revision <0-65535> Sets the revision level of the


MSTP.

5-37

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set stp instance <0-63>{add | delete} vlan <vlanlist> Adds or deletes the VLAN to/from
the MSTP instance.

zte(cfg)#set stp instance <0-63>{port <1-28>| trunk < trunklist Sets the priority of the port/trunk
>} priority <0-240> in the instance.

zte(cfg)#set stp instance <0-63>{port <1-28>| trunk <trunklist>} Sets the path cost of the port/trunk
cost <1-200000000> in the instance.

zte(cfg)#set stp instance <0-63>{port <1-28>| trunk <trunklist>} Enables or disables the root
root-guard {enable | disable} protection of port/trunk in the
instance.

zte(cfg)#set stp instance <0-63>{port <1-28>| trunk <trunklist>} Enables or disables the loop
loop-guard {enable | disable} protection of port/trunk in the
instance.

zte(cfg)#set stp instance <0-63> priority <0-61440> Sets the priority of the bridge in
the instance, which is used for root
bridge selection.

zte(cfg)#clear stp instance <0-63> Deletes the instance.

zte(cfg)#clear stp instance <0-63>{port <1-28>| trunk <1-15>} Sets the path cost of the port/trunk
cost in the instance as the default
value.

zte(cfg)#clear stp name Deletes the MSTP domain name.

show stp (all configuration modes) Displays STP global configuration


information.

show stp instance [<0-63>] (all configuration modes) Displays the state information of
the instance.

show stp port [<portlist>] (all configuration modes) Displays the STP port
configuration information.

show stp trunk <trunklist> (all configuration modes) Displays STP trunk configuration
information.

STP Configuration Instance


l Configuration Description

Configure the STP function of switch 1 and switch 2, take switch 1 as the root bridge
and block a redundant port in the loop. This realizes loop protection and link backup
between switches. See Figure 5-9.

5-38

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-9 STP Configuration Instance

l Configuration Procedure
zte(cfg)#set stp enable
/*enable the stp protocol of switch1 and switch2*/
zte(cfg)#set stp forceversion stp
/*set STP forceversion as stp*/
l Configuration Verification
1. Check the STP state of switch 1 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol stp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ ------- ------- ---------- ----- -----------
1 128.1 200000 Forward Designated SSTP None
2 128.2 200000 Forward Designated SSTP None
2. Check the STP state of switch 2 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol stp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s):15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.29.52.06
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ ------- ------- ---------- ----- -----------

5-39

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

1 128.1 200000 Forward Root SSTP None


2 128.2 200000 Discard Alternate SSTP None

RSTP Configuration Instance


l Configuration Description
Configure the RSTP function of switch 1 and switch 2, take switch 1 as the root bridge
and block a redundant port in the loop. This realizes loop protection and link backup
between switches. See Figure 5-10.

Figure 5-10 RSTP Configuration Instance

l Configuration Procedure
zte(cfg)#set stp enable
/*enable STP protocol of switch1 and switch2*/
zte(cfg)#set stp forceversion rstp
/*set forceversion of stp as rstp*/
l Configuration Verification
1. Check the STP state of switch 1 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol rstp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ -------- ------- ---------- ----- -----------
1 128.1 200000 Forward Designated RSTP None
2 128.2 200000 Forward Designated RSTP None
2. Check the STP state of switch 2 in the system view.
zte(cfg)#show stp instance
Spanning tree enabled protocol rstp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20

5-40

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

ForwardDelay(s):15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.29.52.06
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ --------- ------- ---------- ----- -----------
1 128.1 200000 Forward Root RSTP None
2 128.2 200000 Discard Alternate RSTP None

MSTP Configuration Instance


l Configuration Description

Configure the MSTP of switch1 and switch2 (they are in the same MST area) to
realize link backup and block the loop in the network. The configuration is as follows:
establish mapping between instance 1 and service VLAN10-20; set Name to zte and
Revision to 10. Take switch 1 as the root bridge in instance 1. See Figure 5-11.

Figure 5-11 MSTP Configuration Instance

l Configuration Procedure
zte(cfg)#set stp enable
/*enable the stp protocol of switch1 and switch2*/
zte(cfg)#set stp forceversion mstp
/*set the STP forceversion as mstp*/
zte (cfg)#set stp name zte
/*set switch1 and switch2 in the same area*/
zte(cfg)#set stp revision 10
zte(cfg)#set stp instance 1 add vlan 10-20
l Configuration Verification
1. Check the STP state of switch 1 and switch 2 in the system view.
zte(cfg)#show stp
The spanning_tree protocol is enabled!

The STP ForceVersion is MSTP !


Revision: 10
Name: zte
Bpdu interval: 100
Cisco key: 0x13ac06a62e47fd51f95d2ba243cd0346

5-41

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Cisco digest: 0x00000000000000000000000000000000


Huawei key: 0x13ac06a62e47fd51f95d2ba243cd0346
Huawei digest: 0x00000000000000000000000000000000
Instance VlanMap
-------- -------------------
0 1-9,21-199,211-4094
1 10-20,200-210
2. Check the STP state of switch 1 in the system view.
zte(cfg)#show stp instance
MST00
Spanning tree enabled protocol mstp
RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.02.00.54
RemainHops : 20
BridgeID:
Priority : 32768 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ ------- ------- ---------- ----- -----------
1 128.1 200000 Forward Designated MSTP None
2 128.2 200000 Forward Designated MSTP None
MST01
Spanning tree enabled protocol mstp
RootID:
Priority : 32769 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 RemainHops : 20
BridgeID:
Priority : 32769 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role GuardStatus
--------- ------ ------- ------- ---------- -----------
1 128.1 200000 Forward Designated None
2 128.2 200000 Forward Designated None
3. Check the STP state of switch 2 in the system view.
zte(cfg)#show stp instance
MST00
Spanning tree enabled protocol mstp
RootID:

5-42

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Priority : 32768 Address : 00.d0.d0.02.00.54


HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s):15
Reg RootID:
Priority : 32768 Address : 00.d0.d0.29.52.06
RemainHops : 19
BridgeID:
Priority : 32768 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s): 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
--------- ------ ------- ------- ---------- ----- ---------
1 128.1 200000 Forward Root MSTP None
2 128.2 200000 Discard Alternate MSTP None
ST01
Spanning tree enabled protocol mstp
RootID:
Priority : 32769 Address : 00.d0.d0.02.00.54
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s):15 RemainHops : 19
BridgeID:
Priority : 32769 Address : 00.d0.d0.29.52.06
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role GuardStatus
--------- ------ ------- ------- ---------- ------------
1 128.1 200000 Forward Root None
2 128.2 200000 Discard Alternate None

5.11 ACL Configuration


ACL Overview
An Access Control List (ACL) is a sequential collection of permissions that apply to
packets. When a packet is received on an interface, the switch compares the fields in
the packet against applied ACLs to verify that the packet has the required permissions to
be forwarded, based on the criteria specified in the access lists. It tests packets against
the conditions in an access list one by one. The first match determines whether the
switch accepts or rejects the packets because the switch stops testing conditions after
the first match. The order of conditions in the list is critical. If no conditions match, the
switch rejects the packets. If there are no restrictions, the switch forwards the packet.
Otherwise, the switch drops the packet.
The ZXR10 2900E supports the following functions.

l The ZXR10 2900E provides two binding types, including physical port and VLAN port.

5-43

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

l ACL rules can be added, deleted, and sorted.


1. Rules can be added to a configured ACL. Regular ID number range is 1-500.
2. Configured ACL can be deleted regularly. If the specified ACL instance number
or rule number is not configured, a false message will return.
3. Many rules of an ACL can be sorted. It is necessary to specify the position where
a rule number should be moved.
l An ACL can become valid according to the configured time range. After configuring
absolute or relative time range on the switch, the time range can be applied to the rule
of the ACL. This causes the rule to be valid according to the time range specification.
l The ZXR10 2900E provides the following ten types of ACLs:
1. Basic ACL: Only matches the source IP address.
2. Extended ACL: Matches the source IP address, destination IP address, IP
protocol type, TCP source port number, TCP destination port number, UDP
source port number, UDP destination port number, ICMP type, ICMP Code and
DiffServ Code Point (DSCP).
3. L2 ingress ACL: Matches the source MAC address, destination MAC address,
source VLAN ID and 802. 1p priority value, Ethernet network type and
DSAP/SSAP.
4. Hybrid ingress ACL: Matches source IPv4/IPv6 address, destination IPv4/IPv6
address, IP protocol type, TCP source port number, TCP destination port number,
UDP source port number, UDP destination port number, DiffServ Code Point
(DSCP), source MAC address, destination MAC address, source VLAN ID and
802. 1p priority value.
5. Global ACL: Matches the source IP address, destination IP address, IP protocol
type, TCP source port number, TCP destination port number, UDP source port
number, UDP destination port number, DiffServ Code Point (DSCP), source MAC
address, destination MAC address, source VLAN ID and 802. 1p priority value.
6. Basic egress ACL: Only matches source IP address.
7. Extended egress ACL: Matches the source IP address, destination IP address,
IP protocol type, TCP source port number, TCP destination port number, UDP
source port number, UDP destination port number, ICMP type, ICMP Code and
DiffServ Code Point (DSCP).
8. L2 egress ACL: Matches the destination MAC address, source VLAN ID and 802.
1p priority value, Ethernet network type and DSAP/SSAP.
9. Hybrid egress ACL: Matches the Source IPv4/IPv6 address, destination
IPv4/IPv6 address, IP protocol type, TCP source port number, TCP destination
port number, UDP source port number, UDP destination port number, DiffServ
Code Point (DSCP), source MAC address, destination MAC address, source
VLAN ID and 802. 1p priority value.
10. User-defined ingress ACL: Only matches the bytes defined by users.
l Each ACL has an access list number to identify, which is a digit. The access list
number ranges of different types of ACL are shown below:
1. Basic ingress ACL: 199
2. Extended ingress ACL: 100199
3. L2 ingress ACL: 200299

5-44

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

4. Hybrid ingress ACL: 300399, support IPv6


5. Basic egress ACL: 400499
6. Extended egress ACL: 500599
7. L2 egress ACL: 600-699
8. Hybrid egress ACL:700799, supports IPv6
9. Global ACL: 800
10. User-defined ingress ACL: 801828
l Each ACL has at most 500 rules and the range is 1500.

Configuring ACL
The ACL configuration includes the following commands:

Command Function

zte(cfg)#set port <portlist> acl mode {port | vlan} Sets port ACL binding mode.

zte(cfg)#set port <portlist> acl <1-799, 801828>{enable | Binds ACL instance to the port.
disable}

zte(cfg)#set vlan <vlanlist> acl <1-399, 801828>{enable | Binds ACL instance to the VLAN.
disable}

zte(cfg)#set acl <1-799,801-828> rule <1-500> time-range Executes an ACL action in a


<word>{enable|disable} specific time range.

zte(cfg)#create acl <1-828> name <name> Creates an ACL name.

zte(cfg)#clear acl<1-828> name Clears an ACL name.

zte(cfg)#show port <portlist> acl-mode Displays port ACL binding mode.

zte(cfg)#config ingress-acl basic number <1-99> Creates and configures a basic


ingress ACL instance.

zte(basic-acl-group)#rule <1-500>{permit | deny}{<source-ipa Sets a basic ingress ACL rule.


ddr><sip-mask>| any}[fragment]

zte(cfg)#clear ingress-acl basic number <1-99> Clears a basic ingress ACL


instance.

zte(cfg)#config ingress-acl extend number <100-199> Creates and configures an


extended port ACL instance.

zte(extend-acl-group)#rule <1-500>{permit | Sets the rule that an extended


deny}<ip-protocol>{<source-ipaddr><sip-mask>| any}{<des ingress ACL is used to match
tination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment] specified fields of IPv4 packets.

zte(extend-acl-group)#rule <1-500>{permit | deny} icmp Sets the rule that an extended


{<source-ipaddr><sip-mask>| any}{<destination-ipaddr><dip-mask>| ingress ACL is used to match
any}[icmp-type <0-254><icmp-code>][dscp <0-63>][fragment] ICMP packets.

zte(extend-acl-group)#rule <1-500>{permit | deny} ip Sets the rule that an extended


{<source-ipaddr><sip-mask>| any}{<destination-ipaddr><dip-mask>| ingress ACL is used to match IP
any}[dscp <0-63>][fragment] packets.

5-45

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(extend-acl-group)#rule <1-500>{permit | deny} Sets the rule that an extended


tcp {<source-ipaddr><sip-mask>| any}[source-port ingress ACL is used to match TCP
<0-65535><sport-mask>]{<destination-ipaddr><dip-mask>| packets.
any}[dest-port <0-65535><dport-mask>][establishing |
established][dscp <0-63>][fragment]

zte(extend-acl-group)#rule <1-500>{permit | deny} Sets the rule that an extended


udp {<source-ipaddr><sip-mask>| any}[source-port ingress ACL is used to match UDP
<0-65535><sport-mask>]{<destination-ipaddr><dip-mask>| packets.
any}[dest-port <0-65535><dport-mask>][dscp <0-63>][fragment]

zte(extend-acl-group)#rule <1-500>{permit | deny} arp Sets the rule that an extended


{<sender-ipaddr><sip-mask>| any}{<target-ipaddr><tip-mask>| any} ingress ACL is used to match ARP
packets.

zte(cfg)#clear ingress-acl extend number <100-199> Clears an extended port ACL


instance.

zte(cfg)#config ingress-acl link number <200-299> Creates and configures a layer-2


ingress ACL instance.

zte(link-acl-group)#rule <1-500>{permit | deny} ip {[cos Sets the rule that a layer-2 ingress
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| ACL is used to match IP packets.
any][<dest-mac><dmac-mask>| any]}

zte(link-acl-group)#rule <1-500>{permit | deny} arp {[cos Sets the rule that a layer-2 ingress
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| ACL is used to match ARP
any][<dest-mac><dmac-mask>| any]} packets.

zte(link-acl-group)#rule <1-500>{permit | deny} other Sets the rule that a layer-2 ingress
{[ether-type <1501-65535>| dsap-ssap <0-65535>][cos ACL is used to match packets
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| except IP/ARP packets.
any][<dest-mac><dmac-mask>| any]}

zte(link-acl-group)#rule <1-500>{permit | deny} any [cos Sets the rule that a layer-2 ingress
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| ACL is used to match packets with
any][<dest-mac><dmac-mask>| any] specified cos, VLAN id, smac, and
dmac flags.

zte(cfg)#clear ingress-acl link number <200-299> Clears a layer-2 ingress ACL


instance.

zte(cfg)#config ingress-acl hybrid number <300-399> Creates and configures a hybrid


ingress ACL instance.

zte(hybrid-acl-group)#rule <1-500>{permit | Sets the rule that a hybrid ingress


deny}<ip-protocol>{<source-ipaddr><sip-mask>| any}{<des ACL is used to match specified
tination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment][cos fields of IPv4 packets.
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

5-46

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(hybrid-acl-group)#rule <1-500>{permit | deny} ip Sets the rule that a hybrid ingress


{<source-ipaddr><sip-mask>| any}{<destination-ipaddr><dip-mask>| ACL is used to match IPv4
any}[dscp <0-63>][fragment][cos <0-7>][<vlan-id>[<vlan-mask packets.
>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| any]

zte(hybrid-acl-group)#rule <1-500>{permit | deny} tcp Sets the rule that a hybrid ingress
{<source-ipaddr><sip-mask>| any}[source-port <0-65535><s ACL is used to match IPv4-TCP
port-mask>]{<destination-ipaddr><dip-mask>| any}[dest-port packets.
<0-65535><dport-mask>][dscp <0-63>][fragment][cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

zte(hybrid-acl-group)#rule <1-500>{permit | deny} udp Sets the rule that a hybrid ingress
{<source-ipaddr><sip-mask>| any}[source-port <0-65535><s ACL is used to match IPv4-UDP
port-mask>]{<destination-ipaddr><dip-mask>| any}[dest-port packets.
<0-65535><dport-mask>][dscp <0-63>][fragment][cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

zte(hybrid-acl-group)#rule <1-500>{permit | deny} arp Sets the rule that a hybrid ingress
{<sender-ipaddr><sip-mask>| any}{<target-ipaddr><tip-mask>| ACL is used to match ARP
any}[cos <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-m packets.
ask>| any][<dest-mac><dmac-mask>| any]

zte(hybrid-acl-group)#rule <1-500>{permit | deny} any Sets the rule that a hybrid ingress
{[ether-type <1501-65535>][cos <0-7>][<vlan-id>[<vlan-mask ACL is used to match non-IPv6
>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| packets.
any]}

zte(hybrid-acl-group)#rule <1-500>{permit | deny} Sets the rule that a hybrid ingress


ipv6 <ip-protocol>{<source-ipv6addr><sipv6-mask>| ACL is used to match specified
any}[<destination-ipv6addr><dipv6-mask>| any][<vlan-id>] fields of IPv6 packets.

zte(hybrid-acl-group)#rule <1-500>{permit | deny} Sets the rule that a hybrid ingress


ipv6 tcp {<source-ipv6addr><sipv6-mask>| any}[source-port ACL is used to match IPv6-TCP
<0-65535><sport-mask>][<destination-ipv6addr><dipv6-mask>| packets.
any][dest-port <0-65535><dport-mask>][<vlan-id>]

zte(hybrid-acl-group)#rule <1-500>{permit | deny} ipv6 Sets the rule that a hybrid ingress
udp {<source-ipv6addr><sipv6-mask>| any}[source-port ACL is used to match IPv6-UDP
<0-65535><sport-mask>][<destination-ipv6addr><dipv6-mask>| packets.
any][dest-port <0-65535><dport-mask>][<vlan-id>]

zte(hybrid-acl-group)#rule <1-500>{permit | Sets the rule that a hybrid ingress


deny} ipv6 any {<source-ipv6addr><sipv6-mask>| ACL is used to match IPv6
any}[<destination-ipv6addr><dipv6-mask>| any][<vlan-id>] packets.

5-47

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(hybrid-acl-group)#rule <1-500>{permit | Sets the rule that a hybrid ingress


deny} ipv6 icmp {<source-ipv6addr><sipv6-mask>| ACL is used to match IPv6 ICMP
any}[<destination-ipv6addr><dipv6-mask>| any][<vlan-id>] packets.

zte(hybrid-acl-group)#rule <1-500>{permit | deny} all Sets the rule that a hybrid ingress
ACL is used to match any packet.

zte(cfg)#clear ingress-acl hybrid number <300-399> Clears a hybrid ingress ACL


instance.

Creates and configures a


zte(cfg)#config ingress-acl user-define number <801-828> user-defined ingress ACL
instance.

zte(ingress-user-define-acl)#rule <1-500>{permit | Defines a rule in a user-defined


deny}[ udb1 <udb-value>< udb-mask>][ udb2 <udb-value>< ingress ACL.
udb-mask>][ udb3 <udb-value>< udb-mask>][ udb4 <udb-value><
udb-mask>][ udb5 <udb-value>< udb-mask>][ udb6 <udb-value><
udb-mask>][ udb7 <udb-value>< udb-mask>][ udb8<udb-value><
udb-mask>][ udb9 <udb-value>< udb-mask>][ udb10 <udb-value><
udb-mask>][ udb11 <udb-value>< udb-mask>][ udb12
<udb-value>< udb-mask>][ udb13 <udb-value>< udb-mask>][
udb14 <udb-value>< udb-mask>][ udb15 <udb-value>< udb-mask>]

Deletes a user-defined ingress


zte(cfg)#clear ingress-acl user-define number <801-828>
ACL instance.

zte(cfg)#config ingress-acl global Enters and configures a global


ingress ACL instance.

zte(global-acl-group)#rule <1-16>{permit | deny} port Sets the rule that a global ingress
{<1-28>| any}<ip-protocol>{<source-ipaddr><sip-mask>| any}{<d ACL matches specified fields of
estination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment][cos IPv4 packets.
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

zte(global-acl-group)#rule <1-500>{permit | deny} port Sets the rule that a global ingress
{<1-28>| any} ip {<source-ipaddr><sip-mask>| any}{<destina ACL matches IPv4 packets.
tion-ipaddr><dip-mask>| any}[dscp <0-63>][fragment][cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

zte(global-acl-group)#rule <1-500>{permit | deny} port Sets the rule that a global ingress
{<1-28>| any} tcp {<source-ipaddr><sip-mask>| any}[source-port ACL matches IPv4TCP packets.
<0-65535><sport-mask>]{<destination-ipaddr><dip-mask>| any}[d
est-port <0-65535><dport-mask>][dscp <0-63>][fragment][cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

5-48

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(global-acl-group)#rule <1-500>{permit | deny} port Sets the rule that a global ingress
{<1-28>| any} udp {<source-ipaddr><sip-mask>| any}[source-port ACL matches IPv4UDP packets.
<0-65535><sport-mask>]{<destination-ipaddr><dip-mask>| any}[d
est-port <0-65535><dport-mask>][dscp <0-63>][fragment][cos
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>|
any][<dest-mac><dmac-mask>| any]

zte(global-acl-group)#rule <1-500>{permit | deny} Sets the rule that a global ingress


port {<1-28>| any} arp {<sender-ipaddr><sip-mask>| ACL is used to match ARP
any}{<target-ipaddr><tip-mask>| any}[cos <0-7>][<vlan-id>[<vlan- packets.
mask>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>|
any]

zte(global-acl-group)#rule <1-500>{permit | deny} Sets the rule that a global ingress


port {<1-28>| any} any {[ether-type <1501-65535>][cos ACL is used to match non IPv6
<0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| packets.
any][<dest-mac><dmac-mask>| any]}

zte(cfg)#config egress-acl basic number < 400-499> Creates a basic egress ACL
instance and configures it.

zte(egress-basic-acl)#rule < 1-500>{ permit | deny}{< Sets a basic egress ACL.


source-ipaddr>< sip-mask>| any}[ fragment]

zte(cfg)#clear egress-acl basic number < 400-499> Clears a basic egress ACL
instance.

zte(cfg)#config egress-acl extend number < 500-599> Creates an extended egress ACL
instance and configures it.

zte(egress-extend-acl)#rule < 1-500>{ permit | Sets an extended egress ACL that


deny}< ip-protocol>{< source-ipaddr>< sip-mask>| any}{< matches specified fields of IPv4
destination-ipaddr>< dip-mask>| any}[ dsscp < 0-63>][ fragment] packets.

zte(egress-extend-acl)#rule < 1-500>{ permit | deny} icmp {< Sets an extended egress ACL that
source-ipaddr>< sip-mask>| any}{< destination-ipaddr>< dip-mask>| matches ICMP packets.
any}[ iicmp-ttype < 0-254>< icmp-code>][ dsscp < 0-63>][
fragment]

zte(egress-extend-acl)#rule < 1-500>{ permit | deny} ip {< Sets an extended egress ACL that
source-ipaddr>< sip-mask>| any}{< destination-ipaddr>< dip-mask>| matches IP packets.
any}[ dsscp < 0-63>][ fragment]

zte(egress-extend-acl)#rule < 1-500>{ permit | deny} tcp {< Sets an extended egress ACL that
source-ipaddr>< sip-mask>| any}[ ssourrce-porrtt < 0-65535>< matches TCP packets.
sport-mask>]{< destination-ipaddr>< dip-mask>| any}[ desstt-porrtt
< 0-65535>< dport-mask>][ establishing | established][ dsscp <
0-63>][ fragment]

5-49

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(egress-extend-acl)#rule < 1-500>{ permit | deny} udp {< Sets an extended egress ACL that
source-ipaddr>< sip-mask>| any}[ ssourrce-porrtt < 0-65535>< matches UDP packets.
sport-mask>]{< destination-ipaddr>< dip-mask>| any}[ desstt-porrtt
< 0-65535>< dport-mask>][ dsscp < 0-63>][ fragment]

zte(egress-extend-acl)#rule < 1-500>{ permit | deny} arp {< Sets an extended egress ACL that
sender-ipaddr>< sip-mask>| any}{< target-ipaddr>< tip-mask>| any} matches ARP packets.

zte(cfg)#clear egress-acl extend number < 500-599> Clears an extended egress ACL
instance.

zte(cfg)#config egress-acl link number < 600-699> Creates a layer-2 egress ACL
instance and configures it.

zte(egress-link-acl)#rule < 1-500>{ permit | deny} ip {[ coss Sets a layer-2 egress ACL that
< 0-7>][< vlan-id>[< vlan-mask>]][< dest-mac>< dmac-mask>| any]} matches IP packets.

zte(egress-link-acl)#rule < 1-500>{ permit | deny} arp {[ coss Sets a layer-2 egress ACL that
< 0-7>][< vlan-id>[< vlan-mask>]][< dest-mac>< dmac-mask>| any]} matches ARP packets.

zte(egress-link-acl)#rule < 1-500>{ permit | deny} other Sets a layer-2 egress ACL that
{[ ether-type < 1501-65535>| dsap-ssap < 0-65535>][ coss matches packets except IP/ARP
< 0-7>][< vlan-id>[< vlan-mask>]][< source-mac>< smac-mask>| packets.
any][< dest-mac>< dmac-mask>| any]}

zte(egress-link-acl)#rule <1-500>{permit | deny} any Sets the rule that a layer-2 egress
[<vlan-id>[<vlan-mask>]][cos <0-7>][<dest-mac><dmac-mask>| ACL is used to match packets with
any] specified cos, VLAN id, and dmac
flags.

zte(cfg)#clear egress-acl link number < 600-699> Clears a layer-2 egress ACL
instance.

zte(cfg)#config egress-acl hybrid number < 700-799> Creates a hybrid egress ACL
instance and configures it.

zte(egress-hybrid-acl)#rule < 1-500>{ permit | Sets a hybrid egress ACL that


deny}< ip-protocol>{< source-ipaddr>< sip-mask>| any}{< matches specified fields of IPv4
destination-ipaddr>< dip-mask>| any}[ dsscp < 0-63>][ fragment][ packets.
coss < 0-7>][< vlan-id>[< vlan-mask>]][< source-mac><
smac-mask>| any][< dest-mac>< dmac-mask>| any]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} ip {< Sets a hybrid egress ACL that
source-ipaddr>< sip-mask>| any}{< destination-ipaddr>< dip-mask>| matches IPv4 packets.
any}[ dsscp < 0-63>][ fragment][ coss < 0-7>][< vlan-id>[<
vlan-mask>]][< source-mac>< smac-mask>| any][< dest-mac><
dmac-mask>| any]

5-50

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} tcp {< Sets a hybrid egress ACL that
source-ipaddr>< sip-mask>| any}[ ssourrce-porrtt < 0-65535>< matches IPv4-TCP packets.
sport-mask>]{< destination-ipaddr>< dip-mask>| any}[ desstt-porrtt
< 0-65535>< dport-mask>][ dsscp < 0-63>][ fragment][ coss
< 0-7>][< vlan-id>[< vlan-mask>]][< source-mac>< smac-mask>|
any][< dest-mac>< dmac-mask>| any]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} udp {< Sets a hybrid egress ACL that
source-ipaddr>< sip-mask>| any}[ ssourrce-porrtt < 0-65535>< matches IPv4-UDP packet.
sport-mask>]{< destination-ipaddr>< dip-mask>| any}[ desstt-porrtt
< 0-65535>< dport-mask>][ dsscp < 0-63>][ fragment][ coss
< 0-7>][< vlan-id>[< vlan-mask>]][< source-mac>< smac-mask>|
any][< dest-mac>< dmac-mask>| any]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} arp Sets a hybrid egress ACL that
{< sender-ipaddr>< sip-mask>| any}{< target-ipaddr>< tip-mask>| matches ARP packets.
any}[ coss < 0-7>][< vlan-id>[< vlan-mask>]][< source-mac><
smac-mask>| any][< dest-mac>< dmac-mask>| any]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} any Sets a hybrid egress ACL that
{[ ettherr-ttype < 1501-65535>][ coss < 0-7>][< vlan-id>[< matches non-IPv6 packet
vlan-mask>]][< source-mac>< smac-mask>| any][< dest-mac><
dmac-mask>| any]}

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} Sets a hybrid egress ACL that
iipv6 < ip-protocol>{< source-ipv6addr>< sipv6-mask>| any}[< matches specified fields of IPv6
destination-ipv6addr>< dipv6-mask>| any][< vlan-id>] packets.

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} ipv6 Sets a hybrid egress ACL that
tcp {< source-ipv6addr>< sipv6-mask>| any}[ ssourrce-porrtt < matches IPv6-TCP packets.
0-65535>< sport-mask>][< destination-ipv6addr>< dipv6-mask>|
any][ desstt-porrtt < 0-65535>< dport-mask>][< vlan-id>]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} ipv6 Sets a hybrid egress ACL that
udp {< source-ipv6addr>< sipv6-mask>| any}[ ssourrce-porrtt < matches IPv6-UDP packets.
0-65535>< sport-mask>][< destination-ipv6addr>< dipv6-mask>|
any][ desstt-porrtt < 0-65535>< dport-mask>][< vlan-id>]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} ipv6 any Sets a hybrid egress ACL that
{< source-ipv6addr>< sipv6-mask>| any}[< destination-ipv6addr>< matches IPv6 packets.
dipv6-mask>| any][< vlan-id>]

zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} all Sets a hybrid egress ACL that
matches any packet.

zte(cfg)#clear egress-acl hybrid number < 700-799> Clears a hybrid egress ACL
instance.

zte(cfg)#config ingress-acl user-define udb <1-15> anchor Sets a user-defined anchor and
<0-3>[offset <0-31>][data-length<1-6>] offset.

5-51

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#config ingress-acl user-define udb <1-15> description Sets a description for a


<string> user-defined byte.

Clears the description of a


zte(cfg)#clear acl udb <1-15> description
user-defined byte.

move <1-500>{after | before}<1-500> (all ACL configuration Sorts rules in ACL instance.
modes)

clear rule <1-500> (all ACL configuration modes) Clears one rule in ACL instance.

zte(cfg)#show vlan-range <vlan-range> Displays the best mask


configuration when VLAN ID
is matched in batch.

zte(cfg)#show acl binding {all | port [<portlist>]| vlan [<vlanlist>]} Displays the configuration
information that ACL is bound to
the interface.

zte(cfg)#show acl config Displays ACL summary


configuration.

zte(cfg)#show acl config [<1-828>| name <word>][ active | Displays the detailed configuration
command | deny | passive | permit | policy | rule <1-500>| snmp of ACL instance.
| time-range ]

zte(cfg)#show acl udb Displays detailed configurations of


user-defined bytes.

zte(cfg)#create acl <1-828> description <description> Sets ACL descriptions.

zte(cfg)#clear acl <1-828> description Deletes ACL descriptions.

ACL Configuration Instance


l Configuration Description
Configure ACL in the switch to realize the following functions. Forbid the users to
access the external network through the gateway from 9:00 to 18:00. The gateway
connects with the switch on port 26. The client PC connects the switch on ports 1-24.
All the users access the external network through the gateway 192.168.0.1. See
Figure 5-12.

5-52

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-12 ACL Configuration Instance

l Configuration Procedure
zte(cfg)#config ingress-acl hybrid number 300
zte(ingress-hybrid-acl)#rule 1 deny ip any 192.168.0.1 255.255.255.255
zte(ingress-hybrid-acl)#rule 2 deny arp any 192.168.0.1 255.255.255.255
zte(ingress-hybrid-acl)#exit
zte(cfg)#set port 1-24 acl 300 enable
zte(cfg)#set time-range worktime range period 09:00 to 18:00 daily
zte(cfg)#set time-range worktime acl 300 rule 1 enable
zte(cfg)#set time-range worktime acl 300 rule 2 enable

5.12 QoS Configuration


QoS Overview
QoS can provide end-to-end data exchange with a high quality. The content includes the
following parts:
l Port ingress rate limit
l Port egress shaping
l Port queue schedule algorithm
l Port priority mapping
l QoS profile configuration
l Traffic Classification (TC)
l Flow rate limit
l Flow statistics, count the packet with the special color based on the flow rate limit.
l Flow mapping, flow redirection.
l Specified field modification for specified packets.
QoS includes port QoS, global QoS and flow-based QoS.

5-53

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

For the data packet QoS handling method on the network edge device on the access side,
there are the following conditions:
l The switch can select whether to trust the packet and which fields of the packet, such
as UP or DSCP, can be trusted when receiving the packet. It allocates the QoS service
according to trusted fields.
l When the data packet received by the switch is not trusted, the QoS service is
allocated according to the related QoS configuration on the receiving port.
l QoS service defines the internal processing method and external processing method
of the packet. The internal processing method includes TC, and the external
processing method includes modifying the 802.1p user priority of a data packet or
the DSCP domain of an IP header.
For the following network core device, implement the service similar to the previous service
according to 802.1p of the packet or DSCP mark. This way, a set of end-to-end QoS
service is provided. When the flow exceeds the configuration, the network device can
modify the QoS service level such as dropping packets or allocating the lower-level QoS
service.
When a data packet enters the port, the switch will perform the QoS initialization mark
which mainly includes the initialization of TC QoS parameters.
In the direction of switch egress, the QoS is used to put the packet into the suitable queue
according to marked TC and perform the corresponding queue scheduling algorithm and
congestion control algorithm according to the current queue configuration and modify it
according to 802.1p user priority or IP DSCP field of the data packet.

Configuring QoS
The QoS configurations on the ZXR10 2900E includes global-based QoS configuration
and port-based QoS configuration. Part of QoS configuration is related to ACL. The QoS
configuration includes the following commands:

Command Function

zte(cfg)#set qos priority-mapping port <1-28> default-up <0-7> Sets the default port UP priority.

zte(cfg)#set qos priority-mapping port <1-28> trust-mode Sets the port trusted mode.
{dscp-priority | port-profile | user-priority}

zte(cfg)#set qos priority-mapping port <1-28>{remapping-dscp Sets packet UP/DSCP


| remark {dscp-priority | user-priority}}{enable | disable} remark/remapping based on
the port.

zte(cfg)#set qos priority-mapping qos-profile dscp-to-dscp Sets the mapping relation between
<0-63> to <0-63> DSCPs .

zte(cfg)#set qos priority-mapping port <1-28> port-to-profile Sets the mapping relation between
qos-profile <0-127> the port and the QoS profile.

zte(cfg)#set qos priority-mapping qos-profile {up-to-profile Sets the mapping relation between
<0-7>| dscp-to-profile <0-63>} qos-profile <0-127> the DSCP/UP and the QoS profile.

5-54

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set qos priority-mapping qos-profile <0-127>{drop-pri Sets the QoS profile template.
ority {red | yellow | green}| dscp-priority <0-63>| user-priority
<0-7>| traffic-class <0-7>}

zte(cfg)#set qos priority-mapping qos-profile default Sets 128 QoS profiles to recover
default values.

zte(cfg)#set qos queue-schedule enhance {disable| enable} Sets the optimized queue
scheduling mode.

zte(cfg)#set qos queue-schedule mode {byte | packet} Sets the QoS queue scheduling
unit.

zte(cfg)#set qos queue-schedule port <1-28>{session <1-7>| Sets the scheduling policy of each
default} queue of the port.

zte(cfg)#set qos queue-schedule session <1-7><0-255><0-255><0 Sets scheduling policy template.


-255><0-255><0-255><0-255><0-255><0-255>[single-wrrgroup]

zte(cfg)#set qos traffic-limit mode {byte|packet} Sets the speed limit mode of the
global Ingress port.

zte(cfg)#set qos traffic-limit fe-port <1-24>{data-rate Sets 100 M port ingress rate
<0-100000>| disable} limit, in which <0-100000> is the
maximum of data transmission
rate.

zte(cfg)#set qos traffic-limit fe-port <1-24>{packet-rate Sets 100 M port ingress rate
<0-148810>[packet-lenth <64-10240>]| disable} limit, in which <0-148810> is the
maximum of packet transmission
rate.

zte(cfg)#set qos traffic-limit port <1-28> packet-type {broadcast Sets the packet type that the rate
| known-uc | multicast | tcp-syn | unknown-uc}{enable | disable} limit function limits.

zte(cfg)#set qos traffic-limit port <1-28> percent <1-100> Sets the ingress rate limit based
on the port bandwidth percentage.

zte(cfg)#set qos traffic-limit port <1-28> protect {enable|disable} Sets the port rate limiting function.

zte(cfg)#set qos traffic-limit port <1-28> protect time <1-10> Sets the port shutdown time
when the port rate limit function is
enabled.

zte(cfg)#set qos traffic-limit port <1-28> trap {enable | disable} Enables or disables the trap
function for a port.

zte(cfg)#set qos traffic-limit ge-port <25-28>{data-rate Sets 1000 M port ingress rate
<32-1000000>| disable} limit, in which, <32-100000> is the
maximum of data transmission
rate.

5-55

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set qos traffic-limit ge-port <25-28>{packet-rate Sets 1000 M port ingress rate limit.
<0-14881000>[packet-lenth <64-10240>]| disable}

zte(cfg)#set qos traffic-limit xge-port <2/1-2/4>{data-rate Sets the ingress rate limit for
<0-10000000>| disable} the 10000 M port, in which,
<0-100000> is the maximum of
data transmission rate

zte(cfg)#set qos traffic-limit ge-port <2/1-2/4>{packet-rate Sets the ingress rate limit for
<0-14881000>[packet-lenth <64-10240>]| disable} the 10000 M port, in which,
<0-148810> is the maximum of
packet transmission rate.

zte(cfg)#set qos traffic-shaping fe-port <1-24>{data-rate Sets 100M egress shaping rate.
<32-100000> burst-size <8-4094>| disable}

zte(cfg)#set qos traffic-shaping fe-port <1-24> queue Sets 100M egress shaping rate
<0-7>{data-rate <32-100000> burst-size <8-4094>| disable} based on the queue.

zte(cfg)#set qos traffic-shaping ge-port <25-28>{data-rate Sets 1000M egress shaping rate.
<2-1000> burst-size <8-4094>| disable}

zte(cfg)#set qos traffic-shaping ge-port <25-28> queue Sets 1000M egress shaping rate
<0-7>{data-rate <2-1000> burst-size <8-4094>| disable} based on the queue.

zte(cfg)#set qos traffic-shaping xge-port <2/1-2/4>{data-rate Sets the Egress shaping rate for
<2-10000> burst-size <8-4094>| disable} the 10000 M port.

zte(cfg)#set qos traffic-shaping xge-port <2/1-2/4> queue Sets the queue-based Egress
<0-7>{data-rate <2-10000> burst-size <8-4094>| disable} shaping rate for the 10000 M port.

zte(cfg)#set anti-DoS {enable | disable} Enables or disables the DOS


anti-attack function.

show qos priority-mapping port [<1-28>] (all configuration modes) Displays priority mapping
configuration based on the
port.

show qos priority-mapping qos-profile [<0-127>| dscp-to-dscp | Displays various priority-mapping


dscp-to-profile | up-to-profile] (all configuration modes) configuration related to the QoS
profile.

show qos queue-schedule mode (all configuration modes) Displays QoS queue scheduling
unit.

show qos queue-schedule port <1-28> (all configuration modes) Displays the queue scheduling
policy of each queue of the port.

show qos queue-schedule session [<1-7>] (all configuration modes) Displays the configuration of
scheduling policy template.

show qos traffic-limit [port <1-28>] protect (all configuration Displays the egress rate limiting
modes) configuration of the port.

5-56

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show qos traffic-limit [port <1-28>] trap (all configuration modes) Displays trap function
configuration.

show qos traffic-limit [port <1-28>] (all configuration modes) Displays ingress rate limit
configuration.

show qos traffic-shaping [port <1-28>] (all configuration modes) Displays egress shaping
configuration.

show anti-dos (all configuration modes) Displays the DOS anti-attack


configuration.

show qos traffic-limit [protect | port <1-28> protect] Displays the port protection
configuration.

zte(cfg)#set qos policer <0-383> mode {aware | blind} cir Sets the flow policer.
<32-10485760> cbs <20000-268435456>{ebs <20000-268435456>|
pir <32-10485760> pbs <20000-268435456>}

zte(cfg)#set qos policer <0-383> exceed-action red {no-operation Sets flow policing action.
| drop | remark} yellow {no-operation | drop | remark}

zte(cfg)#set qos policer <0-383> exceed-action remark profile Sets the binding and action
<0-127> up {no-change | enable-modify | disable-modify} dscp { implementation mode between the
no-change | enable-modify | disable-modify } flow policer and the QoS profile.

zte(cfg)#set qos policer counter-mode {L1 | L2 | L3} Sets the flow policer statistics
mode.

zte(cfg)#set qos policer <0-383> counter <0-255>{enable | Enables or disables the flow
disable} policer statistics function and
configures the binding between
the flow policer and the counter.

zte(cfg)#set policy policing in acl <1-828> rule <1-500> policer Enables the flow policer and
<0-383> handles the special flow by the
flow policer.

zte(cfg)#set policy remark in ingress-acl <1-399,800-828> Uses the QoS profile to modify the
rule <1-500> profile <0-127> up {no-change | enable-modify | specified flow UP/DSCP field that
disable-modify} dscp {no-change | enable-modify | disable-modify} the ingress ACL matches.

zte(cfg)#set policy remark in egress-acl < 400-799> rrulle < Uses the QoS profile to modify the
1-500> up { no-change |< 0-7>} dscp { no-change |< 0-63>} specified flow UP/DSCP field that
the egress ACL matches.

zte(cfg)#set mirror analyze-port session <1-3>{enable | disable} Sets the session between flow
mapping port and port mapping .

zte(cfg)#set policy mirror in acl <1-399,800-828> rule Copies the specified data flow to
<1-500>{cpu | analyze-port} the monitor port.

5-57

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set policy redirect in acl <1-399,800-828> rule Redirects the specified data flow
<1-500>{cpu | port <1-28>} to the user-specified egress port.

zte(cfg)#set policy statistics in acl <1-828> rule <1-500> Implements flow statistic for the
counter <0-1023> data flow matching ACL rule.

zte(cfg)#set policy vlan-remark in acl <1-828> rule Modifies the VLAN remark of the
<1-500><1-4094>{nested | replace {untagged | tagged | all}} specified flow.

zte(cfg)#set policy harddrop in acl <1-828> rule <1-500> Sets harddrop.

zte(cfg)#clear policy remark in acl <1-828> rule <1-500> Clears the configuration of the
specified flow UP/DSCP field
modified by QoS profile.

zte(cfg)#clear policy policing in acl <1-828> rule <1-500> Clears the configuration that
the flow policer processes the
specified flow.

zte(cfg)#clear policy mirror in acl <1-399,800-828> rule <1-500> Clears the configuration that
the specified flow mirrors to the
specified port.

zte(cfg)#clear policy statistics in acl <1-828> rule <1-500> Clears the configuration of
collecting statistics of packets of
the specified flow.

zte(cfg)#clear policy redirect in acl <1-399,800-828> rule Clears the configuration that the
<1-500> specified flow is redirected to the
specified port.

zte(cfg)#clear policy vlan-remark in acl <1-828> rule <1-500> Clears the configuration of
modifying the specified flow VLAN
tag.

zte(cfg)#clear policy harddrop in acl <1-828> rule <1-500> Clears the configuration that
the specified flow implements
harddrop operation.

zte(cfg)#clear qos policy-counter <counterlist> Clears the counter that counts the
specified flow.

zte(cfg)#clear qos policer-counter <counterlist> Clears the flow policer statistics


value.

zte(cfg)#clear qos policer <0-383> Clears the flow policer


configuration.

show qos policer [<0-383>] (all configuration modes) Displays the flow policer
configuration.

show qos policy-counter [<0-1023>] (all configuration modes) Displays the counter value of the
specified flow.

5-58

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show qos policer-counter [<0-383>] (all configuration modes) Displays the flow policer statistics
value.

show policy [mirror | redirect | statistics | policing [<0-383>]| Displays various binding
vlan-remark | remark | harddrop] (all configuration modes) configuration of the specified
flow.

zte(cfg)#set icmp protect {enable|disable} Sets the ICMP protection function.

QoS Configuration Instance


l Configuration Description
Use the 2928E as an example, set the uplink bandwidth of all the user-interface to 2
Mbps. The uplink bandwidth of the switch is 20 Mbps. The uplink port is port 26 and
the client PC accesses the network through port 24. See Figure 5-13.

Figure 5-13 QoS Configuration Instance

l Configuration Procedure
zte(cfg)#set qos traffic-limit fe-port 1 data-rate 2000
zte(cfg)#set qos traffic-limit fe-port 2 data-rate 2000
/*Omitted*/
zte(cfg)#set qos traffic-limit fe-port 24 data-rate 2000
zte(cfg)#set qos traffic-shaping ge-port 26 data-rate 20 burst-size 10
l Configuration Verification
zte(cfg)#show qos traffic-shaping port 26
Port Egress Traffic Shaping Table:
Port ID : 26
Port Shaping Rate (Kbps) : 20000 The Burst Size : 10
Queue 0 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A
Queue 1 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A

5-59

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Queue 2 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A


Queue 3 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A
Queue 4 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A
Queue 5 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A
Queue 6 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A
Queue 7 Shaping Rate (Kbps) : No-Limit The Burst Size : N/A
zte(cfg)#sho qos traffic-limit port 1
Port Ingress Traffic Limit Table:
Flags: DataRate - traffic limit rate (Kbps), BcEn - Enable Broadcast Limit
KucEn - Enable Known unicast Limit, McEn - Enable Multicast Limit
TcpSynEn - Enable TCP SYN Limit, UucEn - Enable Unknown unicast Limit
PORT DataRate(Kbps) BcEn KucEn McEn TcpSynEn UucEn
------- -------------- ----- ------ ----- --------- ------
port-1 2000 1 1 1 1 1

5.13 PVLAN Configuration


PVLAN Overview
To enhance network security, it is necessary to isolate users packets. A traditional solution
is to allocate a VLAN for a user. This solution has obvious limits, as described below.
1. IEEE 802.1Q standard supports 4094 VLANs at most. The number of users is limited,
which is not good for network extension.
2. Each VLAN corresponds to an IP subnet. Too many subnets bring IP address waste.
3. Too many VLANs and IP subnets make it difficult to manage networks.
The Private VLAN (PVLAN) technology solves these problems.

A PVLAN divides ports in a VLAN into hybrid ports, isolated ports, and community ports.
l A hybrid port can communicate with any port.
l An isolated port can communicate only with a hybrid port, and it cannot communicate
with other isolated ports.
l A community port can communicate with a hybrid port or another community port in
the same session.
The ports within a VLAN are separated. Users can only communicate with their default
gateways, and the network security is guaranteed.

The ZXR10 2900E series switches support four PVLAN sessions. Each PVLAN session
supports an unlimited number of hybrid ports. Each PVLAN supports an unlimited number
of isolated or community ports.

Configuring PVLAN
The PVLAN configuration includes the following commands:

5-60

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set vlan pvlan session <1-4>{promise-port Sets the PVLAN function.


<portlist>|promise-trunk<trunklist>}{isolate-port<portlist>|isola
te-trunk<trunklist>}{communi-port<portlist>|communi-trunk
<trunklist>}

clear vlan pvlan [session<1-4>] Clears the PVLAN configuration.

show vlan pvlan [session<1-4>] (all configuration modes) Displays the PVLAN configuration.

zte(cfg)#set vlan pvlan session <1-4>{promise-port Configures a type of PVLAN port.


<portlist>|promise-trunk<trunklist>|isolate-port<portlist>|isola
te-trunk<trunklist>|communi-port <portlist>| communi-trunk
<trunklist>}

PVLAN Configuration Example One


l Configuration Description
Add a hybrid port 26 and isolated ports 1, 2, and 3 to session 1. See Figure 5-14.

Figure 5-14 PVLAN Configuration Example 1

l Configuration Procedure
zte(cfg)#set vlan pvlan session 1 promis-port 26 isolate-port 1-3
l Configuration Verification
zte(cfg)#show vlan pvlan
pvlan session : 1
promis-ports : 26
promis-trunks :
isolate-ports : 1-3

5-61

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

isolate-trunks :
community-ports :
community-trunks :

PVLAN Configuration Example Two


l Configuration Description
Add a trunk 1 and isolated ports 4, 5 and 6 into session 2. See Figure 5-15.

Figure 5-15 PVLAN Configuration Example 2

l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 1 add port 1-3
zte(cfg)#set lacp sggregator 1 mode dynamic
2. Configuration of switch B:
zte(cfg)#set lacp enable
zte(cfg)#set lacp aggregator 1 add port 1-3
zte(cfg)#set lacp aggregator 1 mode dynamic
zte(cfg)#set vlan pvlan session 2 promis-trunk 1 isolate-port 4-6
l Configuration Verification
zte(cfg)#show vlan pvlan
pvlan session : 1
promis-ports : 16
promis-trunks :
isolate-ports : 1-3
isolate-trunks :

5-62

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

community-ports :
community-trunks :

pvlan session : 2
promis-ports :
promis-trunks : 1
isolate-ports : 4-6
isolate-trunks :
community-ports :
community-trunks :

5.14 Layer 2 Protocol Transparent Transmission


Configuration
Layer 2 Protocol Transparent Transmission Overview
IEEE 802.1x is a Port-Based Network Access Control protocol. Port-based network
access control is a way to authenticate and authorize the users to be connected to
the LAN equipment. This type of authentication provides a point-to-pint subscriber
identification method in the LAN.
The ZXR10 2900E provides 802.1x transparent transmission function which transparently
transmits 802.1x protocol packets from the client to the authentication server for
authentication.
The ZXR10 2900E provides 802.1x transparent transmission function. It also provides
layer-2 transparent transmission function such as STP, LACP/OAM, ZGMP,LLDP and
GVRP. The protocol range is 0x00, 0x02-0x2f.
The common layer-2 protocols are shown below.

Protocol Number Protocol

0x00 STP

0x02 LACP/OAM

0x03 802.1x

0x09 ZGMP

0x0E LLDP

0x21 GVRP

Configuring Layer 2 Protocol Transparent Transmission


The configuration of layer-2 protocol transparent transmission includes the following
commands:

5-63

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set l2pt <protocol-list>{enable | disable | invalid} Enables or disables L2pt


transparent transmission function.

show l2pt (all configuration modes) Displays the configuration of L2pt


transparent transmission.

Layer 2 Protocol Transparent Transmission Configuration Instance


l Configuration Description
Set the LACP transparent transmission function of L2pt of Switch 1 to implement the
link aggregation between Switch 2 and Switch 3. The configuration increases the link
bandwidth and realizes a redundant backup. See Figure 5-16.

Figure 5-16 Layer 2 Protocol Transparent Transmission Configuration Topology

l Configuration Procedure
zte(cfg)#set l2pt 0x02 enable
zte(cfg)#set vlan 100 enable
zte(cfg)#set vlan 100 add port 1, 3
zte(cfg)#set port 1,3 pvid 100
zte(cfg)#set vlan 200 enable
zte(cfg)#set vlan 200 add port 2, 4
zte(cfg)#set port 2,4 pvid 200
l Configuration Verification
Display the aggregation state of Switch 2 and Switch 3:
zte(cfg)#show lacp aggregator 1
Group 1
Actor Partner
------------------------------- ----------------------------
Priority : 32768 32768

5-64

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Mac : 00.d0.d0.02.00.54 00.d0.d0.29.52.06


Key : 258 258
Ports : 2, 1 2, 1

5.15 IPv4 Layer 3 Configuration


IPv4 Layer 3 Overview
The ZXR10 2900E provides a few IPv4 layer-3 functions for the remote configuration and
management. To realize the remote access, an IP port must be configured on the switch.
If the IP port of the remote configuration host and that of the switch are not in the same
network segment, it is also necessary to configure the static route.
Static route is a simple unicast route protocol. The next-hop address to a destination
network segment is specified by a user, where next hop is also called gateway. Static route
involves destination address, destination address mask, next-hop address, and egress
interface. Destination address and destination address mask describe the destination
network information. The next-hop address and egress interface describe the way that
switch forwards destination packets.

The ZXR10 2900E allows adding and deleting the static ARP table. The ARP table records
mapping relationship between the IP address and the MAC address of each node in the
same network. When sending IP packets, the switch first checks whether the destination
IP address is in the same network segment. If yes, the switch checks whether there is a
peer end IP address and MAC address mapping entry in the ARP table.

1. If yes, the switch directly sends the IP packets to this MAC address.
2. If the MAC address corresponding to peer end IP address cannot be found in the ARP
table, an ARP Request broadcast packet will be sent to the network to query peer end
MAC address.
Entries of the ARP table on the switch are dynamic. Static ARP table entry needs to be
configured only when the connected host cannot respond the ARP Request.

Switch layer-3 configuration includes the following commands:


l Connectivity test
l Layer 3 interface related configuration
l ARP related configuration
l Static route related configuration

The ZXR10 2900E series system supports the hardware routing function to increase IP
packets forwarding speed.
To configure the IPv4 layer-3 function, use the config router command to enter the layer-3
configuration mode first.

Configuring IPv4 Layer 3 Functions


The configuration of the IPv4 L3 functions includes the following contents:

5-65

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#ping <A.B.C.D>[<0-65535>[<28-65535>[<1-255>[<0-65 Detects the network connectivity.


535>[<A.B.C.D>]]]]]

zte(cfg)#trace <A.B.C.D>[max-ttl <1-255>[min-ttl Router trace, which is used


<1-255>[repeat <1-65535>[source <A.B.C.D>[timeout to determine the path of IP
<1-60>[udp-port <1-65535>]]]]]] data messages to access the
destination.

zte(cfg-router)#set ipport <0-63>{enable | disable} Enables or disables a layer-3


interface.

zte(cfg-router)#set ipport <0-63> ipaddress {<A.B.C.D/M>|<A. Sets the IP address and submask
B.C.D>< A.B.C.D>} of a layer-3 port.

zte(cfg-router)#set ipport <0-63> mac <HH.HH.HH.HH.H Sets the MAC address of layer-3
H.HH> port.

zte(cfg-router)#set ipport <0-63> vlan <1-4094> Sets the VLAN binding with layer-3
port.

zte(cfg-router)#iproute {<A.B.C.D/M>|<A.B.C.D>< A.B.C.D>}< Adds a static route.


A.B.C.D>[<1-15>][description <string>]

zte(cfg-router)#arp add <A.B.C.D><HH.HH.HH.HH.HH.HH Adds a static ARP.


><0-63>

zte(cfg-router)#arp delete <A.B.C.D> Deletes a static ARP.

zte(cfg-router)#arp ipport <0-63> timeout <1-1000> Sets ARP entry aging time based
on layer-3 interface.

zte(cfg-router)#arp gratuitous-send <5-4294967295> Enables the free ARP function and


sets the period for sending free
ARP messages.

zte(cfg-router)#clear arp Clears dynamic ARP entry in


batches.

zte(cfg-router)#clear iproute [{<A.B.C.D/M>|<A.B.C.D><A.B. Clears static routing entry.


C.D>}<A.B.C.D>]

zte(cfg-router)#clear ipport <0-63>[mac | ipaddress | vlan | Deletes ipport configuration.


dhcp ]

zte(cfg-router)#clear gratuitous-send Disable the free ARP function.

zte(cfg-router)#hardware-iproute {enable | disable} Enables or disables the hardware


routing function.

zte(cfg-router)#show arp [static | dynamic | invalid | ipport Displays the ARP table item
<0-63>[static | dynamic | invalid]| ipaddress <A.B.C.D>] information and free ARP function
status according to various rules.

5-66

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show ipport [<0-63>](all configuration modes) Displays ipport layer-3 interface


configuration.

show iproute (all configuration modes) Displays all routing information.

show hardware-iproute (all configuration modes) Displays hardware routing


configuration.

IPv4 Layer 3 Configuration Instance


l Configuration Description
Set the layer-3 IP address to 192.168.1.2 on the switch. The IP address 192.168.1.2
can ping the IP address 192.168.1.1 successfully. Bind vlan100 with 192.168.1.2.
Port 1 on switch connects with PC. See Figure 5-17.

Figure 5-17 Layer-3 Configuration Instance

l Configuration Procedure
zte(cfg)#set vlan 100 enable
zte(cfg)#set vlan 100 add port 1
zte(cfg)#set port 1 pvid 100
zte(cfg)#config route
zte(cfg-router)#set ipport 0 ipaddress 192.168.1.2 255.255.255.0
zte(cfg-router)#set ipport 0 vlan 100
zte(cfg-router)#set ipport 0 enable
l Configuration Verification
zte(cfg-router)#show ipport
IpPort En/Disable IpAddress Mask MacAddress VlanId
------ ---------- ------------ -------------- ----------------- ------
0 enabled 192.168.1.2 255.255.255.0 00.d0.d0.fa.29.20 100
zte(cfg-router)#exit

Use the ping command to check whether the layer-3 port is available.

zte(cfg)#ping 192.168.1.1
zte(cfg)#ping 192.168.1.1
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64
Reply from 192.168.1.1 : bytes=28 time<1ms TTL=64

5-67

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

5.16 IPv6 Layer 3 Configuration


IPv6 Layer 3 Function Overview
The ZXR10 2900E supports IPv6 layer-3 functions for remote configuration and
management. The Layer 3 functions are as follows:
1. IPv6 interface configuration
2. Ping v6 for checking network connectivity
3. Telnet v6 server for remote login and configuration

Configuring IPv6 Layer 3 Functions


The configuration of IPv6 Layer 3 functions includes the following commands:

Command Function

zte(cfg-router)#set ipv6port <0> vlan <1-4094> Sets a VLAN associated with an


IPv6 Layer 3 interface.

zte(cfg-router)#set ipv6port <0> ipv6address Sets an IPv6 address and address


{<ipv6Addr/M>|<ipv6Addr><wildcard>} prefix length of an IPv6 Layer 3
interface.

zte(cfg-router)#set ipv6port <0>{enable | disable} Enables or disables an IPv6 Layer


3 interface.

zte(cfg-router)#ipv6route default <ipv6Addr> Adds an IPv6 static route.

zte(cfg-router)#clear ipv6port <0>[ipv6address Clears IPv6 Layer 3 interface


<ipv6Addr/M>] configuration.

zte(cfg-router)#clear ipv6route default Clears the IPv6 default route.

show ipv6port (all configuration modes) Displays IPv6 Layer 3 interface


configuration.

show ipv6route(all configuration modes) Displays IPv6 route configuration.

show ipv6port <0> nd (all configuration modes) Displays IPv6 device neighbor
information, similar to the function
of the show arp command in IPv4.

zte(cfg)#ping6 <ipv6Addr>[<0-65535>[<48-1280>[<1-255>[<0- Checks network connectivity,


65535>]]]] similar to the function of the ping
command in IPv4.

Layer-3 IPv6 Configuration Instance


l Configuration Description
On a switch, configure IPv6 address 12:12::c055:40, bind VLAN 300, configure the
gateway, and set the port connected to the PC to port 10. On a PC, configure an IPv6
address and interface route. See Figure 5-18.

5-68

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-18 Layer-3 IPv6 Configuration Instance

l Configuration Procedure
zte(cfg)#set vlan 300 enable
zte(cfg)#set vlan 300 add port 10
zte(cfg)#set port 10 pvid 300
zte(cfg)#config route
zte(cfg-router)#set ipv6port 0 ipv6address 12:12::c055:40/128
zte(cfg-router)#set ipv6port 0 vlan 300
zte(cfg-router)#set ipv6port 0 enable
zte(cfg-router)#set ipv6port 0 enable
zte(cfg-router)#ipv6route default 12:12::c055:12
l Configuration Verificatio
zte(cfg-router)#show ipv6port
IpPort Status Ipv6AddrNum MacAddress VlanId IpMode
------ ------ --------------- ----------------- ------ ------
0 up 1 00.22.93.63.4f.70 300 static

Use the ping command to check whether the layer-3 port is available.
zte(cfg)#ping6 12:12::c055:40

Reply from 12:12::c055:40 : bytes=48 time<1ms TTL=64


Reply from 12:12::c055:40 : bytes=48 time<1ms TTL=64
Reply from 12:12::c055:40 : bytes=48 time<1ms TTL=64
Reply from 12:12::c055:40 : bytes=48 time<1ms TTL=64
Reply from 12:12::c055:40 : bytes=48 time<1ms TTL=64

5.17 DAI Configuration


DAI Overview
Because so many ARP middle-man-attacks happen, Dynamic ARP Inspection (DAI) is
introduced in the ZXR10 2900E. DAI checks the ARP packet received by the switch. If the
packet meets the condition, it will be forwarded. Otherwise it will be dropped.

DAI is related to the trusted state of the port of the switch. If an ARP packet is received
on a trusted port, shield all DAI detections. If an ARP packet is received on a non-trusted
port, it must pass the DAI validity test.

Configuring DAI
The DAI configuration includes the following commands:

5-69

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set arp-inspection validate {ip | dst-mac | Enables or disables the inspection


src-mac}{enable | disable} of each field of an ARP packet.

zte(cfg)#set arp-inspection vlan <vlanlist>{enable | disable} Enables or disables DAI function


based on the VLAN.

zte(cfg)#set arp-inspection port <portlist>{trust | untrust} Sets a port to a trusted or untrusted


port.

zte(cfg)#set arp-inspection port <portlist> limit {<1-100>| Sets the maximum number of ARP
infinite} packets in the unit time.

show arp-inspection (all configuration modes) Displays DAI function configuration


information.

DAI Configuration Instance


l Configuration Description
When DHCP snooping is enabled, check ARP packet validity and the corresponding
relation between MAC, IP and VLAN. An illegal packet is dropped, and the speed of
sending ARP packets on a non-trusted port to the CPU is limited. See Figure 5-19.

Figure 5-19 DAI Configuration InstanceTopology

l Configuration Procedure
zte(cfg)#set dhcp snooping-and-option82 enable
zte(cfg)#set dhcp snooping add port 49,50
zte(cfg)#set dhcp port 49 client
zte(cfg)#set dhcp port 50 server
zte(cfg)#show dhcp snooping
DHCP snooping is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server
zte(cfg)#set arp-inspection vlan 1 enable
zte(cfg)#set arp-inspection port 49 untrust

5-70

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

zte(cfg)#set arp-inspection port 49 limit 15


zte(cfg)#set arp-inspection validate ip enable
zte(cfg)#set arp-inspection validate dst-mac enable
zte(cfg)#set arp-inspection validate src-mac enable

Note:
DAI detection condition: the port sending packets is a non-trusted port, and the DAI
function is enabled on the VLAN. When DHCP Snooping is enabled and a non-trusted
port is added into DHCP Snooping, DAI detection is valid.

l Configuration Verification
zte(cfg)#show arp-inspection
Enabled validation: ip,dst-mac,src-mac
Enabled vlanlist : 1
PortId TrustType Limit(pps)
------ --------- ----------
49 Untrust 15
50 Trust -
51 Trust -
52 Trust -

5.18 Access Service Configuration


Access Service Overview
With the rapid expansion of Ethernet, to meet the fast increase of subscribers and
requirement of diversified broadband services, a Network Access Service (NAS) is
embedded on the switch to improve the authentication and management of access
subscribers and better support the billing, security, operation, and management of the
broadband network.
NAS uses the 802.1x protocol and RADIUS protocol to realize the authentication and
management of access subscribers. It is highly efficient, safe, and easy to operate.

IEEE 802.1x is called port-based network access control protocol. Its protocol system
includes three key parts: client system, authentication system, and authentication server.

l The client system is a user terminal system installed with the client software. A
subscriber originates the IEEE802.1x protocol authentication process through this
client software. To support the port-based network access control, the client system
must support the Extensible Authentication Protocol Over LAN (EAPOL).
l The authentication system is network equipment that supports the IEEE802.1x
protocol. Corresponding to the ports of different subscribers (the ports can be

5-71

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

physical ports or MAC address, VLAN, or IP address of the user equipment), the
authentication system has two logical ports: controlled port and uncontrolled port.
1. The uncontrolled port is always in the state that the bidirectional connections are
available. It is used to transfer the EAPOL frames and can ensure that the client
can always send or receive the authentication.
2. The control port is enabled only when the authentication is passed. It is used to
transfer the network resource and services. The controlled port can be configured
as bidirectional controlled or input controlled to meet the requirement of different
applications. If the subscriber authentication is not passed, this subscriber cannot
visit the services provided by the authentication system.
3. The controlled port and uncontrolled port in the IEEE 802.1x protocol are logical
ports. There are no such physical ports on the equipment. The IEEE 802.1x
protocol sets up a local authentication channel for each subscriber and other
subscribers cannot use it. Thus, preventing the port from being used by other
subscribers after the port is enabled.
l The authentication server is a RADIUS server. This server can store a lot of
subscriber information, such as the VLAN that the subscriber belongs to, CAR
parameters, priority, and subscriber access control list. After the authentication
of a subscriber is passed, the authentication server will pass the information of
this subscriber to the authentication system, which will create a dynamic access
control list. The subsequent flow of the subscriber will be monitored by the above
parameters. The authentication system communicates with the RADIUS server
through the RADIUS protocol.
RADIUS is a protocol standard used for the authentication, authorization, and exchange
of configuration data between the Radius server and Radius client.
RADIUS uses the Client/Server mode. The Client runs on the NAS. It is responsible
for sending the subscriber information to the specified Radius server and carrying out
operations according to the result returned by the server.
The Radius Authentication Server is responsible for receiving the subscriber connection
request, verifying the subscriber identity, and returning the configuration information
required by the customer. A Radius Authentication Server can serve as a RADIUS
customer proxy to connect to another Radius Authentication Server.
The Radius Accounting Server is responsible for receiving the subscriber billing start
request and subscriber billing stop request, and completing the billing function.

The NAS communicates with the Radius Server through RADIUS packets. Attributes in
the RADIUS packets are used to transfer the detailed authentication, authorization, and
billing information.

The EAP protocol is used between the switch and the subscriber. Three types of identity
authentication methods are provided between the RADIUS servers: PAP, CHAP, and
EAP-MD5. Any of the methods can be used according to different service operation
requirements.
l Password Authentication Protocol (PAP)

5-72

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

PAP is a simple plain text authentication mode. NAS requires the subscriber to
provide the username and password and the subscriber returns the subscriber
information in the form of plain text. The server checks whether this subscriber
is available and whether the password is correct according to the subscriber
configuration and returns different responses. This authentication mode features
poor security and the username and password transferred may be easily stolen.
For the process of using the PAP mode for identity authentication, see Figure 5-20.

Figure 5-20 Using PAP Mode for Identity Authentication

l Challenge Handshake Authentication Protocol (CHAP)


CHAP is an encrypted authentication mode and avoids the transmission of the users
real password upon connection setup. NAS sends a randomly generated Challenge
string to the user. The user encrypts the Challenge string by using the users
password and MD5 algorithm and returns the username and encrypted Challenge
string (encrypted password).
The server uses the user password it stores and the MD5 algorithm to encrypt the
Challenge string. Then it compares this Challenge string with the encrypted password
of the server and returns a response accordingly.
For the process of using the CHAP mode for identity authentication, see Figure 5-21.

5-73

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-21 Using Chap Mode for Identity Authentication

l Extensible Authentication Protocol - Message Digest 5 (EAP-MD5)


EAP is a type of authentication mode of transmitting EAP message transparently
including EAP-MD5 and PEAP. The following example is about EAP-MD5 description.
EAP-MD5 is a CHAP identity authentication mechanism used in the EAP framework
structure. For the process of using the EAP-MD5 mode for identity authentication,
see Figure 5-22.

Figure 5-22 Using EAP Mode for Identity Authentication

Configuring Access Service


The access service configuration includes the following commands:

Command Function

zte(cfg)#set port <portlist> vlanjump {enable [defaultauthvlan Enables or disables the vlan jump
<1-4094>]| disable]} after user 802.1x authentication.

5-74

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg-nas)#dot1x re-authenticate {enable | disable} Enables or disables


re-authentication function.

zte(cfg-nas)#dot1x re-authenticate period <1-4294967295> Sets the time interval for


re-authentication.

zte(cfg-nas)#dot1x quiet-period <0-65535> Sets quiet period of authentication.

zte(cfg-nas)#dot1x tx-period <1-65535> Sets the time that the


authentication system needs
to wait before it can retransmit
the EAPOL data packet because
it does not receive the response
from the client.

zte(cfg-nas)#dot1x supplicant-timeout <1-65535> Sets the time-out time for the


authentication system to receive
the data packets from the
authentication client system.

zte(cfg-nas)#dot1x server-timeout <1-65535> Sets the time-out time for the


authentication system to receive
the data packets from the
authentication server.

zte(cfg-nas)#dot1x max-request <1-10> Sets the maximum times of


request retransmission when
the timer expires before the
authentication system receives
the Challenge response from the
client.

zte(cfg-nas)#dot1x add vlan <1-4094>[mac <HH.HH.HH.HH Sets the private MAC address that
.HH.HH>] DOT1X protocol can use.

zte(cfg-nas)#dot1x delete vlan <1-4094> Deletes the private MAC address


that DOT1X protocol can use.

zte(cfg-nas)#clear client Deletes all clients.

zte(cfg-nas)#clear client index <0-255> Clears the specified client.

zte(cfg-nas)#clear client {port <portlist>| vlan <vlanlist>} Deletes the client end user of
specified port/VLAN.

show dot1x (all configuration modes) Displays 802.1x configuration


information.

show client (all configuration modes) Displays the information of all


access users.

5-75

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show client index <0-255> (all configuration modes) Displays the information of an
access user.

show client mac <HH.HH.HH.HH.HH.HH> (all configuration Displays access user information
modes) on the specified MAC address.

show client port <portlist> (all configuration modes) Displays access user information
on the specified port.

zte(cfg-nas)#aaa-control port <portlist> dot1x {enable | disable} Enables or disables port 802.1x
access authentication function.

zte(cfg-nas)#aaa-control port <portlist> port-mode {auto | Sets the authentication control


force-unauthorized | force-authorized} mode of the port.

zte(cfg-nas)#aaa-control port <portlist> protocol {pap | chap Sets the authentication mode of
| eap } the port.

zte(cfg-nas)#aaa-control port <portlist> accounting {enable | Enables or disables port


disable} accounting function.

zte(cfg-nas)#aaa-control port <portlist> multiple-hosts {enable | This allows or prohibits


disable} multi-subscriber access of
the port.

zte(cfg-nas)#aaa-control port <portlist> max-hosts <0-256> Sets the maximum number of


subscribers connected through the
port.

zte(cfg-nas)#aaa-control port <portlist> keepalive {enable | Enables or disables the abnormal


disable} off-line detection mechanism of
the port.

zte(cfg-nas)#aaa-control port <portlist> keepalive period Sets the abnormal off-line


<1-3600> detection period of the port.

zte(cfg-nas)#aaa-control port <portlist> keepalive antiproxy Enables or disables the port


{add | delete}{character-detect | ip-modified | multi-card | anti-deception rule.
multi-ipaddress | packet-analyse | port-detect | service-detect |
tcp-session <1-65535>| udp-session <1-65535>}

zte(cfg-nas)#aaa-control port <portlist> keepalive antidhcp Enables or disables the port


{enable | disable} anti-DHCP-deception rule.

zte(cfg-nas)#aaa-control port <portlist> keepalive client-ip Enables or disables the function of


{enable | disable} acquiring the users IP address.

show aaa-control port [<portlist>] (all configuration modes) Displays port AAA configuration
information.

zte(cfg-nas)#radius isp <ispname>{enable | disable} Adds or deletes one ISP domain.

zte(cfg-nas)#radius isp <ispname>{add | delete}accounting Adds or deletes accounting server


<A.B.C.D>[<0-65535>] in the ISP.

5-76

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg-nas)#radius isp <ispname>{add | delete} authenticate Adds or deletes authentication


<A.B.C.D>[<0-65535>] server in the ISP.

zte(cfg-nas)#radius isp <ispname> client <A.B.C.D> Sets RADIUS client end address.

zte(cfg-nas)#radius isp <ispname> sharedsecret <string> Sets the shared password of the
ISP domain (public key).

zte(cfg-nas)#radius isp <ispname> sharedsecret-encrypt Sets the shared password encrypt


<string> of the ISP domain (public key).

zte(cfg-nas)#radius isp <ispname> fullaccount {enable | disable} Sets or deletes the full account of
the domain.

zte(cfg-nas)#radius isp <ispname> defaultisp {enable | disable} This specifies a default domain.

zte(cfg-nas)#radius isp <ispname> description <string> Sets the domain description.

zte(cfg-nas)#radius nasname <nasname> Sets the NAS server name.

zte(cfg-nas)#radius delimiter <ispdelimiter> Sets Radius authentication domain


name delimiter.

zte(cfg-nas)#radius keep-time <0-4294967295> Sets keep time of radius


accounting packets failed to
be sent.

zte(cfg-nas)#radius timeout <1-255> Sets the server response time-out


time.

zte(cfg-nas)#radius retransmit <1-255> Sets the number of


retransmissions upon server
response time-out.

zte(cfg-nas)#radius vendor-id <3902,10008> Sets the vendor ID of the NAS


device.

zte(cfg-nas)#clear accounting-stop {session-id <session-id>| Deletes radius accounting packets


user-name <user-name>| isp-name <isp-name>| server-ip failed to be sent.
<A.B.C.D>}

show radius [ispname <ispname>] (all configuration modes) Displays radius configuration
information.

show radius accounting-stop [{ session-id <session-id>| Displays RADIUS accounting


user-name <user-name>| isp-name <isp-name>| server-ip packets failed to be sent.
<A.B.C.D>}] (all configuration modes)

Access Service Configuration Instance


l Configuration Description

The user installs a radius client on a PC. The switch connects the radius server and
the users PC through a network cable. The user can log in to the switch through the

5-77

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

console port and configure the access server, and then enable client software on the
user PC to originate authentication request. See Figure 5-23.

Figure 5-23 Access Authentication Configuration Instance

l Configuration Procedure
1. Configure layer-3 interface commands
zte(cfg-router)#set ipport 0 ip 10.40.89.106/24
zte(cfg-router)#set ipport 0 vlan 1
zte(cfg-router)#set ipport 0 enable
2. Configure 802.1X commands
zte(cfg)#set port 2 security enable
zte(cfg)#config nas
zte(cfg-nas)#aaa-control port 2 dot1x enable
zte(cfg-nas)#aaa-control port 2 keepalive enable
zte(cfg-nas)#aaa-control port 2 accounting enable
3. Configure radius commands
zte(zte)#config nas
zte(cfg-nas)#radius isp zte enable
zte(cfg-nas)#radius isp zte defaultisp enable
zte(cfg-nas)#radius isp zte sharedsecret 1234
zte(cfg-nas)#radius isp zte client 10.40.89.106
zte(cfg-nas)#radius isp zte add accounting 10.40.89.78
zte(cfg-nas)#radius isp zte add authentication 10.40.89.78
4. Enable radius client software on the PC and input a correct username and
password. Then the authentication request is sent.

Note:

Disable the security proxy such as Sygate before the user PC sending the
authentication request.

l Configuration Verification

5-78

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

When the authentication request succeeds, view the user information by using the
show client command.
zte(cfg)#show client
MaxClients : 256 HistoryAccessClientsTotal : 1
OnlineClients: 1 HistoryFailureClientsTotal: 0

Flags:I-Index,Au-Authorized,P-PortId,US-UpSpeed,DS-DownSpeed,Y-yes,N-no
I UserName Au P Vlan MacAddress US DS ElapsedTime
--- ------------- -- ---- ---- ----------------- ------ ------ ------------
0 liushujie Y 2 1 00.19.e0.1a.97.dd 0 0 0:0:0:22

5.19 MAC Authentication Configuration


MAC Authentication Overview
On current networks, many devices (such as IP phones and printers) do not support the
authentication client. When connected to networks, the devices cannot initiate D0T1X
authentication.

MAC authentication means that, with a MAC address segment configured on a device,
when the device detects that a MAC address belongs to the address segment, a switch
agent initiates authentication. The user's MAC address is used as a username and
password. If a RADIUS server returns a message indicating that the authentication
succeeded, the device can access the network.

Configuring MAC Authentication


The MAC authentication configuration includes the following commands:

Command Function

zte(cfg-nas)#aaa-control mac-authentication {enable | disable } Enables or disables the MAC


authentication function.

zte(cfg-nas)#aaa-control mac-authentication session <1-3> Adds the range of MAC addresses


range <HH.HH.HH.HH.HH.HH><HH.HH.HH.HH.HH.HH> that need authentication in unit of
session.

zte(cfg-nas)#clear mac-authentication session <1-3> Clears the range of MAC


addresses in unit of session.

zte(cfg-nas)#clear mac-authentication client Clears all clients with authenticated


MAC addresses.

zte(cfg-nas)#clear mac-authentication client mac Clears a specific MAC


<HH.HH.HH.HH.HH.HH> authentication client.

zte(cfg-nas)#clear mac-authentication client {port <portlist>| Clears clients on a specific port or


vlan <vlanlist>} in a specific VLAN.

5-79

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show aaa mac-authentication (all configuration modes) Displays MAC authentication


configuration information.

show aaa mac-authentication client (all configuration modes) Displays information of all MAC
authentication clients.

5.20 QinQ Configuration


QinQ Overview
A QinQ is the IEEE 802.1Q tunneling protocol and is also called VLAN stacking. The QinQ
technology is the addition of one more VLAN tag (outer tag) to the original VLAN tag (inner
tag). The outer tag can shield the inner tag.
A QinQ does not need any protocol support. The simple Layer 2 Virtual Private Network
(L2VPN) can be realized through QinQ. The QinQ is especially suitable for the small-sized
LAN that takes the layer-3 switch as its backbone.
For the typical network of the QinQ technology, see Figure 5-24. The port connected to
the user network is called Customer port. The port connected to the ISP network is called
Uplink port. The edge access equipment of the ISP network is called Provider Edge (PE).

Figure 5-24 Typical QinQ Network

The user network is connected to the PE through the Trunk VLAN mode. The internal
Uplink ports of the ISP network are symmetrically connected through the Trunk VLAN
mode.

1. When a packet is sent form user network 1 to the customer port of switch A, because
the PORTBASE VLAN-based customer port does not identify the tag when receiving
the packet, the customer port processes the packet as an untagged packet no matter
whether this data packet is attached with the VLAN tag or not. The packet is forwarded
by the VLAN 10, which is determined by the PVID.
2. The uplink port of switch A inserts the outer tag (VLAN ID: 10) when forwarding the
data packet received from the customer port. The tpid of this tag can be configured

5-80

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

on the switch. Inside the ISP network, the packet is broadcast along the port of VLAN
10 until it reaches the switch B.
3. Switch B finds out that the port connected to user network 2 is a customer port. Thus, it
removes the outer tag in compliance with the conventional 802.1Q protocol to recover
the original packet and sends the packet to user network 2.
4. In this way, data between user network 1 and user network 2 can be transmitted
transparently. The VLAN ID of the user network can be planned regardless of the
conflict with the VLAN ID in the ISP network.

Configuring QinQ
The QinQ configuration includes the following commands:

Command Function

zte(cfg)#set vlan qinq customer port <portlist>{enable | disable} Adds or deletes a customer port.

zte(cfg)#set vlan qinq uplink port <portlist>{enable | disable} Adds or deletes an uplink port.

zte(cfg)#set vlan egress-tpid session <1-7> tpid-value Sets an egress TPID template.
<0xHHHH>

zte(cfg)#set port <portlist> egress-tpid {default | session <1-7>} Sets the binding between the port
and the template.

show vlan egress-tpid (all configuration modes) Displays the egress-tpid value of
each template.

zte(cfg)#set vlan ingress-tpid session <1-7> tpid-value Configures an ingress-tpid


<0xHHHH> template.

zte(cfg)#set port <portlist> ingress-tpid session <sessionlist> Sets the binding between the port
and the template.

show vlan ingress-tpid (all configuration modes) Displays ingress-tpid values


configured in templates.

show vlan qinq (all configuration modes) Displays customer/uplink port of


QinQ.

QinQ Configuration Instance


l Configuration Description
Encapsulate an exterior label in Switch1 (ZXR10 2952E) for the packet from Switch2.
The VLAN number is 100. The port connecting upstream BRAS in Switch1 is port 24.
The port connecting the downstream Switch2 is port 1. The NM vlan of Switch1 is 999
and the management IP address is 192.168.0.1/24. See Figure 5-25.

5-81

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-25 QinQ Configuration Instance

l Configuration Procedure
/*set qinq, the outer label is 100*/
zte(cfg)#set vlan 100 enable
zte(cfg)#set vlan 100 add port 1 untag
zte(cfg)#set vlan 100 add port 24 tag
zte(cfg)#set port 1 pvid 100
zte(cfg)#set vlan qinq customer port 1 enable
zte(cfg)#set vlan qinq uplink port 24 enable
zte(cfg)#set vlan 999 enable
zte(cfg)#config router
zte(cfg-router)#set ipport 1 ipaddress 192.168.0.1/24
zte(cfg-router)#set ipport 1 vlan 999
zte(cfg-router)#set ipport 1 enable
zte(cfg-router)#exit

5.21 SQinQ Configuration


SQinQ Overview
The SQinQ is a type of VLAN tunnel technology. It provides multi-point to multi-point VLAN
transparent transportation service and simple Layer 2 VPN tunnel by means of adding a
VLAN tag outside original 802.1Q tag and getting rid of outside VLAN tag when the packet
is transported to edge switch.

The SQinQ provides the function of providing SPVLAN tag according to traffic, which
is different from that ordinary QinQ adds SPVLAN tag based on ports. That is, in the
same Customer port, according to difference between traffic carried CVLAN tags, provide
corresponding SPVLAN tag based on user demands.

5-82

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Configuring SQinQ
The SQinQ configuration includes the following commands:

Command Function

zte(cfg)#set vlan sqinq session <1-400> customer-port Enables SVLAN function.


<port-id> customer-vlan <vlan-list> uplink-vlan <vlan-id> When the SQinQ function is
enabled, the uplink traffic is
normally forwarded in SPVLAN.
The downlink traffic is normally
forwarded in SPVLAN. Because
the UNI port belongs to SPVLAN
in untagged mode, the SPVLAN
tag of downlink packets will be
removed.

zte(cfg)#clear vlan sqinq Deletes all SQinQ sessions.

zte(cfg)#clear vlan sqinq session <1-400> Deletes the specified SQinQ


session.

show vlan sqinq (all configuration modes) Displays all SQinQ sessions.

show vlan sqinq session <1-400> (all configuration modes) Displays the specified SQinQ
session.

SQinQ Configuration Instance


l Configuration Description
Port 1 is a customer port, and port 2 is an uplink port. When CVLAN is 10 and 12, the
packet from port 1 SPVLAN is 997 and 998 respectively. See Figure 5-26.

Figure 5-26 SQinQ Configuration Instance

l Configuration Procedure
Configure the SVLAN instance.
zte(cfg)#set vlan 10,12 add port 1 tag
zte(cfg)#set vlan 997,998 add port 1 untag
zte(cfg)#set vlan 997,998 add port 2 tag
zte(cfg)#set vlan 10,12,997,998 enable
zte(cfg)#set vlan sqinq session 1 customer-port 1 customer-vlan 10 uplink-vlan 997
zte(cfg)#set vlan sqinq session 2 customer-port 1 customer-vlan 12 uplink-vlan 998
l Configuration Verification
The following example shows how to show the SVLAN instance.

5-83

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#show vlan sqinq


Session number : 1
Customer Port : 1
Customer Vlan List : 10
Uplink Vlan : 997

Session number : 2
Customer Port : 1
Customer Vlan List : 12
Uplink Vlan : 998

5.22 VLAN Configuration


VLAN Overview
The Virtual Local Area Network (VLAN) protocol is a basic protocol of layer-2 switching
equipment, which enables the administrator to divide a physical LAN into multiple VLANs.
Each VLAN has a VLAN ID to identify it uniquely in the entire LAN. Multiple VLANs share
the switching equipment and links of the physical LAN.
Logically, a VLAN is like an independent LAN. All frame flows in the same VLAN are
restricted in this VLAN. Cross-VLAN visit can only be implemented through forwarding
on layer 3. In this way, the network performance is improved, and the overall flow in the
physical LAN is effectively lowered.
The VLAN has the following functions:
l Reduces the broadcast storms of network.
l Enhances the network security.
l Provides centralized management and control.
The ZXR10 2900E also supports the tagged-based VLAN. This is a mode defined in IEEE
802.1Q and is a universal working mode. In this mode, the division of VLAN is based
on the VLAN information about the port (PVID: port VLAN ID) or the information in the
VLAN tag. Also, the ZXR10 2900E supports the division of VLAN according to the packet
protocol type, that is, protocol VLAN.

Configuring a VLAN
The VLAN configuration includes the following commands:

Command Function

zte(cfg)#set vlan <vlanlist>{enable | disable} Enables or disables a VLAN.

zte(cfg)#set vlan <vlanlist> add port <portlist>[untag | tag] Adds a port to a VLAN and
configures the location in the
VLAN.

zte(cfg)#set vlan <vlanlist> delete port <portlist> Deletes the port from a VLAN.

5-84

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set vlan <vlanlist> add trunk <trunklist>[tag | untag] Adds a trunk to a VLAN and
configures the trunk location in the
VLAN.

zte(cfg)#set vlan <vlanlist> delete trunk <trunklist> Deletes a trunk from a VLAN.

zte(cfg)#set port <portlist> protocol-vlan {enable | disable} Enables or disables the protocol
VLAN function.

zte(cfg)#set vlan protocol-mapping session-no <1-8>{ethernet2 | Sets a protocol VLAN template.


llc | snap}<0xHHHH> vlan <1-4094>

zte(cfg)#create vlan <1-4094> name <name> Creates a VLAN name.

zte(cfg)#clear vlan <vlanlist> name Clears a VLAN name.

zte(cfg)#clear vlan protocol-mapping session-no <1-8> Clears the VLAN template


configuration of the protocol.

show vlan [<vlanlist>] (all configuration modes) Displays the basic VLAN
information.

show vlan protocol-mapping (all configuration modes) Displays the VLAN configuration
of the protocol.

VLAN Configuration Example One


l Configuration Description
Configure VLAN 100. Add untagged ports 1 and 2 and tagged ports 7 and 8. The
detailed configuration is as follows:

Note:
By default, VLAN1 is enabled, all ports are in VLAN1 and in untag mode.

l Configuration Procedure
zte(cfg)#set vlan 100 add port 1, 2 untag
zte(cfg)#set vlan 100 add port 7, 8 tag
zte(cfg)#set port 1, 2 pvid 100
zte(cfg)#set vlan 100 enable

l Configuration Verification
zte(cfg)#show vlan 100
VlanId : 100 VlanStatus: enabled
VlanName:
VlanMode: Static
Tagged ports : 7-8

5-85

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Untagged ports: 1-2


Forbidden ports:

VLAN Configuration Example Two


l Configuration Description
Switch A is connected to switch B through port 16. Port 1 of switch A and port 2
of switch B are members of VLAN 2. Port 3 of switch A and port 4 of switch B are
members of VLAN 3. The members in the same VLAN can communicate with each
other. See Figure 5-27.

Figure 5-27 VLAN Transparent Transmission Configuration Instance

l Configuration Procedure
1. Configuration of switch A
zte(cfg)#set vlan 2 add port 16 tag
zte(cfg)#set vlan 2 add port 1 untag
zte(cfg)#set vlan 3 add port 16 tag
zte(cfg)#set vlan 3 add port 3 untag
zte(cfg)#set port 1 pvid 2
zte(cfg)#set port 3 pvid 3
zte(cfg)#set vlan 2-3 enable
2. Configuration of switch B
zte(cfg)#set vlan 2 add port 16 tag
zte(cfg)#set vlan 2 add port 2 untag
zte(cfg)#set vlan 3 add port 16 tag
zte(cfg)#set vlan 3 add port 4 untag
zte(cfg)#set port 2 pvid 2
zte(cfg)#set port 4 pvid 3
zte(cfg)#set vlan 2-3 enable

5-86

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

5.23 VLAN Mapping Configuration


VLAN Mapping Overview
The VLAN Mapping, namely N to One VLAN mapping, implements the VLAN convergence
function by establishing mapping between customer VLAN and service provider VLAN by
replacing the outer VLAN tags in the data frames. This way, customer services can be
transmitted according to operators network planning.
Due to the limited VLAN resource, the VLANs of service provider network and customer
network are planned separately. The customer VLAN mentioned in this chapter refers to
CVLAN used in customer network, while the service provider VLAN is the SVLAN used
in service providers network.
Different services of home users (Internet, IPTV, VoIP) are transferred through different
VLANs in the access networks of MAN, see Figure 5-28. As there are limited VLANs in
operators network, the VLAN convergence function needs to be fulfilled in the switches
in access layer to transmit the same service, which is transferred by different users in
different VLANs, through one VLAN.

Figure 5-28 VLAN Mapping Network Diagram

5-87

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Mapping Modes:
Uplink: replace the CVLAN with SVLAN based on Interface+customer VLAN.
Downlink: replace the SVLAN in the outermost layer with CVLAN based on SVLAN +
Destination MAC address.
The whole system supports 400 sessions, and up to 400 CVLANs can be supported.

Configuring VLAN Mapping


The VLAN mapping configuration includes the following commands:

Command Function

zte(cfg)#set vlan mapping session <session_id> customer-port Sets the VLAN Mapping function.
<port-id> customer-vlan <vlan-list> uplink-vlan <vlan-id> When the VLAN Mapping is
enabled, the uplink traffic is
normally forwarded in SPVLAN.
The downlink traffic is normally
forwarded in SPVLAN. When
reaching the user port, it is
transformed to the corresponding
CVLAN tag.

zte(cfg)#clear vlan mapping Deletes all VLAN Mapping


sessions.

zte(cfg)#clear vlan mapping session <1-400> Deletes the specified VLAN


Mapping session.

zte(cfg)#clear vlan mapping user Deletes the user information of all


VLAN Mapping sessions.

zte(cfg)#clear vlan mapping user session <1-400> Deletes the user information of the
specified VLAN Mapping session.

show vlan mapping (all configuration modes) Displays all VLAN Mapping
sessions.

show vlan mapping session <1-400> (all configuration modes) Displays the specified VLAN
Mapping session.

show vlan mapping user-table (all configuration modes) Displays the user information of all
VLAN Mapping sessions.

show vlan mapping user-table session <1-400> (all configuration Displays the user information
modes) of the specified VLAN Mapping
session.

VLAN Mapping Configuration Instance


l Configuration Description

5-88

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

The port 1 is on customer network, and the port 24 is on service provider network, see
Figure 5-29. Map the packets received from port 1, and whose CVLANs are between
1-100, to SPVLAN 1000.

Figure 5-29 VLAN Mapping Configuration Instance

Switch1 and Switch2 are configured in the same way. Use Switch1 as an example.
l Configuration Procedure
The following example shows how to configure the VLAN Mapping instance.
zte(cfg)#set vlan 1-100,1000 add port 1,24 tag
zte(cfg)#set vlan 1-100,1000 enable
zte(cfg)#set vlan mapping session 1 customer-port 1 customer-vlan 1-100
uplink-vlan 1000
l Configuration Verification
The following example shows how to show the SVLAN instance.
zte(cfg)#show vlan mapping
Session number : 1
Customer Port : 1
Customer Vlan List : 1-100
Uplink Vlan : 1000

5.24 Syslog Configuration


Syslog Overview
The Syslog protocol is an important part of Ethernet switch and is the information junction
center of system software module. Syslog manages most of important information output
and classifies them in detail, which filters the information effectively and provides a strong
support for network administrators and development engineers in monitoring network
operation status and diagnosing network faults.

5-89

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

The Syslog protocol is classified by information source and the information is filtered by
function module, which satisfies customized user demands.
The Syslog protocol can classify the log information into eight levels from the highest to
the lowest level of importance. For a description of the levels, refer to Table 5-2.

Table 5-2 Syslog Log Information

Severity Level Description

Emergencies Crucial fault.

Alerts Fault that must be corrected quickly.

Critical Key fault.

Errors Fault that needs to be noticed but not important

Warnings Warning, indicating a potential fault.

Notifications Information that needs to be noticed.

Informational General prompt information.

Debugging Debug information.

Configuring Syslog
The Syslog configuration includes the following commands:

Command Function

zte(cfg)#set syslog module {all | arp-inspection | commandlog | Enables or disables the syslog
dhcp| radius | AAA}{enable | disable} module.

zte(cfg)#set syslog level {emergencies | alerts | critical | errors | Defines the syslog information
warnings | notifications | informational | debugging } level.

zte(cfg)#set syslog add server <1-5 > ipaddress Sets the syslog server.
<A.B.C.D>[name <name>][<0-65535>]

zte(cfg)#set syslog delete server <1-5> Deletes the syslog server.

zte(cfg)#set syslog {enable | disable} Enables or disables the syslog


function globally.

show syslog status (all configuration modes) Displays the syslog configuration.

Syslog Configuration Instance


l Configuration Description
Suppose that the syslog function of the switch is enabled, information level is
informational, all function modules are enabled, the server IP address is 192.168.1.1,
and the name is Srv1.
l Configuration Procedure
zte(cfg)#set syslog enable
zte(cfg)#set syslog level informational

5-90

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

zte(cfg)#set syslog module all disable


zte(cfg)#set syslog module radius enable
zte(cfg)#set syslog module aaa enable
zte(cfg)#set syslog module commandlog enable
zte(cfg)#set syslog add server 1 ipaddress 192.168.1.1 name server1
l Configuration Verification
zte(cfg)#show syslog status
Syslog status: enable
Syslog level: informational
Syslog enabled modules:
commandlog AAA radius
Syslog disabled modules:
all-others
Syslog server IP UDP port Name
1 192.168.1.1 514 server1

5.25 NTP Configuration


NTP Overview
Network Time Protocol (NTP) is the protocol used to synchronize the clocks between
network devices. The ZXR10 2900E provides NTP client function and synchronizes the
clock with other NTP servers, the ZXR10 2900E also supports second-server function, so
that the two servers get the time at the same time.

Configuring NTP
The NTP configuration includes the following commands:

Command Function

zte(cfg)#set ntp add authentication-key <1-255> md5 <string> Sets the NTP authentication key.

zte(cfg)#set ntp delete authentication-key <1-255> Deletes the NTP authentication


key.

zte(cfg)#set ntp {add | delete} trusted-key <1-255> Adds or deletes the NTP trusted
key.

zte(cfg)#set ntp authenticate {enable | disable} Enables or disables the NTP


authentication function.

zte(cfg)#set ntp server <A.B.C.D>[version <1,2,3>| key Sets the NTP server.
<1-255>]

zte(cfg)#set ntp second-server <A.B.C.D>[version <1,2,3>| key Sets the NTP second server.
<1-255>]

5-91

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set ntp source <A.B.C.D> Sets the source IP address that is


used for the switch to send NTP
packets.

zte(cfg)#set ntp clock-period <5-2147483647> Sets the period of NTP


synchronization.

zte(cfg)#set ntp timezone <(-12)-(+13)> Sets NTP time-zone.

zte(cfg)#set ntp {enable | disable} Enables or disables NTP.

zte(cfg)#set ntp src-udp-port {123 | 1000} Sets the ID of the udp port through
which NTP messages are sent.

show ntp (all configuration modes) Displays NTP configuration.

NTP Configuration Instance


l Configuration Description
Suppose that the switch and NTP server 1 (IP address is 202.10.10.10) and NTP
server 2 (IP address is 201.10.10.10) implement time synchronization. Make sure
that the switch and NTP server can ping each other successfully. The NTP module is
configured as follows:
l Configuration Procedure
zte(cfg)#set ntp server 202.10.10.10
zte(cfg)#set ntp second-server 201.10.10.10
zte(cfg)#set ntp enable
l Configuration Verification
zte(cfg)#show ntp
ntp protocol is enable
ntp server address : 202.10.10.10
ntp source address : None
ntp source udp port : 1000
ntp is_synchronized for second server : Yes
ntp rcv stratum : 16
no reference clock.
ntp time zone : 0

In the displayed information, ntp is_synchronized for second server means the
current switch time is synchronized with that of the server 2.

5-92

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

5.26 GARP/GVRP Configuration


GARP/GVRP Overview
The Generic Attribute Registration Protocol (GARP) is a type of generic attribute
registration protocol, which distributes VLAN and multicast MAC address dynamically to
the member in the same switching network by applying the different application protocols.

GARP VLAN Registration Protocol (GVRP) is a type of application protocol defined


by the GARP, which maintains VLAN information in the switch dynamically based
on the GARP protocol mechanism. All switches supporting GVRP can receive the
VLAN registration information from other switches and update local VLAN registration
information dynamically including the current VLAN on this switch and the ports in
this VLAN. All switches supporting GVRP can broadcast the local VLAN registration
information to other switches, so that, the VLAN configurations of all devices with the
GVRP in the same switching network have a consistent interworking according to the
demand.

Configuring GARP/GVRP
The GARP/GVRP configuration includes the following commands:

Command Function

zte(cfg)#set vlan <vlanlist>{permit | forbid}{port <portlist>| Permits or forbids adding/deleting


trunk <trunklist>} port/trunk in the specified VLAN.

zte(cfg)#set garp {enable | disable} Enables or disables the GARP


function.

zte(cfg)#set garp timer {hold | join | leave | learvall}<timer_value> Sets various GARP timers.

show garp (all configuration modes) Displays GARP configuration.

zte(cfg)#set gvrp {enable | disable} Enables or disables GVRP.

zte(cfg)#set gvrp {port <portlist>| trunk <trunklist>}{enable | Enables or disables GVRP on the
disable} port/trunk.

zte(cfg)#set gvrp {port <portlist>| trunk <trunklist>} registration Sets GVRP registration type on
{normal | fixed | forbidden} Trunk port.

show gvrp (all configuration modes) Displays GVRP configuration and


state.

GARP/GVRP Configuration Instance


l Configuration Description

Switch A connects with switch B through port 1. By configuring GVRP, the two
switches can register each other and refresh their VLAN table. See Figure 5-30.

5-93

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-30 GVRP Configuration Instance

l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set garp enable
zte(cfg)#set gvrp enable
zte(cfg)#set gvrp port 1 enable
zte(cfg)#set vlan 10-20 enable
zte(cfg)#set vlan 10-20 add port 1
2. Configuration of switch B:
zte(cfg)#set garp enable
zte(cfg)#set gvrp enable
zte(cfg)#set gvrp port 1 enable
zte(cfg)#set vlan 30-40 enable
zte(cfg)#set vlan 30-40 add port 1

Note:
1. The GARP function must be enabled first before the GVRP function is enabled.
2. Enabling GVRP can enable up to 512 vlans.
3. Timer of Garp uses the default value. If it is modified, the value must be the same
as the one configured in the network.
4. Gvrp port registration type uses default Normal value. If it is modified to other
types, vlan learning cannot be implemented.

l Configuration Verification
SwitchA(cfg)#show garp /*View GARP configuration*/
GARP is enabled!
GARP Timers:
Hold Timeout :100 milliseconds
Join Timeout :200 milliseconds
Leave Timeout :600 milliseconds
LeaveAll Timeout :10000 milliseconds

SwitchA(cfg)#show gvrp /*View GV RP configuration*/


GVRP is enabled!
PortId Status Registration LastPduOrigin
------ -------- ------------ -----------------
1 Enabled Normal 00.d0.d0.f2.51.24
SwitchA(cfg)#show port 1 vlan
PortId : 1

5-94

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Tagged in vlan : 30-40


Untagged in vlan : 1, 10-20
SwitchB(cfg)#show port 1 vlan
PortId : 1
Tagged in vlan : 10-20
Untagged in vlan : 1, 30-40
SwitchA(cfg)#show vlan 30
VlanId : 30 VlanStatus: enabled
VlanName:
VlanMode: Dynamic
Tagged ports : 1
Untagged ports :
Forbidden ports :
SwitchB(cfg)#show vlan 10
VlanId : 10 VlanStatus: enabled
VlanName:
VlanMode: Dynamic
Tagged ports :1
Untagged ports :
Forbidden ports :

5.27 DHCP Configuration


DHCP Overview
The Dynamic Host Configuration Protocol (DHCP) enables the host to request dynamic
addresses from the server.
The ZXR10 2900E DHCP function includes the following contents:
The DHCP snooping function prevents bogus DHCP servers from being deployed in the
network, and in this case, the port connecting to DHCP server must be set to a trusted
port. Besides, the dynamic ARP inspection technology can be used together to prevent
illegal IP and MAC address binding, thus ensuring normal assignment of IP addresses
by the DHCP server. DHCP Snooping and Option82 are designed to solve these safety
problems. DHCP Snooping, namely DHCP packet filtering, is to detect legality of DHCP
packets based on some special rules and filter illegal packets. Use Option82 technique to
provide more additional information, and then strengthen the network safety ability.

In the DHCP service system, the ZXR10 2900E series switches are provided with a lot
of automatically deployed functions. For details, see Downloading the Software Version
Automatically.

Configuring DHCP
The DHCP configuration includes the following commands:

5-95

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set dhcp snooping-and-option82 {enable | disable} Enables or disables DHCP


snooping and Option82 globally.

zte(cfg)#set dhcp snooping {add | delete}{port <portlist>| trunk Enables or disables the DHCP
<trunklist>} Snooping function based on the
port/trunk.

zte(cfg)#set dhcp port <portlist>{server | cascade | client} Sets DHCP attribute of the port.

zte(cfg)#set dhcp trunk <trunklist>{server | default} Sets trunk attribute in DHCP


snooping.

zte(cfg)#set dhcp ip-source-guard {{add | delete} port <portlist>| Enables or disables port
quota <0-400>} ip-source-guard function.

zte(cfg)#set dhcp snooping bind-entry mac <HH.HH.HH.HH.HH Adds static user information
.HH> ip <A.B.C.D> vlan <1-4094> port <1-28> binding entry.

zte(cfg)#set dhcp snooping bind-entry mode port <portlist>{hold Sets the binding mode of the
| drop} dynamic user information binding
entry on the port.

zte(cfg)#set dhcp option82 {add | delete}{port <portlist>| trunk Enables or disables DHCP
<trunklist>} Option82 function based on the
port/trunk.

zte(cfg)#set dhcp option82 sub-option device { ani< string >| Configures the device information
remote-ID {cisco | key < string >| manual < string >}} of Switch.

zte(cfg)#set dhcp option82 sub-option port < portlist >{circuit-ID Sets option82 sub-option.
{on {cisco | china-tel | dsl-forum| henan-rtf | key <string>| manual
<string>}| off}| subscriber-ID {on <string>| off}| reserve {on tag
<1-255> value <string>| off}}

zte(cfg)#set dhcp option82 mode port <portlist>{default | drop | Sets the binding mode of the
modify | append} dynamic user binding entry on the
port.

zte(cfg)#clear dhcp snp-bind-entry {mac <HH.HH.HH.HH.HH. Clears DHCP binding entry.


HH>| port <1-28>| all}

zte(cfg)#clear dhcp option82 sub-option device ani Deletes device identifier


information.

show dhcp (all configuration modes) Displays the configuration of


DHCP snooping-and-option82 and
DHCP client.

show dhcp snooping (all configuration modes) Displays DHCP snooping global
configuration information.

show dhcp snooping binding[port <1-28>] (all configuration Displays DHCP snooping entry
modes) information.

5-96

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show dhcp ip-source-guard (all configuration modes) Displays port ip-source-guard


configuration.

show dhcp option82 (all configuration modes) Displays DHCP option82


configuration information.

show dhcp option82 port (all configuration modes) Displays the configuration
information of DHCP option82.

show dhcp option82 device (all configuration modes) Displays the configuration
information of the device.

zte(cfg)#set dhcp client {enable | disable} Enables or disables the DHCP


client function.

zte(cfg)#set dhcp client broadcast-flag {enable | disable} Sets whether the packet that
DHCP server returns is a
broadcast packet.

show dhcp client (all configuration modes) Displays DHCP client configuration
information.

zte(cfg-router)#set ipport <0-63> ipaddress dhcp Sets the IP address of layer-3


interface acquired by DHCP
protocol.

zte(cfg-router)#set ipport <0-63> ipaddress dhcp {release | Releases or renews layer-3


renew} interface IP address.

zte(cfg-router)#set ipport <0-63> dhcp client {class-id Sets available messages when
{characters <string>| hex-numbers <hex-string>}| client-id mac | the DHCP client interacts with the
hostname <string>| lease {<0-365><0-23><0-59>| infinite}} server.

zte(cfg-router)#set ipport <0-63> dhcp client request Sets message type sent by the
{dns-server | domain-name | route | static-route | tftp-server-name} server when the DHCP client
interacts with the server.

zte(cfg-router)#set ipport <0-63> dhcp relay agent Sets a layer-3 IP port as a DHCP
relay agent. If the port is an inside
port, the address of the port is
used as the source addresses of
DHCP packets sent to the server.

zte(cfg-router)#set ipport <0-63> dhcp relay server Sets the address of the DHCP
<A.B.C.D> relay server onthe IP port. When
DHCP packets are forwarded to a
server, this server is preferred.

5-97

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#set dhcp relay global-ipport <0-63>{enable | disable} Enables the DHCP relay function
on an IP port globally. When
the DHCP relay selects a source
IP address, if no IP address is
configured for the VLAN, the IP
address of the IP port is used as
the source address.

zte(cfg-router)#clear ipport < 0-63> dhcp client { class-id | Clears DHCP client optional
client-id | hostname | lease } sending information configuration.

zte(cfg-router)#clear ipport <0-63> dhcp client request Clears the configuration requesting
{dns-server | domain-name | route | static-route | tftp-server-name} DHCP server to return various
information.

zte(cfg)#set dhcp snooping bind-entry database read Reads DHCP binding entry from
the Flash memory.

zte(cfg)#set dhcp snooping bind-entry database recovery{ Recovers binding entry from the
disable | enable } Flash memory after restarted.

zte(cfg)#set dhcp snooping bind-entry database time-write Writes DHCP binding entry into
{disable | enable | time <30-65535>} the Flash memory at regular time.

zte(cfg)#set dhcp snooping bind-entry database write Writes DHCP binding entry into
the Flash memory.

show dhcp snooping database (all configuration modes) Displays configuration related to
DHCP database.

zte(cfg)#set dhcp special udp-light-check {enable | disable} Enables/Disables DHCP


udp-check function globally.

zte(cfg)#set dhcp snooping vlan <vlanlist>{ disable | enable } Enables/Disables snooping


function of a VLAN globally.

Sets the quota of a DHCP binding


zte(cfg)#set dhcp snooping quota <0-8191> table globally. The value 0 means
that the quota is not limited.

Sets the quota of a DHCP binding


table based on a VLAN. The value
zte(cfg)#set dhcp snooping vlan <vlanlist> quota <0-8191>
0 means that the quota is not
limited.

Sets the quota of a DHCP binding


zte(cfg)#set dhcp snooping port <portlist> quota <0-8191> table based on a port. The value 0
means that the quota is not limited.

5-98

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Sets the quota of a DHCP binding


zte(cfg)#set dhcp snooping vlan <vlanlist> port <1-28> quota table based on a VLAN and port.
<0-8191> The value 0 means that the quota
is not limited.

Displays configuration related to


show dhcp snooping quota [<1-8191>] (all configuration modes)
a DHCP quota.

Enables the DHCP relay function


zte(cfg)#set dhcp relay vlan <vlanlist>{enable | disable}
for a VLAN.

Sets the address of the global


zte(cfg)#set dhcp relay server ip <A.B.C.D>
DHCP relay server.

Sets the mode of selecting a


server for the DHCP relay. If a
zte(cfg)#set dhcp relay server mode {ipport | vc-class id}
vc-class ID is configured, vc-class
mode is preferred.

Sets the number of times that


zte(cfg)#set dhcp relay server retry <5-1000> the DHCP relay retries to send a
packet. Default: 10.

Sets the hop limit of the DHCP


zte(cfg)#set dhcp hop <1-16>
relay.

Configuring DHCP snooping/Option82


l Configuration Description
The PC can get its IP address from the specified DHCP server and prevent other
illegal DHCP servers from affecting hosts in the network. See Figure 5-31.

Figure 5-31 DHCP Snooping/Option82 Configuration Instance Topology

l Configuration Procedure
zte(cfg)#set dhcp snooping-and-option82 enable
zte(cfg)#set dhcp snooping add port 49,50
zte(cfg)#set dhcp port 49 client
zte(cfg)#set dhcp port 50 server

5-99

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#set dhcp ip-source-guard add port 49


zte(cfg)#set dhcp option82 add port 49,50
l Configuration Verification
zte(cfg)#show dhcp snooping
DHCP snooping is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server
DHCP snooping disabled vlan: none

zte(cfg)#show dhcp option82


DHCP option82 is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server

zte(cfg)#show dhcp
DHCP download flag is disabled, config file is found.
DHCP download will not startup, when system reboot.
DHCP config file(option-67) *.dat will be translated to ZXR10_2952E.dat.
DHCP snooping-and-option82 is enabled.
PortId PortType Snooping Option82
------ -------- -------- --------
49 Client Enabled Enabled
50 Server Enabled Enabled
51 Client Disabled Disabled
52 Client Disabled Disabled
DHCP client is disabled.

zte(cfg)#show dhcp ip-source-guard


Ip source guard is configured on the following port(s): 49

Configuring DHCP Client


l Configuration Description
The PC can get an IP address from the specified DHCP server. See Figure 5-32.

5-100

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-32 DHCP Client Configuration Instance Topology

l Configuration Procedure
zte(cfg)#set dhcp client enable
zte(cfg)#set vlan 10 add port 49 untag
zte(cfg)#set vlan 10 enable
zte(cfg)#set port 49 pvid 10
zte(cfg)#config router
zte(cfg-router)#set ipport 0 vlan 10
zte(cfg-router)#set ipport 0 ipaddress dhcp
zte(cfg-router)#set ipport 0 enable
l Configuration Verification
zte(cfg-router)#show ipport
IpPort Status IpAddress Mask MacAddress VlanId IpMode
------ ------ ---------- ------------ ----------------- ------ ------
0 up 100.1.1.5 255.255.0.0 00.00.00.00.00.02 10 dhcp

5.28 DHCPv6 Configuration


DHCPv6 Overview
The Dynamic Host Configuration Protocol of IPv6 (DHCPv6) is used by a network host to
dynamically request host configuration from a server.
The ZXR10 2900E series system supports the following DHCPv6 functions:

l DHCPv6 snooping function: DHCPv6 servers and clients do not support


authentication mechanism. Illegally and privately created DHCPv6 servers bring
confusion to address allocation, gateway and DNS parameters of some hosts. As a
result, these hosts cannot connect to external networks properly. In addition, there
are problems such as IP spoofing, MAC address spoofing and user ID spoofing from
illegal clients, and DHCPv6 server address exhaustion. On the basis of DHCPv6
snooping, the Option82 technology can solve these security problems effectively.
l IP source guard function: By listening to the DHCPv6 interaction procedure between
a client and a server, the system records the IP address allocated to the client by the

5-101

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

server. The system filters out packets with other source IP addresses on ports, thus
preventing spoofing.

Configuring DHCPv6
The DHCPv6 configuration includes the following commands:

Command Function

zte(cfg)#set dhcpv6 snooping {enable | disable} Enables or disables the DHCPv6


snooping function globally.

zte(cfg)#set dhcpv6 snooping {add | delete} port <portlist> Enables or disables the DHCPv6
snooping function on a port.

zte(cfg)#set dhcpv6 port <portlist>{server | cascade | client} Sets the attribute of a port in the
DHCPv6 snooping function.

zte(cfg)#set dhcpv6 ip-source-guard {add | delete} port Enables or disables the


<portlist> ip-source-guard function on a
port.

zte(cfg)#set dhcpv6 option18 {enable | disable} Enables or disables the DHCPv6


Option18 function globally.

zte(cfg)#set dhcpv6 option18 {add | delete} port <portlist> Enables or disables the DHCPv6
Option18 function on a port.

zte(cfg)#set dhcpv6 option37 {enable | disable} Enables or disables the DHCPv6


snooping function globally.

zte(cfg)#set dhcpv6 option37{add | delete} port <portlist> Enables or disables the DHCPv6
Option37 function on a port.

zte(cfg)#set dhcpv6 option82 {enable | disable} Enables or disables the DHCPv6


Option82 function globally.

zte(cfg)#set dhcpv6 option82 {add | delete} port <portlist> Enables or disables the DHCPv6
Option18 function on a port.

zte(cfg)#set dhcpv6 option82 ani <string> Sets the device identifier of a


switch node.

zte(cfg)#set dhcpv6 option82 sub-option port < portlist Sets the sub-option port for
>{circuit-ID {on {cisco | china-tel | dsl-forum|key <string>}| off}| Option82 function.
subscriber-ID {on <string>| off}| reserve {on tag <1-255> value
<string>| off}}

zte(cfg)#clear dhcpv6 snp-bind-entry {mac <HH.HH.HH.HH.H Clears ip-source-guard entities.


H.HH>| port <1-28>| all}

zte(cfg)#clear dhcpv6 ani Clears device identifiers.

show dhcpv6 (all configuration modes) Displays DHCPv6 snooping and


option configuration.

5-102

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show dhcpv6 snooping (all configuration modes) Displays global DHCPv6 snooping
configuration information.

show dhcpv6 snooping binding (all configuration modes) Displays information about
DHCPv6 snooping entries.

show dhcpv6 snooping [port <1-28>] (all configuration modes) Displays DHCPv6 snooping
entities.

show dhcpv6 ip-source-guard (all configuration modes) Displays port ip-source-guard


configuration.

show dhcpv6 option82 (all configuration modes) Displays DHCPv6 Option82


configuration information.

show dhcpv6 option82 port (all configuration modes) Displays DHCPv6 Option82
configuration information on ports.

show dhcpv6 option82 ani (all configuration modes) Displays device identifiers.

show dhcpv6 option18 (all configuration modes) Displays DHCPv6 Option18


configuration information.

show dhcpv6 option37 (all configuration modes) Displays DHCPv6 Option37


configuration information.

DHCPv6 Configuration Instance


l Configuration Description

This configuration example describes how to configure DHCPv6 snooping/Option82.


See Figure 5-33, the PCs can obtain IP addresses from the DHCP server. Option82
is used to improve the security performance. It is required to prevent illegal DHCP
server from affecting the PCs on the network.

Figure 5-33 DHCPv6 Snooping/Option82 Configuration Instance

l Configuration Procedure
zte(cfg)#set dhcpv6 snooping enable
zte(cfg)#set dhcpv6 snooping add port 49,50

5-103

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#set dhcpv6 port 49 client


zte(cfg)#set dhcpv6 port 50 server
zte(cfg)#set dhcpv6 ip-source-guard add port 49
zte(cfg)#set dhcpv6 option82 enable
zte(cfg)#set dhcpv6 option82 add port 49,50
l Configuration Verification
zte(cfg)#show dhcpv6 snooping
DHCP v6 snooping is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server

zte(cfg)#show dhcpv6 option82


DHCP v6 option82 is enabled on the following port(s):
PortId PortType
------ --------
49 Client
50 Server

zte(cfg)#show dhcpv6 ip-source-guard


Ip source guard is configured on the following port(s): 49

5.29 VBAS Configuration


VBAS Overview
The Virtual Broadband Access Server (VBAS) is not physical equipment but a protocol
standard, which is developed by China Telecom. The VBAS is used to solve the problem
of wide-band user identifier. When the Broadband Access Server (BAS) gets user
identifier by inquiring corresponding relationship between MAC of users dialing to the
switch and port, then sends user name, password and identifier information to RADIUS, it
can determine the position of the user.
Layer 2 communication mode is implemented between BAS and switches, that is,
information query and response data packets of VBAS are encapsulated into Ethernet
data frames of layer-2 directly, and use protocol number 0x8200 for identification.

Note:

Only trust ports can receive VBAS packets and VBAS response packets only can be sent
from trust ports.

5-104

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Port connecting to user network is called cascade port and port connecting to BAS server
is called trust port. For the typical network of VBAS, see Figure 5-34.

Figure 5-34 VBAS Typical Network

Configuring VBAS
The VBAS configuration includes the following commands:

Command Function

zte(cfg)#set vbas trust-port <portlist>{enable | disable} Enables or disables the global


VBAS trust-port.

zte(cfg)#set vbas cascade-port <portlist>{enable | disable} Enables or disables the cascade


port VBAS function.

zte(cfg)#set vbas {enable | disable} Enables or disables the global


VBAS function.

show vbas (all configuration modes) Displays the VBAS configuration.

VBAS Configuration Instance


l Configuration Description
See Figure 5-35, this example describes how to set trust port of switch A as port 1,
cascade port as port 2, trust port of switch B as port 1.

5-105

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-35 VBAS Configuration Instance Topology

l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set vbas enable
zte(cfg)#set vbas trust-port 1 enable
zte(cfg)#set vbas cascade-port 2 enable
2. Configuration of switch B:
zte(cfg)#set vbas enable
zte(cfg)#set vbas trust-port 1 enable
3. Configuration Verification
Check switch A
zte(cfg)#show vbas
vbas: enabled
trust port : 1
cascade port : 2

Check switch B
zte(cfg)#show vbas
vbas: enabled
trust port : 1
cascade port : none

5.30 PPPoE-PLUS Configuration


PPPoE-PLUS Overview
The typical user location technology has PPPoE-PLUS (PPPoE+) besides VBAS and
DHCP OPTION82. PPPOE+ technology inserts user location information in PADI/PADR
message by monitoring the PAD packet interacting procedure between PC and BAS
server. PPPoE+ is divided into three types based on the format of the inserted user
information, China Telecom format, DSL BBS format, and CISCO format. The ZXR10
2900E also supports user-defined formats.

5-106

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Configuring PPPoE-PLUS
The configuration of PPPoE-PLUS (PPPoE+) includes the following contents:

Command Function

zte(cfg)#set pppoe-plus {enable | disable} Enables or disables the PPPoE+


function.

zte(cfg)#set pppoe-plus tag-format port <portlist>{dsl-forum | Sets the PPPoE+ location


cisco | china-tel | manual <string>| key <string>} message format.

zte(cfg)#set pppoe-plus rid <portlist>[<string>] Adds or deletes port rid


information.

show pppoe-plus (all configuration modes) Displays PPPoE+ global


configuration.

show pppoe-plus port <1-28> (all configuration modes) Displays port rid configuration.

zte(cfg)#set pppoe-plus mode port <portlist>{default | drop | Sets the mode for dynamic user
modify } information processing at the port.

PPPoE-PLUS Configuration Instance


l Configuration Description
Configure the user information format of switch A as DSL forum format. See Figure
5-36.

Figure 5-36 PPPOE-PLUS Configuration Instance Topology

l Configuration Procedure
Configure switch A
zte(cfg)#set pppoe-plus enable
zte(cfg)#set pppoe-plus tag-format port 1 dsl-forum
l Configuration Verification
zte(cfg)#show pppoe-plus
PPPoE plus is enabled.

zte(cfg)#show pppoe-plus port 1


PPPoE Vendor-Specific Tag format on port 1:DSL-Forum
PPPoE-PLUS option mode information on port 1: Default
PPPoE VST remote ID on port 1 has not been set.

5-107

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

5.31 ZESR Configuration


ZESR Overview
ZESR is a private ring network protection technology developed by ZTE Corporation.
Evolved from EAPS, ZESR ensures that there is only one logically connected path
between any two nodes in the ring network.

Basic ZESR Concepts


For a description of the basic ZESR concepts, see Table 5-3.

Table 5-3 Basic ZESR Concepts

Name Description

ZESR Domain and A ZESR domain consists of a control VLAN and a protection instance.
ZESR Node The device that is configured with ZESR is called a ZESR node. All ZESR
nodes in the same ZESR domain must be configured with the same control
VLAN and protection instance.

Control VLAN The control VLAN of a ZESR domain forwards ZESR protocol packets. A
control VLAN is required for a ZESR domain.

Protection Instance An instance in MSTP is used as the protection instance of a ZESR domain.
and Service VLAN The VLAN in a protection instance (that is, service VLAN) is used for service
data transmission.

Major ZESR Ring A ZESR domain supports ring-based hierarchy with three levels, including
and Secondary level 0, level 1, and level 2. Among them, level 0 is the highest level and level
ZESR Ring 2 is the lowest level.
A ring with level 0 is called a primary ring, while a ring with level 1 or level
2 is called a secondary ring.

ZESR Ring State There are two states for a ZESR ring: UP and DOWN.
l UP indicates that each link in a ring operates properly.
l DOWN indicates that there is one or more disconnected links in a ring.

ZESR Node Role A ZESR node can act as a master node, a transit node, an edge control node,
or an edge assistant node.
l A master node implements the control function and transmits data in a ring.
l A transit node transmits data in a ring.
l An edge control node implements the control function and transmits data
in a secondary ring.
l An edge assistant node transmits data in a secondary ring.

5-108

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Name Description

Primary Port and When a device is configured as a master node or a transit node, two ports need
Secondary Port to be designated for it, that is, a primary port and a secondary port. The primary
port and secondary port of a transit node have the same functions, while the
primary port and secondary port of a master node have the following differences:
l When a ring is in UP state, the primary port of a master node is in
Forwarding state, and the secondary port is in Blocking state to block
logical loops.
l When a ring is in DOWN state, ZESR rapidly transits the secondary port
of a master node from Blocking state to Forwarding state to switch the
logical path quickly.

Boundary Port When a device is configured as an edge control node or an edge assistant
node, one port needs to be designated for it, that is, a boundary port.

ZESR Link Switching Introduction


ZESR eliminates logical loops by blocking some particular ports in a ring; and when the
states of some links in a ring change (from on to off, or from off to on), ZESR can rapidly
switch the logical paths.
Figure 5-37 shows the diagram of the master node blocking its secondary port when the
ring is in UP state.Figure 5-38 shows the diagram of the master node opening its secondary
port when the ring is in DOWN state. In both diagrams, switches A, B, C and D are
configured with a ZESR domain, in which switch A is the master node with port 1/1 as
its primary port and port 1/2 as its secondary port, and switches B, C and D are the transit
nodes.

PC 1 interchanges service data traffic with PC 2. The arrows in the diagrams indicate the
flow of the service data.

Figure 5-37 Diagram of the Master Node Blocking its Secondary Port When the Ring
is in UP State

5-109

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-38 Diagram of the Master Node Opening its Secondary Port When the Ring
is in DOWN State

As shown in Figure 5-37, all links operate properly, the ring is in UP state, the secondary
port of the master node is blocked, and traffic needs to go through switch C and switch D.
As shown in Figure 5-38, the link between switch B and switch C is disconnected, the ring
state is changed to DOWN, ZESR rapidly transits the secondary port of the master node
to Forwarding state, and traffic is switched quickly to switch A without going through switch
C and switch D.
When the link between switch B and switch C recovers from disconnection, the secondary
port of the master node is blocked again, the ring is switched to UP state, and the entire
ZESR region returns to the state shown in Figure 5-37.

link-hello Link Connectivity Detection Overview


Figure 5-39 shows the transmission link fault diagram. Switch C does not have a direct
connection with switch D. They are interconnected with each other through transmission
links.
When the transmission link marked in red in the middle of the transmission links
encounters a bidirectional connectivity failure, switch C and switch D are still in UP state.
If the bidirectional connectivity detection function is not enabled for the transmission link,
switch C and switch D will not be able to perceive this failure and for this reason ZESR
link switching will not be triggered.
If the link-hello link connectivity detection function is enabled on the ports through which
switch C and switch D are interconnected with each other, these ports will periodically send
link-hello detection packets to each other. If a port does not receive the link-hello detection
packet from the peer port within a specified time period, the switch will consider this as a
link failure. The device will immediately block the ports on the link and inform the master
node to implement link switching.

5-110

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-39 Transmission Link Fault Diagram

Configuring ZESR
The ZESR configuration includes the following commands:

Step Command Function

1 ZXR10(config)#set zesr ctrl-vlan <1-4094> Create a ZESR domain.


protect-instance <1-16> The control VLAN of a ZESR domain
cannot be a service VLAN. It cannot
have any conflict with a service VLAN
or a Network Management VLAN. The
PVID of a port cannot be used as the
control VLAN.

2 ZXR10(config)#set zesr ctrl-vlan <cvlan Configures a node as the node on the


id> major-level role {master | transit | primary ring.
zess-master | zess-transit}{primary-port <port1>|
primary-trunk <trunkId>}{secondary-port
<port2>| secondary-trunk <trunkId>}

ZXR10(config)#set zesr ctrl-vlan <1-4094> Configures a node as the master node


level <1-2> seg <1-10> role {master | or a transit node on a secondary ring.
transit}{primary-port <port1>| primary-trunk
<trunkId>}{secondary-port <port2>|
secondary-trunk <trunkId>}

5-111

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Step Command Function

ZXR10(config)#set zesr ctrl-vlan <1-4094> Configures a node as an edge assistant


level <1-2> seg <1-10> role {edge-assistant | node or an edge control node on a
edge-control}{edge-port <port>| edge-trunk secondary ring.
<trunkId>}

3 ZXR10(config)#set zesr ctrl-vlan <1-4094> Configures the preforward time and the
major-level preforward <10-600>[preup < preup time for a node on the primary
0-500>] ring.
The default value for the preforward time
is 10 seconds, and the default value for
the preup time is 0 second.
The configuration of the preforward time
and the preup time is required to satisfy
the following condition: preforward >
preup + link recovery time (10 seconds).

ZXR10(config)#set zesr ctrl-vlan <1-4094> level Configures the preforward time and the
<1-2> seg <1-10> preforward <10-600>[ preup preup time for a node on a secondary
<0-500>] ring.
l The preforward time: takes effect
during link failure recovery. During
the failure recovery, the faulty port
still remains blocked for some
time for the master node to block
the secondary port first to avoid
temporary loops.
After the master node blocks
the secondary port, it will inform
the node where the faulty port is
located to unblock the faulty port
immediately. If the node where
the faulty port is located does not
receive any notification from the
master node, the faulty port will
unblock itself when the preforward
time expires.
l The preup time: takes effect during
link failure recovery. During the
failure recovery, the master node
waits for the preup time before it
blocks the secondary port again,
to prevent the ring state from
repeatedly switching due to the

5-112

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Step Command Function

instability of the link state during the


failure recovery.

4 ZXR10(config)#set zesr link-hello <port-id>{ Configures whether to enable the


normal | special} link-hello function on a port. special
indicates enabling the hello-link function,
while normal indicates disabling the
hello-link function. The default value is
normal.
Link-hello, the bidirectional link
connectivity detection function of the
ZXR10 2900E applies to the scenario
where two nodes are interconnected
with each other not through a direct
connection but through transmission
links.

ZXR10(config)#set zesr link-hello hello-interval Configures the interval to send link-hello


<10-10000> fail-times <3-10> packets and the number of timeout
packets. The default values are 1000
ms and 5 timeout packets.
When the link-hello function is enabled
on a link, the devices at both ends of the
link must be enabled to send link-hello
packets, and the transmission intervals
of both ends should be set to the same.
The ZXR10 2900E supports enabling
the link-hello function on the Smartgroup
port.

5 ZXR10(config)#set zesr protocol-mac { normal | Configures the destination MAC mode


special} used in a ZESR protocol packet. The
default value is special mode.
The ZXR10 2900E supports configuring
the MAC address used in a ZESR
protocol packet. The modes of all nodes
in a ZESR region must have the same
configuration, that is, all nodes must be
configured to Normal mode or Special
mode.
l Normal mode: the destination
MAC address of a ZESR
protocol packet uses the address
00-E0-2B-00-00-04.

5-113

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Step Command Function

l Special mode: the destination MAC


address of a ZESR protocol packet
uses a ZTE-defined address.

6 ZXR10(config)#set zesr restart-time <30-600> Configures the ZESR restart time (s).
Default: 120.
Restart-time: the ZESR initialization
time during the device startup. During
this period, all ports in the ZESR ring are
in Blocking state.

7 ZXR10(config)#set zesr ctrl-vlan <1-4094> Configures not to send a TCN packet in


tcn-sending {enable | disable } a designated ZESR domain. By default,
a ZESR domain is configured to send
TCN packets.
A TCN packet is a packet sent when the
topology changes in the STP network.
Currently it is ZESR that triggers STP
to send TCN packets. In the ZESR and
STP hybrid networking environment, in
order for the STP network to perceive
the topology change of the ZESR
network, ZESR is required to send TCN
packets to the STP network when it
detects the topology change.

ZXR10(config)#set zesr tcn-sending {port Configures to enable or disable the TCN


<portlist>| trunk <trunklist>}{enable | disable } packet sending function on a port. By
default, a port is configured not to send
TCN packets.
Only in the condition that the TCN packet
sending function is enabled both in a
ZESR region and on the corresponding
port in that region, the corresponding
port will send out TCN packets when the
ZESR ring state changes.

ZESR Single-Domain Multi-Ring Configuration Example


Figure 5-40 shows the ZESR single-domain multi-ring configuration example. Switches A
to F are configured with a ZESR domain, which contains a primary ring and a secondary
ring. This is called single-domain multi-ring configuration.

Purpose
l The control VLAN of the ZESR domain is VLAN 4000, and the protection instance is
instance 1 (including VLANs 100 to 110).

5-114

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

l Switch A is the master node of the primary ring with Trunk1 as its primary port and
port 1/2 as its secondary port.
l Switches B to D are the transit nodes of the primary ring.
l Switch E is the master node of the secondary ring with port 1/1 as its primary port and
port 1/2 as its secondary port.
l Switch F is the transit node of the secondary ring. Switches A and B are the edge
assistant nodes of the secondary ring.

Figure 5-40 ZESR Single-Domain Multi-Ring Configuration Example

Configurations on switch A:
/*Run the following commands to configure the spanning tree instance.*/
Switch_A(config)#set stp enable
Switch_A(config)#set stp forceversion mstp
Switch_A(config)#set stp instance 1 add vlan 100-110

/*Run the following command to configure the ZESR domain with VLAN 4000 as
the control VLAN and protection instance 1 as the protection instance.*/
Switch_A(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch A as the master node of the
primary ring with Smartgroup1 as its primary port and port 1/2 as its
secondary port.*/
Switch_A(config)#set zesr ctrl-vlan 4000 major-level role master
primary-trunk 1 secondary-port 1/2

/*Run the following command to configure switch A as the edge assistant


node of the secondary ring Level1Seg1 with port 1/4 as its boundary port.*/
Switch_A(config)#set zesr ctrl-vlan 4000 level 1 seg 1 role edge-assistant port 1/4

5-115

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Configurations on switch B:
/*Run the following commands to configure the spanning tree instance.*/
Switch_B(config)#set stp enable
Switch_B(config)#set stp forceversion mstp
Switch_B(config)#set stp instance 1 add vlan 100-110

/*Run the following command to configure the ZESR domain with VLAN 4000 as
the control VLAN and protection instance 1 as the protection instance.*/
Switch_B(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch B as the transit node of the
primary ring with port 1/1 as its primary port and port 1/2 as its
secondary port.*/
Switch_B(config)#set zesr ctrl-vlan 4000 major-level role transit
primary-port 1/1 secondary-port 1/2

/*Run the following command to configure switch B as the edge assistant


node of the secondary ring Level1Seg1 with port 1/3 as its boundary port.*/
Switch_A(config)#set zesr ctrl-vlan 4000 level 1 seg 1 role edge-assistant port 1/3

Configurations on switch C:
/*Run the following commands to configure the spanning tree instance.*/
Switch_C(config)#set stp enable
Switch_C(config)#set stp forceversion mstp
Switch_C(config)#set stp instance 1 add vlan 100-110

/*Run the following command to configure the ZESR domain with VLAN 4000 as
the control VLAN and protection instance 1 as the protection instance.*/
Switch_C(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch C as the transit node of the
primary ring with port 1/1 as its primary port and port 1/2 as its
secondary port.*/
Switch_C(config)#set zesr ctrl-vlan 4000 major-level role transit
primary-port 1/1 secondary-port 1/2

Configurations on switch D:
/*Run the following commands to configure the spanning tree instance.*/
Switch_D(config)#set stp enable
Switch_D(config)#set stp forceversion mstp
Switch_D(config)#set stp instance 1 add vlan 100-110t

/*Run the following command to configure the ZESR domain with VLAN 4000 as
the control VLAN and protection instance 1 as the protection instance.*/
Switch_D(config)#set zesr ctrl-vlan 4000 protect-instance

5-116

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

/*Run the following command to configure switch D as the transit node of the
primary ring with Trunk1 as its primary port and port 1/2 as its secondary port.*/
Switch_D(config)#set zesr ctrl-vlan 4000 major-level role transit
primary-trunk 1 secondary-port 1/2

Configurations on switch E:
/*Run the following commands to configure the spanning tree instance.*/
Switch_E(config)#set stp enable
Switch_E(config)#set stp forceversion mstp
Switch_E(config)#set stp instance 1 add vlan 100-110

/*Run the following command to configure the ZESR domain with VLAN 4000 as
the control VLAN and protection instance 1 as the protection instance.*/
Switch_E(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch E as the master node of the
secondary ring Level1Seg1 with port 1/1 as its primary port and port 1/2
as its secondary port.*/
Switch_E(config)#set zesr ctrl-vlan 4000 level 1 seg 1 role master
primary-port 1/1 secondary-port 1/2

Configurations on switch F:
/*Run the following commands to configure the spanning tree instance.*/
Switch_F(config)#set stp enable
Switch_F(config)#set stp forceversion mstp
Switch_F(config)#set stp instance 1 add vlan 100-11

/*Run the following command to configure the ZESR domain with VLAN 4000 as
the control VLAN and protection instance 1 as the protection instance.*/
Switch_F(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch F as the transit node of the
secondary ring Level1Seg1 with port 1/1 as its primary port and port 1/2
as its secondary port.*/
Switch_F(config)#set zesr ctrl-vlan 4000 level 1 seg 1 role transit
primary-port 1/1 secondary-port 1/2

ZESR Single-Ring Multi-Domain Configuration Example


Figure 5-41 shows the ZESR single-ring multi-domain configuration example. Switches
A to D are configured with two ZESR domains. This is called single-ring multi-domain
configuration.
Purpose
l The control VLAN of ZESR domain 1 is VLAN 4000, and the protection instance is
instance 1 (including VLANs 100 to 110). The control VLAN of ZESR domain 2 is
VLAN 4001, and the protection instance is instance 2 (including VLANs 200 to 210).

5-117

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

l Switch A is the master node in ZESR domain 1 with port 1/1 as its primary port and
port 1/2 as its secondary port. Switch A is also the master node in ZESR domain 2
with port 1/2 as its primary port and port 1/1 as its secondary port.
l Switches B to D are the transit nodes in both ZESR domains.

Note:
When multiple ZESR domains are configured on a physical ring, service data traffic in
different ZESR domains can be planned to go through different paths by proper settings
to achieve load balancing.

Figure 5-41 ZESR Single-Ring Multi-Domain Configuration Example

Configurations on switch A:
/*Run the following commands to configure the spanning tree instance.*/
Switch_A(config)#set stp enable
Switch_A(config)#set stp forceversion mstp
Switch_A(config)#set stp instance 1 add vlan 100-110
Switch_A(config)#set stp instance 2 add vlan 200-210

/*Run the following commands to configure the ZESR domains with


protection instance 1 as the protection instance of ZESR domain 1
and protection instance 2 as the protection instance of ZESR domain 2.*/
Switch_A(config)#set zesr ctrl-vlan 4000 protect-instance 1
Switch_A(config)#set zesr ctrl-vlan 4001 protect-instance 2

/*Run the following command to configure node roles, that is, switch A
is the master node in ZESR domain 1 with port 1/1 as its primary port
and port 1/2 as its secondary port.*/
Switch_A(config)#set zesr ctrl-vlan 4000 major-level role master
primary-port 1/1 secondary-port 1/2

5-118

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

/*Run the following command to configure node roles, that is, switch A
is the master node in ZESR domain 2 with port 1/2 as its primary port
and port 1/1 as its secondary port.*/
Switch_A(config)#set zesr ctrl-vlan 4001 major-level role master
primary-port 1/2 secondary-port 1/1

Configurations on switch B:
/*Run the following commands to configure the spanning tree instance.*/
Switch_B(config)#set stp enable
Switch_B(config)#set stp forceversion mstp
Switch_B(config)#set stp instance 1 add vlan 100-110
Switch_B(config)#set stp instance 2 add vlan 200-210

/*Run the following commands to configure the ZESR domains with


protection instance 1 as the protection instance of ZESR domain 1
and protection instance 2 as the protection instance of ZESR domain 2.*/
Switch_B(config)#set zesr ctrl-vlan 4000 protect-instance 1
Switch_B(config)#set zesr ctrl-vlan 4001 protect-instance 2

/*Run the following command to configure node roles, that is, switch B
is the transit node in ZESR domain 1 with port 1/1 as its primary port
and port 1/2 as its secondary port.*/
Switch_B(config)#zesr ctrl-vlan 4000 major-level role transit
primary-port 1/1 secondary-port 1/2

/*Run the following command to configure node roles, that is, switch B
is the transit node in ZESR domain 2 with port 1/1 as its primary port
and port 1/2 as its secondary port.*/
Switch_B(config)#zesr ctrl-vlan 4001 major-level role transit
primary-port 1/1 secondary-port 1/2

Configurations on switch C and switch D are the same as those on switch B.

ZESR Dual-Node Dual-Uplink Configuration Example


Figure 5-42 shows the ZESR dual-node dual-uplink configuration example. The third part
device switch C that does not support ZESR acts as an uplink node and connects with the
top network through STP. Switches A and B are configured with a ZESR domain. This is
called a dual-node dual-uplink topology.
Purpose
l The control VLAN of the ZESR domain is VLAN 4000, and the service VLANs are
VLANs 100 to 110.
l Switch A is the master node with port 1/2 as its primary port and port 1/1 as its
secondary port. Switch B is the transit node.

5-119

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

l In order for switch C and the top network to perceive the topology change of the
underlying network, port 1/1 of switch A and port 1/1 of switch B are enabled with the
TCN packet sending function to notify the network topology change upwards.

Figure 5-42 ZESR Dual-Node Dual-Uplink Configuration Example

Configurations on switch A:
/*Run the following commands to configure the spanning tree instance.*/
Switch_A(config)#set stp enable
Switch_A(config)#set stp forceversion mstp
Switch_A(config)#set stp instance 1 add vlan 100-110

/*Run the following command to configure the ZESR domain with VLAN 4000
as the control VLAN and protection instance 1 as the protection instance.*/
Switch_A(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch A as the master node of the
primary ring with port 1/2 as its primary port and port 1/1 as its
secondary port.*/
Switch_A(config)#set zesr ctrl-vlan 4000 major-level role zess-master
primary-port 1/2 secondary-port 1/1

/*Run the following commands to enable the TCN packet sending function
on port 1/1.*/
Switch_A(config)#set zesr tcn-sending port 1/1 enable

Configurations on switch B:
/*Run the following commands to configure the spanning tree instance.*/
Switch_B(config)#set stp enable
Switch_B(config)#set stp forceversion mstp
Switch_B(config)#set stp instance 1 add vlan 100-11

5-120

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

/*Run the following command to configure the ZESR domain with VLAN 4000
as the control VLAN and protection instance 1 as the protection instance.*/
Switch_B(config)#set zesr ctrl-vlan 4000 protect-instance 1

/*Run the following command to configure switch B as the transit node of the
primary ring with port 1/1 as its primary port and port 1/2 as its
secondary port.*/
Switch_B(config)#set zesr ctrl-vlan 4000 major-level role zess-transit
primary-port 1/1 secondary-port 1/2

/*Run the following commands to enable the TCN packet sending function
on port 1/1.*/
Switch_B(config)#set zesr tcn-sending port 1/1 enable

Configurations on switch C:
/*Run the following commands to configure the spanning tree
instance: the configuration commands from vendors differ.
Refer to the user guides published by respective vendors.*/
Switch_C(config)#set stp enable
Switch_C(config)#set stp forceversion mstp
Switch_C(config)#set stp instance 1 add vlan 100-110

5.32 ZESS Configuration


ZESS is an efficient link switching mechanism, which allows two links on a device to back
up each other and always elect one of them for data transmission. If the link in current
use fails, ZESS can switch to the backup link rapidly and automatically to guarantee the
normal service data transmission.

Basic ZESS Concepts


For a description of the basic ZESS concepts, refer to Table 5-4:

Table 5-4 Basic ZESS Concepts

Name Description

ZESS Domain A ZESS domain consists of a control VLAN and a protection instance.
There are two states for a ZESS domain:
l UP indicates that each link in a ZESS domain operates properly.
l DOWN indicates that at least one link in a ZESS domain is disconnected.

ZESS Node A device that is configured with a ZESS domain is called a ZESS node.

5-121

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Name Description

Control VLAN The control VLAN of a ZESS domain forwards ZESS protocol packets (Flush
packets).
A Flush packet is sent from a ZESS node during ZESS link switching to inform
the relevant devices to refresh the MAC address table. The control VLAN is not
required for a ZESS domain. If the control VLAN is not configured, no Flush
packets will be sent during ZESS link switching.

Receive-VLAN A Receive-VLAN can be configured on the device that is connected with a


ZESS node and should have the same VLAN ID as that of the control VLAN
of a ZESS node.
Only after a node is configured with a Receive-VLAN will it refresh the MAC
address table when it receives a Flush packet from this VLAN to accelerate
link convergence.

Protection An instance in MSTP is used as the protection instance of a ZESS domain.


Instance and The VLAN in a protection instance (that is, service VLAN) is used for service
Service VLAN data transmission.

Primary/Sec- When a device is configured with a ZESS domain, the primary port and the
ondary Port and secondary port are designated to it. The link where the primary port is located is
Primary/Sec- called the primary link and the link where the secondary port is located is called
ondary Link the secondary link. Both links can back up each other.

Reversal Mode In the condition that the primary link is disconnected and the secondary link is in
and Non-Reversal use for data transmission, if the primary link recovers from disconnection, there
Mode are two modes of processing: reversal mode and non-reversal mode.
l In reversal mode, ZESS switches data traffic to the primary link and blocks
the secondary link.
l In non-reversal mode, ZESS continues to use the secondary link for data
transmission and blocks the primary link.

ZESS Operating Flow


Figure 5-43 shows the ZESS network topology. Switch A is configured with a ZESS domain
with port_1/1 as the primary port and port_1/2 as the secondary port.

5-122

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-43 ZESS Network Topology

Here is a description of the ZESS operating flow:


1. In the initial state, both the primary link and the secondary link operate properly. Then
ZESS blocks the secondary link and uses the primary link for data forwarding.
2. When the primary link is disconnected, ZESS rapidly switches the secondary link to
Forwarding state and blocks the primary link.
3. When the primary link recovers from disconnection, if reversal mode is enabled,
ZESS will set the primary link to Forwarding state and blocks the secondary link; if
non-reversal mode is enabled, ZESS will block the primary link and continues to use
the secondary link for data transmission.

Note:
In reversal mode, when the primary link recovers from disconnection, the link is not
switched immediately but after a period of the preup time.

Configuring ZESS
The ZESS configuration includes the following commands:

Step Command Function

1 ZXR10(config)#set zess domain <1-4> Creates a ZESS domain.


protect-instance <1-16> primary {port The control VLAN must be elected from
<port-name>| trunk <trunk-name>} secondary idle VLANs. It cannot have any conflict with
{port <port-name>| trunk <trunk-name>} service VLANs or Network Management
VLANs.

5-123

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Step Command Function

2 ZXR10(config)#set zess domain <1-4> mode Configures the ZESS switching mode. The
{revertive | non_revertive} default value is reversal mode.
Here are two ZESS switching modes:
l Revertive: reversal mode.
l Non_revertive: non-reversal mode.

3 ZXR10(config)#set zess domain <1-4> Configures the control VLAN.


ctrl-vlan <1-4094>

4 ZXR10(config)#set zess domain < 1-4> Configures the preup time (s). Default: 5.
preup <1-600> The preup time is used in reversal mode.
In the condition that the primary link is
disconnected and the secondary link is in
use for data forwarding, if the primary link
recovers from disconnection, ZESS does
not switch the data traffic to the primary
link immediately. It waits for the preup
time before it implements the switching, to
prevent the switching from occurring when
the primary link recovery is still unstable.

5 ZXR10(config)#set zess receive-vlan Configures a port to enable the capability of


<1-4094>{port <port-name>| trunk receiving Flush packets from a designated
<trunk-name>} control VLAN.

6 ZXR10(config)#clear zess receive-vlan Clears the Flush packet receiving capability


{<1-4094>| all} of a port.

ZESS Configuration Example


Figure 5-44 shows the ZESS networking configuration. Switch B and switch C are in the
top network. Switch A is configured as a ZESS node. Here, ZESS is used for single-device
dual-uplink backup to achieve the Ethernet smart switch function.

Switch A is configured with two ZESS domains. To achieve load balancing, the primary
and secondary ports of one domain operate as the secondary and primary ports of the
other domain, respectively.
l In ZESS domain 1, the control VLAN is VLAN4000, the protection instance is instance
1, the primary port is port_1/1 and the secondary port is port_1/2.
l In ZESS domain 2, the control VLAN is VLAN4001, the protection instance is instance
2, the primary port is port_1/2 and the secondary port is port_1/1.
The capability of receiving Flush packets from the control VLANs VLAN4000 and
VLAN4001 is enabled on relevant ports of switch B and switch C.

5-124

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-44 ZESS Networking Configuration

Configurations on switch A:
/*Run the following commands to configure a protection instance.*/
Switch_A(config)#set stp enable
Switch_A(config)#set stp instance 1 add vlan 100-110

/*Run the following commands to configure a ZESS domain.*/


Switch_A(config)#set zess domain 1 protect-instance 1 primary port_1/1 secondary port_1/2
Switch_A(config)#set zess domain 2 protect-instance 2 primary port_1/2 secondary port_1/1

/*Run the following commands to configure the control VLAN.*/


Switch_A(config)#set zess domain 1 ctrl-vlan 4000
Switch_A(config)#set zess domain 2 ctrl-vlan 4001

Configurations on switch B:
/*Run the following commands to configure a protection instance.*/
Switch_B(config)#set stp enable
Switch_B(config)#set stp instance 1 add vlan 100-110

/*Run the following commands to configure receive-vlans.*/


Switch_B(config)#set zess receive-vlan 4000 port 1/2
Switch_B(config)#set zess receive-vlan 4001 port 1/2
Switch_B(config)#exit

Configurations on switch C:
/*Run the following commands to configure a protection instance.*/
Switch_C(config)#set stp enable
Switch_C(config)#set stp instance 1 add vlan 100-110

5-125

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

/*Run the following commands to configure receive-vlans.*/


Switch_C(config)#set zess receive-vlan 4000 port 1/1
Switch_C(config)#set zess receive-vlan 4001 port 1/1
Switch_C(config)#exit

5.33 OAM Configuration


OAM Overview
With the rapid development of Ethernet technology, Ethernet network proportion gradually
increases in network structure. Ethernet devices replacing ATM network devices and other
devices are widely used in access, convergence layer and backbone network. Due to the
great application, Operation, Administration and Maintenance (OAM) function of Ethernet
devices receive much concern. The main Ethernet OAM protocols are shown below.

l IEEE 802.3ah (Operations, Administration, and Maintenance-OAM)


l IEEE 802.1ag (Connectivity Fault Management) (Draft)
l ITU-Y 1731 (OAM functions and mechanisms for Ethernet based networks ) (Draft)
IEEE 802.3ah operations, administration and maintenance standard is the formal standard,
which aims at the management of link level. It monitors and troubleshoots the point to
point (virtual point to point) Ethernet link. It has the important meaning for connection
management of Last One Mile. The faults take place constantly on Last One Mile.
The ZXR10 2900E series switch supports IEEE 802.3ah.
Ethernet OAM Main Function
l OAM Discovery Function: After enabling Ethernet OAM function, the ZXR10 2900E
series switch can detect the remote DTE device which has OAM function. After
coordinating with the peer OAM, enter normal Ethernet OAM interaction process .
l Remote Link Event Alarm: OAM function inspects the events of remote link, and
adopts the corresponding responding methods. When the fault takes place on remote
link, OAM defines the event and announces it to remote OAM client. The detailed
events announcement packet is also provided.
OAM defines the following link events.
1. Link Failure: The physical layer locates the failure that take place on receiving
direction of local DTE.
2. Emergency Failure: The local failure event has happened, and this failure cannot
be recovered.
3. Emergency Events: The un-defined emergency event happens.
l OAM Remote Loopback: The ZXR10 2900E series switch provides optional data link
layer frame level loopback mode by OAM function. OAM remote loopback is used to
locate failure and examine the link performance. When remote DTE is on the OAM
remote loopback mode, the statistic data of local and remote DTE can be inquired and
compared at any time. OAM loopback frame can be analyzed to obtain the additional
information of link health (frame discard due to the link failure).

5-126

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

l Link Monitoring: The ZXR10 2900E series switch monitors and examines the link
state, and announces the specified frame events by OAM function. The specified
frame events can be classified into four types: error symbol period event, error
frame event and error frame period event, error frame-second statistic event. After
inspecting the error, OAM will respond and alarm the peer device by announcement
mechanism.
The link monitoring events are classified into four types: error symbol monitor event, error
frame monitor event, error frame-period monitor event and error frame-second statistic
monitor event. When the link monitoring information is viewed, the related error symbol,
the statistic of error frame and the statistic of local and peer link events will be shown on
each event.

Configuring OAM
The OAM configuration includes the following commands:

Command Function

zte(cfg)#set ethernet-oam {enable | disable} Enables or disables the global


OAM function.

zte(cfg)#set ethernet-oam port <portlist>{enable | disable} Enables or disables the OAM


function on the port.

zte(cfg)#set ethernet-oam port <portlist> period <1-10> Sets the OAM period, timeout time
timeout <2-20> mode {active | passive} and mode of the port.

zte(cfg)#set ethernet-oam remote-loopback timeout <1-10> Sets remote-loopback timeout


value on port.

zte(cfg)#set ethernet-oam remote-loopback port <portlist>{start Starts or stops OAM


| stop} remote-loopback function on
port.

zte(cfg)#set ethernet-oam org-specific {oui <XX-XX-XX>| Sets the specified content in


time-stamp <1-10>} OAMPDU packet.

zte(cfg)#set ethernet-oam port <portlist> link-monitor {enable | Enables or disables link monitor
disable} function.

zte(cfg)#set ethernet-oam port <portlist> link-monitor Sets the symbol period event
symbol-period threshold <1-65535> window <1-65535> which is used for link monitor.

zte(cfg)#set ethernet-oam port <portlist> link-monitor frame Sets the error frame.
threshold <1-65535> window <1-60>

zte(cfg)#set ethernet-oam port <portlist> link-monitor Sets the period of error frame.
frame-period threshold <1-65535> window <1-600000>

zte(cfg)#set ethernet-oam port <portlist> link-monitor Sets error frame summary.


frame-seconds threshold <1-900> window <10-900>

5-127

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show ethernet-oam (all configuration modes) Displays OAM global configuration


information.

show ethernet-oam port (all configuration modes) Displays OAM port summary
information.

show ethernet-oam port <portlist> discovery (all configuration Displays port OAM discovery
modes) state.

show ethernet-oam port <portlist> statistics (all configuration Displays port OAM statistics
modes) information.

show ethernet-oam port <portlist> link-monitor (all configuration Displays port OAM link event
modes) configuration and state.

OAM Remote Loopback Configuration Instance


l Configuration Description
OAM remote loopback is used to locate failure and examine the link performance.
The function is based on OAM discovery. See Figure 5-45, the user logs in to the
switch A through console port and configures OAM, Enable OAM and the port remote
loopback of the other end. When remote switch B is on the OAM remote loopback
mode, the statistic data of local and remote switch can be inquired and compared at
any time. OAM loopback frame can be analyzed to obtain the additional information
of link health (frame discard due to the link failure).

Figure 5-45 Remote Loop Network

l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set ethernet-oam en
zte(cfg)#set ethernet-oam port 1 en
2. Configuration of switch B:
zte(cfg)#set ethernet-oam enable
zte(cfg)#set ethernet-oam port 2 enable
zte(cfg)#show Ethernet-oam port 2 discovery
PortId 2: ethernet oam enabled
Local DTE /*the local device information*/
-----------
Config:
Mode : active
/*the port mode must be active, or the discovery is failure*/

5-128

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Period : 10*100(ms)
Link TimeOut : 5(s)
Unidirection : nonsupport
PDU max size : 1518
Status:
Parser : forward
Multiplexer : forward
Stable : yes
/*yes represents that discovery succeeds. no represents discovery fails.*/
Discovery : done
/*discovery succeeds. undonerepresents that discovery fails*/
Loopback : off
PDU Revision : 92

Remote DTE /*the remote device information*/


-----------
Config:
Mode : active
Link Monitor : support
Unidirection : nonsupport
Remote Loopback : support
Mib Retrieval : nonsupport
PDU max size : 1518
Status:
Parser : forward
Multiplexer : forward
Stable : yes
Mac Address : 00.d0.d0.29.28.02
/*the system MAC of the remote device.
The MAC address is 00.00.00.00.00.00 when discovery fails.*/
PDU Revision : 967
zte(cfg)#set ethernet-oam remote-loopback port 2 start
zte(cfg)#show ethernet-oam port 2 discovery
PortId 2: ethernet oam enabled
Local DTE
-----------
Config:
Mode : active
Period : 10*100(ms)
Link TimeOut : 5(s)
Unidirection : nonsupport
PDU max size : 1518
Status:
Parser : discard /*the parser state is discard*/
Multiplexer : forward

5-129

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Stable : yes
Discovery : done
Loopback : on(Master)
/*the local is the active originator (Master).
The other end displays as slave.*/
PDU Revision : 1431
Remote DTE
-----------
Config:
Mode : active
Link Monitor : support
Unidirection : nonsupport
Remote Loopback : support
Mib Retrieval : nonsupport
PDU max size : 1518
Status:
Parser : loopback /*the parser state is loopback*/
Multiplexer : discard /*the multiplexer state is discard*/
Stable : yes
Mac Address : 00.d0.d0.29.28.02
PDU Revision : 28
zte(cfg)#set ethernet-oam remote-loopback port 2 stop
/*disable OAM remote-loopback on port2.
The switch replies OAM discovery success.*/

Key points of configuration:


The switch gives the following prompts when OAM discovery failure occurs, or starting
and stopping remote loopback.
OAM discovery is completed successfully on port 2, the following information appears.
SAT JUL 03 23:30:00 2004 ETH-OAM port 2's discovery process is successful.

Disconnect the network cable between switches, the following information appears.
SAT JUL 03 23:33:00 2004 ETH-OAM port 2 deteced
a fault in the local receive direction.

OAM Link Control Event Configuration Instance


l Configuration Description

OAM monitor function can notify the abnormal frame of the link receiver to the local.
The function is based on OAM discovery. See Figure 5-46, the user logs in to the
switch A through console port and configures OAM. Enable OAM and the port link
monitor of the switch B. Then the error frame and the error symbol can be detected
and announced to local switch A.

5-130

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-46 Link Control Network

l Configuration Procedure
1. Configuration of switch A:
zte(cfg)#set ethernet-oam enable
zte(cfg)#set ethernet-oam port 2 enable
2. Configuration of switch B:
zte(cfg)#set ethernet-oam enable
zte(cfg)#set ethernet-oam port 1 enable
zte(cfg)#set ethernet-oam port 1 link-monitor enable
zte(cfg)#set ethernet-oam port 1 lin symbol-period threshold 10 window 10
zte(cfg)#set ethernet-oam port 1 lin frame threshold 10 window 20
zte(cfg)#set ethernet-oam port 1 link-monitor frame-period threshold 5
window 1000
zte(cfg)#set ethernet-oam port 1 link-monitor frame-seconds threshold 10
window 30
zte(cfg)#show eth port 1 link-monitor
Link Monitoring of Port: 1 enabled
Errored Symbol Period Event:
Symbol Window : 10(million symbols)
Errored Symbol Threshold : 10
Total Errored Symbols : 0
Local Total Errored Events : 0
Remote Total Errored Events : 0

Errored Frame Event:


Period Window : 20(s)
Errored Frame Threshold : 10
Total Errored Frames : 0
Local Total Errored Events : 0
Remote Total Errored Events : 0

Errored Frame Period Event:


Frame Window : 1000(ten thousand frames)
Errored Frame Threshold : 5
Total Errored Frames : 0
Local Total Errored Events : 0
Remote Total Errored Events : 0

Errored Frame Seconds Event:


Errored Seconds Window : 30(s)

5-131

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Errored Seconds Threshold : 10(s)


Total Errored Frame Seconds : 0(s)
Local Total Errored Frame Seconds Events : 0
Remote Total Errored Frame Seconds Events : 0

5.34 sFlow Configuration


The sFlow configuration includes the following commands:

Command Function

zte(cfg)#set sflow agent-address <A.B.C.D>[udp-port Sets the IP address of an sFlow


<1-65535>] agent.

zte(cfg)#set sflow collector-address <A.B.C.D>[udp-port Sets the IP address of an sFlow


<1-65535>] collector.

zte(cfg)#set sflow version <number> Sets the format version of sFlow


sampling packets.

zte(cfg)#set sflow {ingress | egress}{enable | disable} Enables or disables the sFlow


function on an ingress or an
egress.

zte(cfg)#set sflow {ingress | egress} reload-mode { continue | cpu} Sets the reloading mode on an
sFlow ingress or egress.

zte(cfg)#set sflow ingress sample-mode {all | forward} Sets the sampling mode on an
sFlow ingress or egress.

zte(cfg)#set sflow {ingress | egress} port <portlist> packet-sample Disables port-based sFlow
off sampling.

zte(cfg)#set sflow {ingress | egress} port <portlist> Enables port-based sFlow


packet-sample on frequency <2-16000000>[time-range sampling or associates with a time
<word>] range.

zte(cfg)#clear sflow config [{agent | collector}] Clears sFlow configuration on


ports.

zte(cfg)#clear sflow statistic Clears statistics information on


ports.

show sflow (all configuration modes) Displays all sFlow configuration.

5-132

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

5.35 PP Configuration
PP Overview
Protocol Protect (PP) maintains and monitors the rate of packets forwarded to the CPU,
thus preventing viruses or spiteful attacks to the switch. In this way, the switch provides
self-protection ability and ensures network security.

PP takes the following measures: limiting the rates of related services, filtering unsuitable
packets, sending alarms when there are packets sent at an abnormal rate, and reminding
NMS that there may be packets attacking the CPU.
To enhance flexibility and compatibility of the switch, PP provides the function of configuring
priority users for the protocol packets sent by the switch.

Configuring PP
The PP configuration includes the following commands:

Command Function

zte(cfg)#create protocol-protect mac-drop rule Creates a mac drop rule.


<1-128> src-mac <HH.HH.HH.HH.HH.HH> mask
<HH.HH.HH.HH.HH.HH>

zte(cfg)#set protocol-protect alarm port <portlist>{enable | Enables or disables the PP alarm


disable} function on a port.

zte(cfg)#set protocol-protect alarm port <portlist>{protocol-na Sets PP 30 second-protocol alarm


me}<0-18000> threshold.

zte(cfg)#set protocol-protect limit {group-name}<0-800> Sets the rate limit of sending


packets to the CPU.

zte(cfg)#set protocol-protect priority{protocol-name|all}{<0-7 Sets PP protocol priority.


>|default}

zte(cfg)#set protocol-protect mac-drop {disable | enable} Enables the mac drop function.

zte(cfg)#set protocol-protect mac-drop rule <1-128> bind port Binds the mac drop rule with the
<portlist> port.

zte(cfg)#clear protocol-protect mac-drop counter [port Clears the number of messages


<portlist>] dropped by the mac drop function.

zte(cfg)#clear protocol-protect mac-drop port <portlist>[rule Clears the mac drop rules for
<1-128>] specified or all ports.

zte(cfg)#clear protocol-protect mac-drop rule [<1-128>] Clears specified mac drop rules.

show protocol-protect statistic [port <portlist>] (all configuration Displays statistics information of
modes) protocol packet alarms on a PP
port.

show protocol-protect limit (all configuration modes) Displays PP rate limit information.

5-133

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show protocol-protect priority (all configuration modes) Displays packet priority


configuration information.

show protocol-protect mac-drop port [<portlist>](all configuration Displays the rules and statistics
modes) bound with a specified port.

show protocol-protect mac-drop rule [<1-128>](all configuration Displays specified mac drop rules.
modes)

PP Configuration Instance
l Configuration Description
See Figure 5-47, Host 1 sends DHCP attack packets. Users can view the device
operating status and alarm information. Users also can view IGMP operating status
under DHCP packet attacks. The router sends IGMP query packets periodically.

Figure 5-47 PP Configuration Instance

l Configuration Procedure
zte(cfg)#set igmp snooping enable
zte(cfg)#set igmp snooping add vlan 1
zte(cfg)#set dhcp snooping-and-option82 enable
zte(cfg)#set dhcp snooping add port 1-3
l Configuration Verification
Use Host 1 to send DHCP Discover packets. View alarm information on the switch.
Thu Jul 1 17:53:18 2004 Receive too many packets of 'dhcp' from port 1

Use Host 2 to request joining the multicast group 225.0.0.1. View the multicast entity
on the device.
zte(cfg)#show igmp snooping vlan
Maximal group number: 1024
Current group number: 1

5-134

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Num VlanId Group Last_Report PortMember


---- ------- --------------- --------------- -------------------
1 1 225.0.0.1 10.40.1.10 2-3

5.36 LLDP Configuration


LLDP Overview
The Link Layer Discovery Protocol (LLDP) is a new protocol defined in the 802.1ab. This
protocol allows neighboring devices to send messages to each other to update physical
topology information and establish Management Information Bases (MIBs). The LLDP
workflow is described below:
1. The local device sends its link and management information to a neighbor device.
2. The local device receives the network management information of a neighbor device.
3. The MIB of the local device stores the network management information of all
neighbor devices, and a network management program can query layer-2 connection
information in the MIB.
The LLDP is not a configuration protocol of the remote system or a signaling control
protocol used between two ports. The LLDP discovers layer-2 protocol configuration
conflicts between neighbor devices, but it only reports the problem to an upper-layer
network management device, without providing any mechanism to solve the problem.
The LLDP is simply a neighbor discovery protocol that defines a standard for network
devices (such as switches, routers, and WLAN access points) in the Ethernet to advertise
their identities to other nodes in the network and store discovery information of all neighbor
devices. For example, device configuration and device IDs can be advertised by the LLDP.
The LLDP defines a universal advertisement information set, a protocol for sending
the advertisement information, and a method for storing the received advertisement
information. The device that wants to advertise its information can place multiple pieces
of advertisement information into a Link Layer Discovery Protocol Data Unit (LLDPDU).
The LLDPDU contains a variable-length message unit (called TLVs), which are described
below:
l Type: indicates the type of the message to be sent.
l Length: indicates the number of bytes in the message.
l Value: indicates the contents to be sent.
Each LLDPDU contains four mandatory TLVs and one optional TLV:

l Chassis ID TLV and Port ID TLV: identify the sender.


l TLL TLV: notifies the receiver of the storage period of a message. If the receiver does
not receive any update message within the specified period, the receiver discards all
the related messages. A recommended update frequency is defined by the IEEE, that
is, to send messages at 30-second intervals.

5-135

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

l Optional TLVs: includes a basic management TLV set (such as port description TLV),
a special TLV set defined by IEEE 802.1, a special TLV set defined by IEEE 802.3,
and an LLDP-MED TLV set defined by TIA.
l End of LLDPDU TLV: indicates the end of an LLDPDU.

Configuring LLDP
The LLDP configuration includes the following commands:

Command Function

zte(cfg)#lldp hellotime <5-32768> Sets the interval for sending LLDP


neighbor discovery messages.

zte(cfg)#lldp holdtime <2-10> Sets the LLDP neighbor holding


time.

zte(cfg)#lldp max-neighbor <1-31> Sets the maximum number of


neighbors that can be discovered
by LLDP.

zte(cfg)#lldp port <portlist>{enable | disable} Enables or disables all LLDP


functions on a specific port.

zte(cfg)#lldp port <portlist>{txenable | txdisable} Enables or disables the LLDP


sending function on a specific port.

zte(cfg)#lldp port <portlist>{rxenable | rxdisable} Enables or disables the LLDP


receiving function on a specific
port.

zte(cfg)#lldp port <portlist> med-tlv-select {capabilities-tlv Sets the optional MED TLV type
| extended-power-tlv | inventory-tlv | location-tlv | sent on a port.
network-policy-tlv}{enable | disable}

zte(cfg)#lldp port <portlist> max-neighbor <1-8> Sets the maximum number of


neighbors that can be discovered
on a specific LLDP port.

zte(cfg)#clear lldp neighbor port <portlist> Clears LLDP neighbors with whom
neighbor relationships have been
established.

zte(cfg)#clear lldp statistic port <portlist> Clears statistics information of


LLDP neighbors.

show lldp config port <portlist> (all configuration modes) Displays LLDP configuration
information.

show lldp neighbor port <portlist> (all configuration modes) Displays summary information of
LLDP neighbors.

show lldp entry port <portlist> (all configuration modes) Displays detailed information of
LLDP neighbors.

5-136

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show lldp statistic port <portlist> (all configuration modes) Displays statistics information of
LLDP neighbors.

LLDP Configuration Instance


l Configuration Description
See Figure 5-48, two switches are connected to each other through a twisted-pair. By
default, the LLDP function is enabled, and all parameters use the default values. Use
the show command to view neighbor establishment information.

Figure 5-48 LLDP Configuration Instance

l Configuration Verification
zte(cfg)#show lldp neighbor
Capability Codes:
P-Repeater, B-Bridge, W-WLAN Access Point, R-Router, T-Telephone
C-DOCSIS Cable Device, s-Station, S-Switch, O-Other
Interface DeviceID Hdtm Capability Platform PortID
---------- ----------------- ----- ---------- ------------------ --------------
port-19 00.d0.d0.09.29.18 110 B S ZXR10 2918E-PS port-9
Version V2.05.11B06
zte(cfg)#show lldp entry
--------------------------------------------------------
Local Port:port-1/1
Chassis ID:00.55.43.33.33.59 (MAC Address)
Port ID :port-1/48 (Interface Name)
TTL ID :102 (Time to live)
Port Description :port-1/48 status is up,media-type is 1000BaseT,pvid is 4094.
System Name :52PM
System Description:ZXR10 2918E-PS Version V2.05.11B06
System Capability :Bridge, Switch
Management Address:IPv4 - 192.168.100.100, ifIndex - 63, OID - Null

5.37 Single Port Loop Detection Configuration


Single Port Loop Detection Overview
Single port loop detection is to check whether a loop exists in the ports of the switch. If such
a loop exists, it may result in errors in learning MAC addresses and may easily cause a
broadcast storm. In severe case, switch and network may be down. Starting the single port

5-137

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

loop detection and disabling the port with loop can efficiently avoid the influence caused
by port loop.
The switch sends a test packet through a port. If this test packet is received through the
port without any change (or only a tag is attached), it indicates that a loop exists in this
port.
The test packet sent by the switch includes the following three parameters:
l Source MAC address: It indicates the MAC address of the switch. The MAC address
of each switch is unique.
l Port Number: Port numbers correspond to the numbers of the ports on the switch one
by one.
l Discrimination Field: For each switch, the digital signature of each port is different.
When three parameters in the receiving and sending test packets are same, the loop
definitely exists on this port.

Configuring Single Port Loop Detection


The configuration of single port loop detection includes the following contents:

Command Function

zte(cfg)#set loopdetect sendpktinterval <5-60> Sets the interval for sending loop
detection packet.

zte(cfg)#set loopdetect blockdelay <1-1080> Sets interval for blocking port with
loop.

zte(cfg)#set loopdetect port <portlist>{enable|disable} Enables or disables loop detection


on a port.

zte(cfg)#set loopdetect port <portlist> vlan <vlanlist>{enable|d Enables or disables loop detection
isable} on a port in a specific VLAN.

zte(cfg)#set loopdetect port <portlist> protect {enable | disable} Enables or disables port protection
when a loop occurs on a port.

zte(cfg)#set loopdetect extend port <portlist>{enable | disable} Enables or disables cross-device


loop detection on a port.

zte(cfg)#set loopdetect trunk <trunklist>{enable|disable} Enables or disables loop detection


on a trunk port.

zte(cfg)#set loopdetect trunk <trunklist> vlan Enables or disables loop detection


<vlanlist>{enable|disable} on a trunk port in a specific VLAN.

zte(cfg)#set loopdetect trunk <trunklist> protect {enable | Enables or disables trunk port
disable} protection when a loop occurs on
a trunk port.

zte(cfg)#set loopdetect extend trunk <trunklist>{enable | disable} Enables or disables cross-device


loop detection on a trunk port.

5-138

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

show loopdetect (all configuration modes) Displays loop detection


information.

show loopdetect port [<portlist>] (all configuration modes) Displays port information of loop
detection.

show loopdetect trunk [<trunklist>] (all configuration modes) Displays trunk information of loop
detection.

zte(cfg)#clear loopdetect Clears loop detection configuration


information.

Single Port Loop Detection Configuration Instance


l Configuration Description
See Figure 5-49, configure the single port loop detection function so that Port 1 on
Switch 1 can detect the loop on Switch 2 and block Port 1.

Figure 5-49 Single Port Loop Detection Configuration Topology

l Configuration Procedure
zte(cfg)#set loopdetect port 1 enable
l Configuration Verification
Check the loop detection state of Switch 2:

zte(cfg)#show loopdetect
The block-delay of loopdetect : 5 (min)
The packet interval of loopdetect : 15 (sec)
PortId isUp isStp isProtect isExtend loopVlanNum loopType
------ ---- ----- --------- -------- ----------- ---------
1 Up No Yes No 1 Port

zte(cfg)#show loopdetect port 1


PortId : 1
VlanId isLoop isBlock
------ ------ -------
1 Yes Yes

5-139

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Double Ports Loop Detection Configuration Instance


l Configuration Description
See Figure 5-50, configure the double ports loop detection function of loop-detect of
switch2 to suppress broadcast storm of network under switch2.

Figure 5-50 Double Ports Loop Detection Configuration Topology

l Configuration Procedure
Switch2(cfg)#set loopdetect port 1,2 enable
Switch2(cfg)#set loopdetect extend port 1 enable
l Configuration Verification
Check the loop detection state of switch2.
Switch2(cfg)#show loopdetect
The block-delay of loopdetect : 5 (min)
The packet interval of loopdetect : 15 (sec)
PortId isUp isStp isProtect isExtend loopVlanNum loopType
------ ---- ----- --------- -------- ----------- ---------
1 Up No Yes Yes 1 Port
2 Up No Yes No 0 Port

5.38 UDLD Configuration


UDLD Overview
UniDirectional Link Detection (UDLD) is a Layer 2 logical link detection protocol. It can
detect logical connectivity of Ethernet links and verify physical connectivity. Different from
physical connectivity detection, UDLD is neighbor-based detection. Layer 1 devices are
transparent for UDLD.
UDLD needs to establish neighbor relationship between Layer 2 devices first, A port
supports a maximum number of 12 neighbors. When the UDLD function is enabled on
an Ethernet port whose status is up, the port sends a Probe message inviting a neighbor
device to join. The port on which the UDLD function is enabled on the neighbor device
receives the Probe message and sends an Echo message. If the port receives the Echo
message, the connection between the devices works properly in both directions in the
view of the local device. Neighbor relationship is established with the peer device on the
local device. The local devices sends an Echo message. After the peer device receives
the Echo message, the neighbor relationship is established between the devices.
After neighbor relationship is established, the devices send Hello messages periodically
to detect whether the link is operating properly. When receiving a Hello message from the
neighbor, a device updates the neighbor information saved locally and resets the time-out

5-140

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

period of the neighbor. If the device does not receives a Hello message when the time-out
period expires, it is considered that the a fault occurs to the neighbor and the neighbor is
aged. If the last neighbor is deleted due to aging, it is considered that the link is not in
normal operating state. It is necessary to handle the problem according to working mode.
There are two UDLD working modes: normal mode and aggressive mode.
l In normal mode, only when the device receives a protocol message confirming that
the link is connected incorrectly will the port be shut down. If the device does not
receive the related message or cannot confirm that the link is working properly in one
direction, the device does not operate the port.
l In aggressive mode, if the device cannot confirm that the link is working properly in
both directions (such as the link is connected incorrectly, the link is working properly
only in one direction or the link is a self-loop), the port is shut down. It is necessary to
use the reset or recovery command to recover the communication ability of the port.
UDLD shuts down a port in the following situations.
l In both modes, when an Echo message is sent, the device detects that the neighbor
of the peer port is not the device itself during the final neighbor detection.
l In aggressive mode, the status becomes PROBE because the last neighbor is aged,
and multiple Probe messages are sent continuously without any response.
l In aggressive mode, the port receives the UDLD message sent by itself and there is
a self-loop.
To prevent a neighbor from being aged by mistake, a local device sends Flush messages
on its own initiative to the port on which the UDLD function is enabled in the following
situations.
l The port is down administratively.
l UDLD is down on the port.
l The device is restarted.

Configuring UDLD
The UDLD configuration includes the following commands:

Command Function

zte(cfg)#udld port <portlist>{enable|disable} Enables or disables UDLD on a


port.

zte(cfg)#udld port <portlist> mode {aggressive | normal} Sets the mode of a port in UDLD.

zte(cfg)#udld port <portlist> message timer <7-90> Sets the interval of sending
messages after UDLD enters the
BiDirectional status and the port is
steady.

zte(cfg)#udld port <portlist> recovery {enable | disable} Enables or disables the UDLD
recovery function.

zte(cfg)#udld port <portlist> recovery timer <10-600> Sets the recovery interval.

5-141

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#udld port <portlist> reset Recovers the link establishment


function on a port manually.

zte(cfg)#udld <portlist> force-check {enable | disable} Enables or disables the forced


monologue detection function.

zte(cfg)#udld <portlist> force-check timer <15-300> Sets the forced monologue


detection period.

show udld (all configuration modes) Displays UDLD configuration on


all ports.

show udld port [<portlist>] (all configuration modes) Displays port configuration, status
and detailed neighbor information.

UDLD Configuration Instance


l Configuration Description
See Figure 5-51, it is required that the switch can detect the connection error, send
alarm information and shut down the ports.

Figure 5-51 UDLD Configuration Instance

l Configuration Procedure
zteA(cfg)#udld port 17,18 enable
zteB(cfg)#udld port 17,18 enable
l Configuration Verification
Thu Jul 1 16:07:09 2004 Udld Port : 17 link failure
Thu Jul 1 16:07:09 2004 Udld Port : 18 link failure
Thu Jul 1 16:07:10 2004 Port : 17 linkdown
Thu Jul 1 16:07:10 2004 Host Topology changed
Thu Jul 1 16:07:10 2004 Port : 18 linkdown

5-142

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Thu Jul 1 16:07:10 2004 Host Topology changed

zteA(cfg)#show udld port 17


Port 17
Administrative configuration: Enable
Port mode: Aggressive(Aggr)
Current state: Unidirectional - Detected link failure
Recovery configuration: Disable
Recovery time interval: 30s
Message time interval: 15s
Force check configuration: Disable
Force check time: 30s, Remaining: 0s
No neighbour information stored

5.39 TACACS+ Configuration


TACACS+ Overview
Terminal Access Controller Access-Control System Plus (TACACS+) is developed from
TACACS and XTACACS. It is the latest version of TACACS (not compatible with the
previous two versions). It is a popular AAA protocol at present.
TACACS+ supports separate authentication, authorization, and accounting. Different
TACACS+ servers can act respectively as the authentication, authorization, and
accounting servers.

Configuring TACACS+
The TACACS+ configuration includes the following commands:

Command Function

zte(cfg-nas)#tacacs-plus group <group-name>{enable|disable} Enables or disables a server


group.

zte(cfg-nas)#tacacs-plus group <group-name>{add|delete} host Adds or deletes a server


<A.B.C.D>[<49,1025-65535>|<4-180>|<string>] in/from a TACACS+ server
group.

zte(cfg-nas)#tacacs-plus loginauthen default group <group-name> Sets the default TACACS+


login authentication server
group.

zte(cfg-nas)#tacacs-plus loginauthor default group <group-name> Sets the default server group
authorized for TACACS+
login.

5-143

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg-nas)#tacacs-plus adminauthen default group <group-name> Sets the default server group
authenticated for TACACS+
management.

zte(cfg-nas)#tacacs-plus accounting commands default group Sets the default server


<group-name> group for TACACS+ MML
accounting.

zte(cfg-nas)#tacacs-plus accounting exec default group Sets the default server


<group-name> group for TACACS+ user
accounting.

zte(cfg-nas)#tacacs-plus accounting update period <1-2147483647> Sets the refresh period for
TACACS+ user accounting.

zte(cfg-nas)#clear tacacs-plus loginauthen default Clears the default TACACS+


login authentication server
group.

zte(cfg-nas)#clear tacacs-plus loginauthor default Clears the default TACACS+


login authorization server
group.

zte(cfg-nas)#clear tacacs-plus adminauthen default Clears the default server


group authenticated for
TACACS+ management.

zte(cfg-nas)#clear tacacs-plus accounting commands default Clears the default server


group for TACACS+ MML
accounting.

zte(cfg-nas)#clear tacacs-plus accounting exec default Clears the default server


group for TACACS+ user
accounting.

zte(cfg-nas)#clear tacacs-plus accounting update Clears the refresh period for


TACACS+ user accounting.

show tacacs-plus (all configuration modes) Displays TACACS+


configuration information.

TACACS+ Configuration Instance


l Configuration Description
See Figure 5-52, the switch works as a TACACS+ client and its IP address is
192.168.1.1/24. The Windows server works as a TACACS+ server and its IP address
is 192.168.1.100/24.

5-144

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-52 TACACS+ Configuration Instance

l Configuration Procedure
zte(cfg)#set loginauth tacacs-plus+local
zte(cfg)#set adminauth tacacs-plus+local
zte(cfg)#config router
zte(cfg-router)#set ipport 1 ipaddress 192.168.1.1 255.255.255.0
zte(cfg-router)#set ipport 1 vlan 1
zte(cfg-router)#set ipport 1 enable
zte(cfg-router)#exit

zte(cfg)#config nas
zte(cfg-nas)#tacacs-plus group zte enable
zte(cfg-nas)#tacacs-plus group zte add host 192.168.1.100
zte(cfg-nas)#tacacs-plus loginauthen default group zte
zte(cfg-nas)#tacacs-plus loginauthor default group zte
zte(cfg-nas)#tacacs-plus adminauthen default group zte
zte(cfg-nas)#tacacs-plus accounting commands default group zte
zte(cfg-nas)#tacacs-plus accounting exec default group zte
zte(cfg-nas)#tacacs-plus accounting update period 10

5.40 Time Range Configuration


Time Range Overview
There are several conditions in the time range configuration.
l Configure a time range for each day: Specify the exact start time and end time. If the
start time and the end time are not configured, the time range is a full day.
l Configure a period: Specify the period to be a certain day of a week.
l Configure a date range: Specify the start date and end date. If the start date and the
end date are not configured, the start date is the day when the configuration takes
effect and the end date is the day when the configuration is invalid.

5-145

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Configuring a Time Range


The time range configuration includes the following commands:

Command Function

zte(cfg)#set time-range <word> period <hh:mm> to Sets a periodic time range.


<hh:mm>{daily | day-off | day-working | monday | tuesday |
wednesday | thursday | friday | saturday | sunday}

zte(cfg)#set time-range <word> absolute <hh:mm><yyyy-mm-d Sets an absolute time range.


d>[to <hh:mm><yyyy-mm-dd>]

zte(cfg)#clear time-range [<word>] Clears time range configuration.

show time-range [<word>] (all configuration modes) Displays time range configuration.

5.41 Voice VLAN Configuration


Voice VLAN Overview
The Voice VLAN is a VLAN specially allocated for voice data of users. It provides a voice
VLAN and adds interfaces of voice devices to the voice VLAN. The user can configure
the CoS and DSCP for voice data to increase the priority of voice data transmission and
ensure the call quality.

Voice data can be added to the voice VLAN in two modes: dynamic mode and manual
mode.
In dynamic mode, if the interface fails to be added to or removed from the voice VLAN, the
system will send an alarm to notify the user.
To prevent common service packets from occupying the bandwidth of the voice VLAN and
ensure the quality of voice communication, the voice VLAN provides the security mode.
The security mode is classified into the strict security mode and non-strict security mode.

Configuring a Voice VLAN


The voice VLAN configuration includes the following commands:

Command Function

zte(cfg)#set vlan voice-vlan port <port-id> ingress-vlan Sets the voice VLAN function on
<vlanlist> voice-vlan <1-4094> a port.

zte(cfg)#set vlan voice-vlan port <port-id> oui-id Adds an OUI to a port.


<1-32> mac-addr <HH.HH.HH.HH.HH.HH> mac-mask
<HH.HH.HH.HH.HH.HH>

zte(cfg)#set vlan voice-vlan <1-4094> qos-profile <0-127> Sets to modify either up or dscp
modify {up|dscp|all} or both.

5-146

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set vlan voice-vlan <1-4094> qos-profile disable Disables the association between
a QoS profile and a voice VLAN.

zte(cfg)#clear vlan voice-vlan port <port-id> Clears all voice VLAN information
configured on a port.

zte(cfg)#clear vlan voice-vlan port <port-id> oui-id Clears all OUIs configured on a
port.

zte(cfg)#clear vlan voice-vlan port <port-id> oui-id <1-32> Clears a specific OUI configured
on a port.

show vlan voice-vlan (all configuration modes) Displays voice configuration on all
ports.

show vlan voice-vlan port <port-id> (all configuration modes) Displays voice configuration on a
port.

show vlan voice-vlan default-oui (all configuration modes) Displays the default OUI of a
device.

show vlan voice-vlan user-table port <port-id> (all configuration Displays the user table on a port.
modes)

show vlan voice-vlan <vlanlist> qos (all configuration modes) Displays voice VLAN QoS
configuration.

Voice VLAN Configuration Instance


l Configuration Description
See Figure 5-53, the two IP Phones are in VLAN 10 and VLAN 20, respectively. The
voice VLAN is VLAN 100.

Figure 5-53 Voice VLAN Configuration Instance

l Configuration Procedure
zte(cfg)#set vlan 10,20,100 add port 1-3 tag
zte(cfg)#set vlan 10,20,100 enable
zte(cfg)#set vlan voice-vlan port 1 oui-id 1 mac-addr 00.00.01.00.00.01

5-147

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

mac-mask FF.FF.FF.FF.FF.FF
zte(cfg)#set vlan voice-vlan port 2 oui-id 1 mac-addr 00.00.01.00.00.02
mac-mask FF.FF.FF.FF.FF.FF
zte(cfg)#set vlan voice-vlan port 1 ingress-vlan 10 voice-vlan 100
zte(cfg)#set vlan voice-vlan port 2 ingress-vlan 20 voice-vlan 100
l Configuration Verification
zte(cfg)#show vlan voice-vlan
Port Id: 1
Customer Vlan List: 10
Voice-vlan : 100
Oui configed :
oui-id: 1 mac: 00.00.01.00.00.01 mask: FF.FF.FF.FF.FF.FF
Port Id: 2
Customer Vlan List: 20
Voice-vlan : 100
Oui configed :
oui-id: 1 mac: 00.00.01.00.00.02 mask: FF.FF.FF.FF.FF.FF

5.42 802.1ag Configuration


802.1ag Overview
For IEEE802.1ag, the Connectivity Fault Management (CFM) function checks, separates
and reports connectivity faults of the virtual bridge LAN. It is used in operators network
and also valid for the Customer VLAN (C-VLAN) network.
The network manager performs planning on network services and levels for the
management and maintenance purposes. The entire network is divided into multiple
Management Domains (MDs). For a single management domain, see Figure 5-54.

5-148

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-54 Single Management Domain

In the domain in Figure 5-54, a series of ports are defined on peripheral and internal
devices.
l The grey ports on the peripheral devices are service ports connected to the external
devices and therefore are named Maintenance association End Point (MEP).
l The other black ports (including those on intermediate devices) connect internal
devices and therefore are named Maintenance Domain Intermediate Point (MIP).

The management function is implemented through the defined MEP and MIP.
A network is divided into a customer domain, provider domain, and operator domain.
A level between 0-7 is designated for each domain. The domain level determines the
inclusion relation between domains. A domain with a higher level can include domains
with lower levels but not vice versa. The domains with the same level cannot include each
other. This means that all domains can be tangential (internally or externally) and inclusive
but cannot be intersecting.
The message types defined in the CFM protocol include:

l Continuity Check Message (CCM): A multicast CFM protocol data unit. It is


periodically sent by an MEP to confirm the connectivity of MEP in the same MA. An
MEP receiving a CCM message does not reply to this message.
l Link Trace Message (LTM): A multicast CFM protocol data unit. It is sent by an MEP
to trace the path from the MEP to the MP. Each MP along the path generates an LRT
as a response. This ends until the message reaches the destination or cannot be
further forwarded.
l Link Trace Reply (LTR): A unicast CFM protocol data unit. It is sent by the MP receiving
an LTM to reply to the LTM.

5-149

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

l Loopback Message (LBM): A unicast CFM protocol data unit. It is sent to a specified
MP from an MEP, expected to receive an LBR message.
l Loopback Reply (LBR): A unicast CFM protocol data unit. It is sent by the MP receiving
an LBM as the reply to the LBM.
With the five protocol messages listed above, CFM implements the following functions:
l Detecting faults: MEP detects network connectivity faults by periodically sending
and receiving CCM messages. The faults include connection failure and unwelcome
connection (error connection).
l Notifying faults: After MEP detects a connectivity fault, it sends a proper alarm to the
specified management system, for example, trap messages of SNMP.
l Locating a path: MEP locates and traces a path from an MEP to another MP (including
MEP and MIP) by using LTM/LTR messages.
l Confirming and separating a fault: This is an administrative function. The network
manager confirms the fault through LBM/LBR messages and separates the fault.

Configuring a 802.1AG Command


802.1AG configuration includes the following commands:

Command Function

Enables/disables the CFM


zte(cfg)#cfm {disable|enable}
function.

zte(cfg)#create cfm md-session <1-16> name <string> level Creates a CFM md.
<0-7>

zte(cfg)#create cfm md-session <1-16> ma-session <1-32> Creates a CFM ma.


name <string>

zte(cfg)#create cfm md-session <1-16> ma-session <1-32> Creates a CFM local mep.
mep-session <1-64> mep-id <1-8191> direction {down|up}

zte(cfg)#create cfm md-session <1-16> ma-session <1-32> Creates a CFM mip.


mip-session <1-64> name <string>

zte(cfg)#create cfm md-session <1-16> ma-session <1-32> Creates a CFM remote mep.
rmep-session <1-64> rmep-id <1-8191> remote-mac
<hh.hh.hh.hh.hh.hh>

zte(cfg)#cfm md-session <1-16> ma-session <1-32> Sets or delete the primary VLAN
primary-vlan {<1-4094>| delete} within cfm ma.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> ccm Sets the interval that ccm packets
time-interval <4-7> of mep within cfm ma are sent.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> ccm Sets the way to fill in the MEG ID
md-name {absent | disable | present} field in a cfm ccm messages.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the status of the cfm mep
<1-8191> state {disable|enable} protocol.

5-150

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the status of cfm mep ccm
<1-8191> ccm-send {disable|enable} sending packets.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the status of cfm mep ccm
<1-8191> ccm-receive {disable|enable} receiving packets.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the priority of packets sent by
<1-8191> priority <0-7> cfm mep ccm.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the lowest alarm priority of
<1-8191> alarm-lowest-pri <1-5> cfm mep.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Allocates a port or aggregation


<1-8191> assign {delete | port <portid>| trunk <trunkid>} port for mep.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> Allocates port or aggregation port


mip-session <1-64> assign {delete | port <portid>| trunk for mip.
<trunkid>}

zte(cfg)#clear cfm md-session [<1-16>] Clears all configuration of cfm md.

zte(cfg)#clear cfm md-session <1-16> ma-session [<1-32>] Clears all configuration of cfm ma.

zte(cfg)#clear cfm md-session <1-16> ma-session Clears all configuration of cfm


<1-32>{mep-id [<1-8191>]| mep-session [<1-64>]} mep.

zte(cfg)#clear cfm md-session <1-16> ma-session <1-32> Clears all configuration of cfm mip.
mip-session [<1-64>]

Displays all configuration of cfm


show cfm md-session [<1-16>] (all confiuration modes)
md.

show cfm md-session <1-16> ma-session [<1-32>] (all confiuration Displays all configuration of cfm
modes) ma.

show cfm md-session <1-16> ma-session <1-32> mp-session Displays all configuration of cfm
[<1-64>] (all confiuration modes) mp.

Displays global protocol status of


show cfm (all confiuration modes)
cfm.

zte(cfg)#cfm lbm md-session <1-16> ma-session Detects lbm.


<1-32> smep-id <1-8191>{dmep-id <1-8191>| dmep-mac
<hh.hh.hh.hh.hh.hh>| dmip-mac <hh.hh.hh.hh.hh.hh>}[repeat
<1-200>[size <0-400>[timeout <1-10>]]]

zte(cfg)#cfm ltm md-session <1-16> ma-session <1-32> Detects ltm.


smep-id <1-8191>{dmep-id <1-8191>| dmep-mac
<hh.hh.hh.hh.hh.hh>| dmip-mac <hh.hh.hh.hh.hh.hh>}[ttl
<1-64>[timeout <5-10>]]

zte(cfg)#cfm read trans-id <1-4294967295> Reads the ltm path tree.

5-151

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Network Configuration Without MIP


l Configuration Description
For device connection, see Figure 5-55.

Figure 5-55 Single-Domain CFM Network Without MIP

l Configuration Procedure

Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.02
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable

Configuration on S2:
zte(cfg)# cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 2
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1
remote-mac 00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable

Network Configuration With MIP


l Configuration Description

5-152

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

For device connection, see Figure 5-56.

Figure 5-56 Single-Domain CFM Network With MIP

l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.03
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable

Configuration on S2:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mip-session 1 name zte_mip_1
zte(cfg)#cfm md-session 1 ma-session 2 mip-session 1 assign port 2
zte(cfg)#create cfm md-session 1 ma-session 1 mip-session 2 name zte_mip_1
zte(cfg)#cfm md-session 1 ma-session 2 mip-session 2 assign port 3

Configuration on S3:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 4

5-153

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1


remote-mac 00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable

5.43 Y.1731 Configuration


Y.1731 Overview
The Y.1731 protocol complements the 802.1ag protocol. It defines a series of extensions
in which CFM is used to measure the network link status and performance.
The Y.1731 protocol is used in:
l The error management OAM: Alarm Indication Signal (AIS), Locked (LCK), Remote
Defect Indication (RDI) and functions mentioned in 802.1ag (CCM, LB, LT).
l The performance management OAM: Loss Measurement (LM), and Delay
Measurement (DM).

Y.1731 Configuration
Y.1731 configuration includes the following commands:

Command Function

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Enables the LM function at one
<1-8191> one-lm {enable | disable} end.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Enables the LM function at both
<1-8191> two-lm {enable | disable} ends.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Enables the DM function in both
<1-8191> two-dm {enable | disable} directions.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Enables the AIS function.
<1-8191> ais {enable | disable}

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Enables the LCK function.
<1-8191> lck {enable | disable}

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the level that sending the
<1-8191> client-level <0-7> AIS/LCK function to outer layers.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Sets the remote MEP related to
<1-8191> relate-to rmep-id <1-8191> local MEP.

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Starts LM detection at one end.
<1-8191> one-lm send-packet [continue-time <60-600> interval
<1-60>]

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Stops LM detection at one end.
<1-8191> one-lm send-packet stop

5-154

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Starts DM detection at both ends.
<1-8191> two-dm send-packet [continue-time <60-600> interval
<1-60>]

zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id Stops DM detection at both ends.
<1-8191> two-dm send-packet stop

zte(cfg)#clear cfm md-session <1-16> ma-session <1-32> Clears the results of LM detection
mep-id <1-8191>{ one-lm | two-lm | two-dm } at one end and at both ends, as
well as the result of DM detection
in both directions.

zte(cfg)#clear cfm md-session <1-16> ma-session <1-32> Clears the related remote MEP.
mep-id <1-8191> relate-rmep

LM Network Configuration
l Configuration Description

The network configuration is illustrated by using the network instance in Figure 5-57.

Figure 5-57 LM Network Configuration Instance

l Configuration Procedure
Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.02
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 relate-to rmep-id 2
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 one-lm (two-lm) enable

Configuration on S2:

5-155

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 4
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1
remote-mac 00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 relate-to rmep-id 1
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 one-lm (two-lm) enable
l Configuration Verification
LM on both ends is automatically performed based on the CCM configuration. While
LM on one end is performed after manually triggering on S1 or S2:
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 (2) one-lm send-packet

View the measurement result by using the command for displaying MEP information
that is provided by 802.1ag.

DM Network Configuration
l Configuration Description
The network configuration is illustrated by using the network instance in Figure 5-58.

Figure 5-58 DM Network Configuration Instance

l Configuration Procedure

Configuration on S1:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable

5-156

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable


zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.02
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 relate-to rmep-id 2
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 two-dm enable

Configuration on S2:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 4
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1
remote-mac 00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 relate-to rmep-id 1
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 two-dm enable
l Configuration Verification
Manually trigger the test on S1 or S2:
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 (2) one-lm send-packet

View the measurement result by using the command for displaying MEP information
that is provided by 802.1ag.

AIS/LCK Network Configuration


l Configuration Description

The network configuration is illustrated by using the network instance in Figure 5-59.

Figure 5-59 AIS/LCK Network Configuration Instance

l Configuration Procedure

Configuration on S1:

zte(cfg)#cfm enable

5-157

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg)#create cfm md-session 1 name zte_1 level 5


zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 1
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 assign port 1
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 2
remote-mac 00.d0.d0.c0.00.04
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ais (lck) enable

Configuration on S2:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 10 name zte level 4
zte(cfg)#create cfm md-session 10 ma-session 10 name zte_zte
zte(cfg)#cfm md-session 10 ma-session 10 primary-vlan 100
zte(cfg)#create cfm md-session 10 ma-session 10 mep-session 10 mep-id 10
direction down
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 state enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ccm-send enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ccm-receive enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 assign port 3
zte(cfg)#create cfm md-session 10 ma-session 10 rmep-session 20 rmep-id 20
remote-mac 00.d0.d0.c0.00.03
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 ccm-receive enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ais (lck) enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 client-level 5

Configuration on S3:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 10 name zte4 level 4
zte(cfg)#create cfm md-session 10 ma-session 10 name zte_zte
zte(cfg)#cfm md-session 10 ma-session 10 primary-vlan 100
zte(cfg)#create cfm md-session 10 ma-session 10 mep-session 20 mep-id 20
direction down
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 state enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 ccm-send enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 ccm-receive enable
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 assign port 5
zte(cfg)#create cfm md-session 10 ma-session 10 rmep-session 10 rmep-id 10
remote-mac 00.d0.d0.c0.00.02
zte(cfg)#cfm md-session 10 ma-session 10 mep-id 10 ccm-receive enable

5-158

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 ais (lck) enable


zte(cfg)#cfm md-session 10 ma-session 10 mep-id 20 client-level 5

Configuration on S4:
zte(cfg)#cfm enable
zte(cfg)#create cfm md-session 1 name zte_1 level 5
zte(cfg)#create cfm md-session 1 ma-session 1 name zte_zte_1
zte(cfg)#cfm md-session 1 ma-session 1 primary-vlan 100
zte(cfg)#create cfm md-session 1 ma-session 1 mep-session 1 mep-id 2
direction down
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 state enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-send enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 2 assign port 6
zte(cfg)#create cfm md-session 1 ma-session 1 rmep-session 2 rmep-id 1
remote-mac 00.d0.d0.c0.00.01
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ccm-receive enable
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 ais (lck) enable
l Configuration Verification

Disconnect the link between S2 and S3. After that, alarms occur on only S2 and S3,
and unrelated alarms on S1 and S4 are restricted due to the AIS function.
zte(cfg)#cfm md-session 1 ma-session 1 mep-id 1 (2) one-lm send-packet

View the measurement result by using the command for displaying MEP information
that is provided by 802.1ag.

5.44 MAC-based VLAN Command Configuration


MAC-based VLAN Overview
The MAC-based VLAN decides the VLAN for forwarding an untagged frame based on the
source MAC address of the frame. This technology allows packets to be transmitted in
different VLANs and provides different services to different users.

Configuring MAC-based VLAN


The MAC-based VLAN configuration includes the following commands:

Command Function

zte(mac-based-vlan)#rule <1-1024> mac-address Sets a rule for MAC-based VLAN.


<HH.HH.HH.HH.HH.HH>mac-mask <HH.HH.HH.HH.HH.HH>
vlan <1-4094>

Clears a rule for MAC-based


zte(mac-based-vlan)#clear rule <1-1024>
VLAN.

5-159

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

Sets the binding relation between


zte(cfg)#set vlan mac-based {global |port <portlist>} session
global/port and sessions of
<1-64>{bind|unbind}
MAC-based VLAN.

Displays all rules of all or


show vlan mac-based session [<1-64>] one session configured for a
MAC-based VLAN.

Displays the binding relations


between a port and all or
show vlan mac-based session [<1-64>] bind
one session configured for a
MAC-based VLAN.

MAC-Based VLAN Configuration Instance


l Configuration Description
Set the following MAC-based VLAN rule for port 1: Assign the VLAN "vlan100"
to all untagged frames whose source MAC address is 00.00.00.00.00.01 and
assign the VLAN "vlan200" to all untagged frames whose source MAC address is
00.d0.d0.00.00.00.
l Configuration Procedure
Configure a MAC-based VLAN instance:
zte(cfg)#set vlan 100,200 enable
zte(cfg)#set vlan 100,200 add port 1 untag
zte(cfg)#set vlan 10,12 add port 1 tag
zte(cfg)#config mac-based-vlan session 1
zte(mac-based-vlan)#rule 1 mac-address 00.00.00.00.00.01 mac-mask
ff.ff.ff.ff.ff.ff vlan 100
zte(mac-based-vlan)#rule 2 mac-address 00.d0.d0.00.00.00 mac-mask
ff.ff.ff.00.00.00 vlan 200
zte(cfg)#set vlan mac-based port 1 session 1 bind

5.45 DHCP Relay Configuration


DHCP Relay Overview
DHCP Relay interacts with both the Client and the Server, acting different roles. From the
view of the DHCP Client, the DHCP Relay Agent can be considered as its DHCP Server
and the DHCP Relay implements the response to the IP address requests from the Client.
For this, the DHCP Relay Agent needs to intercept on the interception port of the DHCP
Server. From the view of the DHCP Server, the DHCP Relay Agent can be considered
as its DHCP Client and the DHCP Relay initiates IP address requests. For this, the IP
address of the interface through which messages are received must be filled in the Relay
Agent field of the DHCP request messages forwarded by the DHCP Relay.

5-160

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

The DHCP Server checks the validity of the Relay Agent domain and allocates an IP
address to the DHCP Client that is in the same subnet as the IP address in accordance
with the domain value. This means that the allocated IP address and the IP address of
the interface through which the Relay receives request messages are in the same network
segment. At the same time, the DHCP Relay implements the forwarding of the responses
from the DHCP Server to the Client.

Configuring the DHCP Relay


DHCP relay configuration includes the following commands:

Command Function

Globally enables/disables the


zte(cfg)#set dhcp relay{enable | disable}
DHCP relay function.

Globally enables/disables the


zte(cfg)#set dhcp relay option82{enable | disable}
DHCP relay option82 function.

zte(cfg)#set dhcp relay option82 sub-option device { ani< string Sets the switch node device ID.
>| remote-ID {cisco | manual < string >| key < string >}}

zte(cfg)#set dhcp relay option82 sub-option port <portlist> Sets the relay option82 suboption.
circuit-ID {on {cisco | china-tel | dsl-forum| henan-rft| key < string
>| manual < string >}| off}

Sets the mode in binding the


zte(cfg)#set dhcp relay option82 mode port <portlist>{default |
dynamic user information binding
drop | modify | append}
table options for the port.

Sets the DHCP Relay mode, sets


zte(cfg)#set dhcp relay server mode {ipport | vclass-id} the DHCP server depending on
ipport or vclass-id.

Sets the DHCP Relay retry, that is,


zte(cfg)#set dhcp relay server retry <5-1000> the number of times that message
resending to the server is tried.

Sets the server IP address


zte(cfg)#set dhcp relay vclass-id {characters <string>|
corresponding to the class-id
hex-numbers < hex-string>} server <A.B.C.D>
domain of the server.

zte(cfg)#clear dhcp relay vclass-id {characters <string>{ server Clears the configured dhcp relay
A.B.C.D}| hex-numbers <hex-string>{ server A.B.C.D}} vclass-id.

zte(cfg)#clear dhcp relay option82 device ani Clears the device ID information.

Displays the DHCP relay


show dhcp relay
configuration.

Displays the DHCP Relay option60


show dhcp vclass-id
configuration.

zte(cfg)#clear dhcp option82 sub-option device ani Clears the device ID information.

5-161

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

show dhcp relay binding [port <1-28>| trunk <1-15>] (all Displays the DHCP relay binding
configuration modes) information.

Displays the DHCP relay option82


show dhcp relay option82 port<1-28> (all configuration modes)
configuration of the port.

Displays device-related
show dhcp relay option82 device (all configuration modes) information, including ANI
and remote-ID.

zte(cfg-router)#set ipport <0-63> dhcp relay {agent | server Sets the DHCP relay information
<A.B.C.D>} of ipport.

zte(cfg-router)#clear ipport <0-63> dhcp relay {agent | server Clears the DHCP relay information
<A.B.C.D>} of ipport.

zte(cfg-router)#set dhcp relay server <A.B.C.D> Sets a global DHCP server.

Sets a global ipport for a DHCP


zte(cfg-router)#set dhcp relay global-ipport <0-63>
relay.

Enables or disables the DHCP


relay function based on VLANs.
If the DHCP function is enabled
zte(cfg)#set dhcp relay vlan{enable | disable} globally, the device provides
the relay function when either
this command or the relay agent
command is used.

show dhcp relay vlan (all configuration modes) Displays VLANs for which the
DHCP relay function is enabled.

DHCP Configuration Instance


l Configuration Description
See Figure 5-60, switch port 1 is connected to the DHCP client, and switch port 2 is
connected to the DHCP server of the IP network.

Figure 5-60 DHCP Relay Configuration Instance

5-162

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Note:
The DHCP client and the DHCP server are in different network segments.

l Configuration Procedure
1. Assign a specified VLAN to the port:
set vlan 1000 add port 2 tag
set vlan 1000 enable
2. Configure the DHCP relay by using the following commands:
zte(cfg)#set dhcp relay enable
zte(cfg-router)#set ipport 0 ipaddress 169.1.15.1 255.255.0.0
zte(cfg-router)#set ipport 0 vlan 1
zte(cfg-router)#set ipport 0 enable
zte(cfg-router)#set ipport 0 dhcp relay agent
zte(cfg-router)#set ipport 0 dhcp relay server 10.230.72.2
zte(cfg-router)#set ipport 63 ipaddress 10.230.72.1 255.255.255.0
zte(cfg-router)#set ipport 63 vlan 1000
zte(cfg-router)#set ipport 63 enable
l Configuration Verification
zte(cfg)#show dhcp relay
DHCP relay status : enable
DHCP server mode : ipport
DHCP server retry : 10
DHCP relay option82: disable

zte(cfg)#show dhcp relay option82 port 1


DHCP option82 sub-option information on port 1:
Circuit-ID: Disabled
Remote-ID: Enabled
Format: Cisco
DHCP option82 mode information on port 1: Default

zte(cfg)#show ipport 0
Status : up IpAddress : 169.1.15.1
VlanId : 1 Mask : 255.255.0.0
ArpProxy : disabled MacAddress: 00.00.00.11.22.33
Timeout : 600(s) IpMode : static
En/Disable: enabled

Dhcp client configuration as follows:


Class-id : -
Client-id : -
Hostname : -

5-163

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Lease : -
Clear request: -

Dhcp relay configuration as follows:


Relay agent : enable
Server IP : 10.230.72.2

5.46 MFF Configuration


MFF Overview
The MFF function is used on a user access device to isolate users at the access side. It
implements layer-2 isolation and layer-3 interworking between users in a broadcast domain
without any extra VLAN being created. When an access switch configured with the MFF
function receives an ARP request from a user, the switch replies with an ARP response
containing the gateway MAC address through the ARP proxy mechanism. In this way, all
users' traffic (including the traffic between users in the same subnet) is sent to the gateway
access router compulsively. The gateway can monitor traffic and prevent attacks among
users, which improves network security.
There are two types of MFF ports: user ports and network ports. MFF user ports are
connected to terminal users. When receiving an ARP packet from a user port, the switch
maintains an MFF user table, and replies with a response. MFF network ports are
connected to uplink devices or gateways.
There are two MFF operation modes: static mode and dynamic mode.
l Static mode: The IP address of a user is configured manually. The switch generates
the MFF user table by listening to ARP packets on MFF user ports.
l Dynamic mode: The IP address and gateway address of a user are allocated through
DHCP. The switch generates the MFF user table by capturing ACK packets returned
by the DHCP server and parsing the option3 field.

An MFF user table can be added manually.


A gateway can be configured in a VLAN for ARP proxy, or a global gateway can be
configured. When performing ARP proxy, the gateway in an MFF entry is preferred
than the intra-VLAN gateway, and the intra-VLAN gateway is preferred than the global
gateway. The gateway address can be an IP address or a MAC address. If the gateway
address is an IP address, the switch sends an ARP request to the gateway to obtain the
MAC address. If the gateway address is a MAC address, the switch directly uses the
MAC address in ARP responses. Therefore, it is necessary to manually configure a static
MAC entry directing to the gateway for the switch.

Configuring MFF
The MFF configuration includes the following commands:

5-164

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Command Function

zte(cfg)#set mff vlan <vlanlist> add port Sets the MFF attributes for ports and VLANs.
<portlist>{userport | network}

zte(cfg)#set mff vlan <vlanlist> delete port Deletes the MFF attributes for ports and VLANs.
<portlist>

zte(cfg)#set mff vlan <vlanlist> gateway {ip | Sets an intra-VLAN MFF gateway.
mac}<address>

zte(cfg)#set mff user ip <ip-addr> mac Adds an MFF user entry manually.
<mac-addr> vlan <vlan-id> gateway {ip |
mac}<address>

zte(cfg)#set mff gateway {ip | mac}<address> Sets a global MFF gateway.

zte(cfg)#set mff gateway-arp-keepalive add-port Sets the ARP keep-alive parameter for the MFF
{<portlist>| all}{timeout <value>}{enable | disable} gateway, and enables or disables the keep-alive
function.

zte(cfg)#set mff gateway-user-keepalive add-port Sets the ARP keep-alive parameter for users
{<portlist>| all}{timeout <value>}{enable | disable} connected to the gateway device that sends
gratuitous ARP keep-alive packets, and enables
or disables the keep-alive function.

zte(cfg)#clear mff gateway Deletes the global MFF gateway.

zte(cfg)#clear mff gateway arp-keepalive-port Clears the ports that send gateway ARP
keep-alive packets.

zte(cfg)#clear mff gateway user-keepalive-port Clears the ports that send user ARP keep-alive
packets.

zte(cfg)#clear mff vlan <vlanlist> gateway Deletes the intra-VLAN MFF gateway.

zte(cfg)#clear mff user ip <ip-addr> vlan Deletes the specified MFF user entry.
<vlan-id>

zte(cfg)#show mff user-table Displays information about the MFF user table.

zte(cfg)#show mff interface Displays information about MFF port


configuration.

zte(cfg)#show mff gateway Displays information about MFF gateway


configuration.

zte(cfg)#show mff gateway -keepalive-info {port} Displays information about ARP keep-alive
configuration, including gateway ARP keep-alive
configuration and user ARP keep-alive
configuration.

MFF Configuration Instance


l Configuration Description

5-165

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

See Figure 5-61, ports 1 and 2 of the switch are connected to PCs, port 4 is connected
to the gateway, and port 6 is connected to the DHCP server. The following procedure
describes how to configure static MFF. The configuration for dynamic MFF is similar,
but it is necessary to configure the DHCP snooping function. For details, refer to 5.27
DHCP Configuration.

Figure 5-61 MFF Configuration Instance

l Configuration Procedure

Configure a VLAN for the ports:


zte(cfg)#set vlan 400 add port 1/1,1/2,1/4 untag
zte(cfg)#set port 1/1,1/2,1/4 pvid 400

Configure the MFF attributes for the ports and VLAN:


zte(cfg)#set mff vlan 400 add port 1/1 userport
zte(cfg)#set mff vlan 400 add port 1/2 userport
zte(cfg)#set mff vlan 400 add port 1/4 network

Configure an intra-VLAN gateway:


zte(cfg)#set mff vlan 400 gateway ip 197.1.23.15

l Configuration Verification
When an ARP request is received on a user port, the switch searches the ARP table
first. If the gateway ARP entry is not contained in the ARP table, the switch replaces
the user to send an ARP request to the gateway, and then adds an MFF user entry.
The MFF user entry is as follows:
zte(cfg)#show mff user-table
MFF user entry total count: 1
Type: born way of MFF user entry.
'M',manual configure; 'A',ARP packet; 'D',DHCP snooping packet.
VlanId IpAddress Type MacAddress Gateway(IpOrMac)
------ --------------- ---- ----------------- ----------
400 197.1.23.3 A 00.10.94.00.00.03 197.1.23.15

5-166

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

5.47 SSL Configuration


SSL Overview
The SSL protocol is an intermediate protocol. It is located between the application layer
and transport layer in the network model. Through the data encryption, identification
authentication, and message integrity validation mechanisms, SSL ensures security for
connections established based on reliable application layer protocols (for example, TCP).
The SSL functional module enables the ZXR10 2900E to operate as an SSL server and
complete interaction with a client. The interaction procedure includes SSL handshaking,
and packet monitoring, receiving, parsing and sending. The SSL handshaking procedure
includes negotiating an encryption algorithm, verifying the local certificate on the server,
exchanging keys, and verifying a MAC address. The encryption algorithm, local certificate
on the server, keys, and MAC address are used for data encryption and decryption,
identification authentication, and message integrity validation in a subsequent session.
Encryption certificate management is the prerequisite for SSL handshaking. Certificate
management includes key generation management, local certificate generation on the
server, and root certificate generation on the client.
Users can access the ZXR10 2900E by using browsers and HTTPS to perform Web-based
configuration and management.

Configuring SSL
The SSL configuration includes the following commands:

Command Function

zte(cfg)#set ssl {enable | disable} Enables or disables the SSL function.

zte(cfg)#create ca {<A.B.C.D/M>|<A.B.C.D><n Manages the encryption certificate, and creates


etwork mask>} an RSA key, a local certificate on the server and
a root certificate on the client.

show ssl (all configuration modes) Displays the SSL configuration and state.

SSL Configuration Instance


l Configuration Description

See Figure 5-62, a layer-3 port is configured on the switch, and the IP address is set
to 192.168.100.110/24. The IP address of the PC is set to 192.168.100.109/24. The
switch operates as the SSL server, and the browser on the PC operates as the SSL
client.

5-167

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-62 SSL Configuration Instance

l Configuration Procedure
Configure the switch:
zte(cfg)#create ca 192.168.100.110/24
ca is creating ,please wait......
Rootcafile /flash/data/root.cer, has created!
Servercafile /flash/data/server.pem, has created!
Serverkeyfile /flash/data/server.key, has created!
FS is releasing ,please wait......
Done!
zte(cfg)#set ssl en
The current ca is for ipaddress 192.168.100.110,
Please make sure ip of the switch matches.
Then upload /flash/data/root.cer, and import to explore,the ssl is availible.
zte(cfg)#config tffs
zte(cfg-tffs)#cd data
zte(cfg-tffs)#tftp 192.168.100.109 upload root.cer

Set the browser:


Set the browser as the SSL client on the PC, so that you can access the switch through
HTTPS to perform Web-based management.

1. Import the root.cer file in the browser.


a. Open the browser, and select Tools > Internet Options from the menu bar.
The Internet Options dialog box is displayed, see Figure 5-63.

5-168

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-63 Internet Options Dialog Box

b. Click the Content tab, and then click Certificates. The Certificates dialog
box is displayed, see Figure 5-64.

Figure 5-64 Certificates Dialog Box

5-169

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

c. Click the Trusted Root Certification Authorities tab, and then click
Import, see Figure 5-65. The dialog box for certificate import wizard is
displayed.

Figure 5-65 Certificates Dialog BoxImporting a Certificate

d. Based on the wizard, click Next, a dialog box is displayed. Select the root.cer
file. Complete the certificate import procedure. Close the dialog boxes, and
restart the browser.
2. Open the SSL login page.
After the SSL function is enabled for the switch, enter https://<ip address
of the switch> in the address bar of the browser. The SSL login page is
displayed, see Figure 5-66.

Figure 5-66 SSL Login Page

3. Open the main page for Web-based management.

Enter your username, login password and administration password in the text
boxes. The main page for Web-based management is displayed, see Figure 5-67.

5-170

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-67 Main Page for Web-Based Management

5.48 ERPS Configuration


ERPS Overview
The ERPS mechanism is as follows:
l When the network is a ring network that is operating properly, some links in the network
are blocked to prevent loops between switches.
l If the network becomes faulty, the backup links are unblocked to protect the inter-node
communication.

The basic concepts in ERPS are as follows:


l RPL
An RPL is a link blocked to prevent a loop in the case of no fault or request.
l RPL owner node (RPL primary node)
An RPL owner node is a node on an RPL. It is used to block the port that has RPL
enabled.
l RPL neighbor node (RPL neighbor node)
An RPL neighbor node is used to block one end of an RPL. The other end of the RPL
is blocked by the RPL owner node.
l Manual switching commands

The ERPS protocol supports triggering the protocol calculation by using manual
switching commands: Forced Switch (FS) and Manual Switch (MS).

l WTR timer

In revertive mode, the WTR timer is used to prevent the frequent operation of the
protection switch due to an intermittent defect.
l WTB timer

When the corresponding function of the device is restored after an operation command
(such as the FS or MS command) is executed, the delay time (called WTB time, guard
timer time plus five seconds) must be set long enough to receive potential FS, SF, or
MS requests from the remote end. This time is long enough for an Ethernet ring

5-171

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

node to consecutively send two R-APS messages, and it is also the condition for
determining that the Ethernet ring node exists.

Note:
The WTB timer is valid for the RPL owner node only, and the value range depends on
the guard timer.

l Guard timer
The guard timer is used to prevent expired R-APS packets.
An Ethernet ring node can send multiple R-APS packets simultaneously. In this case,
the node can still send expired R-APS packets until it receives a new R-APS packet.
If the ring node receives an R-APS (SF) packet that is the same as the message
previously sent by the node, the node determines that an SF occurs. Due to the
above reason, the guard timer is used to forcedly prevent loops.
l Ring statuses
A ring may be in idle, pending, protection, FS, or MS status.

Link Switching Procedure in ERPS


ERPS eliminates logical loops by blocking some ports on the ring. When some links in the
ring have their status changed (from up to down or from down to up), ERPS can switch a
logical path immediately.
As shown in Figure 5-68 and Figure 5-69, an ERPS domain is configured on switches A,
B, C, and D. Switch A is the owner node, and its port 1/2 is an RPL port. Switch B is the
neighbor node. The port that switch B uses to connect to switch A is also an RPL port.
Both switch C and switch D are none nodes.
Service traffic arises between PC1 and PC2, and the arrows in Figure 5-68 indicate the
direction in which service data flows.

5-172

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-68 Example of the Primary Node Blocking the Secondary Port (Ring Status:
UP)

Figure 5-69 Example of the Primary Node Enabling the Secondary Port (Ring status:
DOWN)

Figure 5-68 shows that each link is operating properly, the ring is in idle status, and the
secondary port of the primary node is blocked. Traffic passes through switches C and D.
Figure 5-69 shows that the link between switches B and C is disconnected. The link status
changes to Protection, and ERPS immediately switches the RPL port of the owner node
to forwarding status. After the switching, traffic does not pass through switches C and D.
After the link between switches C and D is restored, the RPL port of the owner node is
blocked again, and the ring status changes to pending as shown in Figure 5-68.

Configuring ERPS
To configure ERPS, perform the following steps.

5-173

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Step Command Function

1 ZXR10(config)#set ERPS domain <1-4> Creates an ERPS domain.


protect-instance <1-16>

2 ZXR10(config)#set erps domain Configures an ERPS ring node.


<1-4> ring-id <1-239> raps-vlan The raps-vlan parameter should specify a
<1-4094>{ring-east {port <portid>| trunk service-unrelated VLAN (not conflicted with
<portid>} ring-west {port <portid>| trunk any of the VLANs for services and network
<portid>}}[ rpl-role {owner | neighbour} management). The port PVID must not be
rpl-port {east | west}] the same as the setting of the raps-vlan
parameter.
The setting of the ring-id parameter is
carried in the protocol message, varying
with the ERPS instance.

3 ZXR10(config)#set erps domain <1-4> Configures the mel for the ring node.
ring-mel <1-7>

4 ZXR10(config)#set erps domain <1-4> Specifies the reverive or non-revertive


behaviour {revertive | non-revertive} mode for the ring.

5 ZXR10(config)#set erps domain <1-4> Configures the WTR time (in minutes) of
timer wtr-time <1-12> the ERPS ring.
The WTR timer (in minutes) is valid for the
RPL owner node only, range: 112, default:
5.

6 ZXR10(config)#set erps domain <1-4> Configures the guard timer time (in units of
timer guard-time <1-200> 10 ms) for the ERPS ring,
Range: 1200, default: 50.

7 ZXR10(config)#set erps domain <1-4> Configures the manual switching command


switch {{fs | ms east | west}|clear} for the ERPS ring.
After the FS/MS command is executed, the
corresponding port is set to block status.

8 show ERPS brief Displays the primary configuration of each


ERPS domain.

9 show ERPS domain <1-4> Displays detailed information about the


ERPS domain.

Configuration Example of a Single ERPS Domain


Figure 5-70 shows that an ERPS domain is configured on switches A to D. This type of
configuration is called single-domain, single-ring. The configuration is as follows:
l Protection instance 1 is configured for the ERPS domain. In this instance, the
dedicated VLAN (VLAN 4000) is used to protect VLANs 100 to 110.
l Switch A is the owner node, and its port 1/2 is an RPL port.
l Switch B is the neighbor node, and its port 1/2 is an RPL port.

5-174

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

l Switches C and D are none nodes.

Figure 5-70 Configuration Example of a Single ERPS Domain with Multiple Loops

The configuration on switch A is as follows:


/*The following commands configure a spanning tree instance:*/
Switch_A(config)#set stp enable
Switch_A(config)#set stp instance 1 add vlan 100-110

/*The following command configures protection instance 1 for the ERPS domain*/
Switch_A(config)#set ERPS domain 1 protect-instance 1

/*The following command configures the owner node. The RPL port is port 1/2. */
Switch_A(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east trunk 1
ring-west port 1/2 rpl-role owner rpl-port west

The configuration on switch B is as follows:


/*The following commands configure a spanning tree instance:*/
Switch_B(config)#set stp enable
Switch_B(config)#set stp instance 1 add vlan 100-110

/*The following command configures protection instance 1 for the ERPS domain:*/
Switch_B(config)#set ERPS domain 1 protect-instance 1

/*The following command configures switch B to be a neighbor node*/


/*and its port1/2 to be an RPL port:*/
Switch_B(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east port 1/1
ring-west port 1/2 rpl-role neighbour rpl-port west

The configuration on switch C is as follows:


/*The following commands configure a spanning tree instance:*/
Switch_C(config)#set stp enable
Switch_C(config)#set stp instance 1 add vlan 100-110

5-175

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

/*The following command configures protection instance 1 for the ERPS domain:*/
Switch_C(config)#set ERPS domain 1 protect-instance 1

/*The following command configures switch C to be a none node: */


Switch_C(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east port 1/1
ring-west port 1/2

The configuration on switch D is as follows:


/*The following commands configure a spanning tree instance:*/
Switch_D(config)#set stp enable
Switch_D(config)#set stp instance 1 add vlan 100-110

/*The following command configures protection instance 1 for the ERPS domain:*/
Switch_D(config)#set ERPS domain 1 protect-instance 1

/*The following command configures switch D to be a none node: */


Switch_D(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east trunk
1 ring-west port 1/2

Configuration Example of Multiple ERPS Domains


Figure 5-71 shows that two ERPS domains are configured on switches A to D, called
single-ring, multiple-domain. The configuration is as follows:

l Protection instance 1 is configured for ERPS domain 1. In this instance, the dedicated
VLAN (VLAN 4000) protects VLANs 100 to 110. Protection instance 2 is configured for
ERPS domain 2. In this instance, the dedicated VLAN (VLAN 4001) protects VLANs
200 to 210.
l Switch A is an owner node in domain 1 (the related ports are ports 1/1 and 1/2, where
port 1/2 is an RPL port), and it is a neighbor node in domain 2 (the related ports are
ports 1/1 and 1/2, where port 1/2 is also an RPL port).
l Switch B is a neighbor node in domain 1 (the related ports are port 1/1 and port 1/2,
where port 1/2 is an RPL port), and it is an owner node in domain 2 (the related ports
are ports 1/1 and 1/2, where port 1/2 is also an RPL port).
l Both switches C and D are none nodes in domains 1 and 2.

Note:
If a physical ring has multiple ERPS domains, you can plan different paths for the service
traffic related to different ERPS domains through the proper configuration, so that load
balancing can be implemented.

5-176

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Figure 5-71 Configuration Example of Multiple ERPS Domains

The configuration on switch A is as follows:


/*The following commands configure a spanning tree instance:*/
Switch_A(config)#set stp enable
Switch_A(config)#set stp instance 1 add vlan 100-110
Switch_A(config)#set stp instance 2 add vlan 200-210
/*The following commands configure protection instance 1 for*/
/*ERPS domain 1 and protection instance 2 for ERPS domain 2:*/
Switch_A(config)#set ERPS domain 1 protect-instance 1
Switch_A(config)#set ERPS domain 2 protect-instance 2

/*The following command configures switch A to be the owner node*/


/*in domain 1 and its port 1/2 to be an RPL port:*/
Switch_A(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east port 1/1
ring-west port 1/2 rpl-role owner rpl-port west

/*The following command configures switch A to be a neighbor node in domain 2 and*/


/*its port 1/2 to be an RPL port:*/
Switch_A(config)#set ERPS domain 2 ring-id 2 raps-vlan 4001 ring-east port 1/1
ring-west port 1/2 rpl-role neighbour rpl-port west

The configuration on switch B is as follows:

/*The following commands configure a spanning tree instance:*/


Switch_B(config)#set stp enable
Switch_B(config)#set stp instance 1 add vlan 100-110
Switch_B(config)#set stp instance 2 add vlan 200-210

/*The following commands configure protection instance 1 for ERPS domain 1*/
/*and protection instance 2 for ERPS domain 2:*/
Switch_B(config)#set ERPS domain 1 protect-instance 1
Switch_B(config)#set ERPS domain 2 protect-instance 2

5-177

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

/*The following command configures switch B to be a neighbor node in domain 1*/


/*and its port 1/2 to be an RPL port:*/
Switch_B(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east port 1/1
ring-west port 1/2 rpl-role neighbour rpl-port west

/*The following command configures switch B to be the owner node in domain 2*/
/*and its port 1/2 to be an RPL port:*/
Switch_B(config)#set ERPS domain 2 ring-id 2 raps-vlan 4001 ring-east port 1/1
ring-west port 1/2 rpl-role owner rpl-port west

The configuration on switch C is as follows:


/*The following commands configure a spanning tree instance:*/
Switch_C(config)#set stp enable
Switch_C(config)#set stp instance 1 add vlan 100-110
Switch_C(config)#set stp instance 2 add vlan 200-210

/*The following commands configure protection instance 1 for ERPS domain 1*/
/*and protection instance 2 for ERPS domain 2:*/
Switch_C(config)#set ERPS domain 1 protect-instance 1
Switch_C(config)#set ERPS domain 2 protect-instance 2

/*The following command configures switch C to be a none node in domain 1: */


Switch_C(config)#set ERPS domain 1 ring-id 1 raps-vlan 4000 ring-east port 1/1
ring-west port 1/2

/*The following command configures switch C to be a none node in domain 2:*/


Switch_C(config)#set ERPS domain 2 ring-id 2 raps-vlan 4001 ring-east port 1/1
ring-west port 1/2

The configuration on switch D is the same as that on switch C.

5.49 Debug Module Configuration


Introduction to the Debug Module
The Debug module is added for debugging the DHCP, dot1x, IP, ARP, and SNMP
protocols. This module configures the commands for locating faults in message sending
and receiving, message statistics, and procedure printing.
By using these commands, a user can easily trace the process of sending and receiving
messages, display statistical data of messages, and observe common printing errors.
Thus, the user can preliminarily position the faults, including protocol abnormality and
function failures.

5-178

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

Debug Module Configuration


The following commands need to be configured for the Debug module.

Command Function

zte(cfg)#debug protocol dhcp client disable Disables the debug function of the DHCP client.

zte(cfg)#debug protocol dhcp client enable Enables the debug function of the DHCP client.

zte(cfg)#debug protocol dhcp client state ipport Shows statistical data of an ip port on the DHCP
<0-63> client.

zte(cfg)#debug protocol dhcp download Shows the downloaded information of the DHCP.

zte(cfg)#debug protocol dhcp relay disable Disables the debug function of the DHCP Relay
module.

zte(cfg)#debug protocol dhcp relay enable Enables the debug function of the DHCP Relay
module.

zte(cfg)#debug protocol dhcp snooping-and-opt Disables the debug function of the DHCP
ion82 disable snooping-and-option82 module.

zte(cfg)#debug protocol dhcp snooping-and-op Enables the debug function of the DHCP
tion82 enable snooping-and-option82 module.

zte(cfg)#debug protocol dhcp statistics clear Deletes DHCP statistical data of all ports.

zte(cfg)#debug protocol dhcp statistics port Shows DHCP statistical data of a port.
<1/1-24>

zte(cfg)#debug protocol dhcp statistics port Deletes DHCP statistical data of a port.
<1/1-24> clear

zte(cfg)#debug protocol dhcp statistics trunk Shows DHCP statistical data of a trunk port.
<1-15>

zte(cfg)#debug protocol dhcp statistics trunk Deletes DHCP statistical data of a trunk port.
<1-15> clear

zte(cfg)#debug protocol dhcpv6 disable Disables the debug function of the DHCPv6
module.

zte(cfg)#debug protocol dhcpv6 enable Enables the debug function of the DHCPv6
module.

zte(cfg)#debug protocol dot1x disable Disables the debug function for the dot1x
protocol.

zte(cfg)#debug protocol dot1x enable Enables the debug function for the dot1x protocol.

zte(cfg)#debug protocol layer3 ip disable Disables the debug function of layer 3 IP


messages.

zte(cfg)#debug protocol layer3 ip enable Enables the debug function of layer 3 IP


messages.

zte(cfg)#debug protocol layer3 ip port Shows statistical data of all ip ports.

5-179

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#debug protocol layer3 ip port <0-63> Shows statistical data of an ip port.

zte(cfg)#debug protocol layer3 arp disable Disables the debug function of ARP messages.

zte(cfg)#debug protocol layer3 arp enable Enables the debug function of ARP messages.

zte(cfg)#debug protocol snmp disable Disables the debug function for the SNMP
protocol.

zte(cfg)#debug protocol snmp enable Enables the debug function for the SNMP
protocol.

Debug Module Configuration Example


The ZXR10 2900E provides debug commands to check the status of protocol message
sending and receiving.
1. Run the debug protocol layer3 arp enable command to check the debug information of
ARP messages.
The following information is an example of the host receiving or sending ARP
messages:
zte(cfg)#ARP: received request scr 168.1.23.5 0000.0000.0001, dst 168.1.23.218 ipport 1

Enter disable to disable the debug function.


2. Run the debug protocol layer3 ip enable command to the debug information of IP
messages, including the link-mtu parameter of IP ports, MAC addresses for receiving
messages, and size of IP messages.
This command shows the information of the process during which the messages
are sent to the protocol layer, for example, host messages. If the messages are
forwarded through fast routing, the messages cannot be debugged by this command.
The following information is an example of execution results of this command.
zte(cfg)#IP: received packet mac:002421738150 --> mac:002293634f70 on port 1
IP: pointer to allocated buffer for port 0001, 2112840, bytes: 114
IP: pointer to send packet for port 0001, 211284c
IP: size of packet: 60, link mtu: 1500
IP: received packet mac:002421738150 --> mac:002293634f70 on port 1
IP: pointer to allocated buffer for port 0001, 2113040, bytes: 114
IP: pointer to send packet for port 0001, 211304c
IP: size of packet: 60, link mtu: 1500
IP: size of packet: 40, link mtu: 1500

Abnormal information during message processing is also printed. The following


example shows the TTL expired in transit error:
IP: route has been cached: hash value 1
IP: size of packet: 76, link mtu: 800
IP: pointer to allocated buffer for port 0001, 209b840, bytes: 42
IP: pointer to send packet for port 0001, 209b84c

5-180

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 5 Service Configuration

IP: packet could not be forwarded by router: 168.1.23.177 --> 197.1.23.22


IP: received packet mac:000000000022 --> mac:002293634f70 on port 1
IP: received packet src ip:168.1.23.177 , dst ip:197.1.23.22 , protocol 17 on port 1
IP: dropped packet due to time-to-live from 168.1.23.177 to 197.1.23.22
IP: Allocated buffer at 209c040 of length 218
IP: bptr_offset : 209c080, new_offset : 209c080, bptr_new_offset : 209c080
IP: Pointer to send packet 209c0c0

The debug function is disabled after you enter disable.


3. Run the debug protocol layer3 ip port 1 command to check statistical data of
layer3based ip port 1.
The following information is an example of statistical data of ip port 1.
Ip port number: 1
num_of_ip_packets_rxed: 124 num_of_ip_packets_txed: 196
num_of_udp_packets_rxed: 0 num_of_udp_packets_txed: 0
num_of_tcp_packets_rxed: 121 num_of_tcp_packets_txed: 193
num_of_rip_packets_rxed: 0 num_of_rip_packets_txed: 0
num_of_arp_packets_rxed: 4 num_of_arp_packets_txed: 0
num_of_rarp_packets_rxed: 0 num_of_rarp_packets_txed: 0
num_of_icmp_packets_rxed: 3 num_of_icmp_packets_txed: 3
num_of_unrecog_packets_rxed: 0 num_of_unrecog_packets_txed: 0
num_of_non_ip_packets_rxed: 0 num_of_rxed_packets_fwded: 0
num_of_rxed_udp_pkts_fwded: 0 num_of_rxed_icmp_pkts_fwded: 0
num_of_packets_not_fwded: 124 num_of_rxed_tcp_pkts_fwded: 0
num_of_packets_redirected: 0 num_of_short_ip_pkts_rxed: 0
num_of_pkts_rxed_down_port: 0 num_of_pkts_rxed_dis_port: 0
4. Run the debug protocol snmp v3 command to view printing prompts.
The following information is an example of printing prompts.
somthing wrong happen when generate ku
somthing wrong happen when generate kul
error to create group
unsupport sec level
sha: param not correct!!!
***decoding!!!***
can not get the security name
can not find the group in securitytogroup table
can not find the mib view
vacm check ok
the user has not been cloned from another user !!!
user not find, can't send trap!
decode msg header successfully!!!
decode msg context successfully!!!
***encode successfully !!!***

5-181

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

This page intentionally left blank.

5-182

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6
Management
Table of Contents
Remote-Access..........................................................................................................6-1
SSH ...........................................................................................................................6-3
Privilege ...................................................................................................................6-11
SNMP ......................................................................................................................6-13
RMON......................................................................................................................6-18
ZGMP ......................................................................................................................6-21
sFlow .......................................................................................................................6-28
Web .........................................................................................................................6-29
M_Button..................................................................................................................6-49
Telnet .......................................................................................................................6-52

6.1 Remote-Access
Remote-Access Overview
Remote-Access is a mechanism for limiting network management users to manage the
switch through Telnet, SSH, SNMP and Web, that is, it is used to restrict the access. This
function is to enhance the security of the network management system.
After this function is enabled, specify a network management user to access the switch
only from a specified IP address, the user cannot access the switch from other IP
addresses. When this function is disabled, the network management user can access the
switch through Telnet, SSH, SNMP and Web from any IP address.

Configuring Remote-Access
The Remote-Access configuration includes the following commands:

Command Function

zte(cfg)#set remote-access {any | specific} Enables or disables the remote


access control function.

zte(cfg)#set remote-access ipaddress <A.B.C.D>[<A.B.C.D>][{s Permits or denies switch access


nmp | telnet | ssh | web}{permit | deny}] from a specified IP address
or network segment through
SSH/SNMP/Telnet/Web.

zte(cfg)#clear remote-access all Deletes all IP address


configurations.

6-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#clear remote-access ipaddress <A.B.C.D>[<A.B.C.D>] Deletes the configuration of a


specified IP address and network
segment.

show remote-access (all configuration modes) Displays the configuration


information of Remote-Access.

Remote-Access Configuration Instance 1


l Configuration Description
Only allow the network management user to access the switch from 192.168.1.0/24
through Telnet, SSH, SNMP, and Web.
l Configuration Procedure
zte(cfg)#set remote-access specific
zte(cfg)#set remote-access ipaddress 192.168.1.0 255.255.255.0
zte(cfg)#show remote-access
Whether check remote manage address: YES
Allowable remote manage address(es) and application(s):
192.168.1.0/255.255.255.0 snmp, telnet, ssh, web

Remote-Access Configuration Instance 2


l Configuration Description
Only allow the network management user to access the switch from 192.168.1.1
through Telnet, SSH, SNMP, and Web.
l Configuration Procedure
zte(cfg)#set remote-access specific
zte(cfg)#set remote-access ipaddress 192.168.1.1
zte(cfg)#show remote-access
Whether check remote manage address: YES
Allowable remote manage address(es) and application(s):
192.168.1.1/255.255.255.255 snmp, telnet, ssh, web

Remote-Access Configuration Instance 3


l Configuration Description
Only allow the network management user to access the switch from 192.168.1.1
through Telnet and SSH.
l Configuration Procedure
zte(cfg)#set remote-access specific
zte(cfg)#set remote-access ipaddress 192.168.1.1
zte(cfg)#show remote-access
Whether check remote manage address: YES
Allowable remote manage address(es) and application(s):

6-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

192.168.1.1/255.255.255.255 snmp, telnet, ssh, web


zte(cfg)#set remote-access ipaddress 192.168.1.1 255.255.255.255 snmp deny
zte(cfg)#set remote-access ipaddress 192.168.1.1 255.255.255.255 web deny
zte(cfg)#show remote-access
Whether check remote manage address: YES
Allowable remote manage address(es) and application(s):
192.168.1.1/255.255.255.255 telnet,ssh

6.2 SSH
SSH Overview
The Secure Shell (SSH) is a protocol created by the Network Working Group of the Internet
Engineering Task Force (IETF), which is used to offer secure remote access and other
secure network services over an insecure network.
The initial purpose of the SSH protocol is to solve the security problems in interconnected
networks, and to offer a securer substitute for Telnet and Rlogin, although the present
development of the SSH protocol has far exceeded remote access. So, the SSH
connection protocol should support interactive sessions.
The SSH can be used to encrypt all transmitted data. Even if these data is intercepted, no
useful information can be obtained.
At present, the SSH protocol has two incompatible versions: SSH v1.x and SSH v2.x. The
ZXR10 2900E only supports SSH v2.0 and uses the password authentication mode. The
SSH uses TCP port 22.

Configuring SSH
The SSH configuration includes the following commands:

Command Function

zte(cfg)#set ssh {enable | disable} Enables or disables SSH.

zte(cfg)#set ssh regenerate Generates a new SSH key.

zte(cfg)#set ssh sftp {enable | disable} Enables or disables the SFTP


server function.

show ssh (all configuration modes) Displays the SSH configuration


and status.

SSH Configuration Instance


l Configuration Description
See Figure 6-1, one computer attempts to access the switch through SSH. The switch
is configured with a layer-3 port. The IP address of the port is 192.168.1.1/24, and
the IP address of the computer is 192.168.1.100/24.

6-3

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-1 SSH Remote Login Example

l Configuration Procedure
1. Switch configuration
zte(cfg)#set ssh enable
zte(cfg)#show ssh
SSH is enabled.
There's no ssh user logging in this system.
2. Software configuration
The SSH v2.0 client can use the free software PuTTY developed by Simon
Tatham. The current version supports the client of multiple versions. The settings
when using PuTTY to log in to the switch are as follows.
a. Set the IP address and port number of the SSH server, see Figure 6-2.

Figure 6-2 Setting IP Address and Port Number of the SSH Server

b. Set the SSH version number, see Figure 6-3.

6-4

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-3 Setting the SSH Version Number

c. For the first time to log in, user confirmation is needed, see Figure 6-4.

Figure 6-4 User Confirmation Dialog Box

d. The SSH login result is displayed, see Figure 6-5.

6-5

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-5 SSH Login Result

SFTP Configuration Instance


l Configuration Description

See Figure 6-6, a layer-3 port is configured on the switch, and the IP address is
192.168.1.1/24. The IP address of the PC is 192.168.1.100/24. The SSH and SFTP
server functions are enabled on the switch. The PC downloads files from the switch
or uploads files to the switch through an SFTP client.

Figure 6-6 SFTP File Upload and Download Instance

l Configuration Procedure

Configure the switch:


zte(cfg)#set ssh enable
zte(cfg)#show ssh
SSH is enabled.
There's no ssh user logging in this system.
zte(cfg)#set ssh sftp enable
zte(cfg)#show sftp
SFTP is enabled.
There's no sftp user logging in this system.

6-6

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Configure the PC:


Before logging in to the switch through an SFTP client, set the client on the PC.
Different types of client software provide different SSH and SFTP supports, so the
settings vary. It is recommended that you use SFTP client software such as WinSCP
and Secure FX. WinSCP is SSH open-source graphic SFTP client software operating
in the Windows operating system. The following procedure uses WinSCP as an
example to describe the settings.
1. Set the IP address and port number for the SSH server. SFTP uses port 22. Set
a username and password. See Figure 6-7.

Figure 6-7 WinSCP Login Dialog BoxCreating a Session

2. From the left navigation tree, select Environment > SFTP, and then set the
parameters (you can use the default settings), see Figure 6-8.

6-7

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-8 WinSCP Login Dialog BoxSetting SFTP Parameters

3. From the left navigation tree, select Preferences. The Preferences dialog box is
displayed, see Figure 6-9.
By default, WinSCP fragments large-size files and adds filepart postfix names.
The ZXR10 2900E does not support extra-long file postfix names, so you must
click Disable in the Enable transfer resume/transfer to temporary filename
for area.

6-8

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-9 Preferences Dialog Box

4. Click OK. The WinSCP Login dialog box is displayed. Click Login. When you
log in to the SFTP server for the first time, the Warning dialog box is displayed,
see Figure 6-10.

Figure 6-10 Warning Dialog Box

5. Click Yes. The system starts authentication, see Figure 6-11.

6-9

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-11 Authentication Banner Dialog Box

6. Click Continue. Enter your password, see Figure 6-12.

Figure 6-12 Password Dialog Box

7. Click OK. A message indicating successful authentication is displayed, see Figure


6-13.

6-10

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-13 Authentication Banner Dialog BoxSuccessful Authentication

8. Click Continue. The WinSCP desktop window is displayed, see Figure 6-14.
In the WinSCP desktop window, you can upload or download files.

Figure 6-14 WinSCP Desktop Window

6.3 Privilege
Privilege Overview
The command level function, that is, the privilege function, refers to leveling the command
lines available for the switch and granting different permissions. With this function, users
of different levels can access the commands of different scopes. This protects switch
configuration from being modified by any user with any permission.

Privilege Configuration
The Privilege configuration includes the following commands:

Command Function

zte(cfg)#privilege {enable | disable} Enables/disables the command


level function.

6-11

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg)#privilege <0-15> session <1-1024>{all | Sets the command permission.


part}<mode><key1-string>[<key2-string>[... <key10-string>]]

zte(cfg)#clear privilege session [<1-1024>] Clears a specified command


permission rule.

show privilege {default | level [<0-15>]| session [<1-1024>]} (for Displays a specified command
all configuration modes) permission rule.

Privilege Configuration Instance


l Configuration Description

Users can perform this configuration only when logging in to the switch with the highest
permission (level 15).
l Configuration Procedure

Configure the switch:


/*Enable the privilege function*/
zte(cfg)#privilege enable
/*Grant level-12 permission to all functions of the set node*/
zte(cfg)#privilege 12 session 1 part cfg set
l Configuration Verification
1. Execute the following commands to check the command permission rule.
zte(cfg)#show privilege session
State: Enable
User level: 15
Session Level Type Mode Key
------- ----- ---- ------------- -----------------
1 12 part cfg set
2. Log in to the switch and execute the related set command as a user with a lower
permission (for example, level 11).
Execute the zte(cfg)#set stp enable command. The system will prompt that the
user is disallowed to execute the command.

The user privilege(level 11) is less than command privilege(level 12 rule 1).
% Command cannot be performed because of insufficient privilege. (0x40000aab)

Log in to the switch as a user with a permission higher than or equal to the
permission (for example, level 13) and execute the same command. The
command can be properly executed, without the prompt mentioned above.

6-12

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

6.4 SNMP
SNMP Overview
The SNMP is the most popular network management protocol currently. It involves a series
of protocols and specifications:
l MIB: Management Information Base
l SMI: Structure of Management Information
l SNMP: Simple Network Management Protocol
They offer the means to collect network management information from network
devices. The SNMP also enables the devices to report problems and errors to Network
Management Systems (NMSs). Any network administrator can use the SNMP to manage
the switch. The ZXR10 2900E supports SNMPv1, v2c and v3 (v3 strengthens SNMP
management security based on v1 and v2c).
The SNMP uses the Management processAgent process model to monitor and control
all types of managed network devices. The SNMP network management needs three key
elements:

1. Managed devices. They can communicate over the Internet. Each device contains an
agent.
2. NMS. The network management process should be able to communicate over the
Internet.
3. The protocol used to exchange management information between the agent process
and the NMS, that is, the SNMP.
The NMSs collect data by polling the agents that reside in the managed devices. The
agents in the managed devices can report errors to NMSs at any time before the NMSs
poll them. These errors are called traps. When a trap occurs on a device, the NMSs can
be used to query the device (suppose it is reachable) and obtain more information. SNMP
v2c and v3 also support an inform message (an SNMPv2 Trap that needs a response)
to inform abnormal events to the NMSs. After an NMS receives the inform message,
it sends an acknowledgement message to the switch. If the switch does not receive
the acknowledgement message from the NMS in a period, it resends the original inform
message twice.
All variables in the network are stored in MIBs. The SNMP monitors the network device
status by querying the related object values in the agent MIBs.

SNMP Configuration
The SNMP configuration includes the following commands:

Command Function

zte(cfg-snmp)#set engineID Sets the SNMP engine ID of a


device.

6-13

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg-snmp)#set recvpacket <0-100> Sets the number of SNMP


messages that the SNMP protocol
stack can handle in a unit time.

zte(cfg-snmp)#set src-ipport <0-63> Sets the source IP address of


SNMP.

zte(cfg-snmp)#create community <string>{public | Creates a community, sets the


private}[ingress-acl-basic-number <1-99>] access authority, and binds a basic
ACL ID with the community.

zte(cfg-snmp)#create view < string >[{include | Creates a view and specifies


exclude}<mib-oid>] whether the view includes a MIB
subtree.

zte(cfg-snmp)#set community <string> view <string> Sets a community and a view


containing the community name.

zte(cfg-snmp)#set community <string> ingress-acl-basic-nu Sets the basic ACL ID bound to


mber <1-99> the specified community.

zte(cfg-snmp)#clear community <string> ingress-acl-basic-n Deletes the basic ACL ID bound to


umber the specified community.

zte(cfg-snmp)#set mib1493compatible {enable | disable} Enables or disables the 1493


compatible mode.

zte(cfg-snmp)#set host <A.B.C.D> trap {v1 <string>| v2c Sets the IP address, community
<string>| v3 <string>{auth | noauth | priv}} name, username, version, and
security level of the computer
receiving trap information.

zte(cfg-snmp)#set host <A.B.C.D> inform { v2c <string>| v3 Sets the IP address, community
<string>{auth | noauth | priv}} name, username, version, and
security level of the computer
receiving inform messages.

zte(cfg-snmp)#set trap {linkdown | linkup | authenticationfail Enables/disables trap functions


| coldstart | warmstart | topologychange | memberupdown of link connection/disconnection,
| portloopdetect | trunkloopdetect | linkMonitorStatus | authentication failure, cool/hot
remoteLinkStatus | dyingGaspStatus | remoteDiscovery | startup, topology change,
powerDown | dhcpCharCheck | cpuUserationThreshold | cluster member UP/DOWN,
memUserationThreshold | fanStatusCheck | macNotification | loop detected at port/Trunk,
udldUnidirectional | protocolProtect | dismanpingnotifications| MAC number exceeding the
adminPasswordNoChange | arpOverload | bootfileLost threshold, link monitor event
| cfmFaultAlarm | fanSpeed | fileTransfer | ipConflict | alarm, remote link event alarm,
MacOverload | poe | StpBridgeRoleChange | StpPortStateChange event detection alarms, MAC
| trafficLimitProtect | trafficLimit | temperature | all}{enable | list change notification, and ping
disable} notification.

6-14

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Command Function

zte(cfg-snmp)#set group <string> v3 {auth | noauth | priv}[read Sets an SNMP V3 group name
<string>[write <string>[notify <string>]]] and the group security level.

zte(cfg-snmp)#set user <string><string> v3 [md5-auth <string>| Sets an SNMP V3 user name,


sha-auth <string>[des56-priv <string>]] authentication mode and
password.

zte(cfg-snmp)#set trap macnotification {port<1-51>| Enables or disables the trap


trunk<1-15>}{enable|disable} function of MAC change
notification on a specific port
or trunk.

zte(cfg-snmp)#set trap macnotification {history-size<1-256>| Sets the threshold of the number


interval<1-3600>} and interval of MAC change
notifications.

zte(cfg-snmp)#clear host <A.B.C.D>{trap | inform}<string> Clears a host configuration.

zte(cfg-snmp)#clear community <string> Clears a community name.

zte(cfg-snmp)#clear view <string> Clears a view.

zte(cfg-snmp)#clear group <string> v3 {auth | noauth | priv} Clears a group.

zte(cfg-snmp)#clear user <string> v3 Clears a user.

zte(cfg-snmp)#clear engineID Clears an SNMP engine identifier


and recovers to the default value.

show snmp (all configuration modes) Displays all SNMP configuration


information.

show snmp {community | engineID | group | host | trap | user | Displays each element of SNMP
view} (all configuration modes) V1, V2C and V3.

SNMP Configuration Instance 1


l Configuration Description
Assume that the IP address of the network management server is 10.40.92.105,
the switch has a layer-3 port with the IP address of 10.40.92.200, and the switch is
managed through the network management server.

Create a community named zte with the read/write permission and a view named
vvv, and then associate the community zte with the view vvv. Set the IP address
of the computer receiving traps to 10.40.92.105, and the community to zte.

The DUT device is directly connected to network management server.

l Configuration Procedure
zte(cfg)#config router
zte(cfg-router)#set ipport 0 ipaddress 10.40.92.200 255.255.255.0
zte(cfg-router)#set ipport 0 vlan 2
zte(cfg-router)#set ipport 0 enable

6-15

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg-router)#exit

zte(cfg)#config snmp
zte(cfg-snmp)#create community zte private
zte(cfg-snmp)#create view vvv
zte(cfg-snmp)#set community zte view vvv
zte(cfg-snmp)#set host 10.40.92.105 trap v2 zte

zte(cfg-snmp)#show snmp community


CommunityName Level ViewName Acl
-------------- ------- ------------ ---
zte private vvv -

zte(cfg-snmp)#show snmp view


ViewName Exc/Inc MibFamily
--------- -------- ------------------------
vvv Include 1.3.6.1

zte(cfg-snmp)#show snmp host


HostIpAddress Comm/User Version type SecurityLevel
-------------- ---------- ------- ------ -------------
10.40.92.105 zte Ver.2c Trap

SNMP Configuration Instance 2


l Configuration Description
Assume that the IP address of the network management server is 10.40.92.77, the
switch has a layer-3 port with the IP address of 10.40.92.11, and the switch is managed
through the network management server in the User Security Model (USM).
Create a user named zteuser and its group named ztegroup. The security level of
the group is private (that is authentication and encryption). Set the IP address of the
computer receiving trap or inform information to 10.40.92.77, and the user to zteuser.
l Configuration Procedure
zte(cfg)#config router
zte(cfg-router)#set ipport 1 ipaddress 10.40.92.11/24
zte(cfg-router)#set ipport 1 vlan 1
zte(cfg-router)#set ipport 1 enable
zte(cfg-router)#exit

zte(cfg)#config snmp
zte(cfg-snmp)#set group ztegroup v3 priv
zte(cfg-snmp)#set user zteuser ztegroup v3 md5-auth zte des56-priv zte
zte(cfg-snmp)#set host 10.40.92.77 inform v3 zteuser priv

6-16

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

zte(cfg-snmp)#show snmp group


groupName: ztegroup
secModel : v3 readView : zteView
secLevel : AuthAndPriv writeView : zteView
rowStatus: Active notifyView: zteView

zte(cfg-snmp)#show snmp user


UserName : zteuser
GroupName : ztegroup(v3)
EngineID : 830900020300010289d64401
AuthType : Md5 StorageType: NonVolatile
EncryptType: Des_Cbc RowStatus : Active

zte(cfg-snmp)#show snmp host


HostIpAddress Comm/User Version type SecurityLevel
---------------- ----------- ------- ------ -------------
10.40.92.77 zteuser Ver.3 Inform AuthAndPriv
l Configuration Verification
When the configuration is completed, use the mibbrowser software to log in.

SNMP Configuration Instance 3


l Configuration Description
This example describes how to configure the MAC change notification function.
See Figure 6-15, configure the SNMP first so that the switch can be managed through
the network management server. Configure the MAC notification function so that
the MAC change information on Port 1 can be reported to the network management
server. The report condition is: The number of changed MAC entries reaches 50, or
the time is one minute (that is, 60 seconds).

Figure 6-15 MAC Change Notification Configuration Network

l Configuration Procedure
zte(cfg-snmp)#set trap macnotification enable
zte(cfg-snmp)#set trap macnotification port 1 enable
zte(cfg-snmp)#set trap macnotification history-size 50
zte(cfg-snmp)#set trap macnotification interval 60
l Configuration Verification
If the number of changed MAC entries reaches 50 within one minute, the switch sends
trap information when the number reaches 50 instead of waiting until one minute. The

6-17

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

number of sent entries is 50. If the number of changed MAC entries does not reach
50 within one minute, the switch sends trap information when one minute expires.
The number of sent entries is less than or equal to 50. By default, the MAC change
notification function is disabled. So, if the MAC change notification function is enabled
globally but it is not enabled on a port, the network management server cannot receive
trap information. In this example, if the MAC entries change on another port instead
of Port 1, trap information is not sent.

6.5 RMON
RMON Overview
The Remote Monitoring (RMON) defines the standard network monitoring function and a
communication interface between the management console and the remote monitor. The
RMON offers an efficient method to monitor the behaviors of subnets while reducing the
load of other agents and management stations.

The RMON specifications refer to the definition of RMON MIB. The ZXR10 2900E supports
four groups of RMON MIB.

l History: records the periodic statistics sample of the information that can be obtained
from the statistics group.
l Statistics: maintains the basic application and error statistics of each subnet that the
agent monitors.
l Event: a table related to all events generated by RMON agents.
l Alarm: allows operators of the management console to set sampling interval and
alarm threshold for any count or integer recorded by RMON agents.
All these groups are used to store the data collected by the monitor and derived data and
statistics data. The alarm group is based on the implementation of the event group. These
data can be obtained through the MIB browser.
The RMON control information can be configured through the MIB browser, or
HyperTerminal or remote Telnet command lines. The RMON sampling information and
statistics data is obtained through the MIB browser.

RMON Configuration
The RMON configuration includes the following commands:

Command Function

zte(cfg-snmp)#set rmon {enable | disable} Enables or disables the RMON


function.

zte(cfg-snmp)#set statistics <1-65535>{datasource <1-28>| Sets a statistics group.


owner <name>| status {valid | underCreation | createRequest
| invalid}}

6-18

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Command Function

zte(cfg-snmp)#set alarm <1-65535>{interval <1-65535>| Sets an alarm group.


variable <mib-oid>| sampletype {absolute | delta}| startup
{rising | falling | both}| threshold <1-65535> eventindex
<1-65535>{rising | falling}| owner <name>| status {valid |
underCreation | createRequest | invalid}}

zte(cfg-snmp)#set event <1-65535>{description <string>| type Sets an event group.


{none | log | snmptrap | logandtrap}| owner <name>| community
<name>| status {valid | underCreation | createRequest | invalid}}

zte(cfg-snmp)#set history <1-65535>{datasource <1-28>| Sets a history group.


bucketRequested <1-65535>| owner <name>| interval
<1-3600>| status {valid | underCreation | createRequest | invalid}}

show rmon (all configuration modes) Displays RMON global


configuration.

show statistics [<1-65535>] (all configuration modes) Displays configuration information


of the statistics group.

show alarm [<1-65535>] (all configuration modes) Displays configuration information


of the alarm group.

show event [<1-65535>] ( all configuration modes) Displays configuration information


of the event group.

show history [<1-65535>] (all configuration modes) Displays configuration information


of the history group.

RMON Configuration Instance


l Configuration Description
The instance describes how to set event 2, history 2, alarm 2 and statistics 1
respectively.
The DUT device is directly connected to the network management server.
l Switch Configuration
zte(cfg-snmp)#set event 2 description It'sJustForTest!!
zte(cfg-snmp)#set event 2 type logandtrap
zte(cfg-snmp)#set event 2 community public
zte(cfg-snmp)#set event 2 owner zteNj
zte(cfg-snmp)#set event 2 status valid

zte(cfg-snmp)#set history 2 datasource 16


zte(cfg-snmp)#set history 2 bucket 3
zte(cfg-snmp)#set history 2 interval 10
zte(cfg-snmp)#set history 2 owner zteNj
zte(cfg-snmp)#set history 2 status valid

6-19

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

zte(cfg-snmp)#set rmon enable

zte(cfg-snmp)#set alarm 2 interval 10


zte(cfg-snmp)#set alarm 2 variable 1.3.6.1.2.1.16.2.2.1.6.2.1
zte(cfg-snmp)#set alarm 2 sample absolute
zte(cfg-snmp)#set alarm 2 startup rising
zte(cfg-snmp)#set alarm 2 threshold 8 eventindex 2 rising
zte(cfg-snmp)#set alarm 2 threshold 15 eventindex 2 falling
zte(cfg-snmp)#set alarm 2 owner zteNj
zte(cfg-snmp)#set alarm 2 status valid

zte(cfg-snmp)#set statistics 1 datasource 16


zte(cfg-snmp)#set statistics 1 owner zteNj
zte(cfg-snmp)#set statistics 1 status valid
l Configuration Verification
1. View configuration information about event 2:
zte(cfg-snmp)#show event 2
EventIndex : 2 Type : log-and-trap
Community : public Status : valid
Owner : zteNj
Description :It'sJustForTest!!
2. View configuration information about history 2:
zte(cfg-snmp)#show history 2
ControlIndex : 2 BucketsRequest: 3
Interval : 10 BucketsGranted: 3
ControlStatus: valid ControlOwner : zteNj
DataSource : 1.3.6.1.2.1.2.2.1.1.16
3. View configuration information about alarm 2:
zte(cfg-snmp)#show alarm 2
AlarmIndex : 2 SampleType: absolute
Interval : 10 Value : 16
Threshold(R) : 8 Startup : risingAlarm
Threshold(F) : 15 Status : valid
EventIndex(R): 2 Variable : 1.3.6.1.2.1.16.2.2.1.6.2.1
EventIndex(F): 2 Owner : zteNj
4. View configuration information about statistics 1:
zte(cfg-snmp)#show statistics 1
StatsIndex: 1
DropEvents : 0 BroadcastPkts : 0
Octets : 0 MulticastPkts : 0
Pkts : 0 Pkts64Octets : 0
Fragments : 0 Pkts65to127Octets : 0
Jabbers : 0 Pkts128to255Octets : 0
Collisions :0 Pkts256to511Octets : 0
CRCAlignErrors :0 Pkts512to1023Octets : 0

6-20

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

UndersizePkts :0 Pkts1024to1518Octets: 0
OversizePkts :0 DataSource(port) : 1.3.6.1.2.1.2.2.1.1.16
Status : valid Owner : zteNj
l Configuration Result
After the above configuration, when the number of etherHistoryPkts packets of the
first bucket on port 16 rises over 8 or the number falls below 15, the event with index
2 is triggered. The event with index 2 sends a trap to the management station.

6.6 ZGMP
ZGMP Overview
ZGMP is ZTE Group Manage Protocol. A cluster is a set of switches in a specific broadcast
domain. The switches form a unified management domain, providing an external public
network IP address and management interface, and the ability to manage and access each
member in the cluster.
The management switch which is configured with a public network IP address is called a
command switch. Other switches serve as member switches. In normal cases, a member
switch is not configured with a public network IP address. A private address is allocated to
each member switch through the DHCP function of the command switch. The command
switch and member switches form a cluster (private network).
In general, the broadcast domain where a cluster is located consists of switches of four
roles: command switch, member switches, candidate switches and independent switches.
One cluster has only one command switch. The command switch can automatically collect
the device topology and set up a cluster. After a cluster is set up, the command switch
provides a cluster management channel to manage member switches. Member switches
serve as candidate switches before they join the cluster. The switches that do not support
cluster management are called independent switches.
It is recommended that you isolate the broadcast domain between the public network
and the private network on the command switch and shield direct access to the private
address. The command switch provides an external management and maintenance
channel to manage the cluster in a centralized manner.

For the cluster management network, see Figure 6-16.

6-21

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-16 Cluster Management Network

For changeover rules of the four roles of switches within a cluster, see Figure 6-17.

6-22

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-17 Changeover Rules of Roles

ZGMP Configuration
The ZGMP configuration includes the following commands:

Command Function

zte(cfg-group)#set zdp {enable | disable} Enables or disables the ZTE


Discovery Protocol (ZDP) function.

zte(cfg-group)#set zdp {port <portlist>| trunk Enables or disables the ZDP


<trunklist>}{enable | disable} function based on port/trunk.

zte(cfg-group)#set zdp timer <5-255> Sets a time interval for sending


ZDP packets.

zte(cfg-group)#set zdp holdtime <10-255> Sets ZDP hold time.

show zdp (all configuration modes) Displays ZDP global configuration.

show zdp neighbour (all configuration modes) Displays ZDP neighbor


information.

show zdp neighbour detail (all configuration modes) Displays detailed ZDP neighbor
information.

zte(cfg-group)#set ztp {enable | disable} Enables or disables the global ZTE


Topology Protocol (ZTP) function.

zte(cfg-group)#set ztp {port <portlist>| trunk Enables or disables the ZTP


<trunklist>}{enable | disable} function based on port/trunk.

zte(cfg-group)#set ztp vlan <1-4094> Sets a VLAN for collecting


topology information.

6-23

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Command Function

zte(cfg-group)#set ztp hop <1-128> Sets a range (hop count) of


collecting topology information.

zte(cfg-group)#set ztp timer<0-60> Sets a time interval for collecting


topology information automatically.

zte(cfg-group)#set ztp portdelay <1-100> Sets a port delay for forwarding


topology requests.

zte(cfg-group)#set ztp hopdelay <1-1000> Sets a hop delay for forwarding


topology requests.

zte(cfg-group)#ztp start Starts collecting topology


information.

show ztp (all configuration modes) Displays ZTP global configuration.

show ztp device [<idlist>](all configuration modes) Displays the configuration


information according to the
device ID.

show ztp topology (all configuration modes) Displays network topology in a


simple graph.

show ztp mac <HH.HH.HH.HH.HH.HH> (all configuration modes) Displays detailed information of
a device according to the MAC
address.

zte(cfg-group)#set group commander ipport <0-63>[ip-pool Sets a command switch, specifies


<A.B.C.D/M>] a layer-3 port number for cluster
management and sets an IP
address pool for cluster members.

zte(cfg-group)#set group candidate Sets a switch to be a candidate


switch.

zte(cfg-group)#set group independent Sets a switch to be an independent


switch.

zte(cfg-group)#set group add {mac <HH.HH.HH.HH.HH.H Adds a switch to a cluster.


H>[<1-253>]| device <idlist>}

zte(cfg-group)#set group delete member <idlist> Deletes a switch from a cluster.

zte(cfg-group)#set group handtime <1-300> Sets a time interval for handshake


between the command switch and
the member switch.

zte(cfg-group)#set group holdtime <1-300> Sets hold time of information about


switches in a cluster.

zte(cfg-group)#set group name <name> Sets a cluster name.

6-24

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Command Function

zte(cfg-group)#set group mac-mode {standard | extend [mac Sets a protocol multicast address
<HH.HH.HH.HH.HH.HH>]} of cluster management.

zte(cfg-group)#set group syslogsvr <A.B.C.D> Sets an IP address of the SYSLOG


server in a cluster.

zte(cfg-group)#set group tftpsvr <A.B.C.D> Sets an IP address of the TFTP


server in a cluster.

show group (all configuration modes) Displays cluster configuration


information.

show group candidate (all configuration modes) Displays candidate switches.

show group member [<1-253>] (all configuration modes) Displays a member switch or all
member switches.

zte(cfg-group)#save member {<idlist>| all} Saves the configuration of a


member switch to a file.

zte(cfg-group)#erase member {<idlist>| all} Deletes the configuration of a


member switch.

zte(cfg-group)#reboot member {<idlist>| all} Restarts a member switch.

rlogin {commander | member <1-253>}(all configuration modes) Remotely logs in to the cluster
device.

ZGMP Configuration Instance


l Configuration Description
See Figure 6-18, the initial configuration of the switches is the default configuration.
Here, set the VLAN where the public network IP address of the command switch in
the cluster resides to 2525, the IP address to 100.1.1.10/24, the gateway address
to 100.1.1.1, the cluster management VLAN to 4000, the private address pool to
192.168.1.0/24, and the IP address of the TFTP Server in the cluster to 110.1.1.2.

6-25

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-18 Cluster Management Network

l Configuration Procedure
1. Configure the public network IP address of the command switch and the gateway.
zte(cfg)#set vlan 2525 enable
zte(cfg)#set vlan 2525 add port 1-24 tag
zte(cfg)#config router
zte(cfg-router)#set ipport 25 ipaddress 100.1.1.10/24
zte(cfg-router)#set ipport 25 vlan 2525
zte(cfg-router)#set ipport 25 enable
zte(cfg-router)#iproute 0.0.0.0/0 100.1.1.1
2. Create a cluster on layer-3 port 1 of the command switch and VLAN 1 (default
VLAN).
zte(cfg)#config group
zte(cfg-group)#set group commander ipport 1
Cmdr.zte(cfg-group)#ztp start
Cmdr.zte(cfg-group)#show ztp device
Last collection vlan : 1
Last collection time : 210 ms
Id MacAddress Hop Role HostName Platform

6-26

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

-- ------------------ ---- ------ --------- ---------------


0 00.00.00.00.00.01 0 cmdr Cmdr.zte ZXR10 2928E
1 00.0d.0d.f1.e2.00 1 candi zte ZXR10 2918E
2 00.50.43.3c.3b.5d 1 candi zte ZXR10 2910E-PS
3 00.00.00.00.33.33 2 candi zte ZXR10 2918E
Cmdr.zte(cfg-group)#set group add device 1-3
Adding device id : 1 ... Successed to add member!
Adding device id : 2 ... Successed to add member!
Adding device id : 3 ... Successed to add member!
Cmdr.zte(cfg-group)#show group member
Id MacAddress IpAddress HostName State
-- ------------------ --------------- --------- -----
1 00.0d.0d.f1.e2.00 192.168.1.2/24 Mem1.zte Up
2 00.50.43.3c.3b.5d 192.168.1.3/24 Mem2.zte Up
3 00.00.00.00.33.33 192.168.1.4/24 Mem3.zte Up
3. Switch to each member switch and add all ports to VLAN 4000 (taking member 1
as an example).
Cmdr.zte(cfg)#set vlan 4000 enable
Cmdr.zte(cfg)#set vlan 4000 add port 1-16 tag
Cmdr.zte(cfg)#rlogin member 1
Trying ...Open
Connecting ...
Mem1.zte>
Mem1.zte>enable
password:
Mem1.zte (cfg)#set vlan 4000 enable
Mem1.zte (cfg)#set vlan 4000 add port 1-16 tag
4. Delete the cluster created on VLAN 1.
Cmdr.ZTE(cfg-group)#set group delete member 1-3
Deleting member id : 1 ... Successed to del member!
Deleting member id : 2 ... Successed to del member!
Deleting member id : 3 ... Successed to del member!
Cmdr.zte(cfg-group)#set group candidate
zte(cfg-group)#
5. Create a cluster on VLAN 4000.
zte(cfg-group)#set ztp vlan 4000
zte(cfg-group)#set group commander ipport 1
Cmdr.zte(cfg-group)#ztp start
Cmdr.zte(cfg-group)#show ztp device
Last collection vlan : 4000
Last collection time : 230 ms
Id MacAddress Hop Role HostName Platform
-- ------------------ ---- ------ --------- --------------
0 00.00.00.00.00.01 0 cmdr Cmdr.zte ZXR10 2928E
1 00.0d.0d.f1.e2.00 1 candi zte ZXR10 2918E

6-27

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

2 00.50.43.3c.3b.5d 1 candi zte ZXR10 2910E-PS


3 00.00.00.00.33.33 2 candi zte ZXR10 2918E
Cmdr.zte(cfg-group)#set group add device 1-3
Adding device id : 1 ... Successed to add member!
Adding device id : 2 ... Successed to add member!
Adding device id : 3 ... Successed to add member!
Cmdr.zte(cfg-group)#show group member
Id MacAddress IpAddress HostName State
-- ------------------ --------------- --------- -----
1 00.0d.0d.f1.e2.00 192.168.1.2/24 Mem1.zte Up
2 00.50.43.3c.3b.5d 192.168.1.3/24 Mem2.zte Up
3 00.00.00.00.33.33 192.168.1.4/24 Mem3.zte Up
6. Set the IP address of the TFTP server in the cluster to 110.1.1.2.
Cmdr.zte(cfg-group)#set group tftpsvr 110.1.1.2
7. Set the IP address of the SYSLOG server in the cluster to 110.1.1.2.
Cmdr.zte(cfg-group)#set group syslogsvr 110.1.1.2
8. Download version zImage on member 1.
Mem1.zte(cfg-tffs)#tftp commander download zImage

6.7 sFlow
sFlow Overview
The sFlow is a technique to monitor high-speed data transmission network. It uses an
sFlow proxy embedded in network equipment to send sampled data packets to sFlow
collectors.
The sFlow implements the following functions:
l Provide the correct statistics about client flow.
l Monitor intrusion and police violation to make the network more safer.
l Monitor the network traffic and application visually.
l Provide the correct data suitable for capacity deployment.
l Ensure the priority of traffic across core network.
l Recognize the network application flow from the remote site to ensure the effect on
server.

sFlow Configuration
The sFlow configuration includes the following commands:

Command Function

zte(cfg)#set sflow agent-address <A.B.C.D>[udp-port Sets an IP address of the sFlow


<1-65535>] proxy.

zte(cfg)#set sflow collector-address <A.B.C.D>[udp-port Sets an IP address of the sFlow


<1-65535>] collector.

6-28

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Command Function

zte(cfg)#set sFlow version<number> Sets a format version of sFlow


sampling packets.

zte(cfg)#set sFlow {ingress | egress}{enable | disable} Enables or disables the


ingress/egress sFlow function.

zte(cfg)#set sFlow ingress sample-mode {all | forward} Sets the sFlow ingress sampling
mode.

zte(cfg)#set sflow {ingress | egress} port <portlist> packet-sample Disables sFlow sampling on a port
off or ports.

zte(cfg)#set sflow {ingress | egress} port <portlist> Enables sFlow sampling based
packet-sample on frequency <2-16000000>[time-range on ports, or binds a time range to
<word>] ports.

zte(cfg)#clear sflow config [{agent | collector}] Deletes sFlow configuration on


ports.

zte(cfg)#clear sFlow statistic Clears sFlow port sampling


statistics.

show sFlow (all configuration modes) Displays sFlow configuration


information.

6.8 Web
Web Management Overview
The ZXR10 2900E provides an embedded Web server stored in the Flash memory, which
allows user to use a standard Web browser (it is recommended to use IE6.0 above and
1024768 resolution) for managing the remote switch.

Configuring System Login


On the condition that Web connection has been configured on the switch.
1. Open Microsoft Internet Explorer.
2. Enter the IP address of the switch in the address bar (this address is that switch can
connect). The system login interface is displayed, see Figure 6-19.

6-29

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-19 System Login Interface

3. Enter a username and a password, and select a user privilege. The Admin user needs
to enter a login password and a management password. Guest users only need to
enter a login password. Click Login to log in to the system main page, see Figure
6-20.

Figure 6-20 System Main Interface

Web Configuration Management


l Web Configuration Management
System Information Check
Click the directory tree on the left of the system main page, Configuration > System.
The system information page (by default, Configuration directory is expansive) is
displayed, see Figure 6-21.

6-30

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-21 System Information Page

This page displays the following system information:

Parameter Description

VersionNumber Version number

SwitchType Switch type

VersionMakeTime Version making time

MacAddress Switch hardware address

HostName System name

SysLocation System location

SysUpTime Running time after the system is started.

Both HostName and SysLocation can be configured. After configuration, click


the Apply button to complete the configuration.
l Port Management

Port State Information Check


Click the directory tree on the left of the system main page, Configuration > Port >
Port State. The port state information page is displayed, see Figure 6-22.

6-31

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-22 Port State Information Page

This page displays the following port information:

Parameter Description

PortClass Port class

LinkState Port linkup/linkdown state

Duplex Duplex working state of the port

Speed Working speed of the port

Note:

Port linkdown means that port hasnt a physical connection. The displayed values of
Duplex and Speed are meaningless.

Port Configuration Information Check


Click the directory tree on the left of the main page, Configuration > Port > Port
Parameter. The port configuration information page is displayed, see Figure 6-23.

6-32

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-23 Port Configuration Information Page

This page displays the following port information:

Parameter Description

MediaType Port media type

Name Port name

AdminStatus Port enabled

AutoNeg Port working mode, that is, working speed and


duplex mode

PVID Default VLAN ID of the port

FlowControl Port flow control enabled

MultiFilter Port multicast filter enabled

MacLimit Port Mac address learning limit

Security Port security enabled

SpeedAdvertise Port speed advertisement

Single Port Configuration

Click the Config button in the line of the port to be configured on the port configuration
information page. The configuration page of this port is displayed, see Figure 6-24.

6-33

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-24 Single Port Configuration Page

Configure the attribute of the selected port on this page. After configuration, click the
Apply button to complete the configuration.

Note:
Security and MacLimit are conflicting. The two attributes cannot be set to be
enabled at the same time.

Caution!

If the port connected to the network management computer is disabled, the network
management is interrupted.

Bulk port configuration


Select multiple ports on the port configuration information page (select Select All to
select all ports), and then click Apply. The bulk port configuration page is displayed,
see Figure 6-25.

6-34

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-25 Bulk Port Configuration Page

Set the attributes on this page, and then click Apply to complete the configuration.
l VLAN Management
VLAN Information Check
Click the directory tree on the left of the main page, Configuration > VLAN > Vlan
Overview. The VLAN information page is displayed, displaying the VLAN information
that is operated currently. If the VLAN hasn't been operated, the default VLAN will be
displayed. See Figure 6-26.

Figure 6-26 VLAN Information Page

If the number of VLANs to be displayed is more than 20, they will be displayed by page
and page number is displayed at the bottom right corner. You can click previous or
next to turn pages or select a page number from the GO drop-down list box.

This page displays the following information:

6-35

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Parameter Description

VlanName VLAN name

AdminStatus VLAN enabled or not

Tag Ports Port with a tag in the VLAN

UntagPorts Port without a tag in the VLAN

TagTrunks Trunk with a tag in the VLAN

UntagTrunks Trunk without a tag in the VLAN

Checking the Specified VLAN Information


1. Click Configuration > VLAN > Vlan Configure on the left of the main page. A
VLAN number entering page is displayed, see Figure 6-27.

Figure 6-27 VLAN Number Entering Page

2. Enter a VLAN number (for example, 1, 3-5"), and click Apply. A single VLAN
configuration page or bulk VLAN configuration page is displayed.

For the single VLAN configuration page, see Figure 6-28.

6-36

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-28 Single VLAN Configuration Page

After setting some attributes of the VLAN on this page, click Apply to
complete the configuration.

Note:
When configuring port/trunk in the VLAN, you can enter port/trunk number in
the text box with the format "1, 3-5". You can also select the corresponding
check boxes to add them into the VLAN.

For the bulk VLAN configuration page, see Figure 6-29.

Figure 6-29 Bulk VLAN Configuration Page

Admin of Select items is used to enable the VLAN. Port is ordinary port of
bulk VLAN configuration. Trunk is trunk group of bulk VLAN configuration.

6-37

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

After setting some attributes on this page, click Apply to complete the
configuration.
l PLAN Management
PVLAN Information Check
Click Configuration > PVLAN > Pvlan Overview on the left of the main page. The
PVLAN information page is displayed, see Figure 6-30.

Figure 6-30 PVLAN Information Page

This page displays the following information:

Parameter Description

Pvlan Session PVLAN instance

Promiscuous Port Hybrid physical port

Promiscuous Trunk Hybrid trunk port

Isolated Port Isolated physical port

Isolated Trunk Isolated trunk port

Community Port Community physical port

Community Trunk Community trunk port

PVLAN Configuration

Click Configuration > PVLAN > Pvlan Configure on the left of the main page. The
PVLAN configuration page is displayed, see Figure 6-31.

6-38

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-31 PVLAN Configuration Page

This page displays the following information:

Parameter Description

Pvlan Session PVLAN instance

Promiscuous Port Hybrid physical port

Promiscuous Trunk Hybrid trunk port

Isolated Port Isolated physical port

Isolated Trunk Isolated trunk port

Community Port Community physical port

Community Trunk Community trunk port

After setting some attributes on this page, click Apply to submit. When system is
configured successfully, the configured information page will be displayed.
l Port Mirroring Management
Port Mirroring Information Check
Click Configuration > MIRROR > Mirror Overview on the left of the main page. The
mirror information page is displayed, see Figure 6-32.

6-39

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-32 Mirror Information Page

This page displays the following information:

Parameter Description

Source port Mirroring source port

Destination port Mirroring destination port

Port Mirroring Configuration


Click Configuration > MIRROR > Mirror Configure on the left of the main page. The
mirroring port configuration page is displayed, see Figure 6-33.

Figure 6-33 Mirroring Port Configuration Page

The source port and destination port can be configured on this page. After setting,
click Apply to complete the configuration.
l LACP Management

6-40

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

LACP Basic Information Check


Click Configuration > Lacp > Lacp Port on the left of the main page. The LACP
basic information page is displayed, see Figure 6-34.

Figure 6-34 LACP Basic Attribute Page

The displayed information is as follows:

Parameter Description

AdminStatus LACP enabled or not

LacpPriority LACP priority

The aggregation port information is as follows:

Parameter Description

GroupNum Aggregation group number that the


aggregation port belongs to

GroupMode Aggregation group aggregation mode that the


port belongs to

LacpTime Aggregation port timeout mode

LacpActive Aggregation port active/passive mode

Set basic attributes of "AdminStatus" and "LacpPriority" on this page and set attributes
of "LacpTime" and "LacpActive" of the aggregation port. After setting, click Apply to
complete the configuration.
When setting the same configuration of bulk aggregation port attribute, click the
corresponding check box to select multiple aggregation ports (select Select All to
select all ports), and then click Set. The configuration page of bulk aggregation port
is displayed, see Figure 6-35.

6-41

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-35 Bulk Aggregation Port Configuration Page

After setting attributes of the aggregation port on this page, click Apply to submit.
Aggregation Group Information Check
Click Configuration > Lacp > Lacp State on the left of the main page. The
aggregation group information page is displayed, see Figure 6-36.

Figure 6-36 Aggregation Group Information Page

This page displays the following information:

Parameter Description

Attached Ports Attached ports in the aggregation group

Active Ports Active ports in the aggregation group

GroupMode Aggregation mode of the aggregation group

6-42

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Click Config of the right column. The corresponding aggregation group configuration
page is displayed, see Figure 6-37.

Figure 6-37 Aggregation Group Configuration Page

You can configure the "Aggregator Mode" attribute of the aggregation group on
this page, bind ports with the aggregation group (select ports in the port available
column, and click ) and release ports from the aggregation group (select ports in
the aggregation port column, and click ).

Note:

Only the ports with the same attribute can be bound into the same aggregation group.
Each aggregation group can bind up to 8 ports.

Caution!
Do not bind the port connected to the network management computer to an
aggregation group. Otherwise, the network management will be interrupted.

Monitoring Information
l Terminal Log Check

Click Monitoring > Terminal Log on the left of the main page. The terminal log
information page is displayed, see Figure 6-38.

6-43

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-38 Terminal Log Information Page

Click the Refresh button to update terminal log information.

l Port Statistics Information Check


Click Monitoring > Port Statistics on the left of the main page. The port statistics
information page is displayed, see Figure 6-39.

Figure 6-39 Port Statistics Information Page

Click the Refresh button to update port statistics information.


Select a port from the PortNumber drop-down list box to get the port statistics data.

l Statistics data

Parameter Description

ReceivedBytes Received bytes

ReceivedFrames Number of received frames

6-44

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Parameter Description

ReceivedBroadcastFrames Number of received broadcast frames

ReceivedMulticastFrames Number of received multicast frames

OversizeFrames Number of oversize frames

UndersizeFrames Number of undersize frames

CrcError Number of CRC errors

SendBytes Sent bytes

SendFrames Number of sent frames

SendBroadcastFrames Number of sent broadcast frames

SendMulticastFrames Number of sent multicast frames

l Configuration Information Check


Click Monitoring > Running config on the left of the main page. The configuration
information page is displayed, see Figure 6-40.

Figure 6-40 Configuration Information Page

This page displays configuration information of switch.

System Maintenance
l Configuration Saving Page
Click Maintenance > Save on the left of the main page. The saving configuration
information page is displayed, see Figure 6-41.

6-45

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-41 Saving Configuration Page

Click Ok to save configuration or click Cancel to cancel configuration.

Caution!

Saving configuration will cover the original configuration file. Make sure that the
configuration need to be covered before clicking Ok.

l Configuring Reboot
Click Maintenance > Reboot on the left of the main page. The reboot function page
is displayed, see Figure 6-42.

Figure 6-42 Reboot Function Page

Click Ok to reboot the switch or click Cancel to cancel reboot.

6-46

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

l Uploading File
Click Maintenance > Upload on the left of the main page. The file upload page
is displayed, see Figure 6-43.

Figure 6-43 File Upload Page

Click Browse... to browse and select the file to be uploaded. Click OK to upload
the file.

Note:
For safety and application, only zImage, zImage.bak, bootrom.bin, start
run.dat and to_permmac.dat can be uploaded.

Caution!
Make sure the legality and validity of files to be uploaded. The uploaded file will cover
the original file. If the operation is not correct, the switch cannot work. Unprofessional
personnel are not recommended to use this function.

l User Management
Click Maintenance > User Manager on the left of the main page. The user
management page is displayed, see Figure 6-44.

6-47

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-44 User Management Page

By default, the Modify tab is displayed. Modify the login password and management
password of the user, and then click Apply to submit.
l Adding User

Click the add button on the user management page. The adding user page is
displayed, see Figure 6-45.

Figure 6-45 Adding User Page

Click the add button on the user management page. The adding user page is
displayed, see Figure 6-45.

6-48

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-46 Adding User Page

Enter the password of the current user on this page, enter the information about the
user to be added, and then click Apply to submit.
l Deleting User
Click the Delete button on the user management page. The deleting user page is
displayed, see Figure 6-47.

Figure 6-47 Deleting User Page

Select the user to be deleted, and then click Apply to submit.

6.9 M_Button
Introduction to the M_Button Function
The M_button function is used to display the key statistics data and indicate the key events
through the panel indicators, which facilitates device maintenance.

6-49

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

For a description of the port indicators on the ZXR10 2900E, refer to Table 6-1.

Table 6-1 ZXR10 2900E Port Indicator Descriptions

Indicator State Description

LINK Off No link.

On (green) Indicator for the physical link on an optical port.


After the system is started, a physical link is
established.

Flashing (green) Indicator for data sending and receiving a


the port. When data is sent or received, the
indicator flashes at the fixed frequency.

SPD On (green) The port speed is the same as the default port
speed.

On (yellow) The port speed is not the same as the default


port speed.

DUP On (green) The port is in full-duplex mode.

On (yellow) The port is in half-duplex mode.

STA On (green) The STP status of the port is Forward.

On (yellow) In other statuses.

Off The STP status of the port is Disable.

CPU% On (green) A port indicator displays the current CPU


usage.
For the 2910E-PS, the first 8 ports display
the current usage, each of which represents
12.5%. For other devices, the first 10 ports
display the current usage, each of which
represents 10%.

MEM% On (green) In this mode, a port indicator displays the


current memory usage.
For the 2910E-PS, the first 8 ports display
the current usage, each of which represents
12.5%. For other devices, the first 10 ports
display the current usage, each of which
represents 10%.

BW% On (green) In this mode, a port indicator displays the


current occupation rate of uplink port outbound
bandwidth. The current speed on the uplink
interface is used as the base.

6-50

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Indicator State Description

BW% On (green) In this mode, a port indicator displays the


current occupation rate of uplink port inbound
bandwidth. The current speed on the uplink
interface is used as the base.

PING On (green) The device sends five ICMP to the network


management center. Each ICMP packet
corresponds to an indicator of a port (port 15).
If an indicator is on (green), a response of the
corresponding packet is received.

On (yellow) The device sends five ICMP to the network


management center. Each ICMP packet
corresponds to an indicator of a port (port 15).
If an indicator is on (yellow), no response of the
corresponding packet is received.

Off No IP address is configured for the network


management center.

CRC On (yellow) There is a CRC error frame on the port.

STORM On (yellow) The port is a storm port.


The storm threshold is set to 80 percent of the
automatically negotiated speed on the port.
If the traffic sent and received on the port
exceeds the threshold, the port is a storm port.

NoMAC On (yellow) The port does not learn a MAC address.

PoE (valid only for On (green) PoE is normal.


devices that support
On (yellow) PoE is abnormal.
PoE)
Off No power.

Note:
In STA mode, if a port is added to multiple instances, the indicator of the port indicates the
STA state in the first instance.

M_Button Function Mode Switch


1. There is a mode button on the panel. Press it once, and then the indicator for the next
mode (based on the sequence on the switch panel) begins flashing for 2 seconds. If
the button is not pressed in 2 seconds, the mode indicator is off. The device enters this
mode and executes the function of this mode. If the button is pressed in 2 seconds,
the next mode indicator begins flashing. The previous process is repeated.

6-51

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

2. In a mode, if the mode button is not pressed in 3 minutes, the device exits from this
mode automatically to the LINK mode. If the button is pressed, the device enters the
next mode. The corresponding mode indicator begins flashing, which is as described
in 1.
3. In the PING mode, a ping packet is sent once per 20 seconds. In other modes, the
statuses are updated in real time.

6.10 Telnet
Telnet Overview
As a member of the TCP/IP protocol family, the Telnet protocol is the standard protocol for
the remote Internet login service. With this protocol, users can perform operations on a
remote switch through a local PC.
A ZTE switch can be used as both a Telnet client and a Telnet server.
User can set the listening port number when the device is logged in to through Telnet, also
user can set the port number and source IP address when the device is used as a Telnet
client to log in to another device.

Telnet Configuration
The Telnet configuration includes the following commands:

Command Function

Enables or disables the Telnet


zte(cfg)#set Telnet server {enable | disable} server function, which is enabled
by default.

Sets the port number and source


zte(cfg)#telnet <dest ip-addr> destination-port <port-num><src IP address when the device is
ip-addr> used as a Telnet client to log in to
another device.

Sets the listening port number


when the device is logged in to
zte(cfg)#set telnet listen-port <port>
through Telnet. The value is 23 or
between 1025 and 49151.

Displays the Telnet configuration


show Telnet (for all configuration modes)
and status.

Telnet Configuration Instance


l Configuration Description
See Figure 6-48, a switch has a layer-3 port with the IP address 192.168.1.1/24, and
the IP address of the PC is 192.168.1.100/24. The PC remotely logs in to the switch
through Telnet.

6-52

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 6 Management

Figure 6-48 Telnet Login Instance

l Configuration Procedure
1. Configure the switch
By default, the Telnet server function is enabled. You can use the following
command to make sure that the function is enabled.
zte(cfg)#show Telnet
Telnet server is enable
Telnet server is listening on port 23
2. Configure the PC

Note:
Windows 2000 provides the Telnet client and server programs. Telnet.exe
is the client program and tlntsvr.exe is the server program. In addition,
Windows 2000 provides the Telnet server management program tlntadmn.exe.
By default, the Telnet service is installed in Windows 2000.

Execute the Telnet command on the PC, see Figure 6-49.

Figure 6-49 Executing the Telnet Command on the PC

For the Telnet login result, see Figure 6-50.

6-53

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-50 Telnet Login Result

6-54

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 7
Maintenance
Table of Contents
Routine Maintenance .................................................................................................7-1
Virtual Circuit Tester ...................................................................................................7-2
Common Fault Handling.............................................................................................7-3

7.1 Routine Maintenance


Daily Maintenance Items
1. Checking the operation state of the switch.
a. Verifying that the interface of the back-end terminal can be operated.

b. Verifying that each indicator of the switch is in the normal state.


c. Verifying that the fans of the switch operate properly.
d. Verifying that the temperature of the switch is normal and there is no abnormal
smell in the equipment room.
e. Checking the system alarms.
2. Checking the communication between the switch and each connected device.
Log in to the switch through HyperTerminal or Telnet. Run the ping command to test
various network segments for connectivity check.
3. Verifying the services related to the switch are normal.
4. Recording operations and phenomena on the current day.
The operations are those performed on the switch. The phenomena include the switch
state and equipment room environment.

Monthly Maintenance Items


1. Summarizing daily operations every month.
a. Summarizing problems encountered during daily operation. If necessary, discuss
with ZTE maintenance engineers.

b. Summarizing daily maintenance experience to perform more efficient maintenance


in the future.
2. Cleaning the equipment room.

a. Cleaning the air conditioner and check its performance.

7-1

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

b. Cleaning cable troughs and secure loosened wires.


3. Cleaning the switch.
Ensuring that the cloth is not too wet and that the operation does not affect interfaces.
4. Backing up alarm information, statistics information, and configuration information.

Maintenance Period
For the maintenance period of the Ethernet switch, refer to Table 7-1.

Table 7-1 Maintenance Period of the Ethernet Switch

No. Maintenance Item Maintenance Period

1 Checking the switch running state Day

2 Checking the equipment room temperature and Day


humidity, and power supply

3 Checking the communication state between the Day


switch and each connected device

4 Checking service state Day

5 Monthly summary of daily problems Month

6 Monthly summary of daily maintenance Month


experience

7 Cleaning the equipment room Month

8 Cleaning the switch Month

9 Yearly summary Year

10 Full maintenance and check of devices in the Year


monitoring room

7.2 Virtual Circuit Tester


The Virtual Circuit Tester (VCT) uses a Time Domain Reflectometry (TDR) to diagnose the
line state, such as Open, Short, Impedance Mismatch and Good termination, and calculate
the location of a faulty line using a fitting formula.
Run the show vct port <1-28> command to check the VCT detection result of the specified
port.

Example 1
zte(cfg)#show vct port 1
Cable Test Result for Port 1
RX PAIR : /* Wiring pair for receiving data in the twisted pair cable */
Cable Test Passed. No problem found.

7-2

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 7 Maintenance

Cable Length is unknown.


TX PAIR : /* Wiring pair for sending data in the twisted pair cable */
Cable Test Passed. No problem found.
Cable Length is unknown.

Example 2
zte(cfg)#show vct port 8
Cable Test Result for Port 8
RX PAIR :
Cable Test Passed. Cable is open.
Approximately 7 meters from the tested port.
TX PAIR :
Cable Test Passed. Cable is open.
Approximately 6 meters from the tested port.

7.3 Common Fault Handling


7.3.1 Overview
Faults include hardware faults and software faults. Hardware faults can be removed by
changing hardware if the faults are correctly located. Software and configuration faults
can be removed by correct operations.
During handling faults, first of all, you should verify that the device configurations are
correct, the device cables are connected properly, and the device environment satisfies
requirements.

7.3.2 Configuration Through the Console Port Failed


Symptom
Failed to configure the switch through the console port.

Related Component Check


Check the configuration cable, serial port of HyperTerminal, and console port of the switch.

Fault Analysis
1. The configuration cable is incorrect.
2. The serial port attributes of HyperTerminal are incorrect, or the serial port is faulty.
3. The console port of the switch is faulty.

7-3

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Solution
1. Use a correct configuration cable.
2. Check the serial port attributes of HyperTerminal. The correct settings are as follows:
Bits per Second (baud rate) is 9600, Data bit is 8, Parity is None, and Flow control
is None. Verify that the serial port is normal and replace the terminal if necessary.
3. Verity that the Console port of the switch is normal.

7.3.3 Telnet Connection Failed


Symptom
Failed to connect the Switch through Telnet.

Fault Analysis
1. The port PVID is incorrect.
2. The port is disabled.
3. The VLAN bound to the IP port is disabled.
4. The IP address, subnet mask or default gateway of the switch is incorrect.
5. The IP address of the switch conflicted with the IP address of another device.
6. The wrong REMOTE ACCESS setting of the switch caused the IP address to be filtered
out.

Solution
1. Set the port PVID to be the same as the VLAN ID to which the port belongs.
2. Enable the port.
3. Enable the VLAN bound to the IP port.
4. Configure a valid IP address, subnet mask and default gateway for the switch.
5. Modify the IP address of the switch or another device to remove the IP address conflict.
6. Set REMOTE ACCESS to any.

7.3.4 Web Management Failed


Symptom
When the Web browser was opened on the local computer, the Web management pages
failed to be opened.

Fault Analysis
1. The browser version is too low.
2. An incorrect address or port number was entered in the address bar.
3. The communication between the local computer and the switch failed.
4. The switch did not configure a management port or the IP address of the switch is
incorrect.

7-4

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 7 Maintenance

5. The switch did not enable the Web management function.

Solution
1. Upgrade the browser version on the local computer to at least IE 6.0.
2. Check the switch configuration to obtain a correct IP address and port number.
3. Check the line between the local computer and the switch to ensure that the
communication is normal.
4. Configure a correct management port and IP address for the switch.
5. Enable the Web management function of the switch and set a port number.

7.3.5 Login Username or Password Lost


Symptom
A user cannot log in to the switch after entering the username and password.

Fault Analysis
The username or password used to log in to the switch is incorrect.

Solution
First of all, confirm whether the system administrator can find the original username and
password. If the system administrator cannot find the original username and password,
reboot the switch and delete the configuration file. The operation procedure is as follows:
1. Reboot the switch and press any key on the HyperTerminal to enter the boot state.
ZXR10 2928E BootRom Version v1.15
Compiled May 21 2012 08:57:22
Copyright (c) 2010 by ZTE Corporation.

boot location [0:Net,1:Flash] : 1


actport : 1
serverip : 10.40.89.78
netmask : 255.255.255.0
ipaddr : 10.40.89.79
bootfile : /img/zImage.B10
username : ZXR10
password : ZXR10
MAC : 00:d0:d0:29:28:01
Press any key to stop autoboot: 2
[ZXR10 Boot]:
2. In [ZXR10 Boot] state, enter [ZXR10 Boot]:zte to enter [BootManager] state of the
switch. Enter <?> for command help.
[BootManager]: ?
? - alias for 'help'

7-5

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

cd - change current path


exit - exit from BootManager mode
format - format flash
ftp - get/put file from/to FTP server
help - print online help
load - load zImage
ls - list files in current directory
mv - change [source] name to [destination] name
poever - get poe firmware version
reboot - perform REBOOT of the CPU
rm - remove file
setBOOTpassword - set password for BOOT mode
setPtype- set packaged type
show - show board information
update - update boot or firmware
[BootManager]:
3. Run the rm command to delete the startrun.dat configuration file. Reboot the
switch.
[bootManager]:cd cfg
[bootManager]: ls
/cfg/

startrun.dat 671
to_permmac.dat 98304
[bootManager]: rm startrun.dat
[bootManager]: ls
/cfg/

to_permmac.dat 98304
[bootManager]:
4. After the switch is rebooted, use the default username and password to log in to the
switch.

7.3.6 Enable Password Lost


Symptom
A login user failed to enter global configuration mode after entering a password.

Fault Analysis
An incorrect password was used when the user tried to enter global configuration mode.

Solution
For the handling method, refer to 7.3.5 Login Username or Password Lost.

7-6

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 7 Maintenance

Note
Before the switch is rebooted, record the current configuration for reconfiguration.

7.3.7 Two Devices in the Same VLAN Cannot Communicate


Symptom
Two devices connected to two ports in the same one VLAN of the switch cannot
communicate.

Fault Analysis
1. The port PVID is incorrect.
2. The ports are disabled.
3. The VLAN bound to the ports is disabled.
4. When the ports were added in the VLAN, tag was selected.
5. IP addresses of the devices were not set or not in the same network segment.

Solution
1. Set the port PVID to be the same as the VLAN ID to which the ports belong.
2. Enable all the ports used.
3. Enable the VLAN used.
4. Add the ports in the VLAN again, and select untag.
5. Set correct IP addresses for the devices.

7.3.8 Authentication Timed Out in Campus Network


Symptom
There were six buildings in the student dormitory of school A. If students wanted to access
the Internet, their computers must pass the authentication and accounting system. The
Radius server software and Bras hardware devices of the authentication and accounting
system were provided by company B. The DOT1X port authentication function must be
enabled on the access layer device ZXR10 2900E and it works with the authentication
and accounting system of company B to provide authentication and accounting services
for the students.
Company B completed the debugging of the Radius server and Bras devices and
allocated the authentication and accounting clients to each building for installation. Most
students registered and activated their accounts. After the preparation was completed,
ZTEs maintenance engineers enabled the DOT1X function on the access layer devices
of the six buildings, as required by the customer. The configuration of the ZXR10 2900E
was as follows:
Two devices connected to two ports in the same VLAN cannot ping each other.
set port 1-24 security enable

7-7

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

config nas
radius isp test defaultisp enable
radius isp test sharedsecret amtium
/*Shared key negotiated with company B*/
radius isp test add accounting 10.150.12.101
/*Address of the authentication and accounting server of company B*/
radius isp test add authentication 10.150.12.101
/*Address of the authentication and accounting server of company B*/
radius isp test client 172.16.0.181
/*ISP name and IP address accessing the switch*/
aaa-control port 1-24 dot1x enable
aaa-control port 1-24 accounting enable
aaa-control port 1-24 port-mode auto

When the configuration was completed, the authentication of some computers in B1, B2
and B3 timed out.

Fault Analysis
The students accounts and configuration were correct, and the configuration of the ZXR10
2900E was correct. Even if ZTEs maintenance engineers replaced the faulty switch with
a new one, the problem still existed. The diagnosis result was that the interconnection
between devices of ZTE and company B was faulty.
By capturing packets, ZTEs maintenance engineers found that the ZXR10 2900E sent a
Radius Access Request message to the authentication and accounting server of company
B, but did not receive a response message. In normal circumstance, the Radius message
receiving and sending procedure is as follows:
1. When the server accesses the switch, the switch sends an Access Request message.
2. The server returns an Access Challenge message.
3. The switch sends an Access Request message again.
4. The server returns an Access Accept message.
5. The switch sends an Accounting Request message.
6. The server returns an Accounting Response message.
Because the authentication data packet flows captured on the two same ZXR10 2900E
devices were not the same, the diagnosis result was that the configuration of the
authentication and accounting server of company B was incorrect. Engineers of company
B checked alarms on the authentication and accounting server, and an alarm " AP not
support user auth type was located. That is, authentication types of the server and
the switch were different. When the back-end configuration of the authentication and
accounting server was checked, it was found that the shared key on the switches of
buildings B1, B2 and B3 was set to antium, but the negotiated key was "amtium".

7-8

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Chapter 7 Maintenance

Solution
The engineers of company B change the shared key to amtium, and the problem is solved
completely.

7.3.9 Solution to ARP Attacks in Campus Network


Symptom
Eleven access layer switches ZXR10 2900E in the same VLAN in a student dormitory
building cannot connect the network. 40% of users in this building failed to access the
Internet.

Fault Analysis
After checking the network management system, maintenance engineers found that the
eleven switches were disconnected and failed to be pinged. The maintenance engineers
arrived at the weak electricity well in which four switches were installed, accessed the
switch whose IP address was 172.168.0.123 through HyperTerminal, and found its CPU
usage reached 93%100%. The maintenance engineers checked the alarm information
and configuration information, but no exception was found. The maintenance engineers
then accessed the convergence layer switch T40G and found an alarm port 4 receives
too many ARP broadcast packets. After checking the traffic on this port, the maintenance
engineers found that about 100,000 broadcast packets were added every ten seconds.
After analyzing the ZXR10 2900E connected to the port, the maintenance engineers found
the following conditions:
1. There was a loop on the user side.
2. A users computer was infected by a virus and sent broadcast packets continuously.
3. A users computer was installed with the ARP attack software and sent ARP attack
packets continuously.
The IP address of the ZXR10 2900E connected to the port was 172.168.0.111. The
maintenance engineers connected the switch through a network cable and captured
packets. After analyzing the packets, the maintenance engineers found that a computer
with the MAC address 00:19:e0:a9:5a:fc sent ARP broadcast packets continuously.
Based on the label on the network cable, the computer was in room 2606. After the
maintenance engineers removed its network cable, the eleven switches recovered normal
and CPU utilization was no more than 5%.

Solution
1. Filter out the MAC address of the computer on the access layer switch and prohibit it
from accessing the Internet.
2. Notify the central equipment room of the school to prohibit the computer from
accessing the Internet before its hard disk is formatted and the system is reinstalled.
3. Install an ARP virus kill tool on all computers.

7-9

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

This page intentionally left blank.

7-10

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Figures
Figure 3-1 ZXR10 2900E's Configuration Modes ...................................................... 3-1
Figure 3-2 Connection Description Dialog Box .......................................................... 3-2
Figure 3-3 Connect To Dialog Box ............................................................................ 3-2
Figure 3-4 COM1 Properties Dialog Box ................................................................... 3-3
Figure 3-5 Running Telnet......................................................................................... 3-4
Figure 3-6 Telnet Window ......................................................................................... 3-4
Figure 4-1 TFTP Server ............................................................................................ 4-4
Figure 4-2 Tftpd Settings Dialog Box......................................................................... 4-4
Figure 4-3 Connect to Server Dialog Box .................................................................. 4-5
Figure 4-4 FileZilla Server Window ........................................................................... 4-5
Figure 4-5 Users Dialog Box ..................................................................................... 4-6
Figure 4-6 Directory Setting ...................................................................................... 4-6
Figure 4-7 Network Architecture for Automatic Configuration File Download ........... 4-10
Figure 4-8 Network Structure for Automatic Configuration File Upload .................... 4-10
Figure 5-1 PoE Application ....................................................................................... 5-8
Figure 5-2 Port Mirroring Configuration Instance ..................................................... 5-12
Figure 5-3 LACP Configuration Instance ................................................................. 5-19
Figure 5-4 Network Topology of IGMP Snooping Configuration Instance................. 5-23
Figure 5-5 MLD Snooping Configuration Instance ................................................... 5-26
Figure 5-6 IPTV Configuration Instance 1 ............................................................... 5-31
Figure 5-7 IPTV Configuration Instance 2 ............................................................... 5-32
Figure 5-8 MSTP Topological Structure................................................................... 5-35
Figure 5-9 STP Configuration Instance ................................................................... 5-39
Figure 5-10 RSTP Configuration Instance............................................................... 5-40
Figure 5-11 MSTP Configuration Instance............................................................... 5-41
Figure 5-12 ACL Configuration Instance ................................................................. 5-53
Figure 5-13 QoS Configuration Instance ................................................................. 5-59
Figure 5-14 PVLAN Configuration Example 1 ......................................................... 5-61
Figure 5-15 PVLAN Configuration Example 2 ......................................................... 5-62
Figure 5-16 Layer 2 Protocol Transparent Transmission Configuration
Topology ............................................................................................... 5-64
Figure 5-17 Layer-3 Configuration Instance ............................................................ 5-67

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 5-18 Layer-3 IPv6 Configuration Instance .................................................... 5-69


Figure 5-19 DAI Configuration InstanceTopology .................................................... 5-70
Figure 5-20 Using PAP Mode for Identity Authentication ......................................... 5-73
Figure 5-21 Using Chap Mode for Identity Authentication ....................................... 5-74
Figure 5-22 Using EAP Mode for Identity Authentication ......................................... 5-74
Figure 5-23 Access Authentication Configuration Instance...................................... 5-78
Figure 5-24 Typical QinQ Network .......................................................................... 5-80
Figure 5-25 QinQ Configuration Instance ................................................................ 5-82
Figure 5-26 SQinQ Configuration Instance.............................................................. 5-83
Figure 5-27 VLAN Transparent Transmission Configuration Instance...................... 5-86
Figure 5-28 VLAN Mapping Network Diagram......................................................... 5-87
Figure 5-29 VLAN Mapping Configuration Instance................................................. 5-89
Figure 5-30 GVRP Configuration Instance .............................................................. 5-94
Figure 5-31 DHCP Snooping/Option82 Configuration Instance Topology ................ 5-99
Figure 5-32 DHCP Client Configuration Instance Topology ................................... 5-101
Figure 5-33 DHCPv6 Snooping/Option82 Configuration Instance.......................... 5-103
Figure 5-34 VBAS Typical Network ...................................................................... 5-105
Figure 5-35 VBAS Configuration Instance Topology.............................................. 5-106
Figure 5-36 PPPOE-PLUS Configuration Instance Topology................................. 5-107
Figure 5-37 Diagram of the Master Node Blocking its Secondary Port When the
Ring is in UP State.............................................................................. 5-109
Figure 5-38 Diagram of the Master Node Opening its Secondary Port When the
Ring is in DOWN State ....................................................................... 5-110
Figure 5-39 Transmission Link Fault Diagram ........................................................5-111
Figure 5-40 ZESR Single-Domain Multi-Ring Configuration Example.................... 5-115
Figure 5-41 ZESR Single-Ring Multi-Domain Configuration Example.................... 5-118
Figure 5-42 ZESR Dual-Node Dual-Uplink Configuration Example........................ 5-120
Figure 5-43 ZESS Network Topology .................................................................... 5-123
Figure 5-44 ZESS Networking Configuration......................................................... 5-125
Figure 5-45 Remote Loop Network ....................................................................... 5-128
Figure 5-46 Link Control Network.......................................................................... 5-131
Figure 5-47 PP Configuration Instance ................................................................. 5-134
Figure 5-48 LLDP Configuration Instance ............................................................. 5-137
Figure 5-49 Single Port Loop Detection Configuration Topology............................ 5-139
Figure 5-50 Double Ports Loop Detection Configuration Topology......................... 5-140
Figure 5-51 UDLD Configuration Instance............................................................. 5-142

II

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Figures

Figure 5-52 TACACS+ Configuration Instance ...................................................... 5-145


Figure 5-53 Voice VLAN Configuration Instance ................................................... 5-147
Figure 5-54 Single Management Domain .............................................................. 5-149
Figure 5-55 Single-Domain CFM Network Without MIP......................................... 5-152
Figure 5-56 Single-Domain CFM Network With MIP.............................................. 5-153
Figure 5-57 LM Network Configuration Instance ................................................... 5-155
Figure 5-58 DM Network Configuration Instance ................................................... 5-156
Figure 5-59 AIS/LCK Network Configuration Instance ........................................... 5-157
Figure 5-60 DHCP Relay Configuration Instance .................................................. 5-162
Figure 5-61 MFF Configuration Instance ............................................................... 5-166
Figure 5-62 SSL Configuration Instance ............................................................... 5-168
Figure 5-63 Internet Options Dialog Box ............................................................... 5-169
Figure 5-64 Certificates Dialog Box....................................................................... 5-169
Figure 5-65 Certificates Dialog BoxImporting a Certificate ................................. 5-170
Figure 5-66 SSL Login Page................................................................................. 5-170
Figure 5-67 Main Page for Web-Based Management............................................ 5-171
Figure 5-68 Example of the Primary Node Blocking the Secondary Port (Ring
Status: UP)......................................................................................... 5-173
Figure 5-69 Example of the Primary Node Enabling the Secondary Port (Ring
status: DOWN) ................................................................................... 5-173
Figure 5-70 Configuration Example of a Single ERPS Domain with Multiple
Loops ................................................................................................. 5-175
Figure 5-71 Configuration Example of Multiple ERPS Domains ............................ 5-177
Figure 6-1 SSH Remote Login Example.................................................................... 6-4
Figure 6-2 Setting IP Address and Port Number of the SSH Server .......................... 6-4
Figure 6-3 Setting the SSH Version Number ............................................................. 6-5
Figure 6-4 User Confirmation Dialog Box .................................................................. 6-5
Figure 6-5 SSH Login Result .................................................................................... 6-6
Figure 6-6 SFTP File Upload and Download Instance ............................................... 6-6
Figure 6-7 WinSCP Login Dialog BoxCreating a Session ...................................... 6-7
Figure 6-8 WinSCP Login Dialog BoxSetting SFTP Parameters ............................ 6-8
Figure 6-9 Preferences Dialog Box ........................................................................... 6-9
Figure 6-10 Warning Dialog Box ............................................................................... 6-9
Figure 6-11 Authentication Banner Dialog Box ........................................................ 6-10
Figure 6-12 Password Dialog Box........................................................................... 6-10
Figure 6-13 Authentication Banner Dialog BoxSuccessful Authentication ............ 6-11

III

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

Figure 6-14 WinSCP Desktop Window.................................................................... 6-11


Figure 6-15 MAC Change Notification Configuration Network ................................. 6-17
Figure 6-16 Cluster Management Network.............................................................. 6-22
Figure 6-17 Changeover Rules of Roles ................................................................. 6-23
Figure 6-18 Cluster Management Network.............................................................. 6-26
Figure 6-19 System Login Interface ........................................................................ 6-30
Figure 6-20 System Main Interface ......................................................................... 6-30
Figure 6-21 System Information Page..................................................................... 6-31
Figure 6-22 Port State Information Page ................................................................. 6-32
Figure 6-23 Port Configuration Information Page .................................................... 6-33
Figure 6-24 Single Port Configuration Page ............................................................ 6-34
Figure 6-25 Bulk Port Configuration Page ............................................................... 6-35
Figure 6-26 VLAN Information Page ....................................................................... 6-35
Figure 6-27 VLAN Number Entering Page .............................................................. 6-36
Figure 6-28 Single VLAN Configuration Page ......................................................... 6-37
Figure 6-29 Bulk VLAN Configuration Page ............................................................ 6-37
Figure 6-30 PVLAN Information Page ..................................................................... 6-38
Figure 6-31 PVLAN Configuration Page.................................................................. 6-39
Figure 6-32 Mirror Information Page ....................................................................... 6-40
Figure 6-33 Mirroring Port Configuration Page ........................................................ 6-40
Figure 6-34 LACP Basic Attribute Page .................................................................. 6-41
Figure 6-35 Bulk Aggregation Port Configuration Page ........................................... 6-42
Figure 6-36 Aggregation Group Information Page ................................................... 6-42
Figure 6-37 Aggregation Group Configuration Page................................................ 6-43
Figure 6-38 Terminal Log Information Page ............................................................ 6-44
Figure 6-39 Port Statistics Information Page ........................................................... 6-44
Figure 6-40 Configuration Information Page............................................................ 6-45
Figure 6-41 Saving Configuration Page .................................................................. 6-46
Figure 6-42 Reboot Function Page ......................................................................... 6-46
Figure 6-43 File Upload Page ................................................................................. 6-47
Figure 6-44 User Management Page ...................................................................... 6-48
Figure 6-45 Adding User Page................................................................................ 6-48
Figure 6-46 Adding User Page................................................................................ 6-49
Figure 6-47 Deleting User Page.............................................................................. 6-49
Figure 6-48 Telnet Login Instance ........................................................................... 6-53

IV

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Figures

Figure 6-49 Executing the Telnet Command on the PC ........................................... 6-53


Figure 6-50 Telnet Login Result .............................................................................. 6-54

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Figures

This page intentionally left blank.

VI

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Tables
Table 3-1 Configuration Command............................................................................ 3-3
Table 3-2 Common Command Parameters ............................................................. 3-11
Table 3-3 Editing Commands Through Keystrokes.................................................. 3-14
Table 5-1 Port Role and Port State.......................................................................... 5-35
Table 5-2 Syslog Log Information............................................................................ 5-90
Table 5-3 Basic ZESR Concepts ........................................................................... 5-108
Table 5-4 Basic ZESS Concepts ........................................................................... 5-121
Table 6-1 ZXR10 2900E Port Indicator Descriptions................................................ 6-50
Table 7-1 Maintenance Period of the Ethernet Switch ............................................... 7-2

VII

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Tables

This page intentionally left blank.

VIII

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Glossary
ACL
- Access Control List
AIS
- Alarm Indication Signal
AP
- Access Point
ARP
- Address Resolution Protocol
BAS
- Broadband Access Server
BPDU
- Bridge Protocol Data Unit
CAR
- Committed Access Rate
CCM
- Continuity Check Message

CFM
- Connectivity Fault Management

CIST
- Common and Internal Spanning Tree
CoS
- Class of Service
CST
- Common Spanning Tree
C-VLAN
- Customer VLAN
DAI
- Dynamic ARP Inspection
DHCP
- Dynamic Host Configuration Protocol

DM
- Delay Measurement
DoS
- Denial of Service

IX

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

DSCP
- Differentiated Services Code Point
EAPOL
- Extensible Authentication Protocol Over LAN
EAPS
- Ethernet Automatic Protection Switching
ERPS
- Ethernet Ring Protection Switching
FTP
- File Transfer Protocol
GARP
- Generic Attribute Registration Protocol
GVRP
- GARP VLAN Registration Protocol
IETF
- Internet Engineering Task Force

IGMP
- Internet Group Management Protocol
IP
- Internet Protocol
IPTV
- Internet Protocol Television
IST
- Internal Spanning Tree
LACP
- Link Aggregation Control Protocol
LBM
- Loopback Message

LBR
- Loopback Reply
LCK
- Locked
LLDP
- Link Layer Discovery Protocol
LM
- Loss Measurement

LTM
- Link Trace Message

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Glossary

LTR
- Link Trace Reply
MDI/MDIX
- Media-Dependent Interface/Media-Dependent Interface-crossover
MEP
- Maintenance association End Point
MFF
- MAC-Forced Forwarding
MIB
- Management Information Base
MIP
- Maintenance domain Intermediate Point
MLD
- Multicast Listener Discovery
MST
- Multiple Spanning Tree

MSTP
- Multiple Spanning Tree Protocol
NAS
- Network Access Service
NMS
- Network Management System
NTP
- Network Time Protocol
OAM
- Operation, Administration and Maintenance
OUI
- Organizationally Unique Identifier

PE
- Provider Edge
PoE
- Power over Ethernet
PPPoE
- Point to Point Protocol over Ethernet
PVLAN
- Private Virtual Local Area Network

QoS
- Quality of Service

XI

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


ZXR10 2900E Series Configuration Guide

RADIUS
- Remote Authentication Dial In User Service
RDI
- Remote Defect Indication
RMON
- Remote Monitoring
RPL
- Ring Protection Link
RSTP
- Rapid Spanning Tree Protocol
SBT
- Side Smart Bias Tee
SNMP
- Simple Network Management Protocol
SP
- Strict Priority

SQinQ
- Selective QinQ
SSH
- Secure Shell
SSL
- Secure Sockets Layer
STP
- Spanning Tree Protocol
TACACS+
- Terminal Access Controller Access-Control System Plus
TC
- Traffic Classification

TCP
- Transmission Control Protocol
TDR
- Time Domain Reflectometry
TFTP
- Trivial File Transfer Protocol
UDLD
- Unidirectional Link Detection

UDP
- User Datagram Protocol

XII

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential


Glossary

VBAS
- Virtual Broadband Access Server
VLAN
- Virtual Local Area Network
VPN
- Virtual Private Network
WRR
- Weighted Round Robin
ZDP
- ZTE Discovery Protocol
ZESR
- ZTE Ethernet Switch Ring
ZESS
- ZTE Ethernet Smart Switch
ZTP
- ZTE Topology Protocol

XIII

SJ-20130731155059-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential