You are on page 1of 1203

T-Marc 300 Series

(T-Marc 340 and T-Marc 380)


Demarcation Device
User Guide


Release 10.1.Rx
May 2010


MN100168 Rev R

The information in this document is subject to change without notice and describes only the product defined in
the introduction of this document. This document is intended for the use of customers of Telco Systems only
for the purposes of the agreement under which the document is submitted, and no part of it may be reproduced
or transmitted in any form or means without the prior written permission of Telco Systems. The document is
intended for use by professional and properly trained personnel, and the customer assumes full responsibility
when using it. Telco Systems welcomes customer comments as part of the process of continuous development
and improvement of the documentation.
If the Release Notes that are shipped with the device contain information that conflicts with the information in
the user guide or supplements it, the customer should follow the Release Notes.
The information or statements given in this document concerning the suitability, capacity, or performance of the
relevant hardware or software products are for general informational purposes only and are not considered
binding. Only those statements and/ or representations defined in the agreement executed between Telco
Systems and the customer shall bind and obligate Telco Systems. Telco Systems however has made all
reasonable efforts to ensure that the instructions contained in this document are adequate and free of material
errors and omissions. Telco Systems will, if necessary, explain issues which may not be covered by the
document.
Telco Systems sole and exclusive liability for any errors in the document is limited to the documentary
correction of errors. TELCO SYSTEMS IS NOT AND SHALL NOT BE RESPONSIBLE IN ANY EVENT
FOR ERRORS IN THIS DOCUMENT OR FOR ANY DAMAGES OR LOSS OF WHATSOEVER KIND,
WHETHER DIRECT, INCIDENTAL, OR CONSEQUENTIAL (INCLUDING MONETARY LOSSES),
that might arise from the use of this document or the information in it.
This document and the product it describes are the property of Telco Systems, which is the owner of all
intellectual property rights therein, and are protected by copyright according to the applicable laws.
Telco Systems logo is a registered trademark of Telco Systems, a BATM Company. BiNOS, BiNOSCenter,
T-Marc, T5 Compact, T5C-XG, T-Metro, EdgeLink, EdgeGate, Access60, AccessIP,
AccessMPLS, AccessTDM, AccessEthernet, NetBeacon, Metrobility, and OutBurstare trademarks
of Telco Systems.
Other product and company names mentioned in this document reserve their copyrights, trademarks, and
registrations; they are mentioned for identification purposes only.



Copyright Telco Systems 2010. All rights reserved.

Page 1
Introduction (Rev. 12)

Introduction
Telco Systems T-Marc 300 Series Ethernet Service-Demarcation and Extension product line
provides intelligent and remotely managed, multiport customer-located equipment (CLE) to deliver
managed converged services (voice, video, and data) over virtual Ethernet, MPLS/ VPLS, and IP
networks.
This family of products allows service providers to deliver multiple services on separate customer
interfaces, including multiple services over a single customer interface. Since each service is isolated,
providers can troubleshoot each individual service without impacting others.
Using Operations, Administration, and Maintenance (OAM) tools, service providers can measure
and ensure provisioned Service Level Agreements (SLA).
The devices embedded security controls ensure protection against denial-of service attacks.
Advanced Layer 2 Networking, using Telco Systems AccessEthernet, allows total flexibility in
deployment and delivery of Ethernet services. Physical and virtual networking capabilities provide
automated address-management and discovery, bandwidth profiles, advanced traffic classes, and
complete control over how subscriber traffic is transported across a service providers network.
The T-Marc 300 Series product line includes two models:
T-Marc 340 offers two dual uplink ports (10/ 100/ 1000Base-T or 100Base-Fx/ 1000Base-X)
and four dual access ports (10/ 100/ 1000Base-T or 100Base-Fx/ 1000Base-X).
T-Marc 380 offers the same as T-Marc 340 in addition to four dual access ports
(10/ 100/ 1000Base-T or 100Base-Fx/ 1000Base-X).
The devices operate using an internal AC or DC power supply. They can be rack/ wall mounted or
placed on a table-top.
T-Marc 300 Series User Guide

Page 2
Introduction (Rev. 12)

Using This Document
Documentation Purpose
This user guide includes the relevant information for configuring the T-Marc 300 Series
functionalities.
It provides the complete syntax for the commands available in the currently-supported software
version and describes the features supplied with the device.
This guide does not include instructions on how to install the device. For more information
regarding the device installation, refer to the T-Marc300 SeriesInstallationGuide.
For the latest software updates, see the ReleaseNotesfor the relevant release. If the release notes
contain information that conflicts with the information in the user guide or supplements it, follow
the release notes' instructions.
Intended Audience
This user guide is intended for network administrators responsible for installing and configuring
network equipment.
You have to be familiar with the concepts and terminology of Ethernet and local area networking
(LAN) to use this guide.
Documentation Suite
This document is just one part of the full documentation suite provided with this product.
You are: Document Function Function
Installation Guide Contains information about installing the hardware and
software; including site preparation, testing, and safety
information.

User Guide Contains information on configuring and using the system.
Release Notes Contains information about the current release, including
new features, resolved issues (bug fixes), known issues,
and late-breaking information that supersedes information
in other documentation.
T-Marc 300 Series User Guide

Page 3
Introduction (Rev. 12)

Conventions Used
The conventions below are used to inform important information:

NOTE
Indicating special information to which the user needs to pay special attention.

CAUTION
Indicating special instructions to avoid possible damage to the product.

DANGER
Indicating special instructions to avoid possible injury or death.


The table below explains the conventions used within the document text:

Conventions Description
commands CLI and SNMP commands
command example
CLI and SNMP examples
<Variable>
user-defined variables
[Optional Command Parameters]
CLI syntax and coded examples
T-Marc 300 Series User Guide

Page 4
Introduction (Rev. 12)

Organization
The T-Marc 300 Series User Guide comprises the below list of chapters, each focusing on a
different feature or set of features. Each chapter begins with a brief overview of the feature/ s,
followed by the configuration flow and corresponding commands' configuration section.

Chapter Name Description
Using the Command Line
Interface (CLI)
Basic information about the T-Marc 300 Series CLI, its modes, and
general usage details.
Device Setup and
Maintenance
Accessing T-Marc 300 Series devices, login information, and the
devices' reloading options.
Device Administration Administering T-Marc 300 Series devices and performing initial
device configuration (such as the devices time and date, software
upgrade, and protecting the device from outside attacks).
Configuring Interfaces The device interface types and their configuration. The chapter
also offers information on static Link Aggregation Groups (LAGs),
establishing resilience across the network segments, and Alarm
Propagation.
Configuring VLANs and
Super VLANs
An overall understanding of VLANs and their configuration.
Configuring Transparent
LAN Services (TLS)
The deployment of Transparent LAN Services.
Configuring Spanning Tree
Protocol (STP)
The IEEE 802.1D STP standard and its configuration
Configuring Rapid
Spanning Tree Protocol
(RSTP)
The IEEE 802.1W Rapid STP standard and its configuration.
Configuring Multiple
Spanning Tree Protocol
(MSTP, IEEE 802.1s)
The IEEE 802.1S Multiple STP standard and its configuration.
Configuring Access Control
List (ACL)
Creating ACLs, traffic rate-limit, and applying QoS using ACLs.
DHCP Snooping DHCP Snooping security feature used to reinforce the client
network and create an environment resilient to outside attacks.
Configuring Quality of
Service (QoS)
Configuring different service levels for traffic traversing the device,
providing preferential treatment to specific traffic.
Operation Administration
and Maintenance (OAM)
The different tools for monitoring and troubleshooting the network:
IEEE 802.3ah Ethernet in the First Mile (EFM)
IEEE 802.1ag Connectivity Fault Management (CFM)
SAA Test-Head and SAA Throughput Test
ITU-T G.8031 Ethernet Protection Switching (EPS)
Event Propagation (configuring automatic actions executed
upon the occurrence of specific events)
Ethernet Local Management Interface (E-LMI), an OAM
protocol enabling the auto configuration of Metro Ethernet
services support
T-Marc 300 Series User Guide

Page 5
Introduction (Rev. 12)

Chapter Name Description
Configuring Link Layer
Discovery Protocol (LLDP)
Configuring the IEEE 802.1AB standard.
Configuring Device
Authentication Features
The privileged access levels to commands used for protecting the
device from unauthorized access.
The chapter describes RADIUS, TACACS+, and SSH.
Internet Group Multicast
Protocol (IGMP) Snooping
Configuring the session-layer IGMP Protocol.
Configuring Simple
Network Management
Protocol (SNMP)
Configuring SNMP, community strings, and enabling trap
managers and traps.
SNMP Reference Guide The detailed list of MIBs and objects for controlling, monitoring,
and managing the device and its features from a remote location.
Configuring Remote
Monitoring (RMON)
Configuring the RMON feature used with the SNMP agent.
Configuring System
Message Logging
Configure system message logging, message format, and
message types displayed.
Troubleshooting and
Monitoring
Troubleshooting and monitoring tools used to detect and solve
BiNOS related problems. Provides a set of built-in tests that
examine hardware and its configuration validity.
This chapter also contains other information such as traffic
monitoring, monitoring the device's periodic operation, alert
behavior, and laser monitoring.
Appendix A: Default
Configuration
The devices default configuration.
Appendix B: Product
Capabilities
The devices supported features.
Appendix C: Acronyms
Glossary
The list of acronyms used in this user guide and their meaning.
T-Marc 300 Series User Guide

Page 6
Introduction (Rev. 12)

Getting Documentation Updates
You can access the most current Telco Systems documentation on the following site:
http:/ / support.batm.com/ .
Access to most of the Telco Systems documentation is password protected. To obtain a password,
contact the BATM support center.
Technical Support
Telco Systems provides technical assistance for customers and partners. Users can obtain technical
assistance by any of the following phone, fax, and e-mail options:
Web Access: http:/ / www.telco.com/
BATM Advanced CommunicationsMain Support Center in Israel
Tel: +972-4-993-5630
Fax: +972-4-993-7926
Email: mailto:support@batm.co.il
BATM/ Telco Systems a BATM Companyfor Americas
Tel: 1-800-227-0937 (U.S.), 1-781-255-2120 (Outside U.S.)
Fax: 1-781-255-2122
Email: techsupport@telco.com
BATM Germanyfor Northern Europe
Tel: +49-241-463-5490
Fax: +49-241-463-5491
Email: info@batm.de
BATM Francefor Southern Europe
Tel: +33-15-671-2773
Fax: +33-14-377-1780
Email: support@batm.fr
Telco Systems, a BATM Company Asia Pacific in Singapore
Tel: +65-6-725-9901
Fax: +65-6-725-9889
Email: enquiryapac@telco.com
Telco Systems Asia PacificJapan
Tel: +81-3-5215-5709
Fax: +81-3-5215-5704
Email: info.jp@telco.com


Page 1
Using the Command Line Interface (CLI) (Rev. 07)

Using the Command Line Interface (CLI)
Table of Contents
Overview 2
Accessing the CLI 2
The CLI Modes 3
View Mode 3
Privileged (Enable) Mode 3
Configuration Modes 3
Using the CLI 5
Command Keywords and Arguments 5
Minimum Abbreviation 6
Dynamic Completion of Commands 7
Regular Expressions 7
Getting Help 8
CLI Keyboard Sequences12
Using the Command History12
General Commands13
CLI Messages14

T-Marc 300 Series User Guide

Page 2
Using the Command Line Interface (CLI) (Rev. 07)

Overview
CLI is a network management application operating through an ASCII terminal.
Using the CLI commands, users can configure the device parameters and maintain them, receiving
text output on the terminal monitor. These system parameters are stored in a non-volatile memory
and users have to set them up only once.
The device CLI is password protected.
Accessing the CLI
You can access the CLI:
directly, by connecting a PC to the devices console port
over an IP network, using Telnet or SSH
Once the console port is displayed, users have to type the deivce password to execute CLI
commands.
Example:
User Access Verification

Password:batm
T-Marc_3X0>
For more information, refer to the Methodsof Managinga Devicesection of the DeviceSetupand
Maintenancechapter.
Throughout this guide, we refer to the T-Marc 300 Series device prompt as device-name.
T-Marc 300 Series User Guide

Page 3
Using the Command Line Interface (CLI) (Rev. 07)

The CLI Modes
The CLI is built in heirarchial modes, each mode grouping relevant CLI commands. Below is the
list of the devices main CLI modes.
View Mode
This is the initial, user-level mode the CLI enters after successfully login on to the CLI. This modes
prompt is >:
device-name>
The View mode is password protected (the default password is batm)
Privileged (Enable) Mode
The Privileged (Enable) mode is primarily used for viewing the system status, controlling the CLI
environment, monitoring network connectivity, troubleshooting, and initiating the different
Configuration modes. This modes prompt is #.
To access this mode from View mode use the enable command:
device-name>enable
device-name#
The Privileged (Enable) mode is not password protected by default. However you can configure
password protection by using the enable password command (for more information, refer to the
DeviceSetupandMaintenancechapter of the user guide).
Configuration Modes
To change the device configuarion, users need to access the Configuration mode. This modes
prompt is (config)#.
To access this mode from the Privileged (Enable) mode, use the configure terminal command.
device-name#configure terminal
device-name(config)#
The Configuration mode has various sub-modes for configuring the different device features, as
shown in the below table.
Example
To access the Protocol Configuration mode, use the protocol command in Global Configuration
mode:
device-name(config)#protocol
device-name(cfg protocol)#
T-Marc 300 Series User Guide

Page 4
Using the Command Line Interface (CLI) (Rev. 07)

Table 1: Configuration Sub-Modes Summary
Configuration
Mode
Role Prompt
VTY Controlling the Virtual Telnet Type
(VTY) connection to the device
device-name(config-VTY)#
The device physical-interfaces
configuration
device-name(config-config-if
UU/SS/PP)#
Interface range configuration
device-name(config-if-group)#
Link Aggregation Groups (LAG)
interface configuration
device-name(config-if AG0N)#
Interface
LAG interface range configuration
device-name(config-ag-group)#
Interface Access Control Groups
(ACG) configuration
device-name(config-if UU/SS/PP
acg ACL-NUMBER)#
Virtual LAN (VLAN) ACG
configuration
device-name(config-vlan VLAN-
NAME acg ACL-NUMBER)#
ACG
LAG interface ACG configuration
device-name(config-if AG0N acg
ACL-NUMBER)#
VLANs configuration
device-name(config vlan)#
VLAN
Specific VLAN configuration
device-name(config vlan VLAN-
NAME)#
Protocol Protocols settings such as STP,
RSTP, MSTP, EFM-OAM and, LAG
device-name(cfg protocol)#
Resilient Link Resilient links configuration
device-name(config-resil-link
N)#
Script-file
System
Script-file system management
device-name(config-config
script-file-system)#
Monitor Monitoring parameters settings
device-name(config monitor N)#
MSTP MSTP configuration
device-name(cfg protocol mstp)
CFM CFM-OAM protocol configuration
device-name(config-cfm)
SAA
Throughput
Test
SAA throughput test configuration
device-name(config-saa-
throughput)
SAA profile configuration
device-name(config-saa-profile-
Profile_ID)
SAA Test-
Head
SAA test configuration
device-name(config-saa-TESTNAME)
TLS TLS service configuration
device-name(config-tls SERVICE-
NAME)#
EPS EPS configuration
device-name(config-eps-SERVICE-
NAME)#
Event
Propagation
Event Propagation profile
configuration
device-name(config-ep-profile
ID)#
T-Marc 300 Series User Guide

Page 5
Using the Command Line Interface (CLI) (Rev. 07)

Using the CLI
Command Keywords and Arguments
Each CLI command is build up of a series of keywords and arguments:
Keywords identify the commands action
Arguments specify the commands configuration parameters
The CLI commands are not case sensitive.
The general CLI syntax is represented by the following format:
device-name[(config ...)]#keyword(s) [argument(s)] ... [keyword(s)]
[argument(s)]
In this format:
device-name[(config ...)]# represents the prompt displayed by the device. This prompt
includes:
the user-defined device-name
the current CLI mode
the command keywords and arguments typed by the user
Example:
In the command below:
device-name(config vlan)#create NAME <vlan-id>
the CLI mode is Config VLAN
create is the command keyword
NAME <vlan-id> are command arguments
T-Marc 300 Series User Guide

Page 6
Using the Command Line Interface (CLI) (Rev. 07)


Table 2: CLI Syntax Conventions in the User Guide
Symbol/Format Description
<Italic, small
letters>
A numerical argument:
<priority>
Italic, capital
letters
A string argument:
NAME
bold letters
A command keyword:
copy
A.B.C.D
An IP address:
10.4.0.4
UU/SS/PP
A physical port number in a unit/slot/port format:
1/2/6
HH:HH:HH:HH:HH:HH
A MAC address in a hexadecimal format:
00:a0:12:07:0f:78
[]
An optional argument or keyword:
[FILENAME]
{}
A mandatory argument or keyword:
{enable | disable}
|
An or between two arguments or keywords, the user should select from:
{true | false}
Minimum Abbreviation
The CLI accepts a minimum number of characters that uniquely identify a command. Therefore
you can abbreviate commands and parameters as long as they contain enough letters to differentiate
them from any other available commands or parameters on the specific CLI mode.
Example
You can type the config terminal command as config t.
device-name#config t
device-name(config)#

In case of an ambiguous entry (when the CLI mode includes more than once command matching
the characters typed), the system prompts for further input.
Example
device-name#con
[ %Er r or ] Command i ncompl et e
T-Marc 300 Series User Guide

Page 7
Using the Command Line Interface (CLI) (Rev. 07)


Dynamic Completion of Commands
In addition to the Minimum Abbreviation functionality, the CLI can display the commands
possible completions.
To display possible command completions, type the partial command followed immediately by
<Tab> or <Space>.
In case the partial command uniquely identifies a command, the CLI displays the full
command.
Otherwise the CLI displays a list of possible completions.
device-name(config)#in
Possi bl e compl et i ons:
i nt er f ace
- - -
i nser t I nser t a par amet er
Regular Expressions
Regular expressions are a subset of EGREP and AWK programming-language regular expressions.
Table 3: Common Regular Expressions
Key Function
.
Matches any character
^
Matches the beginning of a string
$
Matches the end of a string
[abc...]
Character class that matches any of the characters: abc
To specify a character range, type a pair of characters separated by a -.
[^abc...]
Negated character class that matches any character except abc....
r1 | r2
Matches either r1 or r2
r1r2
Matches r1 and then r2
r+
Matches one or more r
r*
Matches zero or more r
r?
Matches zero or one r
(r)
Matches a pattern group

T-Marc 300 Series User Guide

Page 8
Using the Command Line Interface (CLI) (Rev. 07)


Getting Help
To get specific help on a command mode, keyword, or argument, use one of the following
commands or characters:
Table 4: CLI Help Options
Command Purpose
help
Provides a brief description of the help system in any command
mode:

device-name(config)#help
Bi NOS CLI D VTY pr ovi des advanced hel p f eat ur e.
When you need hel p,
anyt i me at t he command l i ne pl ease pr ess ' ?' .

I f not hi ng mat ches, t he hel p l i st wi l l be empt y and
you must backup
unt i l ent er i ng a ' ?' shows t he avai l abl e opt i ons.
Two st yl es of hel p ar e pr ovi ded:
1. Ful l hel p i s avai l abl e when you ar e r eady t o
ent er a
command ar gument ( e. g. ' show ?' ) and descr i bes
each possi bl e
ar gument .
2. Par t i al hel p i s pr ovi ded when an abbr evi at ed
ar gument i s ent er ed
and you want t o know what ar gument s mat ch t he
i nput
( e. g. ' show me?' . )

abbreviated-
command<Tab> <Tab>
or
abbreviated-
command<Space> <Tab>
To display a commands possible completions, type the partial
command followed immediately by <Tab>or <Space>.
If the partially typed command uniquely identifies a command, the
full command name is displayed. Otherwise, the CLI displays a
list of possible completions:

device-name(config)#int
UU/ SS/ PP ag01 ag02 ag03 ag04
ag05 ag06 ag07 r ange sw0

command?
or
abbreviated-command?
(Leave no space between the command and ?) Provides a list of
commands that begin with a particular string and their description:

device-name#con?
conf i gur e Conf i gur at i on f r omvt y i nt er f ace

T-Marc 300 Series User Guide

Page 9
Using the Command Line Interface (CLI) (Rev. 07)

Command Purpose
?
Lists all commands available in the particular command mode:

device-name(config)#?
aaa Aut hent i cat i on and account i ng
met hod
access- l i st Set access l i st def i ni t i on
al i as Enabl e cr eat i ng an al i as of a
command. An al i as i s a shor t f or mof a command
banner Set t he banner st r i ng
caps- l ock War n i f passwor ds cont ai ns onl y
CAPI TAL l et t er s
cf m Connect i vi t y Faul t Management
cpu CPU ut i l i zat i on moni t or i ng
- - Mor e

command ?
or
abbreviated-command ?
(Leave a space between command and ?) Lists the keywords or
arguments that the user can type next on the command line:

device-name#show ?
access- cl ass Access- cl ass vt y st at us
access- l i st s Di spl ay t he named access
l i st s
al ar m- i nher i t Show Al ar mPr opagat i on on
por t
cf m Connect i vi t y Faul t
Management
cl ock Show cur r ent syst emdat e and
t i me
conf i gur at i on- hi st or y Di spl ay st or ed conf i gur at i on
hi st or y
cpu Di spl ay CPU moni t or i ng
- - Mor e

T-Marc 300 Series User Guide

Page 10
Using the Command Line Interface (CLI) (Rev. 07)

Command Purpose
!
The CLI ignores all the characters following ! and up to the next
new line.
Use this option when pasting a file that includes comments into
the CLI:

device-name#show running-config
Bui l di ng t he conf i gur at i on . . .

! T- Mar c 300 Ver si on 9. 4
!
passwor d:
3090372e3f 8bc00eeacc46219f 7557485983251a994551f 918e
04712f 86c5818
i p addr ess 10. 4. 4. 210 255. 255. 0. 0
i nt er f ace sw0
!
! Sour ce I p Conf i gur at i on:
!
! Log Conf i gur at i on:
- - Mor e- -

NOTE
To use ! as an argument, prefix it with \ or inside
double quotes ().
T-Marc 300 Series User Guide

Page 11
Using the Command Line Interface (CLI) (Rev. 07)

Command Purpose
command | {include |
exclude} regular-
expression
Searches and filters the command output. Use this functionality to
sort through a large output or to exclude irrelevant output.
include: displays output lines that contain the regular
expression
exclude: displays output lines that do not contain the
regular expression
any regular-expression (text string) found in the show
command output

Example 1
The example below displays only interface output lines:
device-name#show running-config | include interface
Bui l di ng t he conf i gur at i on . . .

i nt er f ace sw0
i nt er f ace 1/ 1/ 1
i nt er f ace 1/ 1/ 2
i nt er f ace 1/ 2/ 1
i nt er f ace 1/ 2/ 2
i nt er f ace 1/ 2/ 3
i nt er f ace 1/ 2/ 4
i nt er f ace 1/ 2/ 5
i nt er f ace 1/ 2/ 6
i nt er f ace 1/ 2/ 7
i nt er f ace 1/ 2/ 8
i nt er f ace ag01
i nt er f ace ag02
i nt er f ace ag03
i nt er f ace ag04
i nt er f ace ag05
i nt er f ace ag06
i nt er f ace ag07

Example 2
The example below displays only lines that contain 2:
device-name#show running-config | include 2
passwor d
3090372e3f 8bc00eeacc46219f 7557485983251a994551f 918e
04712f 86c5818
i p addr ess 10. 4. 4. 210 255. 255. 0. 0
i nt er f ace 1/ 2/ 2
i nt er f ace 1/ 2/ 3
i nt er f ace 1/ 2/ 4
i nt er f ace 1/ 2/ 5
i nt er f ace 1/ 2/ 6
i nt er f ace 1/ 2/ 7
i nt er f ace 1/ 2/ 8
i nt er f ace ag02
T-Marc 300 Series User Guide

Page 12
Using the Command Line Interface (CLI) (Rev. 07)

CLI Keyboard Sequences
Users can use keyboard sequences to move around the command line and edit it. They can also use
keyboard sequences to scroll through a list of recently executed commands.
Table 5: CLI Keyboard Sequences
Key Function
Backspace Deletes the character preceding the cursor
Ctrl-A Moves to the beginning of the line
Ctrl-B Moves one character back
Ctrl-C Interrupts the current input and moves to the next line
Ctrl-D Moves one node back
Ctrl-E Moves to the end of the line
Ctrl-F Moves one character forward
Ctrl-H Deletes the character preceding the cursor
Ctrl-K Deletes all characters to the end of the line
Ctrl-N Moves down to the next line in the history buffer
Ctrl-P Moves up to the previous line in the history buffer
Ctrl-U Deletes the line
Ctrl-W Erases the last word
Ctrl-Z Returns to Enable mode
Esc+B Moves one word back
Esc+D Deletes the characters after the cursor
Esc+F Moves one word forward
Esc Stops ping from the device (for more information regarding the ping
command, refer to the Device Administration chapter).
Tab Fills in the rest of the command line
Using the Command History
The CLI maintains a history of commands (used in any CLI mode) that users can modify and
execute.
To scroll back through the commands history, press the arrow-up key.
For more information, refer to the ConfiguringSystemMessageLoggingchapter.
T-Marc 300 Series User Guide

Page 13
Using the Command Line Interface (CLI) (Rev. 07)


General Commands
You can use the following commands in all CLI modes:
Table 6: General Commands
Command Description
no
Negates the command or resets the command to its default value.

To disable privilege-limited logging, type:
device-name#no log group users-limit

alias
Associates a contiguous character string as an alias to a command that
optionally includes specific arguments. The defined alias is fully
equivalent to the command it is associated to, in the CLI mode the alias
was defined.

To assign an alias to the command show interface 1/1/1
statistics, type:
device-name#alias sint1 show interface 1/1/1 statistics

Once the alias is assigned, you can execute the command by typing the
alias (sint1) in the relevant mode (Privileged (Enable) mode):
device-name#sint1
Oct et s 212 I n/ Out Pkt s 64 383
Col l i si ons 0 I n/ Out Pkt s 65- 127 0
Br oadcast 0 I n/ Out Pkt s 128- 255 0
Mul t i cast 0 I n/ Out Pkt s 256- 511 0
CRCAl i gnEr r or s 0 I n/ Out Pkt s 512- 1023 0
Under si ze 0 I n/ Out Pkt s 1024-
MaxFr ameSi ze 0
Over si ze 0 Tot al I nPkt s 383
Fr agment s 0 Tot al I n/ Out Pkt s 383
J abber s 0 Dr opCount 0
Dr opEvent s 0
Last 5secI nPkt s 50 Last 5secI nBps 409
Last 1mi nI nPkt s 353 Last 1mi nI nBps 408
Last 5mi nI nPkt s 353 Last 5mi nI nBps 81
Last 5secOut Pkt s 0 Last 5secOut Bps 0
Last 1mi nOut Pkt s 0 Last 1mi nOut Bps 0
Last 5mi nOut Pkt s 0 Last 5mi nOut Bps 0

exit
Escapes the current mode and enters the previous mode:

device-name(config-if 1/1/1)#exit
device-name(config)#protocol
device-name(cfg protocol)#exit
device-name(config)#

T-Marc 300 Series User Guide

Page 14
Using the Command Line Interface (CLI) (Rev. 07)

Command Description
quit
Logs out and disconnects from the device:

device-name(config-if 1/1/1)#quit
Connection to host lost

end
Escapes the current mode and enters the Privileged (Enable) mode:

device-name(cfg protocol)#end
device-name#

CLI Messages
The CLI displays relevant messages in response to executed commands:
Table 7: CLI Messages
CLI Message Description
% is not recognized
Displayed when the entry is not a command.
% command incomplete
Displayed when the user types a valid command but fails to type
the commands required arguments.
In this case, press <Tab>to display the commands possible
completions.
% Ambiguous token
Displayed when the user types too few characters. In these cases,
the CLI detects an ambiguity and displays the possible matches:

device-name(config)#w
%Ambi guous t oken : w
%I t mat ches t he f ol l owi ng t okens : who wr i t e





Page 1
Device Setup and Maintenance (Rev. 09)

Device Setup and Maintenance
Table of Contents
Table of Figures 3
Overview 4
Methods of Managing a Device 5
Connecting to the Console Port 5
The Terminal Screen Display 6
Connecting the Device via Telnet 7
Managing the Device via SNMP 7
Login and Password 8
Password Recovery 8
Default Passwords Recovery 8
Backdoor Password Recovery 8
Device Passwords Configuration Commands 9
Configuring the View Mode Password 9
Configuring the Privileged (Enabled) Mode Password10
Configuring the Loader Mode Password10
Enabling/ Disabling Caps Lock Notification11
The Device IP Commands12
Configuring the Devices Primary IP Address12
Configuring the Devices Secondary IP Address13
Configuring a Default Gateway14
Displaying the Device IP Address14
Displaying Routes15
Telnet Commands16
Telnet Session Configuration Commands16
Connecting a Remote Host via a Telnet Client17
T-Marc 300 Series User Guide

Page 2
Device Setup and Maintenance (Rev. 09)

Enabling/ Disabling the Devices Telnet Server17
Displaying Current Telnet Connections18
Displaying the Current Telnet-Session Index18
Terminating a Telnet Connection19
Virtual Terminal (VTY)20
Switching Between VTY Sessions20
The VTY Step by Step Configuration21
VTY Configuration Commands22
Accessing the VTY Configuration Mode22
Configuring the Device Name23
Defining the VTY Connection Timeout23
Creating ACLs for Restricting Telnet and SSH Access to the Device24
Applying ACLs for Filtering Telnet/ SSH Connections25
Defining the Terminal Length25
Enabling the Advanced VTY Mode26
Displaying Applied ACLs26
Configuration Example27
Creating a Login Banner/ Message-of-the-Day (MOTD)28
MOTD Configuration Commands28
Enabling/ Disabling the Default-MOTD Display28
Configuring a Single-line MOTD29
Configuring a Multi-line MOTD30
Saving and Displaying the Device Configuration31
Saving, Erasing, and Displaying Configuration Commands31
Saving the Devices Running Configuration31
Restoring Factory Defaults Configuration32
Displaying the Devices Running Configuration32
Displaying the Devices Start-up Configuration33
Reloading the Device34
Supported Platforms35
Supported Standards, MIBs and RFCs35
T-Marc 300 Series User Guide

Page 3
Device Setup and Maintenance (Rev. 09)

Table of Figures
Figure 1: Initial Device Configuration 4
Figure 2: Management Methods 5
Figure 3: A Telnet Server Example27

T-Marc 300 Series User Guide

Page 4
Device Setup and Maintenance (Rev. 09)

Overview
This chapter provides the initial necessary information for accessing a T-Marc 300 Series device,
password configuration, saving new configuation parameters, and reload options.
To start a T-Marc 300 Series device, follow the installation guide instructions about installing, and
powering on the device.
Below are the first steps for initializing and configuring the T-Marc 300 Series device.













Figure 1: I nitial Device Configuration
Manage the device via CLI or/and SNMP
Log on to the device as a default user
Connect to the device console port
Configure the device IP address
Start
End
T-Marc 300 Series User Guide

Page 5
Device Setup and Maintenance (Rev. 09)


Methods of Managing a Device
You can manage a device using one (or both) of the following methods:
Commandlineinterface(CLI)either directly, connecting the device console port to a PC or over
the network using Telnet and/ or SSH
SimpleNetwork Management Protocol (SNMP)


Figure 2: Management Methods
Connecting to the Console Port
The T-Marc 300 Series console port is a EIA232 VT-100 compatible, (optionaly) password-
protected port, through which you can define the device's basic operational parameters.
To connect your PC to the devices console port follow the steps below:
1. Use the console cable shipped with the device and connect the cables RJ-45 connector to the
device's console port (CON).
The cable has the following pinout:

Device Side PC Side
RJ -45 Pin # DB-9 Female
3 2
2 3
5 5

2. Connect the other side of the cable to your PCs serial port.
3. Set the PC port to 9600-N-8-1 or:
9600 bps
no parity
8 data bits
1 stop bit
no flow control

T-Marc 300 Series User Guide

Page 6
Device Setup and Maintenance (Rev. 09)

The Terminal Screen Display
Once connected to the console port, turn on the device. A screen similar to the below example is
displayed after a few seconds:

BATM Telco Boot Loader

Device model : T-Marc 340
Loader version : 6.6 TMC 07 created Jan 15 2006 - 10:44:48
MAC Address : 00:A0:12:27:14:20


Press any key to stop auto-boot...
0
auto-booting...

Uncompressing 2131761 bytes...
Loading image... 8234000


Starting device application, please wait...
BUILT-IN SELF TEST
------------------
CPU Core Test : Passed
CPU Interface Test : Passed
Testing Device Core : Passed
Data Buffer Test : Passed


///////////////////////////////////////////////////////////////////////////
// //
// //
// B A T M A d v a n c e d C o m m u n i c a t i o n s //
// //
// T e l c o S y s t e m s //
// //
// Device model : T-Marc 380 //
// Product Category : AccessEthernet(TM) //
// SW version : 10.1 created Mar 17 2010 - 20:19:58 //
// //
// //
///////////////////////////////////////////////////////////////////////////


User Access Verification

Password:
T-Marc 300 Series User Guide

Page 7
Device Setup and Maintenance (Rev. 09)


Connecting the Device via Telnet
You can connect the device CLI using Telnet once the device has a configured IP address.
To connect the device using Telnet, follow the below steps:
1. Connect to the device console port (see above).
2. Power on the device. The device starts up, displaying the device terminal.
3. Type the device password at the prompt (the default password is batm).
Passwor d: batm
4. Enter the Privileged (Enable) mode:
device-name>enable
device-name#
5. Enter the Configure mode:
device-name#configure terminal
6. Configure the device IP address and subnet mask (the default IP address is 20.20.5.254/ 16):
device-name(config)#ip address <A.B.C.D/M>

A.B.C.D
The device IP address
/M
The subnet mask, in the range of <130>

7. Define the default gateway IP address (if the host is on a different subnet):
device-name(config)#ip route 0.0.0.0/0 <A.B.C.D>
8. Return to the Privileged (Enable) mode:
device-name(config)#end
9. Save these parameters (from the running configuration to NVRAM):
device-name#write
10. Connect your PC to a device port that is in VLAN 1 (by default all the device ports are
members of this VLAN. For more information on VLANs, refer to the ConfiguringVLANs
andSuper VLANschapter of this User Guide).
11. Open a Telnet session and type the device IP address to connect to the device.
Managing the Device via SNMP
You can manage a T-Marc 300 Series device via SNMP using an SNMP based management-
application. For more information, refer to the ConfiguringSNMP and SNMP ReferenceGuide
chapters of this User Guide.
To manage a device via SNMP, connect youre management PC to a device port that is in VLAN 1
(by default all the device ports are members of this VLAN. For more information on VLANs, refer
to the ConfiguringVLANsandSuper VLANschapter of this User Guide).
T-Marc 300 Series User Guide

Page 8
Device Setup and Maintenance (Rev. 09)

Login and Password
The CLI is passowrd protected, enabling access only to authorised users.
To control the level of access to the device, the device has three privilege levels, each one with its
own configurable password:
View mode
Privileged (Enable) mode
Loader mode
All device passwords are encrypted.
For information about adding new usernames and defining user privileges, refer to the Device
Authenticationchapter of this User Guide.

Caution

To protect your device from unauthorized access, change all default passwords as
soon as possible.
Password Recovery
Password recovery techniques enable users to recover lost and forgotten passwords. There are two
available password-recovery methods:
Default Passwords Recovery
You can reset the device to factory defaults, including the default passwords, by using the clean
startup-config command (for more information, refer to the DeviceAdministrationchapter of this
User Guide).
Backdoor Password Recovery
You can access the device using the Backdoor password. BATM Technical Support can provide you
the devices Backdoor password, based on the devices MAC address.
You can find the device MAC address on the label found on the device rear panel or at the bottom
of the device. You can also obtain the devices MAC address from the devices boot loader, during
the device start up.
Once you regain access to the device, you can change the device passwords.
T-Marc 300 Series User Guide

Page 9
Device Setup and Maintenance (Rev. 09)

Device Passwords Configuration Commands
Table 1: Password Commands
Command Description
password
Configures the View mode password (see Configuring the View
Mode Password)
enable password
Configures the Privileged (Enabled) mode password (see
Configuring the Privileged (Enabled) Mode Password)
password loader
Configures the boot loader password (see Configuring the
Loader Mode Password)
caps-lock passwords
warning
Notifies the user when <Caps Lock>is activated, while changing
or typing a password (see Enabling/Disabling Caps Lock
Notification)
Configuring the View Mode Password
The password command configures the View mode password.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#password PASSWORD CONFIRM-PASSWORD
Argument Description
PASSWORD
An alphanumeric, case sensitive field of up to 64 characters (blank
spaces are not allowed)
batm
CONFIRM-PASSWORD
Retype the password for confirmation
Example
The following example sets the View mode password to device12:
device-name(config)#password device12 device12
After setting the new password, use this password upon entering the device console:
Password:device12
device-name>
T-Marc 300 Series User Guide

Page 10
Device Setup and Maintenance (Rev. 09)

Configuring the Privileged (Enabled) Mode Password
The enable password command configures the Privileged (Enabled) mode password.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#enable password PASSWORD CONFIRM-PASSWORD
device-name(config)#no enable password
Argument Description
PASSWORD
An alphanumeric, case sensitive field of up to 64 characters (blank
spaces are not allowed)
The Privileged (Enabled) mode does not require a password. However,
once you define this password, users are required to type the password
to enter this mode.
CONFIRM-PASSWORD
Retype the password for confirmation
no
Removes the modes password
Example
The following example sets the Privileged (Enabled) password to device12:
device-name(config)#enable password device12 device12
After setting the new password, use this password upon entering the Privileged (Enable) mode:
device-name>enable
Password:device12

device-name#
Configuring the Loader Mode Password
The password loader command configures the (boot) Loader mode password.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#password loader PASSWORD CONFIRM-PASSWORD
Argument Description
PASSWORD
An alphanumeric, case sensitive field of up to 20 characters (blank
spaces are not allowed)
batm
CONFIRM-PASSWORD
Retype the password for confirmation
T-Marc 300 Series User Guide

Page 11
Device Setup and Maintenance (Rev. 09)

Example
The following command sets the Loader mode password to loaderp:
device-name(config)#password loader loaderp loaderp
After setting the new password, use this password upon entering the Loader mode:
User Access Verification

Password:


loaderp
Loader>
Enabling/Disabling Caps Lock Notification
The caps-lock passwords warning command generates a notification in case the <Caps Lock>
is activated, while changing or typing a password.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#caps-lock passwords warning {on | off}
Argument Description
on
Enables caps lock notification
Caps lock notification is enabled
off
Disables caps lock notification
Example
device-name(config)#caps-lock passwords warning on
device-name(config)#password batm batm
device-name(config)#password BATM BATM
%War ni ng! The passwor d t yped i s al l i n upper case char act er s. Pl ease check i f
your CapsLock key i s not pr essed by mi st ake.
T-Marc 300 Series User Guide

Page 12
Device Setup and Maintenance (Rev. 09)


The Device IP Commands
Table 2: Device IP Commands
Commands Description
ip address
Configures the devices primary IP address (see Configuring the
Devices Primary IP Address)
ip address secondary
Configures the devices secondary IP address (see Configuring
the Devices Secondary IP Address)
ip route
Configures the devices default-gateway IP address (see
Configuring a Default Gateway)
show ip
Displays the device IP address (see Displaying the Device IP
Address)
show ip route
Displays the static and directly connected (via configured IP
interfaces) routes (see Displaying Routes)
Configuring the Devices Primary IP Address
The ip address command configures the devices primary (inband, sw0 interface) IP address. You
must configure the devices primary IP address to be able to connect the device via the inband
(using Telnet, SSH, NTP, or SNMP).
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip address A.B.C.D [/M | A2.B2.C2.D2]
Argument Description
A.B.C.D
The devices primary IP address
20.20.5.254/16
/M
(Optional) the IP address subnet-mask, in the range of <130>
A2.B2.C2.D2
(Optional) the IP address subnet-mask, in an IP format
Example
device-name(config)#ip address 100.1.2.3/16
T-Marc 300 Series User Guide

Page 13
Device Setup and Maintenance (Rev. 09)


Configuring the Devices Secondary IP Address
The ip address secondary command configures sw0 interfaces secondary IP address.
CLI Mode: IP Interface Configuration

NOTE
You have to configure the devices primary IP address prior to configuring the
secondary one, otherwise the following prompt is displayed on the terminal:
%Ther e i s no pr i mar y addr ess.

Command Syntax
device-name(config-if sw0)#ip address A.B.C.D [/M | A2.B2.C2.D2] secondary
device-name(config-if sw0)#no ip address A.B.C.D [/M | A2.B2.C2.D2] secondary
Argument Description
A.B.C.D
The devices secondary IP address
/M
(Optional) the IP address subnet-mask, in the range of <130>
A2.B2.C2.D2
(Optional) the IP address subnet-mask, in an IP format
secondary
Specifies that this is a secondary IP address
no
Removes the secondary address (you cannot remove the primary IP
address)
Example
device-name(config)#interface sw0
device-name(config-if sw0)#ip address 100.1.2.3/16 secondary
T-Marc 300 Series User Guide

Page 14
Device Setup and Maintenance (Rev. 09)


Configuring a Default Gateway
The ip route command configures the devices default-gateway IP address.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#[no] ip route A.B.C.D {/0 | 0.0.0.0} A2.B2.C2.D2
Argument Description
A.B.C.D
The destination network IP-address
/0
The destination network subnet-mask (the only permitted destination
subnet-mask is 0)
0.0.0.0
The destination network mask, in an IP format
A2.B2.C2.D2
The gateway IP address
no
Removes the specified destination network
Displaying the Device IP Address
The show ip command displays the device IP address.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip
Example
device-name#show ip
I P- ADDR : 100. 1. 2. 3 NET- MASK : 255. 255. 0. 0
T-Marc 300 Series User Guide

Page 15
Device Setup and Maintenance (Rev. 09)

Displaying Routes
The show ip route command displays the static and directly connected (via configured IP
interfaces) routes.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip route
Example
device-name#show ip route
Codes: K - ker nel r out e, C - connect ed, S - st at i c, R - RI P,
O - OSPF, > - sel ect ed r out e, * - FI B r out e

S>* 0. 0. 0. 0/ 0 [ 1/ 0] vi a 10. 4. 10. 1, out Band0
K>* 10. 4. 0. 0/ 16 i s di r ect l y connect ed, out Band0
K>* 10. 4. 4. 225/ 32 i s di r ect l y connect ed, out Band0
C>* 10. 5. 0. 0/ 16 i s di r ect l y connect ed, sw0
C>* 10. 5. 4. 225/ 32 i s di r ect l y connect ed, sw0
C>* 127. 0. 0. 0/ 8 i s di r ect l y connect ed, l o0
C>* 127. 0. 0. 1/ 32 i s di r ect l y connect ed, l o0
T-Marc 300 Series User Guide

Page 16
Device Setup and Maintenance (Rev. 09)

Telnet Commands
T-Marc 300 Series devices have an internal Telnet server and client:
You can connec to the device with a Telnet client (up to five concurrent sessions)
You can connect to a remote host using the devices internal Telnet client
Telnet Session Configuration Commands
Table 3: Telnet Configuration Commands
Command Description
telnet
(In Privileged mode) initiates a Telnet connection to a remote host
(see Connecting a Remote Host via a Telnet Client)
telnet
(In Global Configuration mode) enables/disables the local devices
Telnet server (see Enabling/Disabling the Devices Telnet Server)
who
Displays information about currently logged on users. (see
Displaying Current Telnet Connections)
session
Displays your current Telnet session-index to the device (see
Displaying the Current Telnet-Session Index)
session kill
Terminates a specified Telnet/SSH session to the device (see
Terminating a Telnet Connection)
T-Marc 300 Series User Guide

Page 17
Device Setup and Maintenance (Rev. 09)

Connecting a Remote Host via a Telnet Client
The telnet command initiates a Telnet connection to a specified remote host.
For more information about the Telnet log output, refer to the ConfiguringSystemLoggingchapter of
this User Guide.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#telnet A.B.C.D [<port-num>]
Argument Description
A.B.C.D
The remote hosts IP address
port-num
(Optional) specifies a port number for the service, in the range of
<165535>
port 23
Enabling/Disabling the Devices Telnet Server
The telnet command enables or disables the devices internal Telnet server, allowing/ disallowing
remote PCs to access the device.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#telnet {start | stop}
Argument Description
start
Enables the Telnet server, allowing remote hosts to connect the device via
Telnet
Telnet server is enabled
stop
Disables the Telnet server. Executing this command terminates any open
Telnet connections immediately.

T-Marc 300 Series User Guide

Page 18
Device Setup and Maintenance (Rev. 09)


Displaying Current Telnet Connections
The who command displays information about Telnet clients that are currently logged on to the
device.
CLI Modes: View and Privileged (Enable)
Command Syntax
device-name>who
device-name#who
Example
device-name#who
Codes: > - cur r ent sessi on, * - conf i gur i ng
vt y on consol e connect ed on consol e.
>vt y on t el net [ 1] connect ed f r om10. 2. 71. 137.
Displaying the Current Telnet-Session Index
The session command displays your current Telnet session-index to the device.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#session
Example
device-name#session
your cur r ent sessi on i s: 2
T-Marc 300 Series User Guide

Page 19
Device Setup and Maintenance (Rev. 09)


Terminating a Telnet Connection
The session kill command terminates a specified Telent/ SSH session to the device. Before
executing the command, BiNOS checks if the session number is not the master sessions number
(the VTY from which other sessions originate). If the result is negative, the command closes the
specified session to the remote host.
The CLI displays a notification in case the session terminates.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#session kill <session-number>
Argument Description
session-number
The Telnet session number, in the range of <1101>
T-Marc 300 Series User Guide

Page 20
Device Setup and Maintenance (Rev. 09)

Virtual Terminal (VTY)
VTY is a logical conneciton used for controlling inbound Telnet/ SSH/ console connections.
BiNOS supports up to five concurrent VTY sessions (numbered VTY 15).
Switching Between VTY Sessions
To switch between sessions initiated from the same VTY terminal type:
<Ctrl+Shift+6>
or
<Ctrl+]>
Example
device-name#telnet 192.0.103.13

connect i ng t o 192. 0. 103. 13. . .

cur r ent sessi on i s 4.
. . .
device-name(config)#<ctrl+shift+6>
choose sessi on t o devi ce t o:
t he cur r ent sessi on i s 4
your sessi ons ar e 0 4 > 0

cur r ent sessi on i s 0.
T-Marc 300 Series User Guide

Page 21
Device Setup and Maintenance (Rev. 09)


The VTY Step by Step Configuration
To configure VTY, follow the below steps:
12. Enter the VTY Configuration mode (see AccessingtheVTY ConfigurationMode).
13. Optional configurations:
Configure the device name (see ConfiguringtheDeviceName)
Configure the VTY connection timeout (see DefiningtheVTY ConnectionTimeout)
Create access control lists (ACL) to restrict/ filter Telnet and SSH connections to the
device and apply them to VTY (see CreatingACLsfor RestrictingTelnet andSSH Accesstothe
Deviceand ApplyingACLsfor FilteringTelnet/ SSH Connections)
Define the number of command lines displayed on the terminal screen (see Definingthe
Terminal Length)
Enable advanced mode VTY (see EnablingtheAdvancedVTY Mode)
T-Marc 300 Series User Guide

Page 22
Device Setup and Maintenance (Rev. 09)

VTY Configuration Commands
Table 4: VTY Configuration Commands
Command Description
line vty
Enters the VTY Configuration mode (see Accessing the VTY
Configuration Mode)
hostname
Configures the devices hostname (see Configuring the Device
Name)
exec-timeout
Defines the VTY connection timeout (see Defining the VTY
Connection Timeout)
access-list
Creates ACLs to restrict device management for specific IP
addresses (see Creating ACLs for Restricting Telnet and SSH
Access to the Device)
access-class
Filters Telnet and SSH connections to the device (see
Applying ACLs for Filtering Telnet/SSH Connections)
terminal length
service terminal-length
Defines the number of commands lines displayed on the
terminal screen (see Defining the Terminal Length)
service advanced-vty
Enables the advanced VTY mode (see Enabling the Advanced
VTY Mode)
show access-lists
Displays the applied VTY ACLs (see Displaying Applied ACLs)
Accessing the VTY Configuration Mode
The line vty command enters the VTY Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#line vty
device-name(config-vty)#
T-Marc 300 Series User Guide

Page 23
Device Setup and Maintenance (Rev. 09)

Configuring the Device Name
The hostname command specifies the name of the device (the name displayed at the prompt line).
CLI Mode: Global Configuration
Command Syntax
device-name(config)#hostname HOSTNAME
device-name(config)#no hostname
Argument Description
HOSTNAME
An alphanumeric, case sensitive string of up to 30 characters (the string
must follow ARPANET rules for host names)
T-Marc
no
Restores the default device name
Example
device-name(config)#hostname Demarc1
Demarc1(config)#
Defining the VTY Connection Timeout
The exec-timeout command defines the VTY connection timeout value. The VTY connection to
the device is terminated, if the session is not active for this period of time.
Executing this command without any arguments, displays the defined VTY connection-timeout.
CLI Mode: VTY Configuration
Command Syntax
device-name(config-vty)#exec-timeout [<minutes> [<seconds>] | unlimited]
device-name(config-vty)#no exec-timeout
Argument Description
minutes
(Optional) the timeout, in the range of <035791>minutes (setting a
zero timeout means no timeout)
10 minutes
seconds
(Optional) the timeout value in the range of <059>seconds
unlimited
(Optional) unlimited timeout value
no
Sets an unlimited timeout value

T-Marc 300 Series User Guide

Page 24
Device Setup and Maintenance (Rev. 09)


Example
device-name(config-vty)#exec-timeout 3
device-name(config-vty)#exec-timeout
exec- t i meout 3 mi n 0 sec
Creating ACLs for Restricting Telnet and SSH Access to the
Device
The access-list command creates ACLs to restrict the device management to specific IP
addresses. For more information about ACLs, refer to the ConfiguringAccessControl List (ACL)
chapter of this User Guide.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#access-list <ACL-NAME> {deny | permit} {any | SOURCE-MASK
[exact-match]}
device-name(config)#no access-list <ACL-NAME> [deny | permit] [any | SOURCE-
MASK [exact-match]]
Argument Description
ACL-NAME
The ACL name
deny
Denies access if conditions are matched
permit
Permits access if conditions are matched
any
The ACL is relevant to any source address
SOURCE-MASK
The management source mask-bits. You can specify the source mask in one
of the below options:
An IP address format, place ones (1) in the bit positions that should be
ignored
/M (the IP mask in the range of <130>)
exact-match
(Optional) prefixes exact matching
no
Clears the specified ACL
Example
device-name(config)#access-list batm1 deny 192.98.0.0/16
device-name(config)#access-list batm2 permit 192.0.0.0/8
T-Marc 300 Series User Guide

Page 25
Device Setup and Maintenance (Rev. 09)


Applying ACLs for Filtering Telnet/SSH Connections
The access-class command applies the defined ACLs (see above) to filter Telnet and SSH
connections to the device.
CLI Mode: VTY Configuration
Command Syntax
device-name(config-vty)#access-class ACL-NAME
device-name(config-vty)#no access-class [ACL-NAME]
Argument Description
ACL-NAME
Restricts the Telnet connections to the addresses specified in the ACL
no
Removes access restrictions. If you do not specify an ACL-NAME, this
command removes all access classes
Defining the Terminal Length
The terminal length command defines the number of command lines displayed on the terminal
screen (applied to all VTY interfaces).
CLI Mode: View and Privileged (Enable)
You can also use the service terminal-length command to define the number of command
lines.
CLI Mode: Global Configuration
Command Syntax
device-name>terminal length <number-of-lines>
device-name>no terminal length

device-name#terminal length <number-of-lines>
device-name#no terminal length

device-name(config)#service terminal-length <number-of-lines>
device-name(config)#no service terminal-length
Argument Description
number-of-lines
The number of lines displayed, in the range of <0512>
A value of zero removes the limit.
25 lines
no
Restores to default
T-Marc 300 Series User Guide

Page 26
Device Setup and Maintenance (Rev. 09)

Enabling the Advanced VTY Mode
The advanced VTY mode skips the CLI View mode when connecting to the device and moves
directly to the Privileged mode
The service advanced-vty command enables advanced VTY mode.
To access the device View mode, type the disable command in Privileged mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#service advanced-vty
device-name(config)#no service advanced-vty
Argument Description
no
Disables the advanced VTY mode
VTY mode is disabled
Example
device-name(config)#service advanced-vty
...
User Access Verification
Password:
device-name#
Displaying Applied ACLs
The show access-lists command displays the applied filtering ACLs.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show access-lists
Example
device-name(config)#access-list batm1 deny 192.98.0.0/16
device-name(config)#access-list batm2 permit 192.0.0.0/8
device-name(config)#end

device-name#show ip access-lists
access- l i st batm1 deny 192. 98. 0. 0/ 16
access- l i st batm2 per mi t 192. 0. 0. 0/ 8
T-Marc 300 Series User Guide

Page 27
Device Setup and Maintenance (Rev. 09)


Configuration Example
The following example shows how to restrict Telnet connections to one IP address:

Figure 3: A Telnet Server Example
1. Create an access list named Management to allow a Telnet connection only to management
station 212.192.50.2:
device-name(config)#access-list Management permit 212.192.50.2/32
2. Enter the VTY Configuration mode:
device-name(config)#line vty
3. Apply access list Management to the VTY:
device-name(config-vty)#access-class Management
4. Set the VTY timeout to one hour:
device-name(config-vty)#exec-timeout 60
device-name(config-vty)#end
5. Display the current open sessions to the device:
device-name#who
Codes: > - cur r ent sessi on, * - conf i gur i ng
vt y on consol e connect ed on consol e.
>vt y on t el net [ 1] connect ed f r om212. 192. 50. 2.
T-Marc 300 Series User Guide

Page 28
Device Setup and Maintenance (Rev. 09)

Creating a Login Banner/Message-of-the-Day
(MOTD)
The MOTD (or login banner) is the text appearing on the terminal when initiating a Telnet session
or console connection to the device.
The MOTD is displayed before the User Access Verification and is useful for displaying messages
that affect all network users (such as impending a system shutdown).
MOTD Configuration Commands
NOTE
These commands take effect only after reloading the device.
Table 5: MOTD Commands
Command Description
banner motd default
Enables the default MOTD string display (see Enabling/Disabling
the Default-MOTD)
banner set
Enters a specified string to a single-line MOTD (see Configuring a
Single-line MOTD)
banner set multiline
Enters a specified string to multi-line MOTD (see Configuring a
Multi-line MOTD)
Enabling/Disabling the Default-MOTD Display
The banner motd default command enables the default MOTD Hello, thisisOS CLI..
CLI Mode: Global Configuration
Command Syntax
device-name(config)#banner motd default
device-name(config)#no banner
Argument Description
no
Disables the default banner
MOTD is disabled

T-Marc 300 Series User Guide

Page 29
Device Setup and Maintenance (Rev. 09)


Example
device-name(config)#banner motd default
device-name(config)#end
device-name#write
Bui l di ng t he conf i gur at i on
Conf i gur at i on i s successf ul l y wr i t t en t o NVRAM
device-name#reload no-save

. . .
Hel l o, t hi s i s OS CLI

User Access Ver i f i cat i on

Passwor d:
Configuring a Single-line MOTD
The banner set command configures a user-defined single-line MOTD.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#banner set MOTD-STRING
device-name(config)#no banner
Argument Description
MOTD-STRING
An alphanumeric string of up to 1024 characters, including blank
spaces and other characters except for a question mark (?)
no
Removes the configured MOTD
Example
device-name(config)#banner set DO NOT CHANGE CONFIGURATION WITHOUT NOTICING THE
SYSADMIN!
device-name(config)#end
device-name#write
Bui l di ng t he conf i gur at i on . . .
Conf i gur at i on i s successf ul l y wr i t t en t o NVRAM

device-name#reload no-save

. . .

DO NOT CHANGE CONFI GURATI ON WI THOUT NOTI CI NG THE SYSADMI N!

User Access Ver i f i cat i on
Passwor d:
T-Marc 300 Series User Guide

Page 30
Device Setup and Maintenance (Rev. 09)

Configuring a Multi-line MOTD
The banner set multiline command configures a user-defined multi-line MOTD. End the
multi-line MOTD with the caret (^) character.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#banner set multiline
> MOTD-STRING
device-name(config)#no banner
Argument Description
> MOTD-STRING
An alphanumeric string of up to 1024 characters, including blank
spaces and other characters except for a question mark (?).
Type the caret (^) character on the last line to end the multi-line MOTD.
no
Removes the banner
Example
device-name(config)#banner set multiline
%Ent er a mul t i l i ne t ext . Fi ni sh wi t h ' ^' st r i ng at t he begi nni ng of a r ow
>t hi s i s
>mul t i - l i ne
>t ext
^

device-name(config)#end
device-name#write
Bui l di ng t he conf i gur at i on . . .
Conf i gur at i on i s successf ul l y wr i t t en t o NVRAM
device-name#reload no-save

. . .

t hi s i s
mul t i - l i ne
t ext
T-Marc 300 Series User Guide

Page 31
Device Setup and Maintenance (Rev. 09)

Saving and Displaying the Device Configuration
The device configuration is stored in the start-up configuration in NVRAM.
Any configuration changes are stored first on the running configuraiton, in RAM. These changes
are erased when the device shuts down. To save these configuration changes, you have to save
these changes in the startup configuration.
Saving, Erasing, and Displaying Configuration
Commands
Table 6: Saving, Erasing, and Displaying the Device Configuration Commands
Command Description
write memory
Saves the running configuration to the NVRAM (see Saving the Devices
Running Configuration)
write erase
Restoring the device configuration to factory defaults, erasing the
configuration stored on the NVRAM (see Restoring Factory Defaults
Configuration)
write terminal
show running-
config
Displays the current running configuration information (see Displaying
the Devices Running Configuration)
show startup-
config
Displays the startup configuration (see Displaying the Devices Start-up
Configuration)
Saving the Devices Running Configuration
The write and write memory commands save the running configuration to the startup
configuration (NVRAM).
These commands are equivalent to the copy running-config startup-config command (see
the DeviceAdministrationchapter of this User Guide).
CLI Mode: Privileged (Enable)
Command Syntax
device-name#write [memory]
T-Marc 300 Series User Guide

Page 32
Device Setup and Maintenance (Rev. 09)


Restoring Factory Defaults Configuration
The write erase command erases the device startup configuration and restores the device to
factory defaults.
This command is like the reload-to-default command (see ReloadingtheDevice), however it does
not reset the device.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#write erase
Displaying the Devices Running Configuration
The write terminal and the show running-config commands display the delta between the
deivces running configuration and factory default-values.
Use the relevant command argument to view the Running Configuration for a specific feature.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#write terminal
device-name#show running-config [acl | cfm | dns | fpga | igmp | lag | log |
monitor-session | oam | port | protocol | ptp | qos | rmon | rtr | saa | snmp |
super-vlan | sw-watchdog | switch-monitoring | time-server | vlan]
Example 1
device-name#write terminal
Bui l di ng t he conf i gur at i on . . .
! Cur r ent Conf i gur at i on:
!
! T- Mar c 380
!
passwor d 3090372e3f 8bc00eeacc46219f 7557485983251a994551f 918e04712f 86c5818
i p addr ess 3. 0. 0. 1 255. 0. 0. 0 .
Example 3
device-name#show running-config port
Bui l di ng t he conf i gur at i on . . .
! Por t Conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
!
i nt er f ace 1/ 1/ 2
!
i nt er f ace 1/ 2/ 1
T-Marc 300 Series User Guide

Page 33
Device Setup and Maintenance (Rev. 09)

!
i nt er f ace 1/ 2/ 2
!
i nt er f ace 1/ 2/ 3
!
i nt er f ace 1/ 2/ 4
!
i nt er f ace 1/ 2/ 5
!
i nt er f ace 1/ 2/ 6
!
i nt er f ace 1/ 2/ 7
!
i nt er f ace 1/ 2/ 8

. . .
Displaying the Devices Start-up Configuration
The show startup-config command displays the devices startup configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show startup-config
T-Marc 300 Series User Guide

Page 34
Device Setup and Maintenance (Rev. 09)

Reloading the Device
When reloading (restarting/ rebooting) the device, you can select one of the below options:
Reload the device, with or without saving the running configuration
Reload the device with factory-default configuration
The reload command ceases the devices operation and reloads it.

NOTE
The devices running configuration stored on the device RAM is erased upon the
device reload, unless you save it to the devices startup configuration.
To save the running configuration, refer to Saving the Devices Running
Configuration.

CLI Mode: Privileged (Enable)
Command Syntax
device-name#reload [save | no-save | to-defaults]
Argument Description
save
(Optional) saves the running configuration to NVRAM and reloads the
device
save
no-save
(Optional) does not save the running configuration to NVRAM and reloads
the device
to-defaults
(Optional) reloads the device and resets the device configuration to its
factory defaults
Example 1
Saving the running configuration and reloading the device (the save keyword is optional):
device-name#reload save
save cur r ent conf i gur at i on and r eboot t he swi t ch ? [ y/ n] : y
Reboot i ng . . .
Example 2
Reloading the device without saving the running configuration:
device-name#reload no-save
Pr oceed wi t h r el oad ? [ y/ n] : y
Reboot i ng . . .
T-Marc 300 Series User Guide

Page 35
Device Setup and Maintenance (Rev. 09)

Supported Platforms
Features T-Marc 340 T-Marc 380
Accessing the Device using Telnet + +
VTY (Virtual Telnet Type) Commands + +
Configuring ACLs + +
Creating a Banner + +
Saving and Displaying the Device Configuration + +
How to Reload the Device + +
Supported Standards, MIBs and RFCs
Features Standards MIBs RFCs
Accessing the Device
using Telnet
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
RFC 854, Telnet
Protocol Specification
VTY (Virtual Telnet
Type) Commands
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
RFC 791, Internet
Protocol DARPA
Internet Program
Protocol
Specifications
Configuring ACLs No standards are
supported by this
feature.
Private MIB,
prvt_switch_access_li
st.mib
No RFCs are
supported by this
feature.
Creating a Banner No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
RFC 791, Internet
Protocol DARPA
Internet Program
Protocol
Specifications
Saving and Displaying
the Device
Configuration
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
RFC 1350, The TFTP
Protocol (Revision 2)
How to Reload the
Device
No standards are
supported by this
feature.
No MIBs are
supported by this
feature.
RFC 1350, The TFTP
Protocol (Revision 2)




Page 1
Device Administration (Rev. 11)

Device Administration
Table of Figures 3
Features Included in this Chapter 4
MAC Address Table (FDB) 5
Overview 5
The MAC Address Table Default Configuration 7
The MAC Address Table Step by Step Configuration 7
The MAC Address Table Configuration Commands 8
ARP Table21
Overview21
Configuring the ARP Table21
Script Files System23
Overview23
The Script Files System Default Configuration23
The Script Files System Configuration Commands24
File System33
Overview33
The File System Default Folders33
The File System Commands34
Modifying the Default Configuration41
Default Configuration Commands41
Zero-Touch Configuration44
Overview44
Zero-touch Configuration Default Configuration44
Zero-touch Configuration Commands45
Software Upgrade and Boot Options50
Preparing to Download a BiNOS Software Image Using TFTP/ FTP Connection50
Downloading the BiNOS Software Image51
Commands for Upgrading Software Images52
T-Marc 300 Series User Guide

Page 2
Device Administration (Rev. 11)

Downloading and Uploading Configuration Files60
Boot Loader66
Overview66
The Device Loader's Default Configuration67
The Loader Commands67
Configuration Example81
System Time and Date82
Daytime Protocol82
Time Protocol82
Summer Time (Daylight saving time)82
Network Time Protocol83
1588v2 Precision Time Protocol (PTP) 83
System Time and Date Default Configuration83
1588v2 PTP Default Configuration83
System Time and Date Configuration Flow85
System Time and Date Configuration Commands86
Configuration Example95
1588v2 PTP Configuration Flow96
1588v2 PTP Configuration Commands97
Configuration Example 104
DHCP Client 105
Overview 105
When Should Clients Use DHCP 106
The DHCP Client Default Configuration 107
The DHCP Client Configuration Flow 107
DHCP Client Configuration Commands 108
Controlling the Packet Rate112
Overview 112
Packet-Rate Thresholds' Default Configuration 113
The Packet-Rate Thresholds' Commands 113
Control Plane Priority per Protocol116
Supported Platforms117
Supported Standards, MIBs and RFCs117

T-Marc 300 Series User Guide

Page 3
Device Administration (Rev. 11)

Table of Figures
Figure 1: Obtaining an IP Address from a DHCP Server 106
Figure 2: Rate Limit Mechanism 112


T-Marc 300 Series User Guide

Page 4
Device Administration (Rev. 11)

Features Included in this Chapter
This chapter describes how to perform operations to administer your T-Marc 300 Series devices.
This chapter consists of these sections:
MAC AddressTable(FDB)
The MAC address table contains address information that the device uses to forward
traffic between ports. The T-Marc 300 Series devices maintain a database of MAC
addresses; both manually configured (static) and dynamically learned entries. During
troubleshooting, it may be helpful to investigate the entries in the MAC address table.
ARP Table
ARP table is another table that is supported on your device. It provides IP
communication within a Layer 2 broadcast domain by mapping an IP address to a MAC
address.
Zero-TouchConfiguration
Zero configuration networking allows inexpert users to connect network devices and
expect a functioning network to be established automatically.
Script FilesSystem, FileSystem, SoftwareUpgradeandBoot Options, Boot Loader, and Modifyingthe
Default Configuration
These sections describe some fundamental tasks you perform to maintain the
configuration files and system images used by your T-Marc 300 Series devices.
SystemTimeandDate
You can manage the system time and date on your device using automatic configuration,
such as the Network Time Protocol (NTP), or manual configuration methods. NTP
allows the synchronization of device clocks over TCP/ IP networks. Having a common
view of time on the network makes many things easier, from correlating log files from
different devices to keeping file timestamps consistent.
DHCP Client
The main advantage of dynamically assigning IP addresses using Dynamic Host
Configuration Protocol (DHCP) is that it allows such addresses to be reused, thereby
greatly increasing the total number of devices that can use the Internet.
ControllingthePacket Rate
The ability to control the CPU resource allows you to protect the device from denial-of-
service attacks and to prevent excessive traffic to the CPU.

T-Marc 300 Series User Guide

Page 5
Device Administration (Rev. 11)

MAC Address Table (FDB)
Overview
The MAC (Media Access Control) address is the unique hardware number that identifies the
computer on a local area network (LAN) or other network.
MAC addresses are 12-digit hexadecimal numbers (48 bits in length) in the following format:
MM:MM:MM:SS:SS:SS
Whereas MAC addressing works at the data link layer (layer 2), IP addressing functions at the
network layer (layer 3). MAC addresses are also known as hardwareor physical addresses.
The MAC Address table holds the source MAC address, VLAN ID, MAC address priority and
port number.
MAC Address Table Entry Types
The following entry types can exist in the MAC address table:
Dynamic entriesto learn a dynamic entry, the device examines packets to determine the
source MAC address, VLAN, and port information. Initially, all entries in the database are
dynamic, except for certain entries created by the device.
Dynamic entries are flushed and updated when any of the following occurs:
A VLAN is removed
A VLAN ID is changed
A port mode is changed (tagged/ untagged)
A port is removed from a VLAN
A port is disabled
A port QoS setting is changed
A port goes down
A new dynamic entry is created when the device identifies a source MAC address that
does not yet have an entry in the MAC address table. Dynamic entries are deleted from
the database if the device is reset or a power off/ on occurs.
Static entriespermanent entries are retained in the database if the device is reset or a power
off/ on cycle occurs. A permanent entry can either be a unicast or multicast MAC address.
These entries are created through the CLI.
Secure entriesa secure entry is configured to a secured port to allow only secured MAC
address to be learned by this port.
Self entriesa self entry is automatically created by the device software for various reasons.
Filtered entriesa filtered entry can be created in two ways. One way is to configure filter
entry statically for blocking the traffic from and to specific MAC address on the device. The
second way is to use the Port/ VLAN Security or the Port Limit feature. The MAC addresses
in the filtered entries are the MAC addresses that caused security violation.
T-Marc 300 Series User Guide

Page 6
Device Administration (Rev. 11)

Multicast entriesMulticast entries are multicast MAC addresses that were created dynamically
by multicast protocol. The multicast entry is removed via the mac-address-table command,
multicast entries are added via the ip igmp snooping dynamic/static command.
For more information refer to the ConfiguringMulticast Layer 2 chapter of this User Guide.

NOTE
Only the dynamic MAC addresses age out.
You can remove MAC addresses (except Self) from the MAC Address table by using
one of the cl ear mac- addr ess- t abl e commands.
Adding Entries to a MAC Address Table
Entries can be added to the MAC address table in the following two ways:
The device can learn entries by examining packets it receives. The system updates its MAC
Address table with the source MAC address from a packet, the VLAN, and the port identifier
on which the source packet is received. You can also limit the number of addresses that can be
learned on a port, or you can shut down the current port and prevent additional MAC address
learning.
You can enter and update entries using the command-line interface (CLI).
T-Marc 300 Series User Guide

Page 7
Device Administration (Rev. 11)

The MAC Address Table Default Configuration
Table 1: MAC Address Table Default Configuration
Feature Default Value
MAC address aging time 300 seconds
New MAC address learning Enabled
Displaying the learned MAC addresses Enabled
The MAC Address Table Step by Step Configuration
1. Add a static, dynamic or secure entry to the MAC address table (see Addinga NewEntry)
or
2. Add a filtered entry to the MAC address table (see Addinga FilteredEntry)
3. Optional configurations:
Configure the MAC address table aging time (see ConfiguringtheMAC AddressTableAging
Time)
Configure learning of new MAC addresses globally (see ConfiguringMAC AddressesLearning
Globally)
Configure learning of new MAC addresses on a port (see ConfiguringMAC Addresses
Learningper Port)
4. Delete a specific entry from the MAC address table (see Clearinga MAC AddressTable)
5. Display entries from the MAC address table (see DisplayingMAC AddressTableEntries)
T-Marc 300 Series User Guide

Page 8
Device Administration (Rev. 11)

The MAC Address Table Configuration Commands
Table 2: MAC Address Table Commands
Command Description
mac-address-table
Adds a static, dynamic or secure entry to the MAC
address table (see Adding a New Entry)
mac-address-table filtered
Adds a filtered entry to the MAC address table
(see Adding a Filtered Entry)

Table 3: MAC Address Table Optional Commands
Command Description
mac-address-table aging-
time
Configures the MAC address table aging time
(see Configuring the MAC Address Table Aging Time)
learning new-address
Configures learning of new MAC addresses globally (see
Configuring MAC Addresses Learning Globally)
port learning new-address
Enables/disables learning of new MAC addresses on a
port (see Configuring MAC Addresses Learning per Port)

Table 4: Clear MAC Address Table Commands
Command Description
clear mac-address-table
no mac-address-table
Clears a specific entry from the MAC address table
(see Clearing a MAC Address Table)

Table 5: MAC Address Table Display Commands
Command Description
show mac-address-table
Displays the MAC address table contents
(see Displaying MAC Address Table Entries)
mac-address-table learning-
display
Enables/disables displaying the MAC addresses, learned
on a specific list of interfaces or on a list of VLANs (see
Displaying/Hiding MAC Addresses)
show mac-address-table
aging-time
Displays the MAC address table aging time
(see Displaying the MAC Address Table Aging Time)
show mac-address-table
hash-depth
Displays the length of the MAC address table hash chain
(see Displaying the Length of the MAC Address Hash
Chain)

T-Marc 300 Series User Guide

Page 9
Device Administration (Rev. 11)

Adding a New Entry
The mac-address-table command adds a static, dynamic or secure entry to the MAC address
table.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#mac-address-table {static | dynamic | secure}
HH:HH:HH:HH:HH:HH interface {UU/SS/PP | ag0N} vlan <vlan-id>

device-name(config)#no mac-address-table {static | dynamic | secure}
HH:HH:HH:HH:HH:HH [interface {UU/SS/PP | ag0N} | vlan <vlan-id>]

device-name(config)#mac-address-table {static | dynamic | secure}
HH:HH:HH:HH:HH:HH {service <service ID> [sap SAPSTRING | sdp SDPSTRING]
[interface UU/SS/PP vlan <vlan-id> [priority <0-7>]}

device-name(config)#no mac-address-table {static | dynamic | secure}
HH:HH:HH:HH:HH:HH [service <service ID> [sap SAPSTRING | sdp SDPSTRING]]
[vlan <vlan-id>] [interface UU/SS/PP]
Argument Description
static
Adds a static entry.
dynamic
Adds a dynamic entry.
secure
Adds a secure entry for the secured port feature.
HH:HH:HH:HH:HH:HH
Destination MAC address to be added to the MAC Address table.
Packets with this destination address received on a specific VLAN
are forwarded to the specified interface.
UU/SS/PP
Port to which the received packets are forwarded.
ag0N
The link aggregation ID (ag01, ag04ag07). The allowed ID is in
the range of <17>.
vlan <vlan-id>
Specifies a VLAN for which the packet with the desired MAC
address is received. The VLAN ID is in the range <24094>.
service <service ID>
The service unique service identifier, in the range <1
4294967295>.
sap SAPSTRING
The SAPSTRING has the forms:
UU/SS/PP:CVLANID:use it if you configure the SAP on a
port
AG0N:CVLANID:use it if you configure the SAP on a link
aggregation
The C-VLAN ID is in the range of <14094>
T-Marc 300 Series User Guide

Page 10
Device Administration (Rev. 11)

sdp SDPSTRING
The SDPSTRING has the forms:
UU/SS/PP:SVLANID:use it if you configure the SDP on a
port
AG0N:SVLANID:use it if you configure the SDP on a link
aggregation
The S-VLAN ID is in the range of <14094>
priority <0-7>
(Optional) specifies the priority range
no
Removes entries from the MAC address table.
Adding a Filtered Entry
The mac-address-table filtered command adds a filtered entry to the MAC address table.
CLI Mode: Global Configuration
The filtered entry in the MAC address table is known as dangerous. This entry is denied as source and
as destination for each incoming and outgoing packet on the specified VLAN.
Command Syntax
device-name(config)#mac-address-table filtered HH:HH:HH:HH:HH:HH vlan <vlan-
id>
device-name(config)#no mac-address-table filtered HH:HH:HH:HH:HH:HH [interface
UU/SS/PP | vlan <vlan-id>]
Argument Description
HH:HH:HH:HH:HH:HH
Destination MAC address to be filtered. Packets with this destination
address received on the specified VLAN are filtered.
vlan <vlan-id>
Specifies the VLAN for which the packet with the specified MAC
address is filtered. The valid range is <24094>.
UU/SS/PP
The interface's unit/slot/port.
no
Removes entries from the MAC address table.
Example
device-name(config)#mac-address-table filtered 00:A0:12:02:03:04 vlan 2496
T-Marc 300 Series User Guide

Page 11
Device Administration (Rev. 11)

Configuring the MAC Address Table Aging Time
The mac-address-table aging-time command configures the length of time that a dynamic
entry can remain in the MAC address table from the time the entry was used or last updated.
CLI Mode: Global Configuration

NOTE
The actual aging time period of the MAC address table may be any time period
between the specified value and twice the specified value.
By default, the aging-time value is 300 seconds.
Command Syntax
device-name(config)#mac-address-table aging-time <time>
device-name(config)#no mac-address-table aging-time
Argument Description
time
Specifies how many seconds the address of a learned device remains on the
list of stations connected to your device. The address is removed from the list of
stations if no frame is received from that device during the aging time interval.
If the value assigned to the aging time is too short, this may increase the
amount of packets received by the device with unknown destinations and cause
the device to flood such packets to all ports in the VLAN. If the value assigned
to the aging time is too long, the MAC Address table may be loaded with
addresses that are no longer in use.
MAC address table aging time is in the range <101000000>seconds.
no
Restores to default
Example
The following example sets the MAC Address aging time to 1500 seconds (25 minutes):
device-name(config)#mac-address-table aging-time 1500
T-Marc 300 Series User Guide

Page 12
Device Administration (Rev. 11)

Configuring MAC Addresses Learning Globally
The learning new-address command configures learning of new MAC addresses globally.
CLI Mode: Global Configuration
By default, the learning is enabled.
NOTE
When learning new-address is disabled per port or globally, the following features
will not work correctly:
Port limit
Port security
Command Syntax
device-name(config)#learning new-address {enable | disable}
Argument Description
enable
Enables new MAC address learning.
disable
Disables new MAC address learning. When learning is disabled, no new MAC
addresses will be learned in the MAC address table and the unicast traffic will
be flooded to all the relevant ports (depending on the VLAN configuration).
Configuring MAC Addresses Learning per Port
The port learning new-address command enables/ disables learning new MAC addresses on a
port.
CLI Mode: Interface Configuration, Range Interface Configuration, LAG Range Interface
Configuration, and LAG Interface Configuration
When MAC address learning is disabled, no new MAC addresses are learned in the MAC address
table on the selected port.
The unicast traffic that is destined to devices connected to this port is flooded to the relevant ports.
By default, the learning is enabled.

NOTE
For the port limit feature to function correctly, enable first learning new-address per
port or globally.

T-Marc 300 Series User Guide

Page 13
Device Administration (Rev. 11)

Command Syntax
device-name(config-if UU/SS/PP)#port learning new-address {enable | disable}

device-name(config-if-group)#port learning new-address {enable | disable}

device-name(config-ag-group)#port learning new-address {enable | disable}

device-name(config-if AG0N)#port learning new-address {enable | disable}
Argument Description
enable
Enables the MAC address learning.
disable
Disables the MAC address learning.
Example 1
device-name(config)#interface range 1/1/1
device-name(config-if-group)#port learning new-address enable
Example 2
device-name(config)#interface range ag01
device-name(config-ag-group)#port learning new-address disable
Clearing a MAC Address Table Entry
Clear a specific MAC address entry on a particular port, or on a particular VLAN from the MAC
address table with:
clear mac-address-table command
CLI Mode: Privileged (Enable)
no mac-address-table command
CLI Mode: Global Configuration
Command Syntax
device-name#clear mac-address-table [dynamic | filtered | secure | static]
service <service ID> [sap SAPSTRING | sdp SDPSTRING]

device-name#clear mac-address-table [[dynamic | filtered | secure | static]
[address HH:HH:HH:HH:HH:HH] [vlan <vlan-id>] [interface UU/SS/PP]]

device-name#clear mac-address-table multicast [address HH:HH:HH:HH:HH:HH]
[vlan <vlan-id>]

device-name(config)#no mac-address-table {dynamic | filtered | secure | static
| multicast} address HH:HH:HH:HH:HH:HH [service <service ID> [sap SAPSTRING |
sdp SDPSTRING]] [vlan <vlan-id>][interface UU/SS/PP]
T-Marc 300 Series User Guide

Page 14
Device Administration (Rev. 11)

Argument Description
dynamic
(Optional). Only dynamic MAC address(es) are cleared.
filtered
(Optional). Only filtered MAC address(es) are cleared.
secure
(Optional). Only secure MAC address(es) are cleared.
static
(Optional). Only static MAC address(es) are cleared.
multicast
Only multicast MAC address(es) are cleared.
address
HH:HH:HH:HH:HH:HH
(Optional in the clear mac-address-table command). MAC address
to be cleared, if it complies with all other specified arguments.
interface UU/SS/PP
(Optional). Removes the MAC address(es) on the specified
interface.
vlan <vlan-id>
(Optional). Removes the MAC address(es) on the specified VLAN.
The VLAN ID is in the range <24094>.
service <service ID>
The service unique service identifier, in the range <14294967295>.
sap SAPSTRING
The SAPSTRING has the forms:
UU/SS/PP:CVLANID: use it if you configured the SAP on a
port
ag0N:CVLANID:use it if you configured the SAP on a link
aggregation
The C-VLAN ID is in the range of <14094>.
sdp SDPSTRING
The SDPSTRING has the forms:
UU/SS/PP:SVLANID:use it if you configured the SDP on a
port
ag0N:SVLANID:use it if you configured the SDP on a link
aggregation
The S-VLAN ID is in the range of <14094>.

NOTE
If you do not specify an argument, all MAC addresses are removed (except for the
self entries).
T-Marc 300 Series User Guide

Page 15
Device Administration (Rev. 11)

Displaying MAC Address Table Entries
The show mac-address-table command displays the MAC address table contents.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mac-address-table [dynamic | filtered | multicast | secure |
static | self] [address HH:HH:HH:HH:HH:HH] [vlan <vlan-id>] [interface
UU/SS/PP]

device-name#show mac-address-table service <service ID> [sap SAPSTRING | sdp
SDPSTRING]

device-name#show mac-address-table count [vlan <vlan-id> interface UU/SS/PP |
interface UU/SS/PP]

device-name#show mac-address-table count [address HH:HH:HH:HH:HH:HH] [service
<service ID> [sap SAPSTRING | sdp SDPSTRING]] [interface UU/SS/PP] [vlan
<vlan-id>]
Argument Description
dynamic
(Optional) information is displayed only about the dynamic MAC
address(es).
filtered
(Optional) information is displayed only about the filtered MAC
address(es).
multicast
(Optional) information is displayed only about the multicast MAC
address(es).
secure
(Optional) information is displayed only about the secure MAC
address(es).
static
(Optional) information is displayed only about the static MAC
address(es).
self
(Optional) information is displayed only about the device MAC
address.
count
Displays the number of MAC addresses in the MAC address table.
service <service ID>
The service unique service identifier, in the range <14294967295>.
sap SAPSTRING
The SAPSTRING has the forms:
UU/SS/PP:CVLANID: use it if you configured the SAP on a
port
ag0N:CVLANID:use it if you configured the SAP on a link
aggregation
The C-VLAN ID is in the range of <14094>.
T-Marc 300 Series User Guide

Page 16
Device Administration (Rev. 11)

sdp SDPSTRING
The SDPSTRING has the forms:
UU/SS/PP:SVLANID:use it if you configured the SDP on a
port
ag0N:SVLANID:use it if you configured the SDP on a link
aggregation
The S-VLAN ID is in the range of <14094>.
address
HH:HH:HH:HH:HH:HH
(Optional in the show mac-address-table command) information
is displayed about the specified MAC address, if it complies with all
other specified arguments.
vlan <vlan-id>
(Optional) displays the MAC address(es) on the specified VLAN.
The VLAN ID is in the range <24094>. You can create a maximum
of 255 VLANs in this range.
interface UU/SS/PP
(Optional) displays the MAC address(es) on the specified interface.

NOTE
If you do not specify any argument, the show mac- addr ess- t abl e command
displays the entire MAC address table.
Example
Display the entire MAC address table:
device-name#show mac-address-table
===+=======+===================+========+================+==========|
# | VI D | Mac | PORT | STATUS | PRI ORI TY |
- - - +- - - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - +- - - - - - - - - - +
1 | 0001 | 00: 00: 00: 00: 11: 22 | 1/ 1/ 1 | st at i c | 0 |
2 | 0001 | 00: 40: 95: 30: 0e: 8f | 1/ 1/ 2 | dynami c | 0 |
3 | 0001 | 00: A0: 12: 05: 36: 80 | | sel f | 0 |
4 | 0001 | 01: 00: 5e: 11: 22: 33 | | mul t i cast | 0 |
5 | 0001 | 01: 00: 5e: 11: 22: 44 | | mul t i cast | 0 |
6 | 0001 | 01: 00: 5e: 11: 22: 55 | | mul t i cast | 0 |
Displaying/Hiding MAC Addresses
The mac-address-table learning-display command enables/ disables displaying the MAC
addresses, learned on a specific list of interfaces or on a list of VLANs.
CLI Mode: Global Configuration
By default, displaying the learned MAC addresses is enabled.
Command Syntax
device-name(config)#mac-address-table learning-display interfaces PORT LIST
device-name(config)#no mac-address-table learning-display interfaces PORT LIST

device-name(config)#mac-address-table learning-display vlan VLAN LIST
device-name(config)#no mac-address-table learning-display vlan VLAN LIST

device-name(config)#mac-address-table learning-display interface UU/SS/PP vlan
<vlan-id>
T-Marc 300 Series User Guide

Page 17
Device Administration (Rev. 11)

device-name(config)#no mac-address-table learning-display interface UU/SS/PP
vlan <vlan-id>
Argument Description
vlan VLAN LIST
List of source VLAN IDs. Use commas as separators and hyphens
to indicate sub-ranges (e.g. 24,8). The VLAN IDs are in the range
<24094>.
interface PORT LIST
Port list, in the form u[[/s[/p]]][-u[[/s[/p]]][,u[[/s[/p]]]]], etc.
Use commas as separators and hyphens to indicate sub-ranges
(for example, 1/1/1,1/2/11/2/3). Blank spaces are not allowed.
vlan <vlan-id>
Specifies the VLAN for which enables or disables displaying the
learned MAC addresses. The VLAN ID is in the range <24094>.
interface UU/SS/PP
Specifies the interface for which enables or disables displaying the
learned MAC addresses.
no
Hides the MAC addresses that are learned on the selected
interfaces or VLAN.
Example 1
The following example shows the command that hides the MAC addresses that are learned on
interface 1/ 1/ 1:
device-name#show mac-address-table
===+========+====================+==========+===========+==========
# | VI D | Mac | PORT | STATUS | PRI ORI TY|
- - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +
1 | 0001 | 00: 80: 00: 00: 03: 01 | 1/ 1/ 1 | dynami c | 0 |
2 | 0001 | 00: 80: 1e: 15: 60: 76 | 1/ 1/ 1 | dynami c | 0 |
3 | 0001 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
4 | 0010 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |

device-name(config)#no mac-address-table learning-display interface 1/1/1
device-name(config)#exit
device-name#show mac-address-table
===+========+======================+========+=========+===========
# | VI D | Mac | PORT | STATUS | PRI ORI TY |
- - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
1 | 0001 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
2 | 0010 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
T-Marc 300 Series User Guide

Page 18
Device Administration (Rev. 11)

Example 2
The following example shows the command that hides the MAC addresses that are learned on
VLANs 1 to 9:
device-name#show mac-address-table
===+========+======================+========+===========+===========
# | VI D | Mac | PORT | STATUS | PRI ORI TY |
- - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +
1 | 0001 | 00: 80: 00: 00: 03: 01 | 1/ 1/ 1 | dynami c | 0 |
2 | 0001 | 00: 80: 1e: 15: 60: 76 | 1/ 1/ 1 | dynami c | 0 |
3 | 0001 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
4 | 0010 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |

device-name(config)#no mac-address-table learning-display vlan 1-9
device-name(config)#exit
device-name#show mac-address-table
===+========+=====================+=========+===========+===========
# | VI D | Mac | PORT | STATUS | PRI ORI TY |
- - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +
1 | 0001 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
2 | 0010 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
Example 3
The following example enables displaying the MAC addresses that are learned on VLANs 1 to 9:
device-name(config)#mac-address-table learning-display vlan 1-9
device-name(config)#exit
device-name#show mac-address-table
===+========+======================+=========+==========+===========
# | VI D | Mac | PORT | STATUS | PRI ORI TY |
- - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
1 | 0001 | 00: 80: 00: 00: 03: 01 | 1/ 1/ 1 | dynami c | 0 |
2 | 0001 | 00: 80: 1e: 15: 60: 76 | 1/ 1/ 1 | dynami c | 0 |
3 | 0001 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
4 | 0010 | 00: A0: 12: 00: 00: 02 | | sel f | 0 |
T-Marc 300 Series User Guide

Page 19
Device Administration (Rev. 11)

Displaying the Length of the MAC Address Hash Chain
The show mac-address-table hash-depth command displays the length of the MAC address
table hash chain.
The length of the MAC address table hash database should be set according to the MAC addresses
available in the network. If the MAC address numbers are randomly distributed, it is recommended
to use the default value.
CLI Mode: Privileged (Enable) and Global Configuration
Command Syntax
device-name#show mac-address-table hash-depth
device-name(config)#mac-address-table hash-depth <value>
device-name(config)#no mac-address-table hash-depth
Argument Description
value
The maximum lookup hash chain length in the range <216>. Only even values
are allowed.
no
Sets default value of the MAC address table hash chain.
Example
device-name#show mac-address-table hash-depth
Max hash chai n l engt h i s 14
Displaying the MAC Address Table Aging Time
The show mac-address-table aging-time command displays the MAC address table aging
time.

CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mac-address-table aging-time
Example 1
The following example shows how to display the currently configured aging time:
device-name#show mac-address-table aging-time
agi ng t i me i s 1500 seconds
Example 2
The following example shows how to display the currently configured noagingtime:
device-name#show mac-address-table aging-time
T-Marc 300 Series User Guide

Page 20
Device Administration (Rev. 11)

agi ng i s of f
T-Marc 300 Series User Guide

Page 21
Device Administration (Rev. 11)

ARP Table
Overview
ARP table provides mapping between the IP address and the MAC address of the device. It is built
dynamically.
===+==================+=================+========+========+=========+
# | I P Addr ess | MAC | Age( mi n) | i f | Type |
- - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - +
0 | 10. 0. 0. 10 | 00: 00: 00: 00: 00: 10| 1 | sw0 | St at i c |
When you want to send a packet to a local host, the software looks the IP in the ARP cache. After
finding the IP address, the software gets the MAC address, constructs an Ethernet header with the
correct source/ destination MAC addresses, and sends it.
If the MAC address is not found for a specific IP, the device broadcasts an ARP request to every
host on Ethernet in order to learn it.
Configuring the ARP Table
Table 6: ARP Table Commands
Command Description
clear ip arp
Clears dynamic and static entries learned in the ARP table
(see Clearing the ARP Table)
show ip arp
Displays IP addresses learned by ARP packets
(see Displaying the ARP Table)
Clearing the ARP Table
The clear ip arp command clears entries from the ARP cache.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear ip arp [dynamic | static]
Argument Description
dynamic
(Optional) clears only dynamic learned entries in the ARP table.
static
(Optional) clears only the static learned entries in the ARP table.

T-Marc 300 Series User Guide

Page 22
Device Administration (Rev. 11)


Displaying the ARP Table
The show ip arp command displays the ARP cache.
CLI Mode: Privileged (Enable)

NOTE
You can store static MAC entries if implementing a static CPU cache when using
the i p ar p command. BiNOS first looks up in this static CPU cache before looking
up in the cache containing dynamic MAC entries.
Command Syntax
device-name#show ip arp
Example
device-name#show ip arp
===+==================+=================+========+========+=========+
# | I P Addr ess | MAC | Age( mi n) | i f | Type |
- - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - +
0 | 10. 0. 0. 10 | 00: 00: 00: 00: 00: 10| 2 | sw0 | Dynami c|
T-Marc 300 Series User Guide

Page 23
Device Administration (Rev. 11)

Script Files System
Overview
A script file is a text file that includes a sequence of configuration CLI commands.
The script files can be downloaded from the TFTP server, uploaded to the TFTP server, deleted,
renamed or executed. The contents of the script file can also be viewed. There also is the capability
to store running and startup configurations of the device into the file system.
When you run a script file, the current running configuration of the device is merged with the new
settings that are configured by the script file.
Every file in the script-file system has a unique name of maximum 32 characters without blank
spaces.
You can perform the following actions with script files:
Download script files from the TFTP server
Upload script files to the TFTP server
Remove script files from the file system
Rename script files
Run script files
View the contents of script files
The Script Files System Default Configuration
Table 7: Script File System Default Configuration
Feature Default Value
Startup configuration name startup_config
Running configuration name running_config
T-Marc 300 Series User Guide

Page 24
Device Administration (Rev. 11)

The Script Files System Configuration Commands
Table 8: Script File System Commands
Command Description
script-file-system
Accesses the Script-file-system Configuration mode
(see Script-file-system Configuration Mode)
copy running-config
Copies the running configuration into the script-file system
(see Copying the Running Configuration)
copy startup-config
Copies the startup configuration into the script-file system
(see Copying the Startup Configuration)
copy
Copies a file (see Copying a File)
run
Executes CLI commands contained in the specified script file (as
a batch file) (see Executing a Script File)
attrib
Specifies file attributes (see Configuring File Attributes)
rename
Renames a specific script file (see Renaming a Script File)
move
Removes a file from its current location and places it at a new
location (see Moving a File)

Table 9: Commands for Removing Script-File System Files
Command Description
del
Removes a specific file from the file system
(see Deleting a Specific File from the Script-file System)

Table 10: Script File System Display Commands
Command Description
display
Displays the textual contents of the specified script file
(see Displaying Script File Textual Contents)
dir
Displays the names and lengths of all script files stored in the file
system (see Displaying the Script-file Name and Length)
show script-file-
system
Displays the names and lengths of all script files stored in the file
system (see Displaying the Script-file Name and Length)
ls
lists the files in Flash memory file system (see Listing Files)
help
Provides description of the interactive help system
(see Describing the Interactive Help System)

T-Marc 300 Series User Guide

Page 25
Device Administration (Rev. 11)


Script-file-system Configuration Mode
The script-file-system command accesses Script-file-system Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#script-file-system
device-name(config script-file-system)#
Copying the Running Configuration
The copy running-config command saves a copy of the running configuration into the script-file
system.
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#copy running-config [FILE-NAME]
Argument Description
FILE-NAME
(Optional) the name of the destination file, in the script-file system. If no file
name is specified, a default name (running_config.cfg.) is assigned.
Example
device-name(config script-file-system)#copy running-config
bui l di ng t he conf i gur at i on . . .
Savi ng scr i pt f i l e " f l ash: / Usr / r unni ng_conf i g. cf g" t o f i l e syst em. . .
Done
Copying the Startup Configuration
The copy startup-config command saves a copy of the start-up configuration into the script-file
system.
CLI Mode: Script-file-system Configuration

NOTE
To execute this command, the startup configuration should be stored on the device.
Command Syntax
device-name(config script-file-system)#copy startup-config [FILE-NAME]
T-Marc 300 Series User Guide

Page 26
Device Administration (Rev. 11)

Argument Description
FILE-NAME
(Optional). The name of the destination file, in the script-file system. If no file
name is specified, a default name (startup_config.cfg.) is assigned.
Example
device-name(config script-file-system)#copy startup-config
Savi ng scr i pt f i l e " f l ash: / Usr / st ar t up_conf i g. cf g" t o f i l e syst em. . .
Done
Copying a File
The copy command saves a copy of a file into the script file system.
CLI Mode: Script-file-system Configuration
This command is equivalent to the cp command in all modes.
Command Syntax (for Local Flash system)
device-name(config script-file-system)#copy [[device/]path/]file-name
[[device1/]path1/]file-name1
Command Syntax (for TFTP/FTP Server)
device-name(config script-file-system)#copy
protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Command Syntax (for SFTP server)
device-name(config script-file-system)#copy
device/user:pass@host/[path/]file-name
device1/user1:pass1@host1/[path1/]file-name1
Argument Description
device/
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
path
(Optional) the path to the location where the file is copied.
protocol,
protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1

(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
T-Marc 300 Series User Guide

Page 27
Device Administration (Rev. 11)

port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
path1
(Optional) the path to the location where the file is copied.
file-name1
The destination file name.
Example
The following command copies a file from a TFTP server to the local / Usr directory:
device-name(config script-file-system)#copy tftp://10.0.0.60/test usr/test1
The following command copies a file from the local Flash root directory to a remote TFTP server:
device-name(config script-file-system)#copy flash:/profile.cfg
tftp://10.0.0.60/profile.cfg
Executing a Script File
The run command executes CLI commands contained in the specified script file.
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#run FILE-NAME
Argument Description
FILE-NAME
The name of the script file, in the script-file system.
Example
device-name(config script-file-system)#run test1
Execut i ng conf i gur at i on scr i pt
Conf i gur at i on f r omf i l e compl et e
Configuring File Attributes
The attrib command configures file attributes (read-only, archive, system and hidden).
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#attrib FILE-NAME
T-Marc 300 Series User Guide

Page 28
Device Administration (Rev. 11)

Argument Description
FILE-NAME
The name of the file, which attributes must be configured, in the script-file
system.
Example
device-name(config script-file-system)#attrib run1
Read- onl y : -
Hydden : -
Syst em : -
Ar chi ve : -
Renaming a Script File
The rename command renames the specified script file.
CLI Mode: Script-file-system Configuration
This command is equivalent to the rm command in all modes.
Command Syntax
device-name(config script-file-system)#rename [[device/]path/]file-name new-
file-name
Argument Description
device/
(Optional) The device on which the file to be renamed is stored. Can
only be flash:/ (the local Flash system).
path
(Optional) The device and the path to the file to be renamed. The
path should end with the name of the file.
file-name
The original name of the file to be renamed.
new-file-name
The new name assigned to the file.
Moving a File
The move command removes a file from its current location and places it at a new location. The
name of the file can be optionally changed.
CLI Mode: Script-file-system Configuration
This command is equivalent to the mv command in all modes.
Command Syntax (for local Flash system)
device-name(config script-file-system)#move [[device/]path/]file-name
[[device1/]path1/]file-name1
T-Marc 300 Series User Guide

Page 29
Device Administration (Rev. 11)

Command Syntax (for TFTP/FTP Server)
device-name(config script-file-system)#move
protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Argument Description
device/
(Optional) the device from which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D),, or the local
Flash system (in format flash:/)
path
(Optional) the path to the location where the file is moved.
protocol,
protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D),, or the local
Flash system (in format flash:/)
path1
(Optional) the path to the location where the file is moved.
file-name1
The destination file name.
Deleting a Specific File from the Script-file System
The del command removes a specific file from the script-file system.
CLI Mode: Script-file-system Configuration

NOTE
The specified file is removed without requesting your confirmation.
Command Syntax for Local Flash System)
device-name(config script-file-system)#del [[device/]path/]file-name
Command Syntax (for SFTP Server)
device-name(config script-file-system)#del device/user:pass@host/[path/]file-
name
T-Marc 300 Series User Guide

Page 30
Device Administration (Rev. 11)

Argument Description
device/
(Optional) the device from which the file is removed. It can be a SFTP
server (in format sftp://user:pass@A.B.C.D), or the local Flash system (in
format flash:/)
path
(Optional) the path to the location where the file is removed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
host
Specifies the server IP address in A.B.C.D format.
file-name
The name of the file to be removed.
Displaying Script File Textual Contents
The display command displays textual contents of a specified script file.
CLI Mode: Script-file-system Configuration
This command is equivalent to the pwd command.
Command Syntax for Local Flash System)
device-name(config script-file-system)#display [[device/]path/]file-name
[dump] [START]
Argument Description
device/
(Optional) the device from which the file content is displayed. It can be the
Flash local system (in format flash:/)
path
(Optional) the path to the location where the file content is displayed.
file-name
The name of the file which content is displayed.
dump
(Optional) hex format.
START
(Optional) start offset.
Example
device-name(config script-file-system)#display test1
*********** FI LE START *********
! T- Mar c- 380 Ver si on 10. 1. TMC3
!
passwor d 3090372e3f 8bc00eeacc46219f 7557485983251a994551f 918e04712f 86c5818
i p addr ess 1. 0. 0. 1 255. 0. 0. 0
i nt er f ace sw0
!

!
! Techni cal Suppor t I nf or mat i on Conf i gur at i on:
!
T-Marc 300 Series User Guide

Page 31
Device Administration (Rev. 11)

************ FI LE END **********
Displaying the Script-file Name and Length
Display the names and lengths of all script files stored in the script-file system with:
dir and show script-file-system commands
CLI Mode: Script-file-system Configuration
show script-file-system command
CLI Mode: View and Privileged (Enable)
Command Syntax
device-name(config script-file-system)#dir

device-name(config script-file-system)#show script-file-system

device-name>show script-file-system

device-name#show script-file-system
Example 1
device-name(config script-file-system)#dir

Li st i ng Di r ect or y f l ash: / Usr / :
d S 2048 J an 1 1993 01: 04 . /
d 2048 J an 1 1993 00: 00 . . /
- 9017 J an 1 1993 00: 21 t est 1. cf g
- 4220 J an 1 1993 01: 04 r unni ng_conf i g. cf g

Fr ee di sk space 1929216
Example 2
device-name(config script-file-system)#show script-file-system
f l ash: / Usr / .
f l ash: / Usr / . .
f l ash: / Usr / t est 1. cf g
f l ash: / Usr / r unni ng_conf i g. cf g
Listing Files
The ls command lists files in Flash memory file system.
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#ls
T-Marc 300 Series User Guide

Page 32
Device Administration (Rev. 11)

Example
device-name(config script-file-system)#ls
Li st i ng Di r ect or y f l ash: / Usr :
d S 2048 J an 1 1993 00: 59 . /
d 2048 J an 1 1993 00: 00 . . /
- 176 J an 1 1993 03: 18 pr of i l e. cf g
- 5804 J an 1 1993 00: 12 acl . cf g
- 7069 J an 1 1993 00: 29 snmp. cf g


Fr ee di sk space 18192384
Describing the Interactive Help System
The help command provides description of the interactive help system.
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#help
T-Marc 300 Series User Guide

Page 33
Device Administration (Rev. 11)

File System
Overview
The Flash file system (also called Flash:) provides commands for defining, downloading, and
deleting software images and configuration files stored in a Flash memory. In addition, users can
define the different Loader parameters using the Flash file system.
The File System Default Folders
Table 11: System Directories Default Configuration
Directory Description
\Boot\ Contains all executable applications and firmware
images
\Log\ Stores all logs of the system operation
\Usr\ Contains all configuration scripts of the system
\Etc\ Contains default startup configuration
\Hidden\ Internal settings storage
\J ava\ Not supported


NOTE
The system directories are locked for editing.
Table 12: Default System File Names and Settings
Parameter Default Value
Startup configuration name dflt_startup.cfg
Image name Image.Z
Auto-boot timeout 5 seconds
BiNOS System Loader password batm
T-Marc 300 Series User Guide

Page 34
Device Administration (Rev. 11)

The File System Commands
Table 13: File System Directories Commands
Command Description
format
Formats the file system and removes its contents
(see Formatting the File System)
mkdir
Creates a new directory (see Creating a New Directory)
rmdir
Deletes a directory (see Deleting a Directory)
dir
Displays the contents of the current directory
(see Displaying the File System Contents)
pwd
Displays the working directory (see Displaying the Working Directory)

Table 14: File Content Management Commands
Command Description
copy
Copies a file from a TFTP server or from the local Flash system to the
specified path (see Copying a File)
rename
Renames a file (see Renaming a File)
move
Removes a file from its current location and places it at a new location
(see Moving a File)
del
Deletes a specified file (see Deleting a File)
display
Displays the contents of a text file (see Displaying the File Contents)
T-Marc 300 Series User Guide

Page 35
Device Administration (Rev. 11)

Formatting the File System
The format command formats the file system and removes its contents.
CLI Mode: Loader and Privileged (Enable)
After the next start of the loader (or start-up of downloaded application), the default set of system
directories will be restored automatically. The command deletes all saved configuration files
(starting configuration).
Command Syntax
Loader>format [DEVICE-NAME]
device-name#format [DEVICE-NAME]
Argument Description
DEVICE-NAME
The device name, valid device can be flash:/
Creating a New Directory
The mkdir command creates a new directory.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>mkdir PATH
device-name#mkdir PATH
Argument Description
PATH
The destination path (directory) ends with the new directory that is created. The
directory name is a case insensitive string.
Deleting a Directory
The rmdir command deletes a directory.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>rmdir [PATH]
device-name#rmdir [PATH]
Argument Description
PATH
The path ends with the directory to be deleted. The directory name is a case
insensitive string.

T-Marc 300 Series User Guide

Page 36
Device Administration (Rev. 11)

NOTE
Non-empty and system directories cannot be removed.

Displaying the File System Contents
The dir command displays a list of files in the file system.
CLI Mode: Loader, View and Privileged (Enable)
This command is equivalent to the ls command in all modes.
Command Syntax
Loader>dir [PATH]
device-name>dir [PATH]
device-name#dir [PATH]
Argument Description
PATH
(Optional) the name of a selected directory, which contents is displayed. The
directory name is a case insensitive string.
Displaying the Working Directory
The pwd command displays the working directory.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>pwd
device-name#pwd
Copying a File
The copy command copies a file from a TFTP/ FTP/ SFTP server or from the local Flash system
to another location. The name of the file can be optionally changed.
CLI Mode: Loader and Privileged (Enable)
This command is equivalent to the cp command in all modes.
Command Syntax (for Local Flash System)
Loader>copy [[device://]path/]file-name [[device1://]path1/]file-name1
device-name#copy [[device://]path/]file-name [[device1://]path1/]file-name1
Command Syntax (for TFTP/FTP Server)
Loader>copy protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
T-Marc 300 Series User Guide

Page 37
Device Administration (Rev. 11)

device-name#copy protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Command Syntax (for SFTP Server)
Loader>copy device://user:pass@host/[path/]file-name
device1/user1:pass1@host1/[path1/]file-name1
device-name#copy device://user:pass@host/[path/]file-name
device1/user1:pass1@host1/[path1/]file-name1
Argument Description
device
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
dath
(Optional) the path to the location where the file is copied.
protocol,
protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
path1
(Optional) the path to the location where the file is copied.
file-name1
The destination file name.
Examples
The following command copies a file from a TFTP server to the local / Usr directory:
device-name#copy tftp://10.0.0.60/test usr/test1
The following command copies a file from the local Flash root directory to a remote TFTP
server:
device-name#copy flash://profile.cfg tftp://10.0.0.60/profile.cfg
T-Marc 300 Series User Guide

Page 38
Device Administration (Rev. 11)

Renaming a File
The rename command renames a file.
CLI Mode: Loader and Privileged (Enable)
Command Syntax (for Local Flash System)
Loader>rename [path/]file-name NEW-FILE-NAME
device-name#rename [path/]file-name NEW-FILE-NAME
Command Syntax (for SFTP Server)
Loader>rename device://user:pass@host/[path/]file-name NEW-FILE-NAME
device-name#rename device://user:pass@host/[path/]file-name NEW-FILE-NAME
Argument Description
device
(Optional) the device on which the file to be renamed is stored. It can be a
SFTP server (in format sftp://user:pass@A.B.C.D), or the local Flash
system (in format flash:/)
path
(Optional) the path to the file to be renamed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
host
Specifies the server IP address in A.B.C.D format.
file-name
The original name of the file to be renamed.
NEW-FILE-NAME
The new name assigned to the file.
Moving a File
The move command removes a file from its current location and places it at a new location. The
name of the file can be optionally changed.
CLI Mode: Loader and Privileged (Enable)
This command is equivalent to the mv command in all modes.
Command Syntax (for Local Flash System)
Loader>move [[device://]path/]file-name [[device1://]path1/]file-name1
device-name#move [[device://]path/]file-name [[device1://]path1/]file-name1
Command Syntax (for TFTP/FTP Server)
Loader>move protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
device-name#move protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
T-Marc 300 Series User Guide

Page 39
Device Administration (Rev. 11)

Argument Description
device/
(Optional) the device from which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D), or the local
Flash system (in format flash:/)
path
(Optional) the path to the location where the file is moved.
protocol,
protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is moved. It can be a TFTP server
(in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D), or the local Flash
system (in format flash:/)
path1
(Optional) the path to the location where the file is moved.
file-name1
The destination file name.
Deleting a File
The del command deletes the specified file.
CLI Mode: Loader and Privileged (Enable)
This command is equivalent to the rm command.
Command Syntax (for Local Flash System)
Loader>del [path/]file-name
device-name#del [path/]file-name
Command Syntax (for SFTP Server)
Loader>del device://user:pass@host/[path/]file-name
device-name#del device://user:pass@host/[path/]file-name
Argument Description
device/
(Optional) the device from which the file is removed. It can be a SFTP
server (in format sftp://user:pass@A.B.C.D), or the local Flash system (in
format flash:/)
path
(Optional) the path to the location where the file is removed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
T-Marc 300 Series User Guide

Page 40
Device Administration (Rev. 11)

host
Specifies the server IP address in A.B.C.D format.
file-name
The name of the file to be removed.
Displaying the File Contents
The display command displays the contents of a text file.
CLI Mode: Loader, View and Privileged (Enable)
The command must not be applied to binary files.
Command Syntax
Loader>display {[path/] | [device://[path/]]}file-name [dump][START]
device-name>display {[path/] | [device://[path/]]}file-name [dump]
device-name#display {[path/] | [device://[path/]]}file-name [dump]
Argument Description
path
(Optional). The path to the file to be displayed. The path should end with
the name of the file.
device:
(Optional). The device on which the file to be displayed is stored. Can only
be flash:/ meaning the local Flash system.
device:path
(Optional). The device and the path to the file to be displayed. The path
should end with the name of the file.
file-name
The name of the file.
dump
(Optional). HEX format.
START
(Optional). Start offset.

NOTE
The dump option is mandatory to display binary files.
T-Marc 300 Series User Guide

Page 41
Device Administration (Rev. 11)

Modifying the Default Configuration
The default settings feature allows you to modify the running configuration according your
preferences and saves it as a default configuration.
Default Configuration Commands
Table 15: Default Configuration Commands
Command Description
copy running-config
default-config
Saves the running configuration as a default configuration
(see Modifying the Default Configuration)
copy default-config
Copies the default configuration to a TFTP/FTP server or to the
local Flash system
(see Copying the Default Configuration to a Specific Location)
copy
Copies the default configuration from a TFTP/FTP server or from
the local Flash system
(see Copying the Default Configuration from a Specific Location)
write erase default
Clears the default configuration
(see Clearing the Default Configuration)
show default-config
Displays the default configuration ( see Displaying the Default
Configuration)
T-Marc 300 Series User Guide

Page 42
Device Administration (Rev. 11)

Modifying the Default Configuration
The copy running-config default-config command saves the running configuration as a
default configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#copy running-config default-config
Copying the Default Configuration to a Specific Location
The copy default-config command copies the default configuration to a TFTP/ FTP server or
to the local Flash system.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#copy default-config [<device>:[<server IP>/]][<path>]<file name>
Argument Description
device/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D), a FTP server (in format ftp://user:pass@A.B.C.D), or the
local Flash system (in format flash:/):
userspecifies the name of the user performing the operation
passspecifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, no need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path to which the file is copied. The path should
end with the name of the file.
server IP
Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name
The original file name.
Copying the Default Configuration from a Specific Location
The copy command copies the default configuration from a TFTP/ FTP server or from the local
Flash system.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#copy [[<device>:[<server IP>/]][<path>]<file name> default-config
T-Marc 300 Series User Guide

Page 43
Device Administration (Rev. 11)

Argument Description
device/
(Optional) the device from which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D), a FTP server (in format ftp://user:pass@A.B.C.D), or
the local Flash system (in format flash:/):
userspecifies the name of the user performing the operation
passspecifies the password that authenticates the specified username.
Symbol (@) following the password is required
For the TFTP server, no need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path from which the file is copied. The path should
end with the name of the file.
server IP
Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name
The original file name.
Clearing the Default Configuration
The write erase default command clears the default configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#write erase default
Displaying the Default Configuration
The show default-config command displays the default configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show default-config
Example
device-name#show default-config
! Def aul t Conf i gur at i on:
!

. . .

! Et her net i n t he Fi r st Mi l e OAM
!
! ef m- oamdi sabl e
!
. . .
T-Marc 300 Series User Guide

Page 44
Device Administration (Rev. 11)

Zero-Touch Configuration
Overview
Zero-touch configuration is a set of operations that provides two options for automatically
configuring the device:
Via IP address that is assigned manually (static IP address).
Via IP address that is obtained from a DHCP server (dynamic IP address).
The BiNOS configuration file is downloaded from a TFTP server after the device reloads to
defaults. The configuration details are stored in NVRAM.
In case of a zero-touch configuration failure, the factory default configuration is executed.

NOTE
When using a DHCP client, the system administrator has to configure a TFTP
server IP address (the siaddr field as specified in RFC 2131) and a Boot filename (the
filename field as specified in RFC 2131) on the DHCP server.
The example displays part of the DHCP server configuration file:
next-server X.X.X.X;
filename configfile.cfg
Zero-touch Configuration Default Configuration
Table 16: Zero-touch Configuration Default Configuration
Feature Default Value
Zero Touch Configuration Disabled
TFTP IP address 0.0.0.0
Configuration file Not saved to NVRAM
Number of retries 3 times
The time interval between each retry 64 seconds
T-Marc 300 Series User Guide

Page 45
Device Administration (Rev. 11)

Zero-touch Configuration Commands
Table 17: Zero-touch Configuration Commands
Command Description
configure zero-touch
Enters the Zero-touch Configuration mode
(see Accessing the Zero-touch Configuration Mode)
zero-touch
Enables/disables the zero-touch configuration feature
(see Enabling/disabling the Zero-touch Configuration)
ip-address
Specifies the device IP address
(see Specifying the Device IP Address)
tftp-server
Specifies the TFTP IP address
(see Specifying the TFTP IP Address)
config-file
Specifies the path to the configuration file
(see Specifying the Location of the Configuration File)
save-configuration
Saves the downloaded configuration file to NVRAM
(see Saving the Configuration File to NVRAM)
retry-max
Specifies the maximum number of retries for downloading
the configuration file
(see Specifying the Number of Retries for Downloading the
Configuration File)
execute
Forces the device to reach the TFTP server and to obtain
the required configuration file
(see Forcing the Device to Reach the TFTP Server)
show zero-touch
show
Display the zero-touch configuration details
(see Displaying the Zero-touch Configuration)
T-Marc 300 Series User Guide

Page 46
Device Administration (Rev. 11)

Accessing the Zero-touch Configuration Mode
The configure zero-touch command enters the Zero-touch Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name#configure zero-touch
device-name(zero-touch)#
Enabling/disabling the Zero-touch Configuration
The zero-touch command enables/ disables the zero-touch configuration feature.
CLI Mode: Zero-touch Configuration
By default, zero-touch configuration feature is disabled.
Command Syntax
device-name(zero-touch)#zero-touch
device-name(zero-touch)#no zero-touch
Argument Description
no
Restores to default
Specifying the Device IP Address
The ip-address command specifies the device IP address.
CLI Mode: Zero-touch Configuration
Command Syntax
device-name(zero-touch)#ip-address A.B.C.D/M
device-name(zero-touch)#no ip-address
Argument Description
A.B.C.D/M
Specifies the device IP address and mask manually
no
Obtains the device IP address via DHCP
T-Marc 300 Series User Guide

Page 47
Device Administration (Rev. 11)

Specifying the TFTP IP Address
The tftp-address command specifies the TFTP IP address.
CLI Mode: Zero-touch Configuration
By default, the TFTP IP address is 0.0.0.0.
Command Syntax
device-name(zero-touch)#tftp-server A.B.C.D
device-name(zero-touch)#no tftp-server
Argument Description
A.B.C.D
Specifies the TFTP IP address
no
Restores to default
Specifying the Location of the Configuration File
The config-file command specifies the path to the configuration file.
CLI Mode: Zero-touch Configuration
Command Syntax
device-name(zero-touch)#config-file [<path>]<file name>
device-name(zero-touch)#no config-file
Argument Description
[<path>]<file name>
Specifies the original path to the configuration file. The path
should end with the name of the file. The maximum length of the
path is 20 symbols.
no
Removes the necessity of obtaining the configuration file from
the TFTP server
Saving the Configuration File to NVRAM
The save-configuration command saves the downloaded configuration file to NVRAM.
CLI Mode: Zero-touch Configuration
By default, the configuration file is not saved to NVRAM.
Command Syntax
device-name(zero-touch)#save-configuration
device-name(zero-touch)#no save-configuration
T-Marc 300 Series User Guide

Page 48
Device Administration (Rev. 11)

Argument Description
no
Restores to default
Specifying the Number of Retries for Downloading the
Configuration File
The retry-max command specifies the maximum number of retries for downloading the
configuration file.
CLI Mode: Zero-touch Configuration
By default:
the number of retries is 3 times
the time interval between each retry is 64 seconds
Command Syntax
device-name(zero-touch)#retry-max <1-10>
Argument Description
1-10
Specifies the number of retries.
Forcing the Device to Reach the TFTP Server
The execute command forces the device to reach the TFTP server and to obtain the required
configuration file. If the downloading is completed successfully, the configuration file is saved as a
start-up configuration, and it is not executed.
CLI Mode: Zero-touch Configuration
Command Syntax
device-name(zero-touch)#execute
Displaying the Zero-touch Configuration
The show command and the show zero-touch command display the zero-touch configuration
details.
CLI Mode: Privileged (Enable) and Zero-touch Configuration
Command Syntax
device-name#show zero-touch
device-name(zero-touch)#show
T-Marc 300 Series User Guide

Page 49
Device Administration (Rev. 11)

Example 1
device-name(zero-touch)#show

St at e = di sabl ed
I P addr ess = 9. 0. 0. 1/ 8
TFTP ser ver = 9. 0. 0. 34
Conf i gur at i on f i l e = di r name/ devi ce. cf g
Save f i l e t o NVRAM = Di sabl ed
Number of r et r i es = 3
St at us =
Example 2
device-name#show zero-touch

St at e = di sabl ed
I p addr ess = 0. 0. 0. 0/ 0
TFTP ser ver = 0. 0. 0. 0
Conf i gur at i on f i l e =
Save f i l e t o NVRAM = Di sabl ed
Number of r et r i es = 3
St at us =
T-Marc 300 Series User Guide

Page 50
Device Administration (Rev. 11)

Software Upgrade and Boot Options
Preparing to Download a BiNOS Software Image
Using TFTP/FTP Connection
Before you begin to download a file from a TFTP/ FTP server, take the following precautions:
1. Make sure that the device has a route to the TFTP/ FTP server. The device and the
TFTP/ FTP server must be in the same subnet, if you do not have a router to route traffic
between subnets. Check the connection to the TFTP/ FTP server using the ping command
(refer to the TroubleshootingandMonitoringchapter of this User Guide).
2. Make sure that the software image file is in the download directory on the TFTP/ FTP server.
3. Make sure that you have at least Readpermissions for the software image for your username.
4. A power outage (or other problem) during the download procedure can corrupt the Flash
code. If the Flash code is corrupted, connect to the device through the console port, format
the Flash memory and download the application (see the Boot Loader section of the current
chapter).
Make sure that there is enough free space in the bootflash (at least 9.5 MB). To verify
this, use the dir command, as illustrated in the example below:

device-name#dir
Li st i ng Di r ect or y f l ash: / :
d S 2048 J an 1 1993 01: 37 Boot /
d S 2048 J an 1 1980 00: 00 Et c/
d S 2048 J an 1 1980 00: 00 J ava/
d S 2048 J an 1 1980 00: 00 Log/
d S 2048 J an 1 1993 00: 59 Usr /
d SH 2048 J an 1 1993 00: 00 Hi dden/
- 43796 J an 1 1993 00: 00 df l t _st ar t up_bi n. cf g
- 217 J an 1 1993 03: 12 pr of i l e. cf g
- 2483 J an 1 1993 03: 37 st ar t . cf g-
Fr ee di sk space 4511744
If necessary, delete unnecessary files to free some space:
device-name#del <foldername>/<file_name>

Example:
device-name#del boot/T-Marc 380_bm_fisw_7_1_TMC3.Z

T-Marc 300 Series User Guide

Page 51
Device Administration (Rev. 11)

Downloading the BiNOS Software Image
To download a BiNOS software image from the TFTP/ FTP server, proceed as follows:
1. Log on to the device through the console port or through a Telnet session and type your
password.
2. Enter the Privileged (Enable) mode.
3. Use the upgrade boot-profile command to upgrade the software image:
device-name#upgrade boot-profile tftp://<TFTP_server_IP_adress>/
<software_image filename> <local_software_image filename>

Example 1:
device-name#upgrade boot-profile tftp://9.0.0.7/BiNOS-v9.4.Z BiNOS-
v9.4.Z
TFTP r ecei vi ng appl i cat i on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appl i cat i on upgr ade compl et ed


An alternative method to upgrade the software image in two steps is by using the copy
application command and then the application command:
device-name#copy application tftp://<TFTP_server_IP_adress>/
<software_image filename>
device-name#configure boot-param
device-name(boot param)#application <local_software_image filename>

Example 2:
device-name#copy application t f t p: / / 9.0.0.7/BiNOS-v9.4.Z
TFTP r ecei vi ng f i l e . . . 5300324

I mage Si ze = 0x50E036 CRC Val ue = 0xD66707AE

device-name#configure boot-param
device-name(boot param)#application BiNOS-v9.4.Z
4. If the upgrade fails, verify that precautions above are taken.
5. To run the new software image, reload the device using the reload save command.
6. After the device reloads, type the show version command to verify the current device version
and the show running-config command to check the configuration of the device (refer to
the DeviceSetupandMaintenancechapter of this User Guide) .
T-Marc 300 Series User Guide

Page 52
Device Administration (Rev. 11)

Commands for Upgrading Software Images
Table 18: Commands for Upgrading Software Images
Command Description
upgrade boot-profile
Downloads a new software image and sets boot statements to
load the new image on startup.
(see Upgrading the BiNOS Software Image)
copy application
Downloads a new software image to the device
(see Downloading a New BiNOS Software Image)
application
Boots the device with the new image
(see Applying the New Boot Statement)

Table 19: Boot Commands for Upgrading Software Images
Command Description
device
Displays the current software image location (see Displaying and
Specifying the Software Image Location)
ftp-password
Displays the FTP connection password (see Displaying and
Specifying the FTP Password)
ftp-server
Displays the FTP server IP-address (see Displaying and
Specifying the FTP Server IP-Address)
ftp-user
Displays the FTP username (see Displaying and Specifying the
FTP Username)
startup-config
Specifies which startup configuration file is loaded on startup (see
Specifying the Startup Configuration File)
show
Displays the current boot statement (see Displaying Boot
Statements)

Table 20: Display Commands
Command Description
show version
Displays the inventory information regarding the software versions
of the device
(see Displaying the Information Regarding the Software Versions)
show manufacturing-
details
Displays detailed hardware information
(see Displaying Hardware Information)
show uptime
Displays how long the selected device has been operational
(see Displaying the Device Uptime)
T-Marc 300 Series User Guide

Page 53
Device Administration (Rev. 11)

Upgrading the BiNOS Software Image
The upgrade boot-profile command downloads a new software image and sets boot statements
to load the new image on startup.
CLI Mode: Privileged (Enable)
Command Syntax (for Local Flash System)
device-name#upgrade boot-profile {[[device://]path/]file-name DESTINATION
FILE-NAME | apply [device/]path/]file-name}
Command Syntax (for TFTP/FTP Server)
device-name#upgrade boot-profile {protocol://[user[:pass]@]host[:port]/file-
name DESTINATION FILE-NAME | apply
protocol://[user[:pass]@]host[:port]/file-name}
Argument Description
device
(Optional) the device from which the file is copied. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, ftp://user:pass@A.B.C.D) or as the local
Flash system (in format flash:/).
path
(Optional) the path where the file is located
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port
(Optional) specifies the port number.
file-name
The original name of the file.
DESTINATION-
FILE-NAME
The destination file name as it appears on the local Flash system.
apply
Applies directly the new boot statement.
PARAMS
Specifies the parameters to be applied in the following format:
[[device/]path/]file-name, when flash:/ system is used.
protocol//[user[:pass]@]host[:port]/file-name, when TFTP or FTP
server is used.

T-Marc 300 Series User Guide

Page 54
Device Administration (Rev. 11)

Example
The example specifies that the new application image is downloaded via TFTP from server with IP
10.3.71.101. It is searched in a directory called / MyApps/ under the TFTP server root directory.
The application filename on the TFTP server is Imagev1.5.Z; it is stored under the / Boot
directory on the local file system as BootAppv1.5.Z after it is validated; the boot parameters device
and Application are set to local and BootAppv1.5.Z.
device-name#upgrade boot-profile tftp://10.3.71.101/MyApps/Imagev1.5.Z
flash://Boot/BootAppv1.5.Z
Downloading a New BiNOS Software Image
The copy application command downloads a new software image to the device.
CLI Mode: Privileged (Enable)
Command Syntax (for local Flash System)
device-name#copy appl i cat i on [ [ device://] path] file-name [ DESTINATION-FILE-
NAME] [ no- val i dat i on]
Command Syntax (for TFTP/FTP Server)
device-name#copy appl i cat i on protocol:/ / [ user[ :pass] @] host[ :port] / file-name
[ DESTINATION-FILE-NAME] [ no- val i dat i on]
Argument Description
device
(Optional) the device from which the file is copied. It can be a
TFTP/FTP server (in format tftp://A.B.C.D, ftp://user:pass@A.B.C.D)
or as the local Flash system (in format flash:/).
path
(Optional) the path where the file is located
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and
port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
file-name
The original name of the file.
DESTINATION-FILE-
NAME
The destination file name as it will appear on the local Flash system.
no-validation
(Optional) skips the image validation check.
Example
device-name#copy application tftp://192.168.0.2/image.Z
T-Marc 300 Series User Guide

Page 55
Device Administration (Rev. 11)

Applying the New Boot Statement
The application FILE NAME command boots the device with the new image.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#application FILE-NAME
Argument Description
FILE-NAME
The name of the image file, a case-sensitive string.
Displaying and Specifying the Software Image Location
The device command displays the current software image location. Use one of the below
command arguments to specify the software image location.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#device [local | network]
Argument Description
local
(Optional). The device boots from the local software image
Local Flash file system
network
(Optional). The device boots from a remote software image, using an FTP
server. Currently this option is not supported because an OutBound interface is
not available.
Displaying and Specifying the FTP Password
The ftp-password command displays the FTP connection password. Use the command argument
to specify the FTP password.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#ftp-password [PASSWORD]
Argument Description
PASSWORD
(Optional) specifies the password used for the FTP connection
T-Marc 300 Series User Guide

Page 56
Device Administration (Rev. 11)

Displaying and Specifying the FTP Server IP-Address
The ftp-server command displays the FTP server IP-address. Use the command argument to
specify the FTP server IP-address.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#ftp-server [A.B.C.D]
Argument Description
A.B.C.D
(Optional) specifies the FTP server IP-address
Displaying and Specifying the FTP Username
The ftp-user command displays the FTP username. Use the command argument to specify the
FTP username.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#ftp-user [NAME]
Argument Description
NAME
(Optional) specifies the FTP username
Specifying the Startup Configuration File
The startup-config command specifies which startup configuration file is loaded on startup.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#startup-config {FILE | binary {FILE | default} |
default}
Argument Description
FILE
The startup configuration filename
binary
Loads the startup configuration file in a binary format
default
Loads the default startup configuration file
T-Marc 300 Series User Guide

Page 57
Device Administration (Rev. 11)

Displaying Boot Statements
The show command displays the current boot statement.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#show
device-name(boot param)#application
Example 1
device-name(boot param)#show
I P addr ess = 2. 2. 2. 2: f f f f f f 00
Devi ce = l ocal
Appl i cat i on = Bi NOS- TMar c_3X0- 9. 4. 3. TMC3- pr e3. Z
St ar t up conf i gur at i on =
St at up bi nar y conf i g =
FTP ser ver = 2. 2. 2. 1
FTP user = mar k3
FTP passwor d = mar k3
Boot f l ags =
Example 2
device-name(boot param)#application
Bi NOS- TMar c_3X0- 9. 4. 3. TMC3- pr e3. Z
Displaying the Information Regarding the Software Versions
The show version command displays the inventory information regarding the software versions
of the device.
CLI Mode: View and Privileged (Enable)
The command displays the following information:
Device modelthe platform name
SW versiondisplays the installed application image
Java versionnot loaded
Loader versiondisplays the installed Loader image
Up timedisplays the time elapsed since the device is turned on
Command Syntax
device-name>show version
device-name#show version
T-Marc 300 Series User Guide

Page 58
Device Administration (Rev. 11)

Example
device-name#show version
BATM Advanced Communi cat i ons

Devi ce model : T- Mar c 380
Pr oduct Cat egor y : AccessEt her net ( TM)

Devi ce r unni ng SWver si on : 10. 1- pr e8 cr eat ed Mar 17 2010 - 20: 19: 58

Devi ce Def aul t SWf i l e : Bi NOS- TMar c_3X0- 10. 1. BETA- dev26. Z
Devi ce Def aul t SWver si on : 10. 1- pr e8

Bi NOSVi ew f i l e : j ava. i mg - NOT FOUND
Bi NOSVi ew ver si on : -
FPGA ver si on : 1. 2 ( mai nt / bui l d 9/ 1)

Loader ver si on : 8. 2. 0 cr eat ed J an 31 2008 - 16: 29: 48

Up t i me : 0 days, 0 hour s, 45 mi n, 16 sec.
Displaying Hardware Information
The show manufacturing-details command displays detailed hardware information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show manufacturing-details
Example
device-name#show manufacturing-details
Ser i al number : 8807340077
Assembl y No : AL001350
HWr evi si on : 05
HWsubr evi si on : 02
Displaying the Device Uptime
The show uptime command displays how long the selected device has been operational.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show uptime
Example:
T-Marc 300 Series User Guide

Page 59
Device Administration (Rev. 11)

device-name#show uptime
Up t i me : 0 days, 4 hour s, 1 mi n, 52 sec.
T-Marc 300 Series User Guide

Page 60
Device Administration (Rev. 11)

Downloading and Uploading Configuration Files
You can perform the following operations:
Download new embedded software versions to the Flash memory component of the device
Save the startup configuration on a remote server
Load a startup configuration from a remote server
Save the startup configuration as the running configuration

Table 21: Commands for Downloading and Uploading Configuration Files
Command Description
copy FILE-NAME
startup-config
Loads a start-up configuration with a specified file name from a
remote server (see Downloading the Startup Configuration)
copy FILE-NAME
running-config
Loads a running-configuration with a specified file name, from a
remote server (see Downloading the Running Configuration)
copy startup-config
Saves a copy of the start-up configuration on a remote server
(see Copying the Start-up Configuration)
copy running-config
Saves a copy of the running configuration on a remote server
(see Copying the Running Configuration)
copy running-config
startup-config
Saves the current running-configuration to the start-up configuration
file in NVRAM (see Saving the Device Configuration)
reload
Reloads the device (see Reloading the Operating System)

Downloading the Startup Configuration
The copy FILE-NAME startup-config command loads a start-up configuration with a specified
file name from a remote server.
CLI Mode: Privileged (Enable)
After the configuration is downloaded, you need to reload the device. When the device completes
booting, it treats the downloaded configuration file as a script of CLI commands, and automatically
executes them. If your CLI connection is through Telnet, the connection is terminated when the
device reloads, but the commands execute normally.

NOTE
After using this command, use the r el oad no- save command. Otherwise, the
downloaded configuration is removed.
T-Marc 300 Series User Guide

Page 61
Device Administration (Rev. 11)

Command Syntax (for Local Flash System)
device-name#copy [[device/]path]file-name startup-config
Command Syntax (for TFTP/FTP Server)
device-name#copy protocol://[user[:pass]@]host[:port]/file-name startup-
config
Command Syntax (for SFTP Server)
device-name#copy device/user:pass@host/[path/]file-name startup-config
Argument Description
device
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
user
(Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path from which the file is copied. The path
ends with the name of the file.
file-name
The original file name.
Example
The following command downloads the start-up configuration file named START001located on
the TFTP server at IP address 192.192.54.1:
device-name#copy tftp://192.192.54.1/START001 startup-config
Downloading the Running Configuration
The copy FILE-NAME running-config command loads the running-configuration with the
specified file name from a remote server.
CLI Mode: Privileged (Enable)
Command Syntax (for Local Flash System)
device-name#copy [[device/]path]file-name runni ng- conf i g
Command Syntax (for TFTP/FTP Server)
device-name#copy protocol://[user[:pass]@]host[:port]/file-name runni ng-
conf i g
T-Marc 300 Series User Guide

Page 62
Device Administration (Rev. 11)

Command Syntax (for SFTP Server)
device-name#copy device/user:pass@host/[path/]file-name runni ng- conf i g
Argument Description
device/
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D),as the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D).
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
path
(Optional) the exact location path from which the file is copied. The path
should end with the name of the file.
file-name
The original file name.
Example
The following command downloads the running-configuration file named RUN001located on the
TFTP server at IP address 192.192.54.1:
device-name#copy tftp://192.192.54.1/RUN001 running-config
Copying the Start-up Configuration
The copy startup-config command saves a copy of the start-up configuration on a remote
server to a specific folder under a specified file name.
CLI Mode: Privileged (Enable)
When you upload the current configuration, you can modify the configuration using a text editor.
Command Syntax (for Local Flash System and TFTP/FTP Server)
device-name#copy startup-config [<device>:[<server IP>/]][<path>]<file name>
Command Syntax (for SFTP Server)
device-name#copy startup-config device/user:pass@host/[path/]file-name
Argument Description
device/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://:A.B.C.D), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D).
server IP
Server IP address.
T-Marc 300 Series User Guide

Page 63
Device Administration (Rev. 11)

user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path where the file is copied.
file-name
The original file name.
Example
The following command uploads the start-up configuration under a file named START002 located
on the TFTP server at IP address 192.192.54.1:
device-name#copy startup-config tftp://192.192.54.1/START002
Copying the Running Configuration
The copy running-config command saves a copy of the running configuration on a remote
server to a specific folder under a specified file name.
CLI Mode: Privileged (Enable)
When you upload the current configuration, you can modify the configuration using a text editor.
Command Syntax (for Local Flash System and TFTP/FTP Server)
device-name#copy running-config [<device>:[<server IP>/]][<path>]<file name>
Command Syntax (for SFTP Server)
device-name#copy running-config device/user:pass@host/[path/]file-name
Argument Description
device/
(Optional). The device to which the file is to be copied. It can be a TFTP
server (in format tftp://:A.B.C.D), the local flash system (in format flash:/), or
a SFTP server (in format sftp://A.B.C.D).
server IP
(Optional). Server IP address.
path
(Optional). The exact location path where the file is to be copied.
file-name
The original file name.
Example
The following command uploads the running-configuration under a new file named RUN002 on
the TFTP server at IP address 192.192.54.1:
device-name#copy running-config tftp://192.192.54.1/RUN002
T-Marc 300 Series User Guide

Page 64
Device Administration (Rev. 11)

Saving the Device Configuration
The copy running-config startup-config command saves the current running configuration
to the start-up configuration file in NVRAM.
CLI Mode: Privileged (Enable)
This command is equivalent to the write memory command in Privileged (Enable) mode (refer to
the DeviceSetupandMaintenancechapter of the BiNOS User Guide).
Command Syntax
device-name#copy running-config startup-config
Reloading the Operating System
The reload command reloads the device.
CLI Mode: Privileged (Enable)

NOTE
Use the r el oad command after configuration information is entered into a file and
saved to the startup configuration.
The r el oad command requires confirmation before reloading!

NOTE
The r el oad t o- def aul t s command does not affect the contents of the file system.
Command Syntax
device-name#reload [save | no-save | to-defaults]
Argument Description
save
(Optional). Saves the running configuration to NVRAM and restart the
device. This is the default status.
no-save
(Optional). Does not save the current running configuration and restart the
device.
to-defaults
(Optional). Sets the device configuration to its factory defaults and restart.
Example 1
Saving the current configuration and reloading the device:
device-name#reload save
Save cur r ent conf i gur at i on and r eboot t he devi ce ? [ y/ n] : y
Reboot i ng . . .
T-Marc 300 Series User Guide

Page 65
Device Administration (Rev. 11)

Example 2
Reloading the device without saving the current configuration:
device-name#reload no-save
Pr oceed wi t h r el oad ? [ y/ n] : y
Reboot i ng . . .
T-Marc 300 Series User Guide

Page 66
Device Administration (Rev. 11)

Boot Loader
Overview
The boot process performs low-level CPU initialization, and loads a default operating system
software image into memory and boots the device.
When starting, the loader counts down a few seconds, allowing you an entry point into the loader
CLI. The loader then passes to interactive mode, requests a login password, and starts a CLI
session. If no key is pressed, the device initiates the auto-startup application is started.
Initially the device expects the default password batm. This password may be changed by using the
password loader command (refer to the DeviceSetupandMaintenancechapter of the BiNOS User
Guide).
While the device reboots, numbers appear on the console terminal following the line Pressanykeyto
stopauto-boot.... To enter the Loader mode, press <Enter> while the numbers are running.
device-name#reload no-save
Pr oceed wi t h r el oad ? [ y/ n] : y
Reboot i ng . . .



BATM Tel co Boot Loader

Devi ce model : T- Mar c 380
Loader ver si on : 8. 0. 0 cr eat ed Oct 29 2007 - 21: 59: 11
MAC Addr ess : 00: A0: 12: 27: 0E: E0





usr Boot Li neI ni t f i ni sh OK


At t achi ng net wor k i nt er f ace l o0. . . done.

Pr ess any key t o st op aut o- boot . . .
2
st ar t CLI

User Access Ver i f i cat i on

Passwor d: bat m
Loader>
T-Marc 300 Series User Guide

Page 67
Device Administration (Rev. 11)

The Device Loader's Default Configuration
Table 22: Default Loader Configuration
Feature Default Value
Password batm
Block start address 0
Block length 256
Simulation of CPM redundancy Disabled

The Loader Commands
Table 23: Loader Application Commands
Command Description
start application
Exits the loader and starts using the BiNOS software image
(see Starting the BiNOS Software Image)
copy application
Downloads the software image to the device by using TFTP
server
(see Downloading the Application Software by using TFTP)
download application
Downloads the BiNOS application using X-modem (see
Downloading the BiNOS Application by Using X-modem)
ip-address
Displays the OutBand port IP address
(see Displaying the Device IP Address and Mask)
version
Displays the device model type and the loader version
(see Displaying the Loader Version)
manufacturing-details
Displays detailed hardware information of the board
(see Displaying Hardware Details)
Table 24: Loader Configuration Commands
Command Description
config
Enters the loader configuration mode (see Loader
Configuration Mode)
ip-address
Displays the OutBand port IP address and subnet mask
(see Displaying and Specifying the OutBand Port IP Address)
mac-address
Displays the device MAC address
(see Displaying and Specifying the MAC Address)
clean startup-config
Sets the startup configuration file to the factory default values
(see Resetting the Startup Configuration File)
clean boot-config
Clears the Loader EEPROM
(see Deleting the Boot Configuration)
clean log-history
Cleans all history records (see Erasing Log History Records)
clean flash all
Cleans the Flash memory (see Cleaning the Flash Memory)
backup
Makes a backup copy of the Flash or EEPROM memory
T-Marc 300 Series User Guide

Page 68
Device Administration (Rev. 11)

Command Description
contents (see Making a Backup Copy)
refresh flash
Rewrites the Flash memory (see Rewriting the Flash Memory)
restore flash
Restores the Flash memory
(see Restoring the Flash Memory)

Table 25: The Boot Parameters Commands

NOTE
Currently these commands are not supported because the OutBound interface is not
available.

Command Description
boot-param device
Displays the current software image location
(see Displaying and Specifying the Software Image Location)
boot-param application
Displays the current boot statement (see Displaying and
Applying the Boot Statement)
boot-param ftp-server
Displays the FTP server IP-address (see Displaying and
Specifying the FTP Server IP-Address)
boot-param ftp-user
Displays the FTP username (see Displaying and Specifying
the FTP Username)
boot-param ftp-password
Displays the FTP connection password (see Specifying the
FTP Access Password)
boot-param startup-config
Specifies which startup configuration file is loaded on startup
(see Specifying the Startup Configuration Name)
boot-param
Displays the current boot statement
(see Displaying Boot Statements)

Table 26: Memory Debug Commands

CAUTION

The commands in the following table can be used only by Telco Systems Technical
Support.


Command Description
memory
Accesses the Loader memory mode
(see Loader Memory Mode)
copy
Copies a block of memory (see Copying a Block of Memory)
check-device
Checks the integrity of the file system and repairs lost clusters
and file structure
(see Checking and Repairing File-system Integrity)
display
Displays a block of memory
(see Displaying a Block of Memory)
fill
Fills a block of memory (see Filling a Block of Memory)
T-Marc 300 Series User Guide

Page 69
Device Administration (Rev. 11)

Command Description
list
Prints a command list (see Printing a Command List)
T-Marc 300 Series User Guide

Page 70
Device Administration (Rev. 11)

Starting the BiNOS Software Image
The start application command exits the loader and starts using the BiNOS software image.
CLI Mode: Loader
Command Syntax
Loader>start application
Example
Loader>start application
aut o- boot i ng. . .

Uncompr essi ng 3994461 byt es. . .
Loadi ng i mage. . . 14284304


BUI LT- I N SELF TEST
- - - - - - - - - - - - - - - - - -
CPU Cor e Test : Passed
Power Suppl y Test : Passed
Fan Test : Passed



/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /
/ / / /
/ / / /
/ / B A T M A d v a n c e d C o mmu n i c a t i o n s / /
/ / / /
/ / T e l c o S y s t e ms / /
/ / / /
/ / Devi ce model : T- Mar c 380 / /
/ / Pr oduct Cat egor y : AccessEt her net ( TM) / /
/ / SWver si on : 10. 1 cr eat ed Mar 17 2010 - 20: 19: 58 / /
/ / / /
/ / / /
/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /


User Access Ver i f i cat i on

Passwor d:
T-Marc 300 Series User Guide

Page 71
Device Administration (Rev. 11)


Downloading the Application Software by using TFTP
The copy application command downloads the software image to the device by using TFTP
server.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>copy application [[ [ device/] path] file-name [ DESTINATION FILE-NAME]
[ no- val i dat i on]
Argument Description
device/
(Optional) the device to which the file is copied (in format tftp://A.B.C.D)
path
(Optional) the path to the location where the file is copied
file-name
The original name of the file
DESTINATION-FILE-
NAME
The destination file name as it will appear on the local flash system
no-validation
(Optional) skips the image validation check
Example
The following command downloads the new software-version file named VERxxx that is located
in the Root directory on the TFTP server at IP address 192.192.54.1:
Loader>copy application tftp://192.192.54.1/VERxxx.Z
Downloading the BiNOS Application by Using X-modem
The download application command copies the BiNOS application from a source computer to
the device permanent storage memory, through a console connection by X-modem transfer.
CLI Mode: Loader
The role of this command is to provide a rescue solution when the device becomes inoperable and
a new application image cannot be received by the TFTP transfer!
Command Syntax
Loader>download application
Example
Loader>download application
XMODEM appl i cat i on downl oad t o f l ash 0
XMODEM Recei ve: Wai t i ng f or Sender
I mage Si ze = 0xBD552 CRC Val ue = 0x691181F3
Savi ng appl i cat i on code t o FLASH bank 0. . . . Success.
Loader>
T-Marc 300 Series User Guide

Page 72
Device Administration (Rev. 11)

Displaying the Device IP Address and Mask
The ip-address command displays the OutBand port IP interface address and subnet mask.
CLI Mode: Loader
Command Syntax
Loader>ip-address
Example
Loader>ip-address
Loader I P addr ess = 10. 2. 111. 111, subnet mask = f f f f 0000
Displaying the Loader Version
The version command displays the device model type and the loader version.
CLI Mode: Loader
Command Syntax
Loader>version
Example
Loader>version
BATM Tel co Boot Loader
Devi ce model : T- Mar c 380
Loader ver si on : 8. 0. 0 cr eat ed Oct 29 2007 - 21: 59: 11
Displaying Hardware Details
The manufacturing-details command displays detailed hardware information.
CLI Mode: Loader
Command Syntax
Loader>manufacturing-details
Example
Loader>manufacturing-details
Devi ce model : T- Mar c 380
Ser i al number : 8807340077
Assembl y No : AL001350
Par t number : Not Avai l abl e
CLEI : Not Avai l abl e
HWr evi si on : 05
HWsubr evi si on : 02
T-Marc 300 Series User Guide

Page 73
Device Administration (Rev. 11)

Manuf act ur i ng Dat e : Not Avai l abl e
Loader Configuration Mode
The config command enters the Loader Configuration mode.
CLI Mode: Loader
Command Syntax
Loader>config
Loader(config)#
Displaying and Specifying the OutBand Port IP Address
The ip-address command displays the OutBand port IP address and subnet mask. Use one of
the command arguments below to specify a new IP address and subnet mask.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#ip-address [A.B.C.D/M | A1.B1.C1.D1 M1.M2.M3.M4]
Argument Description
A.B.C.D/M
(Optional). Specifies the new IP address with mask by number of bits.
A1.B1.C1.D1
M1.M2.M3.M4
(Optional). Specifies the new IP address with mask in dotted decimal
notation.
Example
The following example displays the Loader current IP address:
Loader(config)#ip-address
Loader I P addr ess = 10. 2. 111. 111, subnet mask = f f f f 0000
Displaying and Specifying the MAC Address
The mac-address command displays the device MAC address. Use the command argument to
specify a new device MAC address.
All LAN devices must have different MAC addresses.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#mac-address [HH:HH:HH:HH:HH:HH]
Argument Description
T-Marc 300 Series User Guide

Page 74
Device Administration (Rev. 11)

HH:HH:HH:HH:HH:HH
(Optional). Specifies the new MAC address
Example 1
The following example displays the device current MAC address:
Loader(config)#mac-address
Cur r ent base MAC Addr ess of devi ce = 00:A0:12: CE: 10: 61
Out Band MAC Addr ess ( base + 1) = 00:A0:12: CE: 10: 62
Example 2
The following example assigns a new MAC address to the device. The response indicates that the
new MAC address is accepted and stored in the device memory.
Loader(config)#mac-address 00:A0:12:07:0f:78
New MAC Addr ess of devi ce = 00:A0:12: 07: 0F: 78
Resetting the Startup Configuration File
The clean startup-config command cleans the startup configuration database in the permanent
storage memory of the device, and sets it to its default values.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#clean startup-config [all]
Argument Description
all
(Optional). Cleans the startup configuration and all system settings like
authentication data and configuration profiles.
Example
Loader(config)#clean startup-configuration all
War ni ng: I P addr ess wi l l be l ost .
Deleting the Boot Configuration
The clean boot-config command clears the Loader EPROM.
CLI Mode: Loader Configuration

CAUTION

This command should be used only by Telco Systems Technical Support.
Command Syntax
Loader(config)#clean boot-config {remove-board-data | remove-all}
T-Marc 300 Series User Guide

Page 75
Device Administration (Rev. 11)

Argument Description
remove-board-
data
Clears the NVRAM board configuration, keeping the management IP
address, boot profile and manufacturing details.
remove-all
Clears all settings in non-volatile memory, including all above.
Erasing Log History Records
The clean log-history command erases all log history records.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#clean log-history
Cleaning the Flash Memory
The clean flash all command erases all Flash memory records.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#clean flash all
Making a Backup Copy
The backup command makes a backup copy of the Flash or EEPROM memory contents.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#backup eeprom A.B.C.D FILE-NAME
Loader(config)#backup flash {1 | 2 | boot} A.B.C.D FILE-NAME
Argument Description
eeprom
Specifies that a backup copy of the EEPROM memory contents is made.
flash
Specifies that a backup copy of the Flash memory contents is made.
A.B.C.D
Specifies the IP address of the TFTP server where the backup copy is
written.
FILE-NAME
Specifies the name of the backup file to be copied.
1
Makes a backup of the primary Flash.
2
Makes a backup of the secondary Flash.
boot
Makes a backup of the boot Flash.
T-Marc 300 Series User Guide

Page 76
Device Administration (Rev. 11)

Rewriting the Flash Memory
The refresh flash command rewrites the Flash memory.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#refresh flash {1 | 2 | all}
Argument Description
1
Rewrites the primary Flash memory.
2
Rewrites the secondary Flash memory.
all
Rewrites all Flash memory.
Restoring the Flash Memory
The restore flash command restores the Flash memory.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#restore flash {1 | 2} A.B.C.D FILE-NAME
Argument Description
1
Restores the primary Flash.
2
Restores the secondary Flash.
A.B.C.D
Specifies the IP address of the TFTP server where the Flash memory will
be restored.
FILE-NAME
The name of the backup file.
Displaying and Specifying the Software Image Location
The boot-param device command displays the current software image location. Use one of the
below command arguments to specify the software image location.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader(config)#boot-param device
Loader(config)#boot-param device [local | network]
T-Marc 300 Series User Guide

Page 77
Device Administration (Rev. 11)

Argument Description
local
(Optional). The device boots from the local software image
network
(Optional). The device boots from a remote software image, using an FTP
server
Displaying and Applying the Boot Statement
The boot-param application command displays the current boot statement.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param application
Loader(config)#boot-param application [FILE-NAME]
Argument Description
FILE-NAME
The name of the image file, a case-sensitive string.
Displaying and Specifying the FTP Server IP-Address
The boot-param ftp-server command displays the FTP server IP-address. Use the command
argument to specify the FTP server IP-address.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param ftp-server
Loader(config)#boot-param ftp-server [A.B.C.D]
Argument Description
A.B.C.D
(Optional) specifies the FTP server IP-address
Displaying and Specifying the FTP Username
The boot-param ftp-user command displays the FTP username. Use the command argument to
specify the FTP username.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param ftp-user
Loader(config)#boot-param ftp-user [NAME]
T-Marc 300 Series User Guide

Page 78
Device Administration (Rev. 11)

Argument Description
NAME
(Optional). The FTP access user name.
Specifying the FTP Access Password
The boot-param ftp-password command specifies the password for FTP server access.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param ftp-password
Loader(config)#boot-param ftp-password [PASSWORD]
Argument Description
PASSWORD
(Optional). The FTP authentication password for the configured FTP user name.
Specifying the Startup Configuration Name
The boot-param startup-config command specifies the name of the startup configuration.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param startup-config [binary]
Loader(config)#boot-param startup-config [FILE-NAME | binary [FILE-NAME |
default] | default]
Argument Description
FILE-NAME
(Optional). The name of the startup-configuration
default
(Optional). Sets the default name of the startup configuration
binary
(Optional). Sets the binary startup configuration.
Displaying Boot Statements
The boot-param command displays the current boot statement.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader>boot-param
Loader(config)#boot-param
T-Marc 300 Series User Guide

Page 79
Device Administration (Rev. 11)

Example
Loader>boot-param
I P addr ess = 10. 0. 0. 1: f f f f f f 00
Devi ce = l ocal
Appl i cat i on = Bi NOS- TMar c_3X0- 9. 4. 3. TMC3- pr e3. Z
St ar t up conf i gur at i on =
St at up bi nar y conf i g =
FTP ser ver =
FTP user =
FTP passwor d =
Boot f l ags =
Loader Memory Mode
The memory command enters the Loader memory mode.
CLI Mode: Loader
Command Syntax
Loader>memory
Loader(memory)#
Copying a Block of Memory
The copy command copies a block of memory that is specified by block-lengthfrom the specified
source address to the specified destination address.
CLI Mode: Loader Memory
Command Syntax
Loader(memory)#copy <src-addr> <dst-addr> <blk-len>
Argument Description
src-addr
Hexadecimal source address (optionally prefixed with 0x).
dst-addr
Hexadecimal destination address (optionally prefixed with 0x).
blk-len
Hexadecimal or decimal block length (use 0x prefix for hexadecimal
number).
T-Marc 300 Series User Guide

Page 80
Device Administration (Rev. 11)

Checking and Repairing File-system Integrity
The check-device command checks the integrity of the file system and repairs lost clusters and file
structure.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#check-device flash:
Example
Loader(config)#check-device flash:
f l ash: / - di sk check i n pr ogr ess . . .
dosChkLi b : CLOCK_REALTI ME i s bei ng r eset t o THU DEC 27 00: 00: 00 1990
Val ue obt ai ned f r omf i l e syst emvol ume descr i pt or poi nt er : 0xf f f dd38
The ol d set t i ng was THU J AN 01 00: 16: 22 1970
Accept ed syst emdat es ar e gr eat er t han THU DEC 27 00: 00: 00 1990
f l ash: / - Vol ume i s OK
Change vol ume I d f r om0x0 t o 0xe696
t ot al # of cl ust er s: 15, 237
# of f r ee cl ust er s: 12, 042
# of bad cl ust er s: 0
t ot al f r ee space: 24, 084 Kb
max cont i guous f r ee space: 24, 659, 968 byt es
# of f i l es: 8
# of f ol der s: 9
t ot al byt es i n f i l es: 6, 360 Kb
# of l ost chai ns: 0
t ot al byt es i n l ost chai ns: 0

Displaying a Block of Memory
The display command displays a block of memory.
CLI Mode: Loader Memory
Command Syntax
Loader(memory)#display [<st-addr> [<blk-len>]]
Argument Description
st-addr
(Optional). Hexadecimal start address (optionally prefixed with 0x). If only
the start address is specified, the previous or default block length is
repeated.
blk-len
(Optional). Hexadecimal or decimal block length (use 0x prefix for
hexadecimal number).
T-Marc 300 Series User Guide

Page 81
Device Administration (Rev. 11)

Filling a Block of Memory
The fill command fills a block of memory.
CLI Mode: Loader Memory
Command Syntax
Loader(memory)#fill <st-addr> <blk-len> <value>
Argument Description
st-addr
Hexadecimal start address (optionally prefixed with 0x).
blk-len
Hexadecimal or decimal block length (use 0x prefix for hexadecimal
number).
value
Hexadecimal byte value to fill (optionally prefixed with 0x).
Printing a Command List
The list command prints the executed commands in a list format.
CLI Mode: Loader
Command Syntax
Loader(memory)#list

Configuration Example
Updating the Application Software from Loader:
1. Configure boot parameters in profile (to configure any application file as a default one, the file
must be downloaded first):
Loader>config
Loader(config)#boot-param device local
2. Download the application by TFTP (it is stored with the source name. To change the target
name, specify the name as an additional command argument). If an application file with the
specified target name exists, it is overwritten.
Loader(config)#exit
Loader>copy application tftp:10.4.0.4/BiNOS-sfm880.Z
TFTP r ecei vi ng f i l e . . . 3385202
3. Set the default application (when the file is already stored in FS):
Loader>config
Loader(config)#boot-param application BiNOS-sfm880.Z
T-Marc 300 Series User Guide

Page 82
Device Administration (Rev. 11)

System Time and Date
The device internal clock runs from the moment the system starts up and keeps track of the date
and time. It is set from the following sources:
Manual configuration
Daytime Protocol
Time Protocol
Summer Time (Daylight Saving Time)
Network Time Protocol
1588v2 Precision Time Protocol
Daytime Protocol
The Daytime protocol is defined in RFC 867. A host connects to a server that supports the
Daytime protocol, on either TCP or UDP port 13. The server then returns the current date and
time as an ASCII string with an unspecified format.
Time Protocol
The Time protocol is defined in RFC 868. This protocol provides a site-independent, machine
readable date and time.
The Time protocol operates over either TCP or UDP. A host connects to a server that supports
the Time protocol, on port 37. The server then sends the time as a 32-bit unsigned binary number
in network byte order representing a number of seconds since 00:00 (midnight) 1 January, 1900
GMT and closes the connection. The host receives the time and closes the connection.

NOTE
In BiNOS, the Daytime protocol and the Time protocol use TCP.
Summer Time (Daylight saving time)
Daylight saving time (DST) is the practice of temporarily advancing clocks. Computer-based
systems adjust automatically when DST starts and finishes, based on their time zone settings
You can have the device advance the clock one hour at 2:00 a.m. on the first Sunday in April and
move back the clock one hour at 2:00 a.m. on the last Sunday in October. You can explicitly specify
the start and end dates and times and whether or not the time adjustment recurs every year.

T-Marc 300 Series User Guide

Page 83
Device Administration (Rev. 11)

Network Time Protocol
Network Time Protocol (NTP) provides a reliable way of transmitting and receiving the time over
IP networks. NTP is organized as a client-server model. An NTP network usually gets its time from
an authoritative time source, such as a radio clock or an atomic clock connected to a Time server.
NTP then distributes this time across the network.
1588v2 Precision Time Protocol (PTP)
IEEE-1588v2, also known as PTP, provides an Ethernet-based, scalable clock-synchronization
mechanism with various master-clock and quality options.
Precise time synchronization is essential for monitoring performance measurements in order to
ensure a high quality of service.
Enable this protocol for synchronizing the T-Marc 300 Series devices, in order to measure
extremely accurate Service Assurance Application (SAA) one-way delay (for more information,
refer to the ServiceAssuranceApplicationsection of the Operation, Administration, andMaintenance
chapter of this user guide).
The PTP mechanism functions as follows:
One clock in a defined domain within the network serves as the master clock (either a grand-
master clock or one T-Marc 300 Series device configured as a master clock)
The master clock periodically announces itself as the master clock to the slave clocks within
the defined domain
The master clock sends periodical synchronization messages to the slave clocks within the
domain
In case more than one master announces itself within the domain, the master clock with the
highest defined 1588v2 priority and quality remains the master clock while the other master
clock/ s' mode is automatically switched to slave
To configure the PTP feature, refer to 1588v2 PTP ConfigurationFlow.
System Time and Date Default Configuration
Table 27: System Time and Date Default Configuration
Feature Default Value
NTP authentication Disabled
Summer time (Daylight Saving Time) Disabled
1588v2 PTP Default Configuration
Table 28: 1588v2 PTP Default Configuration
Feature Default Value
PTP Disabled
T-Marc 300 Series User Guide

Page 84
Device Administration (Rev. 11)

Feature Default Value
PTP mode Slave
PTP primary priority (priority1) 255
PTP secondary priority (priority2) 255
Domain number 0
Announce interval 16 seconds
Synchronization interval 4 seconds
Static master address (none)
PTP per interface Disabled
Announce-receipt timeout intervals 3
Synchronization-receipt timeout intervals 3
T-Marc 300 Series User Guide

Page 85
Device Administration (Rev. 11)

System Time and Date Configuration Flow
1. Manually configure the system time and date (see ConfiguringSystemTimeandDate)
or
2. Configure the device to synchronize the system time with a specific remote daytime or time
server (see Configuringa Daytimeor TimeServer)
or
3. Configure an NTP server (see ConfiguringanNTP Server)
4. Start the NTP server polling (see ConfiguringtheNTP Server Polling)
5. Optional configurations:
Define an MD5 authentication key (see ConfiguringtheMD5 AuthenticationKey)
Adjust the system time to DST and then back to standard time on pre-set dates (see
Specifyinga One-timeSummer Time(DST) Period)
Adjust the system time and date to an annually-recurring summer time (DST) period (see
Specifyinga Recurrent Summer Time(DST) Period)
6. Remove the NTP server (see RemovinganNTP Server)
7. Display the NTP server configuration (see RemovinganNTP Server)
8. Display the current time server configuration (see DisplayingtheTimeServer Configuration)
9. Display the current time and date (see DisplayingtheCurrent SystemTime)
T-Marc 300 Series User Guide

Page 86
Device Administration (Rev. 11)

System Time and Date Configuration Commands
Table 29: Time and Date Configuration Commands
Command Description
date
Manually configures the system time and date
(see Configuring System Time and Date)
time-server
Configures the device to synchronize the system time with
a specific remote daytime or time server
(see Configuring a Daytime or Time Server)
time-server ntp add
Configures an NTP server
(see Configuring an NTP Server)
time-server ntp start
Configures the NTP server polling
(see Configuring the NTP Server Polling)

Table 30: Time Server Optional Commands
Command Description
time-server ntp key
Configures the MD5 authentication key
(see Configuring the MD5 Authentication Key)
time-server summer-time
date
Adjusts the system time to DST and then back to standard
time on pre-set dates
(see Specifying a One-time Summer Time (DST) Period)
time-server summer-time
recurring
Adjusts the system time and date to an annually-recurring
summer time (DST) period
(see Specifying a Recurrent Summer Time (DST) Period)

Table 31: Commands for Removing the NTP Server
Command Description
time-server ntp delete
Deletes the existing NTP server
(see Removing an NTP Server)

Table 32: Time Servers Display Commands
Command Description
time-server ntp show
Displays defined NTP servers
(see Displaying NTP Servers)
time-server ntp key show
Displays existing NTP keys
(see Displaying the MD5 Authentication Key)
show time-server
Displays the current Time server configuration
(see Displaying the Time Server Configuration)
show date
show clock
Display the current time and date
(see Displaying the Current System Time)
T-Marc 300 Series User Guide

Page 87
Device Administration (Rev. 11)

Configuring System Time and Date
The date command manually configures the system time and date.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#date hh:mm:ss <day> MONTH <year>
Argument Description
hh:mm:ss
Specifies the time (24-hour format) in hours and minutes.
day
Day in month, in the range <131>.
MONTH
Specifies the month: January, February, March, April, May, June, July,
August, September, October, November, and December.
year
Year in four digits, in the range <19932035>.
Example
The following example sets system time to 12:30:00 and date 1 April 2008:
device-name(config)#date 12:30:00 1 april 2008
Configuring a Daytime or Time Server
The time-server command configures the device to synchronize the system time with a specific
remote server.
CLI Mode: Global Configuration
To use this feature, select the remote time synchronization protocol:
The DaytimeProtocol (RFC 867) specifies the date and time as a character string
The TimeProtocol (RFC 868) specifies the time in seconds since midnight, January 01, 1900
The server for remote synchronization can be any PC running Windows NT/ 2000 or the UNIX
operating system.
Command Syntax
device-name(config)#time-server daytime swap
device-name(config)#time-server {daytime | time} A.B.C.D <refresh-time>
[<zone> [timeout <timeout>]] [timeout <timeout>]
device-name(config)#time-server {daytime | time} A.B.C.D <refresh-time>
timezone <zone> {<1-59> timeout <timeout> | timeout <timeout>}
device-name(config)#no time-server [daytime swap]

T-Marc 300 Series User Guide

Page 88
Device Administration (Rev. 11)

NOTE
The old style of this command, wherein the IP address argument precedes the
daytime protocol, is supported for backward compatibility. However, Telco Systems
strongly recommends using only the new style of the command for setting up time
synchronization clients.
Argument Description
time
Specifies Time Protocol (RFC868).
daytime
Specifies Daytime Protocol (RFC867).
swap
Swaps day and month (for daytime format). This would be required if the
positions of day and month are interchanged in the daytime servers
format, to prevent the device from interpreting the day value as the
month and the month value as the day.
A.B.C.D
IP address of the time-server.
refresh-time
Synchronization polling interval, in the range of <1044640>minutes.
timezone
Specifies the time zone.
zone
Shifts of local hour relative to the server (positive East, negative West of
servers time zone). The range is <-1212>.
timeout <timeout>
Specifies the Time server session timeout in seconds. The range is <2
20>seconds.
1-59
Specifies a number of minutes to synchronize accurately the system time
to the time server.
no
Removes the Time server definitions.
Example 1
The following command synchronizes the system time with host 192.168.0.1, using the Time
Protocol. Synchronization is performed every 10 minutes. Local time is two hours behind the GMT
.
device-name(config)#time-server time 192.168.0.1 10 -2
Example 2
The following command synchronizes the system time with host 192.168.0.1, using the Daytime
Protocol. Synchronization is performed every 10 minutes. Local time is two hours ahead of the
GMT.
device-name(config)#time-server daytime 192.168.0.1 10 2
T-Marc 300 Series User Guide

Page 89
Device Administration (Rev. 11)

Configuring an NTP Server
The time-server ntp add command configures an NTP server.
CLI Mode: Global Configuration
You can define up to five NTP servers.
Command Syntax
device-name(config)#time-server ntp add A.B.C.D
Argument Description
A.B.C.D
Specifies the IP address of the Time server to be added.
Example
The following example adds the NTP server with IP address 186.102.20.11:
device-name(config)#time-server ntp add 186.102.20.11
Configuring the NTP Server Polling
The time-server ntp start command configures the NTP server polling interval. The polling
interval is the period of time between polling cycles.
CLI Mode: Global Configuration

NOTE
To end the NTP server polling use the no t i me- ser ver command.
Command Syntax
device-name(config)#time-server ntp start <polling-interval> {<zone> |
timezone <zone> <1-59>}
Argument Description
polling-interval
The synchronization refresh period in minutes, in the range <10
44640>(the upper limit is equivalent to 31 days).
zone
Shift of local hour relative to GMT (positive East, negative West of
Greenwich). The range is <-1212>.
timezone
Specifies the time zone.
1-59
Specifies a number of minutes to synchronize accurately the system
time to the time server.
T-Marc 300 Series User Guide

Page 90
Device Administration (Rev. 11)

Configuring the MD5 Authentication Key
The time-server ntp key command configures the MD5 authentication key.
CLI Mode: Global Configuration
Time synchronization can be authenticated to make sure that the local device obtains its time
services only from known sources.
By default, network time synchronization is unauthenticated.
Command Syntax
device-name(config)#time-server ntp key {add | delete} <key-id> KEY [A.B.C.D]
Argument Description
add
Defines the MD5 authentication key.
delete
Removes the existing MD5 authentication key.
key-id
The key number in the range <165535>.
KEY
String up to 20 non-blank characters. The string is case-sensitive. Some special
characters, such as question marks, are not allowed.
A.B.C.D
(Optional). NTP server address.
Example
The following example adds an MD5 authentication key with key ID of 27 and plain-text key qwerty:
device-name(config)#time-server ntp key add 27 qwerty
Conf i gur at i on changes wi l l t ake ef f ect af t er nt p cl i ent i s r est ar t ed
Specifying a One-time Summer Time (DST) Period
The time-server summer-time date command adjusts the system time to DST and then back to
standard time on pre-set dates.
Adjusts the system time to DST and then back to standard time on pre-set dates
CLI Mode: Global Configuration
By default, the summer time definition is disabled.
Command Syntax
device-name(config)#time-server summer-time date <day> MONTH <year> HH:MM:SS
<day> MONTH <year> HH:MM:SS <shift>
device-name(config)#no time-server summer-time
T-Marc 300 Series User Guide

Page 91
Device Administration (Rev. 11)

Argument Description
day
The start day of the month, in range <131>.
MONTH
The start summer-time month: January, February, March, April, May, June,
July, August, September, October, November and December.
year
The start summer-time year, in range <19932035>.
HH:MM:SS
Specify the start summer-time time.
day
The end day of the month, in range <131>.
MONTH
The end summer-time month: January, February, March, April, May, June,
July, August, September, October, November and December.
year
The end summer-time year, in range <19932035>.
HH:MM:SS
Specify the end summer-time time.
shift
The number of minutes to add during summer time, in range <11440>.
no
Remove the summer time settings.
Example
The following example demonstrates advancing the system time 1 hour on May 1st, 2004, at
02:00:00 and shifting it back on December 3rd, 2004, at 02:00:00:
device-name(config)#time-server summer-time date 1 May 2004 02:00:00 3 Dec
2004 02:00:00 60
Specifying a Recurrent Summer Time (DST) Period
The time-server summer-time recurring command adjusts the system time and date to an
annually-recurring summer time (DST) period.
CLI Mode: Global Configuration
By default, the summer time definition is disabled.
Command Syntax
device-name(config)#time-server summer-time recurring {first | <week> | last}
<day> MONTH HH:MM:SS {first | <week> | last) <day> MONTH HH:MM:SS <shift>
device-name(config)#no time-server summer-time
Argument Description
first
The first week of the month to start.
week
Specify the week of the month to start in, the range <14>.
last
The last week of the month to start.
day
The start summer-time day in the week: Sunday, Monday, Tuesday,
Wednesday, Thursday, Friday and Saturday.
MONTH
The start summer-time month: January, February, March, April, May,
June, July, August, September, October, November, and December.
T-Marc 300 Series User Guide

Page 92
Device Administration (Rev. 11)

HH:MM:SS
Specify the start summer-time time.
first
The first week of the month to end.
week
Specify the week of the month to end, in the range <14>.
last
The last week of the month to end.
day
The end summer-time day in the week: Sunday, Monday, Tuesday,
Wednesday, Thursday, Friday and Saturday.
MONTH
The end summer-time month: January, February, March, April, May,
June, July, August, September, October, November, and December.
HH:MM:SS
Specify the end summer-time time.
shift
The number of minutes to add during summer time, in the range <1
1440>.
no
Remove the summer-time settings.
Example
The following example shows how to advance the system time automatically by one hour every
year, starting on the second Monday of April at 01:00:00 this year and move the system time back
on the second Tuesday of October at 01:00:00:
device-name(config)#time-server summer-time recurring 2 mon apr 01:00:00 2
tue oct 01:00:00 60
Removing an NTP Server
The time-server ntp delete command deletes the existing NTP server.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#time-server ntp delete A.B.C.D
Argument Description
A.B.C.D
Specify the IP address of the Time server to be deleted.
Example
The following example removes the NTP server with IP address 186.102.20.11:
device-name(config)#time-server ntp delete 186.102.20.11
T-Marc 300 Series User Guide

Page 93
Device Administration (Rev. 11)

Displaying NTP Servers
The time-server ntp show command displays defined NTP servers.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#time-server ntp show
Example
The following example displays the three existing NTP servers:
device-name(config)#time-server ntp show
186. 102. 20. 11
182. 21. 2. 31
128. 11. 24. 6
Displaying the MD5 Authentication Key
The time-server ntp key show command displays the existing MD5 authentication key ID and
string.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#time-server ntp key show
Example
device-name(config)#time-server ntp key show
192. 168. 0. 40:
1 key1
2 key2
192. 168. 0. 32:
1 key1
Displaying the Time Server Configuration
The show time-server command displays the current Time server configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show time-server
T-Marc 300 Series User Guide

Page 94
Device Administration (Rev. 11)

Example
device-name#show time-server
Cur r ent syst emt i me MON OCT 13 19: 00: 25 2003
Ti me ser ver pr ot ocol : NTP
Ref r esh : 23 mi n
Ti me zone : 2h: 10m
Displaying the Current System Time
The show date and show clock commands display the current system time and date.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show date
device-name#show clock [detail]
Argument Description
detail
(Optional). The command also displays the type of the currently used
synchronization client and the time zone indication. If detail is not specified, the
command displays the current system time.
Example 1
device-name#show date
Cur r ent syst emt i me TUE APR 10 13: 45: 04 2001
Example 2
The following example displays the date and time:
device-name#show clock
Cur r ent syst emt i me TUE APR 10 13: 45: 04 2008
Example 3
The following example displays the date and time, and the currently used synchronization client (if
available):
device-name#show clock detail
Cur r ent syst emt i me THU J AN 01 00: 01: 02 1998
Ti me cl i ent i s r unni ng wi t h f ol l owi ng peer s:
Ti me ser ver : 192. 168. 0. 4
Ref r esh t i me: 10 mi nut es
Ti me zone shi f t : 2 hour ( s)
T-Marc 300 Series User Guide

Page 95
Device Administration (Rev. 11)

Configuration Example
The following example demonstrates how the device uses an NTP server.
1. Add the NTP server located in IP address 212.90.11.2:
device-name(config)#time-server ntp add 212.90.11.2
2. Add an MD5 authentication key with key ID of 27 and plain-text key qwerty:
device-name(config)#time-server ntp key add 27 qwerty
3. Start the NTP server polling with refresh period of 10 minutes and time zone 2:
device-name(config)#time-server ntp start 10 2
T-Marc 300 Series User Guide

Page 96
Device Administration (Rev. 11)

1588v2 PTP Configuration Flow
To configure the 1588v2 PTP, proceed as follows:
1. Enable 1588v2 PTP on the device (see ConfiguringPTP).
2. Define the device's PTP mode (master or slave, see DefiningtheDevice's PTP Mode).
3. (For master devices only) define the clock's primary 1588v2 priority (see Defininga Master
Clock's 1588v2 Primary Priority).
4. (For master devices only) define the clock's secondary 1588v2 priority (see Defininga Master
Clock's 1588v2 Secondary Priority).
5. Specify the PTP domain (logical grouping) the device belongs to (see AssigningtheDevicetoa
PTP Domain).
6. (For master devices only) define the interval for sending announce messages (see Definingthe
Interval for SendingAnnounceMessages).
7. (For master devices only) define the interval for sending synchronization messages (see
DefiningtheInterval for SendingSynchronization Messages).
8. (Optional, for slaves only) define a static master for the device (see Selectinga StaticMaster
Clock).
9. Enable PTP on the interface/ s (see EnablingPTP ona Port).
10. (For slave devices only) define the announce-receipt timeout from a master clock (see Defining
theAnnounce-Receipt Timeout).
11. (For slave devices only) define the synchronization-receipt timeout from a master clock (see
DefiningtheSynchronization-Receipt Timeout).
12. Display the PTP status (see DisplayingthePTP Status).
T-Marc 300 Series User Guide

Page 97
Device Administration (Rev. 11)

1588v2 PTP Configuration Commands
Table 33: 1588v2 PTP Configuration Commands
Command Description
ptp
Configures PTP on the local device and enters the PTP
Configuration mode (see Configuring PTP)
encapsulation all-ports
Defines the network technology used to transport PTP
messages (see Defining the Packet Encapsulation
Type)
priority1
Defines the 1588v2 primary priority of the master clock
(see Defining a Master Clock's 1588v2 Primary Priority)
priority2
Defines the 1588v2 secondary priority of the master
clock (see Defining a Master Clock's 1588v2 Secondary
Priority)
domain-number
Defines the PTP domain the device belongs to (see
Assigning the Device to a PTP Domain)
ptp-mode
Defines whether the device is a slave or a master (see
Defining the PTP Mode)
master-address
Defines a static master's MAC address for a slave
device (see Selecting a Static Master Clock)
announce-interval
Defines the interval the master sends announce
messages (see Defining the Interval for Sending
Announce Messages)
sync-interval
Defines the interval the master sends announce
messages (see Defining the Interval for Sending
Synchronization Messages)
master-vlan
Defines a VLAN used for sending master clock
messages or sync messages (Defining the Master
VLAN)
ptp enable
Enables PTP on port/s (see Enabling PTP on a Port)
ptp-announce-receipt-timeout
Defines the number of announce intervals to pass
without receiving an announce message before
dropping the current master and selecting a different
one (see Defining the Announce-Receipt Timeout)
ptp-sync-receipt-timeout
Defines the number of synchronization intervals to pass
without receiving a synchronization message before the
slave becomes unsynchronized with the master (see
Defining the Synchronization-Receipt Timeout)
show ptp
Displays the PTP state (see Displaying the PTP Status)

T-Marc 300 Series User Guide

Page 98
Device Administration (Rev. 11)


Configuring PTP
The ptp command configures PTP on the local device and enters the PTP Configuration mode.
Enable this protocol for accurate SAA one-way delay measurement (refer to the ServiceAssurance
Applicationsection of the Operation, Administration, andMaintenancechapter of BiNOS User Guide).
CLI Mode: Global Configuration
PTP is disabled by default.
Command Syntax
device-name(config)#ptp [enable]
device-name(config-ptp)#

device-name(config)#no ptp
Argument Description
enable
Enters the PTP Configuration mode
no
Disables PTP
Defining the Packet Encapsulation Type
The encapsulation all-ports command defines the network technology used to transport PTP
messages.

CLI Mode: PTP Configuration
By default, the encapsulation type is ieee8023.
Command Syntax
device-name(config-ptp)#encapsulation all-ports {ipv4 | ieee8023}
device-name(config-ptp)#no encapsulation all-ports
Argument Description
ipv4
PTP over UDP/IPv4. When carried over UDP, the first byte of the PTP
message immediately follows the final byte of the UDP header.
ieee8023
PTP over IEEE 802.3/ Ethernet. When carried over Ethernet, the first byte
of the PTP message occupies the first byte of the data field of the Ethernet
frame.
Defining the 1588v2 Primary Priority of the Master Clock
The priority1 command defines the 1588v2 primary priority of the master clock.
If there is more than one master device in a PTP domain, the device with the highest priority
(lowest number) remains the master while the other device/ s switch to slave.
T-Marc 300 Series User Guide

Page 99
Device Administration (Rev. 11)

CLI Mode: PTP Configuration
The default priority1 is 255.
Command Syntax
device-name(config-ptp)#priority1 <priority1>
device-name(config-ptp)#no priority1
Argument Description
priority1
The priority1 value, in the range of <0255>
no
Restores to default
Defining the 1588v2 Secondary Priority of the Master Clock
The priority2 command defines a finer grained ordering among otherwise equivalent master
clocks (see above).
CLI Mode: PTP Configuration
The default priority2 is 255.
Command Syntax
device-name(config-ptp)#priority2 <priority2>
device-name(config-ptp)#no priority2
Argument Description
priority2
The priority2 value, in the range of <0255>
no
Restores to default

Assigning the Device to a PTP Domain
The domain-number command specifies the PTP domain the device belongs to.
The PTP domain is the logical grouping of PTP clocks that synchronize to each other.
CLI Mode: PTP Configuration
The default domain number is 0.
Command Syntax
device-name(config-ptp)#domain-number <domain_number>
device-name(config-ptp)#no domain-number
Argument Description
domain-number
The PTP domain number, in the range of <0255>
T-Marc 300 Series User Guide

Page 100
Device Administration (Rev. 11)

no
Restores to default
Defining the PTP Mode
The ptp-mode command switches between slave and master modes.

NOTE
If the master device receives announce messages from a different PTP master device
with a higher 1588v2 priority and quality, it automatically switches to a slave mode
without any warnings.

CLI Mode: PTP Configuration
The default mode is slave.
Command Syntax
device-name(config-ptp)#ptp-mode {master | slave}
Argument Description
master
Defines the device as a master clock
slave
Defines the device as a slave clock
Selecting a Static Master Clock
The master-address command allows you to select a static master manually. In this case the slave
device skips the master election algorithm and ignores announce messages from other maters.
CLI Mode: PTP Configuration
By default, the device has no static master.
Command Syntax
device-name(config-ptp)#master-address <XX:XX:XX:XX:XX:XX>
device-name(config-ptp)#no master-address
Argument Description
XX:XX:XX:XX:XX:XX
The static master's MAC address
no
Restores to default
Defining the Interval for Sending Announce Messages
The announce-interval command defines the interval for a master device to announce itself as
master clock, in seconds.
CLI Mode: PTP Configuration
The default interval is 16 seconds.
T-Marc 300 Series User Guide

Page 101
Device Administration (Rev. 11)

Command Syntax
device-name(config-ptp)#announce-interval <announce interval>
device-name(config-ptp)#no announce-interval
Argument Description
announce interval
The interval between two consecutive announce messages, in
the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128}seconds.
no
Restores to default
Defining the Interval for Sending Synchronization Messages
The sync-interval command defines the interval for a master device to send synchronization
messages, in seconds.
CLI Mode: PTP Configuration
The default interval is 4 seconds.
Command Syntax
device-name(config-ptp)#sync-interval <synch interval>
device-name(config-ptp)#no sync-interval
Argument Description
synch interval
Specifies the interval between two consecutive synchronization
messages, in the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128}
seconds.
no
Restores to default
Defining the Master VLAN
The master-vlan command defines a VLAN used for sending master clock messages or sync
messages.
Command Syntax
device-name(config-ptp)#master-vlan <master-vlan-id>
device-name(config-ptp)#no master-vlan
Argument Description
master-vlan-id
The master VLAN ID, in the range of <14094>.The VLAN must
be already configured (see the Configuring VLANs and Super
VLANs chapter of the current User Guide).
no
Removes the VLAN from being a master VLAN.
T-Marc 300 Series User Guide

Page 102
Device Administration (Rev. 11)

Enabling PTP on a Port
The ptp enable command enables PTP for on a specific port. When you enable PTP on a port,
this port is able to receive and send PTP packets.
CLI Mode: Interface Configuration
By default, PTP is disabled on ports.
Command Syntax
device-name(config-if UU/SS/PP)#ptp {enable | disable}
Argument Description
enable
Enables PTP
disable
Disables PTP
Defining the Announce-Receipt Timeout
The ptp-announce-receipt-timeout command defines the announce-receipt timeout.
This value defines the number of announce-receipt intervals that pass before the slave interface
drops the selected master and initiates an ANNOUNCE_RECEIPT_TIMEOUT_EXPIRES
event.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ptp-announce-receipt-timeout
<announce_receipt_timeout>
device-name(config-if UU/SS/PP)#no ptp-announce-receipt-timeout
The default number of announce-receipt intervals is 3.
Argument Description
announce_receipt
_timeout
The number of announce-receipt intervals, in the range of <2
255>
no
Restores to default

Defining the Synchronization-Receipt Timeout
The ptp-sync-receipt-timeout command defines the synchronization-receipt timeout.
This value defines the number of synchronization-receipt intervals that pass before the slave is no
longer synchronized with the master.

CLI Mode: Interface Configuration
The default number of the synchronization-receipt intervals is 3.
T-Marc 300 Series User Guide

Page 103
Device Administration (Rev. 11)

Command Syntax
device-name(config-if UU/SS/PP)#ptp-sync-receipt-timeout
<sync_receipt_timeout>
device-name(config-if UU/SS/PP)#no ptp-sync-receipt-timeout
Argument Description
synch_receipt
_timeout
The number of the synchronization-receipt intervals, in the range
of <2255>
no
Restores to default
Displaying the PTP Status
The show ptp command displays the PTP configuration details as specified below.
If you do not use the interface argument, the command displays the common device's PTP
settings without interfaces information.
If you use the interface argument without specifying an interface number, the command
displays the enabled PTP interfaces on the device.
If you use the interface argument and specify an interface number, the command displays
the specified interface's PTP state.
Refer to Table 34 for the parameters displayed by this command.

CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ptp [interface [UU/SS/PP | AG0N]
Argument Description
UU/SS/PP
The interface displayed
AG0N
The aggregated interface displayed
Example 1
device-name#show ptp
PTP Conf i gur at i on ( sl ave) :
Number of PTP enabl ed por t s: 1
Domai n Number : 0
Mast er Addr ess: 00: A0: 12: 27: 0E: 40
Mean pat h del ay : 5 usec
Of f set f r ommast er : 1 usec
Example 2
device-name#show ptp interface 1/1/1
Thi s por t i s PTP Enabl ed
Por t St at e: Mast er
T-Marc 300 Series User Guide

Page 104
Device Administration (Rev. 11)

Announce r ecei pt t i meout : 16
Sync r ecei pt t i meout : 4
Table 34: Parameters displayed by the show pt p command
Parameters Description
Mean Path Delay The average between the delay from the master to slave and the
delay from the slave to master
Offset from Master The offset between the slave and the master calculated by the slave

Configuration Example
Below is an example of configuring a master device.
1. Enable PTP on the device:
device-name(config)#ptp enable
2. Define a device to PTP master mode:
device-name(config-ptp)#ptp-mode master
device-name(config-ptp)#exit
3. Enter the configuration mode for interface 1/ 1/ 1:
device-name(config)#interface 1/1/1
4. Enable PTP on interface 1/ 1/ 1:
device-name(config-if 1/1/1)#ptp enable
device-name(config-if 1/1/1)#end
5. Display the PTP configuration:
device-name#show ptp
PTP Conf i gur at i on ( mast er ) :
Number of PTP enabl ed por t s: 1
Domai n Number : 0
Pr i or i t y 1: 255
Pr i or i t y 2: 255
Announce I nt er val : 16
Sync I nt er val : 4
T-Marc 300 Series User Guide

Page 105
Device Administration (Rev. 11)

DHCP Client
Overview
DHCP (Dynamic Host Configuration Protocol) is a TCP/ IP protocol for dynamicallyassigning IP
addresses to devices on a network. DHCP is built on a client-server model, in which designated
DHCP servers allocate network addresses and deliver configuration parameters to dynamically
configured devices (DHCP clients).
The DHCP client use DHCP to reacquire or verify its IP address and network parameters
whenever the local network parameters may have changed (e.g. at the device boot time or after a
disconnection from the local network), as the local network configuration may change without the
clients or users knowledge.
If a DHCP client has knowledge of a previous network address and is unable to contact a local
DHCP server, the DHCP client may continue to use the previous network address until the lease
for that address expires. If the lease expires before the client can contact a DHCP server, the
DHCP client must immediately discontinue use of the previous network address and may inform
local users of the problem.
DHCP consists of two components:
mechanism for delivering configuration parameters from a DHCP server to a device
mechanism for allocating network addresses to devices
DHCP supports three mechanisms for IP address allocation:
AutomaticallocationDHCP assigns a permanent IP address to the user
DynamicallocationDHCP assigns an IP address to the user for a limited period of time.
Dynamic allocation allows automatic reuse of an address that is no longer needed by the user
to which it is assigned. Thus, dynamic allocation is particularly useful for assigning an address
to the user that connected to the network only temporarily or for sharing a limited pool of IP
addresses among a group of users that do not need permanent IP addresses.
Manual allocationthe system administrator assigns to the user an IP address, and DHCP is
used simply to convey the assigned address. A particular network uses one or more of these
mechanisms, depending on the policies of the network administrator. Manual allocation allows
DHCP to be used to eliminate the error-prone process of manually configuring hosts with IP
addresses in environments where it is desirable to manage IP address assignment outside of
the DHCP mechanisms.
T-Marc 300 Series User Guide

Page 106
Device Administration (Rev. 11)

The DHCP Negotiation Process
As shown in below figure, the parameter negotiation starts with a DHCPDISCOVER broadcast
message from the client seeking a DHCP server. The DHCP Server responds with a
DHCPOFFER unicast message offering configuration parameters (such as an IP address, a MAC
address, a domain name, and a lease for the IP address) to the client. The client returns a
DHCPREQUEST broadcast message requesting the offered IP address from the DHCP Server.
The DHCP Server responds with a DHCPACK unicast message confirming that the IP address
has been allocated to the client.

Figure 1: Obtaining an I P Address from a DHCP Server
The client may suggest values for the IP address and lease time in the DHCPDISCOVER message.
The client may include the requestedIP addressoption to suggest that a particular IP address can be
assigned, and may include the IP addressleasetimeoption to suggest the lease time it would like to
have it. The requestedIP addressoption is filled in a DHCPREQUEST message only when the client
is verifying network parameters obtained previously.
If a server receives a DHCPREQUEST message with an invalid requestedIP address, the server
should respond to the client with a DHCPNAK message and may choose to report the problem to
the system administrator. The server may include an error message in the messageoption.
When Should Clients Use DHCP
A client should use DHCP to reacquire or verify its IP address and network parameters whenever
the local network parameters may have changed (e.g. at the switch boot time or after a
disconnection from the local network), as the local network configuration may change without the
client or user knowledge.
If a client has knowledge of a previous network address and is unable to contact a local DHCP
Server, the client may continue to use the previous network address until the lease for that address
expires. If the lease expires before the client can contact a DHCP Server, the client must
immediately discontinue use of the previous network address and may inform local users of the
problem.
T-Marc 300 Series User Guide

Page 107
Device Administration (Rev. 11)

The DHCP Client Default Configuration
Table 35: DHCP Client Default Configuration
Feature Default Value
DHCP Client Disabled
The DHCPDISCOVER message
retransmission timeout
8 minutes
The DHCP Client Configuration Flow
1. Optional configuration:
Enable the DHCP client security feature
(see EnablingtheDHCP Client Security(AuthenticationOption90))
Permit the DHCP client to receive unauthenticated packets
(see ControllingtheUnauthenticatedPacketsFlow)
Specify DHCP server discover attempts (see SpecifyingDHCP Server Discover Attempts)
Configure the maximum time that the DHCP Client is allowed to be active
(see ChangingtheDHCPDISCOVER MessagesRetransmissionTimeout)
2. Provide the device its IP configuration information dynamically and configures the DHCP
lease period (see ConfiguringtheDHCP Client)
3. Display the DHCP Client status and the DISCOVER message timeout
(see DisplayingtheDHCP Client Configuration)
T-Marc 300 Series User Guide

Page 108
Device Administration (Rev. 11)


DHCP Client Configuration Commands
NOTE
The commands in the following table are applied on demarcation devices in a
topology with proxy management feature started.

Table 36: DHCP Client Security Commands
Command Description
dhcp-client security enable
Enables the DHCP client security feature (see Enabling
the DHCP Client Security (Authentication Option 90))
dhcp-client security accept
Permits the DHCP client to receive unauthenticated
packets
(see Controlling the Unauthenticated Packets Flow)
dhcp-client security attempts
Specifying DHCP server discover attempts (see
Specifying DHCP Server Discover Attempts)

Table 37: DHCP Client Commands
Command Description
dhcp-client discover-rto
Configures the maximum time that the DHCP Client is
allowed to be active (see Changing the
DHCPDISCOVER Messages Retransmission Timeout)
ip address dhcp
Provides the device its IP configuration information
dynamically and configures the DHCP lease period
(see Configuring the DHCP Client)
Table 38: DHCP Client Display Command
Command Description
show dhcp-client
Displays the DHCP Client status and the DISCOVER
message timeout
(see Displaying the DHCP Client Configuration)

T-Marc 300 Series User Guide

Page 109
Device Administration (Rev. 11)


Enabling the DHCP Client Security (Authentication Option 90)
The dhcp-client security enable command enables the DHCP client security feature.
CLI Mode: Global Configuration
By default, the DHCP client security is disabled.
Command Syntax
device-name(config)#dhcp-client security enable
device-name(config)#no dhcp-client security
Argument Description
no
Disables the DHCP client security feature.
Controlling the Unauthenticated Packets Flow
The dhcp-client security accept command permits the DHCP client to receive
unauthenticated packets.
CLI Mode: Global Configuration
By default, the all unauthenticated packets are received.
Command Syntax
device-name(config)#dhcp-client security accept {all | authenticated-only}
Argument Description
all
Permits all unauthenticated packets.
authenticated-only
Permits only authenticated packets.
Specifying DHCP Server Discover Attempts
The dhcp-client security attempts command specifies the number of attempts, which the
DHCP client makes to locate a DHCP server and obtain a configuration from it.
CLI Mode: Global Configuration
By default, the number of attempts is infinitely.
Command Syntax
device-name(config)#dhcp-client security attempts (<1-512> | infinitely)
T-Marc 300 Series User Guide

Page 110
Device Administration (Rev. 11)

Argument Description
1-512
Specifies the number of attempts.
infinitely
Sets the number of attempts to infinitely.
Changing the DHCPDISCOVER Messages Retransmission
Timeout
The dhcp-client discover-rto command configures the maximum time that the DHCP Client
is allowed to be active and to send DHCPDISCOVER frames.
CLI Mode: Global Configuration
The client resends a DHCPDISCOVER frame after 4, 8, 16, 32 and 64 seconds.
By default, the DHCPDISCOVER timeout is 8 minutes.
Command Syntax
device-name(config)#dhcp-client discover-rto <time>
device-name(config)#no dhcp-client discover-rto
Argument Description
time
The DHCPDISCOVER message retransmission timeout, in the range <132>
minutes.
no
Disables the retransmission timeout, i.e. the DHCP client keeps sending requests
until it negotiates an IP address.
Configuring the DHCP Client
The ip address dhcp command provides the device its IP configuration information dynamically
and configures the requested lease period.
CLI Mode: Global Configuration
By default, the dynamic address allocation is disabled.
Command Syntax
device-name(config)#ip address dhcp [A.B.C.D | renew]
device-name(config)#ip address dhcp lease {<1-10080> | infinite} [A.B.C.D |
renew]
device-name(config)#no ip address dhcp
Argument Description
1-10080
Specifies a value for the lease period, in minutes.
infinite
Sets the lease period to be an infinite period. This is the default value.
T-Marc 300 Series User Guide

Page 111
Device Administration (Rev. 11)

A.B.C.D
(Optional). The requested IP address. The DHCP Client is initiated with
DHCP negotiation. If the IP address is specified, the DHCP Client sends a
request for this address, and if the requested IP address is not available the
server returns another IP address. To see the IP address provided by the
DHCP server, use the show ip command in Privileged (Enable) mode (refer
to the Device Setup and Maintenance chapter of the BiNOS User Guide).
renew
(Optional). Restarts the DHCP client, freeing the IP address previously
allocated.
no
Stops the DHCP Client and restores the IP address, subnet mask and IP
gateway to their default values.
Displaying the DHCP Client Configuration
The show dhcp-client command displays the DHCP client status and the DISCOVER message
timeout.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show dhcp-client
Example
device-name(config)#ip address dhcp lease infinite
device-name(config)#exit
device-name#show dhcp-client
DHCP cl i ent i s act i ve
I P addr ess i s acqui r ed by DHCP
DI SCOVER messages r et r ansmi ssi on t i meout - 8 mi nut e( s)
Lease t i me l ef t : 86394
T-Marc 300 Series User Guide

Page 112
Device Administration (Rev. 11)

Controlling the Packet Rate
Overview
To break the correlation between the management device (the CPU), the remaining switching and
routing devices, the device implements four queues for outgoing packets to the CPU, and a
standalone NewAddressmessage queue destined to the CPU. Each queue has a fixed depth. Packet
dropping is enabled when the queues reach their limit.
Two mechanisms are set:
ProtectingAgainst NewAddressAttacks The rate limit mechanism for learning new addresses is
hardware based. It is designed to prevent overloading the CPU when new MAC address
requests arrive at a high pace.
ProtectingAgainst CPU Attacks The rate limiting hardware mechanism is designed to reduce
CPU usage. You can define a rate limit for traffic to the CPU to prevent overloading the CPU
when the pace at which packets are forwarded to it is too high.
Figure2 shows the packet flow through the device when the rate limit mechanism is enabled.

Figure 2: Rate Limit Mechanism
T-Marc 300 Series User Guide

Page 113
Device Administration (Rev. 11)

Packet-Rate Thresholds' Default Configuration
Table 39: Packet-Rate Threshold Default Configuration
Parameter Default Value
Rate limit for learning new addresses for
the entire device
1500 packets per second
Rate limit to the CPU for the entire device 1500 packets per second
Low packet-rate threshold 200 packets per second
High packet-rate threshold 5000 packets per second
The Packet-Rate Thresholds' Commands
Table 40: Packet-Rate Threshold Commands
Command Description
set packets_threshold
Configures packet-rate threshold levels
(see Configuring Packet-Rate Thresholds)
reset packets_threshold
statistics
Clears the CPU packet-rate statistics
(see Clearing the CPU Packet Threshold)
show packets_threshold
Displays the current packet-rate threshold levels
(see Displaying Packet-Rate Thresholds)
Configuring Packet-Rate Thresholds
The set packets_threshold command configures rate threshold levels for packets that load the
CPU.
CLI Mode: Global Configuration mode
Default packet-rate threshold levels are described in Table 39.
Command Syntax
device-name(config)#set packets_threshold <low> <high>
Argument Description
low
Low packet rate threshold in packets per second. The range is <5010000>.
high
High packet rate threshold in packets per second. The range is <100
10000>.
T-Marc 300 Series User Guide

Page 114
Device Administration (Rev. 11)

Example
The following example sets the threshold levels to:
Accept all packets if the rate is less or equal to 300 packets per second
Accept only high-priority packets if the rate is higher than 300 packets per second, but not
more than 4000 packets per second
Reject all packets if the rate exceeds 4000 packets per second
device-name(config)#set packets_threshold 300 4000
Clearing the CPU Packet Threshold
The reset packets_threshold statistics command clears the CPU packet-rate statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#reset packets_threshold statistics
Displaying Packet-Rate Thresholds
The show packets_threshold command displays the current packet-rate threshold levels.
CLI Mode: Privileged (Enable)
Table 41 describes the parameters displayed by the show packets_threshold command.
Command Syntax
device-name#show packets_threshold
Example
device-name#show packets_threshold
Low packet r at e t hr eshol d i s 200 pps
Hi gh packet r at e t hr eshol d i s 5000 pps
Packet s r at e per sec: 6 I n packet s: 1425 Dr op packet s: 0
Table 41: Parameters Displayed by the show packet s_t hr eshol d Command
Parameter Description
Low packet rate threshold Low packet rate threshold in packets per second.
High packet rate threshold High packet rate threshold in packets per second.
In packets The number of packets accepted (within the threshold limits)
in the current session.
Drop packets The number of packets rejected (beyond the threshold
limits) in the current session.
T-Marc 300 Series User Guide

Page 115
Device Administration (Rev. 11)

Parameter Description
Packets rate per sec The current rate of information flows to the CPU, in terms of
packets-per-second.
T-Marc 300 Series User Guide

Page 116
Device Administration (Rev. 11)

Control Plane Priority per Protocol
Table 42: Control Plane Priority per Protocol
Protocol Control Packets Priority
LACP LACPDU 7
MEF8 Ethernet 07
CFM BPDU 6
EFM OAM BPDU 6
DHCP IP 6
ICMP IP 6
ARP Ethernet 6
SNMP UDP 6
Telnet TCP 6
SSH TCP 6
TFTP UDP 6
DHCP Client UDP 6
RADIUS UDP 6
TACAS + TCP 6
SYSLOG messages UDP 6
T-Marc 300 Series User Guide

Page 117
Device Administration (Rev. 11)

Supported Platforms
Features T-Marc 340 T-Marc 380
Managing the MAC Address Table + +
Managing the ARP Table + +
Script Files System + +
Configuring Default Settings + +
Zero Configuration Networking + +
Software Upgrade and Boot Options + +
Boot Loader + +
Managing the System Time and Date + +
DHCP Client + +
CPU Resource Control + +
Supported Standards, MIBs and RFCs
Features Standards MIBs RFCs
Managing the MAC
Address Table
No Standards are
supported by this
feature.
Standard MIB,
8021Q_d6.mib
No RFCs are
supported by this
feature.
Managing the ARP
Table
No standards are
supported by this
feature.
Private MIB,
prvt_switch_ipvaln.mib
RFC 791, Internet
Protocol DARPA
Internet Program
Protocol Specifications
RFC 919,
Broadcasting Internet
Datagrams
RFC 922,
Broadcasting Internet
Datagrams in the
Presence of Subnets
RFC 1042, A Standard
for the Transmission
of IP Datagrams over
IEEE 802 Networks
RFC 1122,
Requirements for
Internet Hosts --
Communication
Layers
RFC 1812,
Requirements for IP
Version 4 Routers
T-Marc 300 Series User Guide

Page 118
Device Administration (Rev. 11)

Features Standards MIBs RFCs
Script Files System No standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature
Configuring Default
Settings
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature
Zero Configuration
Networking
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
RFC 2131, Dynamic
Host Configuration
Protocol
RFC 2132, DHCP
Options and BOOTP
Vendor Extensions
Software Upgrade and
Boot Options
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature.
Boot Loader No Standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature.
Managing the System
Time and Date
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
RFC 867, Daytime
Protocol
RFC 868, Time
Protocol
DHCP Client No standards are
supported by this
feature.
No MIBs are supported
by this feature.
RFC 951, Bootstrap
Protocol (BOOTP)
RFC 1542,
Clarifications and
Extensions for the
Bootstrap Protocol
RFC 2131, Dynamic
Host Configuration
Protocol
RFC 2132, DHCP
Options and BOOTP
Vendor Extensions
CPU Resource
Control
No standards are
supported by this
feature.
Private MIB,
prvt_bist.mib
No RFCs are
supported by this
feature.



Page 1
Configuring Interfaces (Rev. 08)

Configuring Interfaces
Table of Figures 3
Features Included in this Chapter 4
Fast Ethernet and Giga Ethernet Ports 5
Overview 5
Fast and Giga Ethernet Ports Default Configuration 6
Fast and Giga Ethernet Ports Configuration Commands 7
Link Aggregation Control Protocol (LACP)23
LACP Modes23
LACP Parameters23
Link Aggregation Groups (LAGs) 24
LAG Default Configuration26
LAG Configuration Flow26
LAG Configuration Commands27
Configuration Examples34
Resilient Links43
Overview43
Resilient Links Default Configuration43
Resilient Links Configuration Flow44
Resilient Links Configuration Commands 45
Configuration Example50
Port Security Techniques51
Overview51
The Port Security Default Configuration52
The Port Security Configuration Commands52
Configuration Examples57
The Port Limit Feature61
Overview61
Port Limit Default Configuration61
Port Limit Commands 61

T-Marc 300 Series User Guide


Page 2
Configuring Interfaces (Rev. 08)

Interfaces Management65
Overview65
Interfaces Management Commands65
Alarm Propagation Feature67
Overview67
Alarm Propagation Commands 67
Configuration Example69
Supported Platforms72
Supported Standards, MIBs and RFCs72



T-Marc 300 Series User Guide


Page 3
Configuring Interfaces (Rev. 08)

Table of Figures
Figure 1: Four Ports Combined into a Link Aggregation Group24
Figure 2: Example of LAG Containing Two Ports34
Figure 3: Example of Two LAGs Configured on the Same Device35
Figure 4: Example of Two Static LAGs with RSTP40
Figure 5: Example of a Resilient Link Topology50
Figure 6: Alarm Propagation Configuration Example69


T-Marc 300 Series User Guide


Page 4
Configuring Interfaces (Rev. 08)

Features Included in this Chapter
This chapter describes the T-Marc 300 Series device interface types and their configuration. In
addition, the chapter includes port security methods.
The chapter includes the following sections:
Fast Ethernet andGiga Ethernet Ports
This section details the T-Marc 300 Series device interfaces and the commands to
configure them.
Link AggregationControl Protocol (LACP)
This protocol provides increased bandwidth, increased redundancy, and higher
availability.
Resilient Links
Resilient links allow protecting critical links and preventing network downtime.
Port SecurityTechniques
Using port security techniques on T-Marc 300 Series device provides control over every
device plugged into the internal network.
AlarmPropagationFeature
Alarm Propagation is a fault detection feature that identifies faults in network uplinks and
alarms downstream devices.

T-Marc 300 Series User Guide


Page 5
Configuring Interfaces (Rev. 08)

Fast Ethernet and Giga Ethernet Ports
Overview
T-Marc 300 Series device allows service providers to deliver multiple services on separate user
ports. It supports multiple application-flows over a single customer interface, mapping each flow to
a different traffic class.
The device supports:
Flexible Ethernet combo-port interfaces
Dual-speed (100M and 1000M) fiber interfaces
Pluggable optics, including CWDM
Tri-speed (10/ 100/ 1000M) copper interfaces
ASCII/ RJ-45 management ports

T-Marc 300 Series User Guide


Page 6
Configuring Interfaces (Rev. 08)

Fast and Giga Ethernet Ports Default Configuration
Table 1: Fast Ethernet and Giga Ethernet Ports Default Configuration
Parameter Default Value
Interface state Enabled
Port name None
Backpressure mode Disabled
Duplex speed For Fast Ethernet Fiber: Auto-negotiation.
For Giga Ethernet Fiber: Auto-negotiation.
For Fast Ethernet and Giga Ethernet Copper: Auto-
negotiation.
Flow Control mode Disabled
Default VLAN 1
Broadcast rate limit Unlimited
Multicast rate limit Unlimited
Unknown rate limit Unlimited
Packet size limit 1632
Remote fault detect Disabled
Crossover detection Automatic
Learning new address Enabled

T-Marc 300 Series User Guide


Page 7
Configuring Interfaces (Rev. 08)

Fast and Giga Ethernet Ports Configuration
Commands
Table 2: Fast and Giga Ethernet Configuration Commands
Command Description
interface
Enters the configuration mode of a specific physical interface, a
LAG, an interface range, or a LAG range (see Entering the
Interface Configuration Mode)
name
Assigns a name to a physical interface or a group of interfaces
(see Specifying the Interface Name)
speed Specifies the interface speed (see Specifying the Interface
Speed)
duplex Specifies a duplex parameter for the specified interface (see
Specifying the Interface Duplex Mode)
backpressure
Enables/disables the backpressure mode (see Defining the
Backpressure Mode)
flow control
Changes the flow control mode (see Defining the Flow Control
Mode)
default vlan
Specifies a default VLAN for a physical interface or group of
interfaces (see Adding Ports to a Default VLAN)
packet-size-limit
Specifies the jumbo frame size (see Specifying the Jumbo
Frames Size)
remote-fault-detect
Enables remote fault detection on the configured interface that is
connected to a 100Base Fiber pair (see Configuring the Remote
Fault Detection)
shutdown
Disables all functions of a specific port (see Disabling an
Interface)

Table 3: IP Interface Commands
Command Description
interface Enters the IP interface configuration mode (see IP Interface
Configuration Mode)
show ip interface Displays the IP interface configuration and statistics (see
Displaying the IP Interface Configuration)


T-Marc 300 Series User Guide


Page 8
Configuring Interfaces (Rev. 08)

Table 4: Commands for Displaying and Clearing Interface Settings and Statistics
Command Description
show
and
show interface
Display the status and configuration of all interfaces or for the
specified interface (see Displaying Interface Configuration
Settings).
show interface
statistics
Displays interface statistics and packet counters (see Displaying
Interface Statistics)
reset
and
clear interface
statistics
Clear all current statistics from a specific physical interface or a
group of interfaces (see Clearing Interface Statistics)
Entering the Interface Configuration Mode
The interface command enters the configuration mode of a specific physical interface, a LAG, an
interface range, or a LAG range.
When in the Range Configuration mode, all the commands are applied to all ports/ LAGs within
that range, until exiting this mode.

CLI Mode: Global Configuration, Interface Configuration, Interface Range Configuration,
LAG Configuration, and LAG Range Configuration
Command Syntax
device-name(config)#interface {UU/SS/PP | ag0N | range PORT-LIST | range
PORT-AG-LIST}
device-name(config-if UU/SS/PP)#
device-name(config-if AG0N)#

device-name(config-if UU1/SS1/PP1)#interface UU2/SS2/PP2
device-name(config-if UU2/SS2/PP2)#

device-name(config-if-group)#interface {UU/SS/PP | ag0N | range PORT-LIST|
range PORT-AG-LIST}
device-name(config-ag-group)#interface {UU/SS/PP | ag0N | range PORT-LIST|
range PORT-AG-LIST}
device-name(config-if AG0N)#interface {UU/SS/PP | ag0N | range PORT-LIST|
range PORT-AG-LIST}
Argument Description
UU/SS/PP Represents the unit, slot, and port numbers of the configured interface.
ag0N Represents a LAG ID in the range of <17>.
range PORT-
LIST
Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).

T-Marc 300 Series User Guide


Page 9
Configuring Interfaces (Rev. 08)

range PORT-
AG-LIST
Specifies a LAG names list (for example AG01, AG04AG07), in the range
<0107>.
Example 1
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#
Example 2
device-name(config)#interface ag01
device-name(config-if AG01)#interface 1/1/2
device-name(config-if 1/1/2)#
Example 3
device-name(config)#interface range ag01
device-name(config-ag-group)#interface 1/1/1
device-name(config-if 1/1/1)#
Specifying the Interface Name
The name command assigns a name to a physical interface or a group of interfaces.
CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the port has no name.
Command Syntax
device-name(config-if UU/SS/PP)#name NAME
device-name(config-if UU/SS/PP)#no name

device-name(config-if-group)#name NAME
device-name(config-if-group)#no name
Argument Description
NAME An alphanumeric name of up to 256 characters. Spaces are allowed.
no Removes the port name.

T-Marc 300 Series User Guide


Page 10
Configuring Interfaces (Rev. 08)

Specifying the Interface Speed
The speed command defines the duplex speed of a specified interface or interface range.
The Giga copper ports support crossover detection. This feature allows a device port to automatically
detect, transmit, and receive the Ethernet cables polarity (the relevant cable type).
NOTE
To ensure reliable performance, it is essential to configure the same settings for two
Gigabit fiber ports communicating with each other.
Either enable autonegotiation on both interfaces or set the same duplex speed for
both.


CLI Mode: Interface Configuration and Range Interface Configuration
By default, the device is configured to use auto-negotiation to determine the port speed and duplex
setting.
Command Syntax
device-name(config-if UU/SS/PP)#speed {auto | 10 | 100 | 1000}
device-name(config-if-group)#speed {auto | 10 | 100 | 1000}
Argument Description
auto The port automatically finds the highest speed supported on the link.
10 Sets the duplex speed type to 10Mbps.
100 Sets the duplex speed type to 100Mbps.
1000 Sets the duplex speed type to 1Gbps.
Specifying the Interface Duplex Mode
The duplex command specifies the duplex mode of a physical interface or a group of interfaces.
CLI Mode:
Interface Configuration and Range Interface Configuration
In full-duplex mode, two devices can send and receive at the same time. Full-duplex
communication is often an effective solution for collisions, which are major constrictions in
Ethernet networks. 10 Mbps ports usually operate in half-duplex mode (the device can either
receive or transmit).
NOTE
To ensure reliable performance, it is essential to configure the same settings for two
Gigabit fiber ports communicating with each other.
Either enable autonegotiation on both interfaces or set the same duplex mode for
both.

By default, the device is configured to use auto-negotiation to determine the port speed and duplex
setting.

T-Marc 300 Series User Guide


Page 11
Configuring Interfaces (Rev. 08)

Command Syntax
device-name(config-if UU/SS/PP)#duplex {auto | full | half}
device-name(config-if-group)#duplex {auto | full | half}
Argument Description
auto Enables the auto detect mode.
full Enables the full duplex mode.
half Enables the half duplex mode.
Defining the Backpressure Mode
The backpressure command enables/ disables the backpressure mode.
CLI Mode:
Interface Configuration and Range Interface Configuration
Backpressure is a technique for ensuring that a transmitting port does not send too much data to a
receiving port at a given time. When the buffer capacity of a receiving port exceeds, it sends a Jam
messageto the transmitting port to halt transmission.

NOTE
Backpressure functions only if the port operates in half-duplex mode.
By default, backpressure is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#backpressure {enable | disable}
device-name(config-if-group)#backpressure {enable | disable}
Argument Description
enable Enables backpressure mode.
disable Disables backpressure mode.
Defining the Flow Control Mode
The flow-control command enables/ disables the flow control mode.
Flow control is a technique for ensuring that a transmitting port does not send too much data to a
receiving port at a given time. When the ports buffer is filled, the port transmits a special packet
requesting remote ports to delay sending packets for a period of time.
NOTE
Valid only in full-duplex mode.

CLI Mode: Interface Configuration and Range Interface Configuration
By default the flow control is disabled.

T-Marc 300 Series User Guide


Page 12
Configuring Interfaces (Rev. 08)

Command Syntax
device-name(config-if UU/SS/PP)#flow-control {enable | disable | autonegotiate}
device-name(config-if-group)#flow-control {enable | disable | autonegotiate}
Argument Description
enable Enables flow control.
disable Disables flow control.
autonegotiate Enables flow control autonegotiation.
Adding Ports to a Default VLAN
The default vlan command specifies a default VLAN for a physical interface or a group of
interfaces.
You can define only one default VLAN per port. For more information regarding VLAN
commands, refer to the ConfiguringVLANsandSuper VLANschapter of this User Guide.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the default VLAN (PVID) for all ports is 1.
Command Syntax
device-name(config-if UU/SS/PP)#default vlan <vlan-id>
device-name(config-if UU/SS/PP)#no default vlan

device-name(config-if-group)#default vlan <vlan-id>
device-name(config-if-group)#no default vlan
Argument Description
vlan-id The interfaces default VLAN, in the range of <14094>.
no Restores the default VLAN to VLAN 1.
Specifying the J umbo Frames Size
The packet-size-limit command specifies the maximum packet size allowed for a specific
physical interface or a group of interfaces.
CLI Modes: Interface Configuration and Range Interface Configuration
The default packet size limit is 1632 bytes.
Command Syntax
device-name(config-if UU/SS/PP)#packet-size-limit {NUMBER | default}
device-name(config-if-group)#packet-size-limit {NUMBER | default}

T-Marc 300 Series User Guide


Page 13
Configuring Interfaces (Rev. 08)

Argument Description
NUMBER Specifies the maximum allowed packet size on the port, <5129216>bytes.
default Restores the default value of the packet size to 1632 bytes.
Example
device-name(config-if 1/1/1)#packet-size-limit 1522
device-name(config-if 1/1/1)#show
. . .
. . .
Maxi mumPacket Si ze ( MTU) = 1522
Configuring the Remote Fault Detection
The remote-fault-detect command enables remote fault detection on the configured interface
that is connected to a 100Base Fiber pair.
CLI Mode:
Interface Configuration and Range Interface Configuration
When enabling remote fault detection on such an interface, the device indicates link down on the
port if the remote peer detects link down.
NOTE
The remote-fault-detect command is available only on 100Base Fiber ports.
Command Syntax
device-name(config-if UU/SS/PP)#remote-fault-detect {on | off}
device-name(config-if-group)#remote-fault-detect {on | off}
Argument Description
on Enables the remote fault detection.
off Disables the remote fault detection.
Disabling an Interface
The shutdown command disables all functions of a specific port (receive, forward, and learn).
CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the port is enabled (active).
Command Syntax
device-name(config-if UU/SS/PP)#shutdown
device-name(config-if UU/SS/PP)#no shutdown

device-name(config-if-group)#shutdown
device-name(config-if-group)#no shutdown

T-Marc 300 Series User Guide


Page 14
Configuring Interfaces (Rev. 08)

Argument Description
no Enables the interface.
IP Interface Configuration Mode
The interface command enters the IP Interface Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#interface sw0
device-name(config-if sw0)#
Displaying the IP Interface Configuration
The show ip interface command displays the IP interface configuration and statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip interface [brief | sw0 | lo0]
Argument Description
brief (Optional). Displays brief information of all the defined IP interfaces.
sw0 (Optional). Specifies the number of the IP interface.
lo0 (Optional). Specifies the loopback interface.
Example 1
device-name#show ip interface sw0
I nt er f ace sw0
i ndex 3 met r i c 1 mt u 1500
di r ect ed- br oadcast di sabl ed
Fl ags : <UP, BROADCAST, NOTRAI LERS, RUNNI NG, SI MPLEX, MULTI CAST>
i net 1. 1. 1. 1/ 8 br oadcast 1. 255. 255. 255
Secondar y i net 2. 1. 1. 1/ 8 br oadcast 2. 255. 255. 255
239538 packet s r ecei ved; 15206 packet s sent
3617 mul t i cast packet s r ecei ved
56 mul t i cast packet s sent
0 i nput er r or s; 0 out put er r or s
0 col l i si ons; 0 dr opped
0 down count

T-Marc 300 Series User Guide


Page 15
Configuring Interfaces (Rev. 08)

Example 2
device-name#show ip interface brief
I nt er f ace l o0
i ndex 2 met r i c 1 mt u 32767
di r ect ed- br oadcast di sabl ed
Fl ags : <UP, LOOPBACK, NOTRAI LERS, RUNNI NG, MULTI CAST>
i net 127. 0. 0. 1/ 8
I nt er f ace sw0
i ndex 3 met r i c 1 mt u 1500
di r ect ed- br oadcast di sabl ed
Fl ags : <UP, BROADCAST, NOTRAI LERS, RUNNI NG, SI MPLEX, MULTI CAST>
i net 1. 1. 1. 1/ 8 br oadcast 1. 255. 255. 255
Secondar y i net 2. 1. 1. 1/ 8 br oadcast 2. 255. 255. 255
Table 5: Parameters Displayed by the show i p i nt er f ace Command
Parameter Description
i ndex The Internal index of the IP interface
met r i c The IP interface metric value
mt u The Maximum Transfer Unit
f l ags UP/DOWNIP interface status
BROADCASTThe broadcast address is valid
NOTRAILERSThe device must avoid using trailers
RUNNINGThe device has successfully allocated needed resources
SIMPLEXThe device cannot hear its own transmissions
MULTICASTThe device supports multicast
ALLMULTIThis port receives all multicast packets
LOOPBACKThis is a loopback net
NOARPThere is no address resolution protocol
POINTOPOINTThe IP interface is a point-to-point link
i net The interface's configured IP address and subnet mask
br oadcast The broadcast address of the IP interface
Et her net addr ess The MAC address of the IP interface
packet s r ecei ved The number of packets received on the IP interface
packet s sent The number of packets sent from the IP interface
mul t i cast packet s
sent
The number of multicast packets sent from the IP interface
i nput er r or s The number of error packets received on the IP interface
out put er r or s The number of error packets sent from the IP interface
col l i si ons (always 0)
dr opped The number of packets dropped on the IP interface
down count The number of times the IP interface went down

T-Marc 300 Series User Guide


Page 16
Configuring Interfaces (Rev. 08)

Displaying Interface Configuration Settings
The commands below display the status and configuration for all ports or for a specified port:
show interface command
CLI Mode: Privileged (Enable)
show command
CLI Mode: Interface Configuration
Command Syntax
device-name#show interface [UU/SS/PP]
device-name(config-if UU/SS/PP)#show
Argument Description
UU/SS/PP
(Optional). Selects a specific port to display.
Example 1
The following example displays the settings of all the device interfaces:
device-name#show interface
==========================================================================
| Por t | Name | Type | St at e | Li nk| Dupl Speed | Fl ow | Backpr es| Def aul t
+- - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - +- - - - - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - -
1/ 1/ 1 DUAL di sabl e down unknown di sabl e di sabl e 0001
1/ 1/ 2 DUAL enabl e up f ul l - 100 di sabl e di sabl e 0001
1/ 2/ 1 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 2 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 3 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 4 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 5 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 6 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 7 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 8 DUAL enabl e down unknown di sabl e di sabl e 0001

T-Marc 300 Series User Guide


Page 17
Configuring Interfaces (Rev. 08)

Example 2
The following example displays the settings of a specific interface:
device-name#show interface 1/1/2
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = up ( TX)
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 100
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632
Displaying Interface Statistics
The commands below display the interface statistics and packet counters:
show interface statistics command
CLI Mode: Privileged (Enable)
show statistics command
CLI Mode: Interface Configuration and LAG Interface Configuration


NOTE
The MaxPacketSize refers to the maximum supported packet size depending on the
configuration (512 bytes or 9216 Kbytes).
Command Syntax
device-name#show interface [UU/SS/PP | ag0N] statistics [extended]
device-name(config-if AG0N)#show statistics [extended]
Argument Description
UU/ SS/ PP (Optional). Displays statistics information of a specified interface.
ag0N (Optional). N, the LAG ID number, in the range <17>.
extended (Optional). Displays additional packet counters.

T-Marc 300 Series User Guide


Page 18
Configuring Interfaces (Rev. 08)

Example 1
The following example display various packet counters for 1/ 2/ 1 interface:
device-name#show interface 1/2/1 statistics
Oct et s 24512 I n/ Out Pkt s 64 383
Col l i si ons 0 I n/ Out Pkt s 65- 127 0
Br oadcast 0 I n/ Out Pkt s 128- 255 0
Mul t i cast 0 I n/ Out Pkt s 256- 511 0
CRCAl i gnEr r or s 0 I n/ Out Pkt s 512- 1023 0
Under si ze 0 I n/ Out Pkt s 1024- MaxFr ameSi ze 0
Over si ze 0 Tot al I nPkt s 383
Fr agment s 0 Tot al I n/ Out Pkt s 383
J abber s 0 DownCount 0
Dr opEvent s 0
Last 5secI nPkt s 50 Last 5secI nBps 409
Last 1mi nI nPkt s 353 Last 1mi nI nBps 408
Last 5mi nI nPkt s 353 Last 5mi nI nBps 81
Last 5secOut Pkt s 0 Last 5secOut Bps 0
Last 1mi nOut Pkt s 0 Last 1mi nOut Bps 0
Last 5mi nOut Pkt s 0 Last 5mi nOut Bps 0
Table 6: Counters Displayed by the show i nt er f ace st at i st i cs Command
Counter Description
Oct et s
The number of data octets of all received packets on the line. This
includes data octets of rejected and local packets that are not forwarded
to the switching core for transmission.
In case of oversized packets that exceed the allocated buffer-size, only
buffer-size bytes are counted.
Col l i si ons
The number of received packet when detecting a collision event.
Br oadcast
The number of good Broadcast packet received.
Mul t i cast
The number of good Multicast packet received.
CRCAl i gnEr r or s
The number of received packets that meet all the following conditions:
data-length is between <64MaxFrameSize>bytes inclusive
have an invalid CRC
not detected a collision event
not detected a late collision event
Under si ze
The number of received packets that meet all the following conditions:
data length is less than 64 bytes
not detected a collision event
not detected a late collision event
have a valid CRC

T-Marc 300 Series User Guide


Page 19
Configuring Interfaces (Rev. 08)

Counter Description
Over si ze
The number of received packets that meet all the following conditions:
data length is greater than MRU
have valid CRC

NOTE
When the maximum packet size is below 1632,
oversized packets are counted as FCS errored bytes.
The default MRU size is 1632 bytes.
Fr agment s
The number of received packets that meet all the following conditions:
data length is less than 64 bytes, or the packet does not have a Start
Frame Delimiter (SFD) and is less than 64 bytes
not detected a collision event
not detected a late collision event
have an invalid CRC
J abber s
The number of packets that meet one of the following conditions:
data length is greater than MaxFrameSize and CRC is invalid
packet length is greater than MaxPacketSize
Dr opEvent s
Not supported.
Down Count
The number of port disconnections.
The counter is initialized in the following cases:
When the device starts running (provided that the link to the port is
connected), the counter is zeroed
When the module is inserted at run-time (hot-swapped), the counter
is initialized to one
When the link to the port is connected for the first time during run-
time, the counter is initialized to one
Tot al I nPkt s
The number of received packets received on the line. This includes
rejected and local packets that are not forwarded to the switching core for
transmission.
I n/ Out Pkt s 64
The number of 64 bytes received and transmitted packets including
rejected, received, and transmitted packets.
I n/ Out Pkt s 65- 127
The number of received and transmitted packets in the range of
<65127>bytes including rejected, received, and transmitted packets.
I n/ Out Pkt s 128-
255
The number of received and transmitted packets in the range of
<128255>bytes including rejected, received, and transmitted packets.
I n/ Out Pkt s 256-
511
The number of received and transmitted packets in the range of
<256511>bytes, including rejected, received, and transmitted packets.
I n/ Out Pkt s 512-
1023
The number of received and transmitted packets in the range of
<5121023>bytes including rejected, received, and transmitted packets.
I n/ Out Pkt s 1024-
MaxFr ameSi ze
The number of received and transmitted packets in the range of
<1024MaxFrameSize>bytes including rejected, received, and
transmitted packets. The default MaxFrameSize is 1632 bytes.
Tot al I n/ Out Pkt s
The number of received and transmitted packets in the range of <64
MaxFrameSize>bytes including rejected, received, and transmitted
packets.

T-Marc 300 Series User Guide


Page 20
Configuring Interfaces (Rev. 08)

Counter Description
Last 5secI nPkt s
The number of packets received during the five seconds before executing
the command.
Last 1mi nI nPkt s
The number of packets received during the minute before executing the
command.
Last 5mi nI nPkt s
The number of packets received during the five minutes before executing
the command.
Last 5secOut Pkt s
The number of packets transmitted during the five seconds before
executing the command.
Last 1mi nOut Pkt s
The number of packets transmitted during the minute before executing
the command.
Last 5mi nOut Pkt s
The number of packets transmitted during the five minutes before
executing the command.
Last 5secI nBps
The rate of packets received, in bits per second, during the five seconds
before executing the command.
Last 1mi nI nBps
The rate of packets received, in bits per second, during the minute before
executing the command.
Last 5mi nI nBps
The rate of packets received, in bits per second, during the five minutes
before executing the command.
Last 5secOut Bps
The rate of packets transmitted, in bits per second, during the five
seconds before executing the command.
Last 1mi nOut Bps
The rate of packets transmitted, in bits per second, during the minute
before executing the command.
Last 5mi nOut Bps
The rate of packets transmitted, in bits per second, during the five
minutes before executing the command.


NOTE
The Last5secInBps, Last1minInBps, Last5minInBps, Last5secOutBps,
Last1minOutBps, and Last5minOutBps counters are updated every 5 seconds. After
receiving/ transmitting the packets, you must wait for 10 seconds to pass in order to
receive a correct value of the corresponding statistics.
Example 2
The following example uses the extended keyword to display additional packet counters:
device-name#show interface 1/1/1 statistics extended
I nOct et s 41061272 Out Oct et s 7948538
I nUcast Pkt s 73572 Out Ucast Pkt s 73825
I nNUcast Pkt s 3873 Out NUcast Pkt s 28439
I nDi scar ds 0 Out Di scar ds N/ A
I nEr r or s 1 Out Er r or s N/ A
I nUnknownPr ot os N/ A

T-Marc 300 Series User Guide


Page 21
Configuring Interfaces (Rev. 08)

Table 7: Counters Displayed by the show i nt er f ace st at i st i cs ext ended Command
Counter Description
I nOct et s
The number of data octets of all the received packets on the line. This
includes data octets of rejected and local packets that are not forwarded
to the switching core for transmission.
In case of oversized packets that exceed the allocated buffer-size, only
buffer-size bytes are counted.
I nUcast Pkt s
The number of good unicast packets (not including Multicast and
Broadcast packets) received.
I nNUcast Pkt s
The number of good Broadcast and Multicast packets received.
I nDi scar ds
The number of incoming packets dropped due to lack of receive buffers or
due to exceeding the interfaces Rx buffer threshold.
I nEr r or s
This counter is incremented when any of the following events occurs:
Undersized frames (less than 64 bytes) that are correctly aligned and
well formed without Frame Check Sequence (FCS) Errors
Fragments (less than 64 bytes) that are misaligned and/or with
Frame Check Sequence (FCS) Errors
Oversized frames (frames with size bigger than the MTU value) that
are without FCS errors
J abber frames (frames with size bigger than the MTU value) that
have FCS errors
CRC errors
Fragments and Runtswhen the interface goes down while
receiving traffic
Increment in InDiscards counter
I nUnknownPr ot os
Not supported.
Out Oct et s
The number of data octets of good packets transmitted.
Out Ucast Pkt s
The number of good Unicast packets transmitted (not including Multicast
and Broadcast packets).
Out NUcast Pkt s
The number of good Broadcast and Multicast packets transmitted.
Out Di scar ds
Not supported.
Out Er r or s
Not supported.
Clearing Interface Statistics
The commands below clear all current statistics from a specific physical interface, a group of
interfaces, or LAG interface:
reset command
CLI Mode: Interface Configuration, Range Interface Configuration, and LAG
Interface Configuration
clear interface statistics command
CLI Mode:
Privileged (Enable)

T-Marc 300 Series User Guide


Page 22
Configuring Interfaces (Rev. 08)

Command Syntax
device-name(config-if UU/SS/PP)#reset [all]
device-name(config-if-group)#reset [all]
device-name(config-if AG0N)#reset [all]

device-name#clear interface statistics
Argument Description
all (Optional). Clear the statistics of all ports.

T-Marc 300 Series User Guide


Page 23
Configuring Interfaces (Rev. 08)

Link Aggregation Control Protocol (LACP)
LACP, defined in IEEE 802.3ad, dynamically groups similarly configured ports into a single logical
link (aggregate port). This protocol provides increased bandwidth, increased redundancy, and
higher availability. You can group ports based on hardware, administrative, and port parameter
constraints.
The device exchanges LACP frames for synchronizing the databases of the LACP-enabled ports.
Due to hardware limitations, you can group up to eight compatible ports in a LAG.
LACP Modes
There are two LACP operation modes:
Activean interface in active mode can start LACP negotiation and thus form a link with
another device (whether active or passive).
Passivedoes not start LACP negotiation; thus cannot form a link with another device.
LACP Parameters
A ports ability to aggregate with other ports is determined by the following factors:
The port physical characteristics such as, data transfer rate, duplex capability, and medium type
User defined configuration constraints
To use LACP, you need to define the following parameters:
1. SystemID: the ID identifying an LACP system negotiating with other LACP systems. The
device uses its MAC address as a unique system ID.
2. Systempriority: the system priority along with the port priority allows connected LACP ports to
determine their exchange policy dynamically.
3. Administrativekey: define the ports ability to aggregate with other ports.
4. Port priority: the port priority and the system priority allow connected LACP ports to determine
their exchange policy dynamically.
When enabled, LACP attempts to group the maximum of eight compatible ports in a LAG.
However, if LACP is unable to aggregate compatible ports (for example, due to limitations of the
remote device), it leaves these ports in a hot standby state and uses them when one of the
channeled ports fails.

T-Marc 300 Series User Guide


Page 24
Configuring Interfaces (Rev. 08)

Link Aggregation Groups (LAGs)
LAGs, also known as trunks, provide increased bandwidth and high reliability while saving the cost
of upgrading the hardware.
By combining several interfaces in one logical link, LAGs fill the gaps between 10 Mbps, 100 Mbps,
and 1 Gbps with intermediate bandwidth values.
LAGs also enable bandwidths beyond 1 Gbps by aggregating multiple Giga ports (as shown in the
below figure).

NOTE
The LAGs are numbered from 1to 7.
Each LAG can consist of up to eight compatibly configured interfaces.

Figure 1: Four Ports Combined into a Link Aggregation Group
There are two LAG types:
StaticLAGsconsist of individual Gigabit Ethernet links bundled into a single logical link. They
provide the ability to treat multiple device ports as one device port. These port groups act as a
single logical port for high-bandwidth connections between two network devices. A static
LAG balances the traffic load across the links in the channel. If a physical link within the static
LAG fails, traffic previously carried over the failed link is moved to the remaining links.
Most protocols operate over either single ports or aggregated device-ports and do not
recognize the physical interface within the port group.
DynamicLAGsdynamically adapt aggregated links to changes in traffic conditions. This allows
load sharing and automatic readjustments in case of LAG link-failures and recovery.

T-Marc 300 Series User Guide


Page 25
Configuring Interfaces (Rev. 08)

You can configure both static and dynamic LAGs simultaneously, assuming the following
restrictions:
LAG IDs of both static and dynamic LAGs occupy the same available LAG IDs space
You cannot define a static LAG and a dynamic LAG with the same LAG ID number
You can include each port in a single LAG that is either static or dynamic
Prerequisites
Follow the below guidelines for LAG configuration:
You do not need to modify existing higher-layer protocols or applications in order to use
LACP
Some links cannot participate in LAGs due to inherent capabilities, capabilities of the devices
they are connected to, or management configuration. These links operate as individual links.
LACP supports only point-to-point full-duplex links. You cannot aggregate links among more
than two devices (multipoint aggregations) and half-duplex operation.
When the device is connected to a LAN and Spanning Tree protocol (STP) is not active, you
need to physically attach the aggregated ports only after completing the LAG configuration.

T-Marc 300 Series User Guide


Page 26
Configuring Interfaces (Rev. 08)

LAG Default Configuration
Table 8: LAG Default Configuration
Parameter Default Value
Static Link Aggregation Disabled
Global Link Aggregation Control Protocol (LACP) Disabled
Per port Link Aggregation Control Protocol (LACP) Disabled
LACP system priority 32768
LACP port mode Active
LACP port priority 32768
LACP administrative key 1
LAG distribution MAC address
The marker PDU responder per port Disabled
LAG Configuration Flow
To create a static LAG, proceed as follows:
1. Add a specific interface to a static LAG (see Configuringa StaticLAG)
2. Optional configuration: Assign a user-defined name for a specific static LAG (see Naminga
StaticLAG)
To create a dynamic LAG, proceed as follows:
1. Configure LACP (see EnablingLACP)
2. Assign a physical interface(s) to a LAG (see AssigningInterfacestoa DynamicLAG)
3. Optional configuration:
Specify the LACP system priority (see SpecifyingtheLACP SystemPriority)
Specify the LACP administrative key (see SpecifyingtheLACP AdministrativeKey)
Configure the processing of LACP PDU marker (see ConfiguringtheLACP Marker)
Specify the LAG packet distribution between the ports (see SpecifyingtheLAG Distribution)

T-Marc 300 Series User Guide


Page 27
Configuring Interfaces (Rev. 08)

LAG Configuration Commands
Table 9: Static LAG Configuration Commands
Command Description
link-aggregation static id
Adds a physical interface or a group of interfaces to a
static LAG (see Configuring a Static LAG)
link-aggregation static id
name
Assigns a user-defined name for a specific static LAG
(see Naming a Static LAG)

Table 10: Dynamic LAG Configuration Commands
Command Description
link-aggregation lacp
enable/disable
Configures LACP (see Enabling LACP)
link-aggregation lacp
Assigns a physical interface or group of interfaces to a
LAG, and specifies LACP parameters (see Assigning
Interfaces to a Dynamic LAG)
link-aggregation lacp
system-priority
Specifies the LACP system priority (see Specifying the
LACP System Priority)
link-aggregation lacp key
Specifies the LACP administrative key (see Specifying the
LACP Administrative Key)
link-aggregation lacp
marker
Configures the processing of LACP PDU marker (see
Configuring the LACP Marker)
link-aggregation distribute
Specifies the LAG packet distribution between the ports
(see Specifying the LAG Distribution)

Table 11: Commands for Displaying the Static LAG and LACP Configuration
Command Description
show interface link-
aggregation
Displays all static and dynamic LAGs (see Displaying
LAGs)
show link-aggregation lacp
Displays a list of all LACP enabled interfaces (see
Displaying LACP Interfaces)
show link-aggregation
distribute
Displays the LAG packet distribution configuration (see
Displaying the LAG Distribution)

T-Marc 300 Series User Guide


Page 28
Configuring Interfaces (Rev. 08)

Configuring a Static LAG
The link-aggregation static id command adds a physical interface or a group of interfaces to
a static LAG.
CLI Mode: Interface Configuration and Range Interface Configuration

NOTE
The l i nk- aggr egat i on st at i c command replaces the trunk command.

By default, static LAG is disabled
Command Syntax
device-name(config-if UU/SS/PP)#link-aggregation static id <id-number>
device-name(config-if UU/SS/PP)#no link-aggregation

device-name(config-if-group)#link-aggregation static id <id-number>
device-name(config-if-group)#no link-aggregation
Argument Description
id <id-number> LAG ID in the range <17>.
no Removes the configured interface or a group of interface from the static
LAG.
Naming a Static LAG
The link-aggregation static id name command assigns a user-defined name for a specific
static LAG.
CLI Mode: Global Configuration
By default, the static LAG is not named.
Command Syntax
device-name(config)#link-aggregation static id <id-number> name NAME
device-name(config)#no link-aggregation static id <id-number> name
Argument Description
id-number LAG ID in the range <17>.
NAME Alphanumeric string up to 32 characters.
no Removes the user-defined name.

T-Marc 300 Series User Guide


Page 29
Configuring Interfaces (Rev. 08)

Enabling LACP
The link-aggregation lacp enable/disable command enables LACP.
CLI Mode: Protocol Configuration
By default, LACP is disabled.
Command Syntax
device-name(cfg protocol)#link-aggregation lacp {enable | disable}
Argument Description
enable Enables LACP.
disable Disables LACP.
Assigning Interfaces to a Dynamic LAG
The link-aggregation lacp command enables LACP on a physical interface or group of
interfaces, assigns them to a dynamic LAG, and specifies the LACP parameters.
If you do not specify optional arguments and you do not enable LACP on the interface, the
interface is configured with default argument values.
If you enable LACP on the interface, only explicitly defined optional arguments take effect.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the LACP port is in active LACP mode with priority 32768.
Command Syntax
device-name(config-if UU/SS/PP)#link-aggregation lacp [active | passive] [port-
priority [<priority>] key <number>]]
device-name(config-if UU/SS/PP)#no link-aggregation lacp port-priority
device-name(config-if UU/SS/PP)#no link-aggregation

device-name(config-if-group)#link-aggregation lacp [active | passive] [port-
priority [<priority>] key <number>]]
device-name(config-if-group)#no link-aggregation lacp port-priority
device-name(config-if-group)#no link-aggregation
Argument Description
active (Optional). Enables LACP in active mode.
passive (Optional). Enables LACP in passive mode.
port-priority
<priority>
The port priority value, in the range <165535>.
key <number> (Optional). Number of the LACP administrative key, in the range <1
65535>.

T-Marc 300 Series User Guide


Page 30
Configuring Interfaces (Rev. 08)

no Disables LACP and restores to defaults.
Specifying the LACP System Priority
The link-aggregation lacp system-priority command specifies the LACP system priority.
CLI Mode: Protocol Configuration
By default, the LACP system priority is 32768.
Command Syntax
device-name(cfg protocol)#link-aggregation lacp system-priority [<priority>]
device-name(cfg protocol)#no link-aggregation lacp system-priority
Argument Description
priority (Optional). Priority value, in the range of 1 (highest priority) to 65535 (lowest
priority).
no Restores to default.
Specifying the LACP Administrative Key
The link-aggregation lacp key command specifies the LACP administrative key, determining
the ability of the port to aggregate with other ports.
CLI Mode:
Interface Configuration, Range Interface Configuration
By default, the LACP administrative key is 1.
Command Syntax
device-name(configif UU/SS/PP)#link-aggregation lacp key <number>
device-name(configif-group)#link-aggregation lacp key <number>
Argument Description
number LACP administrative key in the range <165535>.


T-Marc 300 Series User Guide


Page 31
Configuring Interfaces (Rev. 08)

Example
The following example shows how to set the LACP key to 65535:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation lacp
device-name(configif 1/1/1)#link-aggregation lacp key 65535
Value is displayed in the output issued by the show link-aggregation lacp command:
device-name#show link-aggregation lacp
Syst emI D = 00 a0 12 17 01 00
Syst empr i or i t y = 32768
========+========+=======+=========
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - - - +
1/ 1/ 1 | act i ve | 65535| 32768 |
========+========+=======+=========
Configuring the LACP Marker
The link-aggregation lacp marker command configures the processing of the LACP PDU
marker on a specific port.
CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the marker PDU responder per port is disabled.
Command Syntax
device-name(configif UU/SS/PP)#link-aggregation lacp marker {enable | disable}
device-name(configif-group)#link-aggregation lacp marker {enable | disable}
Argument Description
enable Enables the processing of LACP PDU marker.
disable Disables the processing of LACP PDU marker.
Example
device-name(config-if 1/1/1)#link-aggregation lacp marker enable

T-Marc 300 Series User Guide


Page 32
Configuring Interfaces (Rev. 08)

Specifying the LAG Distribution
The link-aggregation distribute command specifies the LAG packet-distribution between
the ports.
You can define the packet distribution based on:
the source and destination MAC addresses (Layer 2)
the source and destination IP addresses (Layer3)

CLI Mode: Protocol Configuration
By default, the traffic on the LAG is distributed by Layer 2 (MAC addresses).
Command Syntax
device-name(cfg protocol)#link-aggregation distribute {layer3 | layer4}
device-name(cfg protocol)#no link-aggregation distribute
Argument Description
layer3
Distributes packets based on the packets source and destination IP addresses.
layer4 Distributes packets based on the TCP/UDP ports and the source and destination IP
addresses for the TCP and UDP packets.
no
Restores to the default settings.
Displaying LAGs
The show interface link-aggregation command displays all static and dynamic LAGs.
CLI Mode: Privileged (Enable)

NOTE
The show l i nk aggr egat i on command replaces the show t r unk command.
The show t r unk command is also supported.
Command Syntax
device-name#show interface link-aggregation [static | dynamic | id <id-number>]
Argument Description
static
(Optional) displays static LAGs only.
dynamic
(Optional) displays dynamic LAGs only.
id <id-number>
(Optional) displays the LAG specified.


T-Marc 300 Series User Guide


Page 33
Configuring Interfaces (Rev. 08)

Example
device-name#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG01 | st at i c | TRUNK1 | 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 5 |
| =========+========+=================+=====================
Displaying LACP Interfaces
The show link-aggregation lacp command displays a list of all LACP enabled interfaces.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show link-aggregation lacp
Example
device-name#show link-aggregation lacp
Syst emI D = 00 a0 12 02 02 02
Syst empr i or i t y = 32768

========+========+=======+=======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - - +
1/ 2/ 1 | act i ve | 1 | 32768 |
1/ 2/ 2 | act i ve | 1 | 32768 |
========+========+=======+=======+
Displaying the LAG Distribution
The show link-aggregation distribute command displays the LAG packet-distribution
configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show link-aggregation distribute
Example
device-name#show link-aggregation distribute
Li nk aggr egat i on di st r i but i on mode i s Layer 2

T-Marc 300 Series User Guide


Page 34
Configuring Interfaces (Rev. 08)

Configuration Examples
Simple LACP Configuration
The following example establishes dynamic link aggregation between two devices, as shown in
Figure 2.

Figure 2: Example of LAG Containing Two Ports
On each of the two devices, LACP is enabled in active mode on interfaces 1/ 1/ 1 and 1/ 1/ 2 as an
aggregated link. The configuration of Device2 is identical to that of Device1.
4. Display the LACP status:
device-name#show link-aggregation lacp
LACP di sabl ed on t he syst em
5. Enable the LACP:
device-name#configure terminal
device-name(config)#protocol
device-name(cfg protocol)#link-aggregation lacp enable
device-name(cfg protocol)#end
6. Display the LACP configuration:
device-name#show link-aggregation lacp
Syst emI D = 00 A0 12 03 04 05
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
7. Enable LACP on interface 1/ 1/ 1:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation lacp
8. Enable LACP on interface 1/ 1/ 2:
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#link-aggregation lacp
device-name(config-if 1/1/2)#end

T-Marc 300 Series User Guide


Page 35
Configuring Interfaces (Rev. 08)

9. Display the LACP configuration:
device-name#show link-aggregation lacp
Syst emI D = 00 A0 12 03 04 05
Syst empr i or i t y = 32768
========+========+=======+======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - +
1/ 1/ 1 | act i ve | 1 | 32768 |
1/ 1/ 2 | act i ve | 1 | 32768 |
========+========+=======+======+
10. If there is a link between the devices, the following results on each device are displayed:
device-name#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG01 | LACP | LACP1 | 1/ 1/ 1, 1/ 1/ 2 |
==========+========+=================+=====================
Complex LACP Configuration
The following example establishes two dynamic link aggregation groups between Device 1,
Devices2 and 3, as shown in Figure 3.

Figure 3: Example of Two LAGs Configured on the Same Device

T-Marc 300 Series User Guide


Page 36
Configuring Interfaces (Rev. 08)

Configuring Device 1:
On Device1, LACP is enabled in active mode on the following interfaces:
1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1 and 1/ 2/ 2, as an aggregated link to Device2
1/ 2/ 3 and 1/ 2/ 4, as an aggregated link to Device3
1. Enter Protocol Configuration mode and enable the LACP on Device1:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#link-aggregation lacp enable
Device1(cfg protocol)#end
2. Display the LACP configuration:
Device1#show link-aggregation lacp
Syst emI D = 00 00 02 03 04 05
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
3. Enable LACP on interfaces 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1, 1/ 2/ 2, 1/ 2/ 3 and 1/ 2/ 5:
Device1(config)#interface range 1/1/1-1/2/5
Device1(config-if-group)#link-aggregation lacp
Device1(config-if-group)#end
4. Display the LACP configuration:
Device1#show link-aggregation lacp
Syst emI D = 00 00 02 03 04 05
Syst empr i or i t y = 32768
========+========+=======+======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - +
1/ 1/ 1 | act i ve | 1 | 32768 |
1/ 1/ 2 | act i ve | 1 | 32768 |
1/ 2/ 1 | act i ve | 1 | 32768 |
1/ 2/ 2 | act i ve | 1 | 32768 |
1/ 2/ 3 | act i ve | 1 | 32768 |
1/ 2/ 5 | act i ve | 1 | 32768 |
========+========+=======+======+

T-Marc 300 Series User Guide


Page 37
Configuring Interfaces (Rev. 08)

Configuring Device 2:
On Device2, LACP is enabled in active mode on interfaces 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1 and 1/ 2/ 2, as an
aggregated link to Device1.
1. Enter Protocol Configuration mode and enable the LACP on Device2:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#link-aggregation lacp enable
Device2(cfg protocol)#end
2. Display the LACP configuration:
Device2#show link-aggregation lacp
Syst emI D = 00 a0 12 05 3a 80
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
3. Enable LACP on interfaces 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1 and 1/ 2/ 2:
Device2#configure terminal
Device2(config)#interface range 1/1/1-1/2/2
Device2(config-if-group)#link-aggregation lacp
Device2(config-if-group)#end
4. Display the LACP configuration:
Device2#show link-aggregation lacp
Syst emI D = 00 a0 12 05 3a 80
Syst empr i or i t y = 32768
========+========+=======+======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - +
1/ 1/ 1 | act i ve | 1 | 32768 |
1/ 1/ 2 | act i ve | 1 | 32768 |
1/ 2/ 1 | act i ve | 1 | 32768 |
1/ 2/ 2 | act i ve | 1 | 32768 |
========+========+======+======+

T-Marc 300 Series User Guide


Page 38
Configuring Interfaces (Rev. 08)

Configuring Device 3:
On Device3, LACP is enabled in active mode on interfaces 1/ 2/ 3 and 1/ 2/ 4, as an aggregated link
to Device 1.
1. Enter Protocol Configuration mode and enable the LACP on Device3:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#link-aggregation lacp enable
Device3(cfg protocol)#end
2. Display the LACP configuration:
Device3#show link-aggregation lacp
Syst emI D = 00 a0 12 10 94 c0
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
3. Enable LACP on interfaces 1/ 2/ 3 and 1/ 2/ 4:
Device3#configure terminal
Device3(config)#interface 1/2/3
Device3(config-if 1/2/3)#link-aggregation lacp
Device3(config-if 1/2/3)#interface 1/2/4
Device3(config-if 1/2/4)#link-aggregation lacp
Device3(config-if 1/2/4)#end
4. Display the LACP configuration:
Device3#show link-aggregation lacp
Syst emI D = 00 a0 12 10 94 c0
Syst empr i or i t y = 32768
========+========+=======+=======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - - +
1/ 2/ 3 | act i ve | 1 | 32768 |
1/ 2/ 4 | act i ve | 1 | 32768 |
========+========+=======+=======+


T-Marc 300 Series User Guide


Page 39
Configuring Interfaces (Rev. 08)

After the LACP operation the following results on each device are displayed:
Displaying Device 1 Configuration:
Device3#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG01 | LACP | LACP1 | 1/ 1/ 1, 1/ 1/ 2 |
AG02 | LACP | LACP2 | 1/ 2/ 3, 1/ 2/ 5 |
==========+========+=================+=====================
Displaying Device 2 Configuration:
Device2#show interface link-aggregation
==========+========+=================+=========================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - +
AG01 | LACP | LACP1 | 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1, 1/ 2/ 2|
==========+========+=================+=========================
Displaying Device 3 Configuration:
Device3#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG02 | LACP | LACP2 | 1/ 2/ 3, 1/ 2/ 4 |
==========+========+=================+=====================

T-Marc 300 Series User Guide


Page 40
Configuring Interfaces (Rev. 08)

Static LAG with RSTP
The following example shows how to establish two static LAGs between two devices.
This setup requires a mechanism such as RSTP to prevent the two LAGs from forming a loop. For
more information, refer to the ConfiguringRapidSpanningTreeProtocol (RSTP) chapter of this User
Guide.
The configuration of Device2 is identical to that of Device1. However, there are differences in the
RSTP configuration parameters, since RSTP automatically selects one device (Device 1 in our case)
as the root bridge and the other device (Device 2) as the designated bridge.

Figure 4: Example of Two Static LAGs with RSTP
Configuring Device 1:
1. Enable RSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#rapid-spanning-tree enable
Device1(cfg protocol)#end
2. Enable static LAG on interfaces 1/ 1/ 1 and 1/ 2/ 4:
Device1#configure terminal
Device1(config)#interface 1/1/1
Device1(config-if 1/1/1)#link-aggregation static id 1
Device1(config-if 1/1/1)#interface 1/2/4
Device1(config-if 1/2/4)#link-aggregation static id 1
3. Enable Static LAG on interfaces 1/ 2/ 7 and 1/ 2/ 8:
Device1(config-if 1/2/4)#interface 1/2/7
Device1(config-if 1/2/7)#link-aggregation static id 2
Device1(config-if 1/2/7)#interface 1/2/8
Device1(config-if 1/2/8)#link-aggregation static id 2
Device1(config-if 1/2/8)#end

NOTE
Repeat the above steps on device 2


T-Marc 300 Series User Guide


Page 41
Configuring Interfaces (Rev. 08)

Displaying Device 1 Configuration:
1. Display the static LAG configuration:
Device1#show interface link-aggregation static
=========+======+=======================+=======================
Agg# | Type | Management Name | Por t s
- - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - -
AG01 | STATI C| TRUNK1 | 1/ 1/ 1, 1/ 2/ 4
AG02 | STATI C| TRUNK2 | 1/ 2/ 7, 1/ 2/ 8
2. Display the RSTP parameters and Rapid Spanning-Tree topology:
Device1#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 41 ( Sec)
TopChanges = 2
Desi gnat edRoot = Thi s br i dge i s t he r oot
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed

===============================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - -
AG01 128 Desi gnat f r wr d 10000 0 32768. 00A0121102A3 128. 88 1
AG02 128 Desi gnat f r wr d 10000 0 32768. 00A0121102A3 128. 90 1
Displaying Device 2 Configuration:
1. Display the static LAG configuration:
Device2#show interface link-aggregation static
=========+======+=======================+=======================
Agg# | Type | Management Name | Por t s
- - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - -
AG01 | STATI C| TRUNK1 | 1/ 1/ 1, 1/ 2/ 4
AG02 | STATI C| TRUNK2 | 1/ 2/ 7, 1/ 2/ 8

T-Marc 300 Series User Guide


Page 42
Configuring Interfaces (Rev. 08)

2. Display the RSTP parameter settings and Rapid Spanning-Tree topology:
Device2#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 4 ( Sec)
TopChanges = 1
Desi gnat edRoot = 32768. 00: A0: 12: 11: 02: A3
Root Por t = AG01
Root Cost = 10
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed


===============================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - -
AG01 128 Root f r wr d 10000 0 32768. 00A0121102A3 128. 88 1
AG02 128 Al t er n di scr 10000 0 32768. 00A0121102A3 128. 90 1

T-Marc 300 Series User Guide


Page 43
Configuring Interfaces (Rev. 08)

Resilient Links
Overview
Resilient links allows protecting critical links and preventing network downtime. A resilient link
consists of a main link and a standby (backup) link together forming a resilient-link pair. Under
normal network conditions, the main link carries network traffic. In case of signal loss, the device
immediately enables the standby link which takes over the main links task. Since the switchover
time to the standby link is less than 1 second, there is no session timeout.
If the main link has a higher bandwidth than its standby or if the main link is configured as a
preferred one, traffic is switched back to the main link as soon as its connection is recovered.
Otherwise, you must manually switch traffic back to the main link.
Resilient Links Default Configuration
Table 12: Resilient Link Default Configuration
Parameter Default Value
Preferred port The port with the higher bandwidth.
Active port The port with the higher bandwidth, if both ports are up. If both
ports have the same bandwidth, the active port is the port with
the lower port number (for example, for ports 1/2/3 and 1/2/6 the
active port is 1/2/3).
Backup port status Power-on enabled.

T-Marc 300 Series User Guide


Page 44
Configuring Interfaces (Rev. 08)

Resilient Links Configuration Flow
Configuration Notes
When configuring resilient links, note the following:
You should define a resilient-link pair only on one end of the link. This provides the ability for
a full redundant network, even when connecting the device to other devices, such as routers
and servers.
If using the shutdown mode, configure it on one device (either local or remote).
If you configure a VLAN, the resilient link ports must belong to the same VLAN.
Adding a new port to an existing resilient link, synchronizes the ports VLAN to the resilient
links VLAN
If the ports do not use the same VLAN tagging system (802.1Q tagging), the VLAN tagging
of the first port is applied to the second port added.
You can configure a resilient link pair only if:
the ports have the same PVID
neither of the ports is part of a LAG
neither of the ports belongs to another resilient-link pair
Step by Step Configuration
To configure a resilient link, proceed as follows:
1. Enter the Resilient-link Configuration mode (see EnteringtheResilient Link ConfigurationMode)
2. Add a port pair as a resilient link (see AssigningPortstoa Resilient Link)
3. Optional Configuration:
Specify one of the ports of the resilient link as preferred (see Selectinga PreferredPort)
Switch the active port of the currently edited resilient link (see SwitchingtheActivePort)
Specify the backup link behavior (see SpecifyingtheBackupLink Behavior)

T-Marc 300 Series User Guide


Page 45
Configuring Interfaces (Rev. 08)

Resilient Links Configuration Commands
Table 13: Resilient Link Configuration Commands
Command Description
resilient-link Enters the Resilient-link Configuration mode (see Entering the
Resilient Link Configuration Mode)
ports Adds a port pair as a resilient link (see Assigning Ports to a Resilient
Link)

Table 14: Resilient Link Optional Commands
Command Description
prefer port Specifies one of the ports of the resilient link as preferred (see
Selecting a Preferred Port)
active port Changes the active port of the selected resilient link (see Switching
the Active Port)
backup-link shut-
down
Specifies the backup link behavior (see Specifying the Backup Link
Behavior)

Table 15: Resilient Link Display Commands
Command Description
show Displays a table of the configured resilient links (see Displaying
the Resilient Link Configuration)
show resilient-links Displays a table of the configured resilient links (see Displaying
the Resilient Link Configuration)
show counter Displays how many swaps each resilient link has undergone in
the current session (see Displaying Resilient Link Counters)
show resilient-links
counter
Displays how many swaps each resilient link has undergone in
the current session (see Displaying Resilient Link Counters)

T-Marc 300 Series User Guide


Page 46
Configuring Interfaces (Rev. 08)

Entering the Resilient Link Configuration Mode
The resilient-link command enables the resilient link feature and enters the Resilient-link
Configuration mode.
You can use this command within one resilient-links configuration mode to enter a different
resilient link configuration.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#resilient-link <N>
device-name(config-resil-link N)#

device-name(config-resil-link N1)#resilient-link <N2>
device-name(config)#no resilient-link <N>
Argument Description
N The resilient links number in the range of <132>.
no Removes the specified resilient link.
Example
device-name(config)#resilient-link 1
device-name(config-resil-link 1)#
Assigning Ports to a Resilient Link
The ports command assigns a pair of ports to a resilient link.
CLI Mode: Resilient-link Configuration
Command Syntax
device-name(config-resil-link N)#ports UU1/SS1/PP1 UU2/SS2/PP2
Argument Description
UU1/SS1/PP1 The first resilient link port number.
UU2/SS2/PP2 The second resilient link port number.

T-Marc 300 Series User Guide


Page 47
Configuring Interfaces (Rev. 08)

Selecting a Preferred Port
The prefer port command specifies one port as the preferred resilient-link port.
The preferred port is the active port as long as it has a link and traffic is switched back to this port
when its connection is recovered.
CLI Mode: Resilient-link Configuration
By default, the port with the higher bandwidth (operational speed). If both ports have the same
bandwidth, no port is the preferred one.
Command Syntax
device-name(config-resil-link N)#prefer port UU/SS/PP
device-name(config-resil-link N)#no prefer port
Argument Description
UU/SS/PP The preferred port number.
no Cancels the port preference.
Switching the Active Port
The active port command changes the current active port (the port currently carrying traffic) of
the selected resilient link.

NOTE
You can use this command only if you did not define a preferred port.

CLI Mode: Resilient-link Configuration
By default, (in case the two ports have the same bandwidth capacity and no preferred port was
defined) the first port added to the resilient link using the ports command.
Command Syntax
device-name(config-resil-link N)#active port UU/SS/PP
Argument Description
UU/SS/PP The active port number.

T-Marc 300 Series User Guide


Page 48
Configuring Interfaces (Rev. 08)

Specifying the Backup Link Behavior
The backup-link shut-down command specifies the standby link behavior:
4. The port is powered off (the ports LED is off). Use this option when transmitting to a non-
resilient link device.
5. The port is powered on (the ports LED is on). Use this option when transmitting to a resilient
link on a remote device.
CLI Mode: Resilient-link Configuration
Command Syntax
device-name(config-resil-link N)#backup-link shut-down
device-name(config-resil-link N)#no backup-link shut-down
Argument Description
no Powers on the standby port.
Displaying the Resilient Link Configuration
The show and show resilient-links commands display the list of configured resilient links.
The command output displays the resilient-link ID, the resilient links ports, the preferred port (if
defined), the standby link behavior, and the current active link.
CLI Mode: Resilient-link Configuration and Privileged (Enable)
Command Syntax
device-name(config-resil-link N)#show [N1 | N1 N2]
device-name#show resilient-links [N1 | N1 N2]
Argument Description
N1
(Optional). The resilient links ID number.
N1 N2
(Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links:
device-name(config-resil-link 1)#show
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 1 | 1/ 2/ 1 | 1/ 2/ 2 | 1/ 2/ 1 | shut down| 1/ 2/ 1 |
| 2 | 1/ 2/ 3 | 1/ 2/ 4 | | st andby | 1/ 2/ 4 |
=====================================================

T-Marc 300 Series User Guide


Page 49
Configuring Interfaces (Rev. 08)

Displaying Resilient Link Counters
The show counter command and the show resilient-links counter command display how
many swaps each resilient link has undergone in the current session.
CLI Mode: Resilient-link Configuration and Privileged (Enable)
Command Syntax
device-name(config-resil-link N)#show counter [N1 | N1 N2]

device-name#show resilient-link counter [N1 | N1 N2]
Argument Description
N1
(Optional). The resilient links ID number.
N1 N2
(Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links:
device-name(config-resil-link 1)#show
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 1 | 1/ 1/ 1 | 1/ 1/ 2 | 1/ 1/ 1 | shut down| 1/ 1/ 1 |
| 2 | 1/ 2/ 5 | 1/ 2/ 6 | | st andby | 1/ 2/ 5 |
| 3 | 1/ 2/ 3 | 1/ 2/ 4 | | st andby | 1/ 2/ 3 |
=====================================================
Example 2
Displaying information on specific resilient link #3:
device-name(config-resil-link 1)#show 3
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 3 | 1/ 2/ 3 | 1/ 2/ 4 | | st andby | |
=====================================================
Example 3
Displaying information on the configured resilient links in the range #1 to #2:
device-name#show resilient-links 1 2
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 1 | 1/ 1/ 1 | 1/ 1/ 2 | 1/ 1/ 1 | st andby | 1/ 1/ 1 |
| 2 | 1/ 2/ 5 | 1/ 2/ 6 | | st andby | 1/ 2/ 5 |
=====================================================

T-Marc 300 Series User Guide


Page 50
Configuring Interfaces (Rev. 08)

Configuration Example
The following figure shows a simple network diagram of the resilient link on an Ethernet LAN.

Figure 5: Example of a Resilient Link Topology
1. Enter Resilient-link Configuration mode:
device-name(config)#resilient-link 2
2. Set ports 1/ 1/ 1 and 1/ 2/ 1 as Resilient Links:
device-name(config-resil-link 2)#ports 1/1/1 1/2/1
3. Set the port 1/ 2/ 1 to be preferred:
device-name(config-resil-link 2)#prefer port 1/2/1
4. Display the Resilient Link configuration:
device-name(config-resil-link 2)#show
=======================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - |
| 2 | 1/ 1/ 1 | 1/ 2/ 1 | 1/ 2/ 1 | st andby | 1/ 2/ 1 |

T-Marc 300 Series User Guide


Page 51
Configuring Interfaces (Rev. 08)

Port Security Techniques
Overview
The Port Securityfeature restricts an interface or VLAN input by limiting and identifying MAC
addresses of devices allowed to access the interface/ VLAN.
When a secured port receives a packet, it compares the packets source MAC address to the secured
MAC address list.
If the packets source MAC address is in the list, the incoming packet is forwarded.
If the packets source MAC address is not in the secured list, the port does not forward the
packet. In this case, the port either shuts down permanently or drops incoming packets from
the unauthorized device, generating an SNMP trap.
You can configure two types of secured MAC addresses:
Static secured MAC addresses created manually by the mac-address-table command (for
more information, refer to the DeviceAdministrationchapter of this User Guide). These
addresses are stored in the address table and added to the devices running configuration
Dynamic secured MAC addresses that are learned dynamically learned. These addresses are
stored in the address table but are removed when the device restarts.

NOTE
Secured MAC addresses do not age.

T-Marc 300 Series User Guide


Page 52
Configuring Interfaces (Rev. 08)

The Port Security Default Configuration
Table 16: Port Security Default Configuration
Parameter Default Value
Port security Disabled
Port security action Trap
Learning the filtered MAC addresses Disabled
The Port Security Configuration Commands
Table 17: Port Security Configuration Commands
Command Description
port security Configures port security (see Configuring Port Security)
port security enable-
shutdown-port
Re-enables a port that shuts down due to a security violation
(see Re-Enabling a Shut Down Port)

Table 18: Port Security Display Commands
Command Description
show port security Displays the security status of a specific port (see Displaying the
Port Security Configuration)

T-Marc 300 Series User Guide


Page 53
Configuring Interfaces (Rev. 08)

Configuring Port Security
The port security command configures port security on a specific interface or interface range.

NOTE
When configuring port security on a port, the initial frame is lost since the first
packet received from any source is used solely for learning its MAC address.

NOTE
When a packet with a secured source MAC address matches more than one port
security setting, the port security per port and VLAN has precedence over the port
security per port.
By default:
filtered MAC addresses are learned in the MAC address table
SNMP trap and a log message are generated when a security violation occurs
all MAC addresses are learned as secured
Command Syntax
device-name(config-if UU/SS/PP)#port security [max-mac-count <number-of-
addresses> [filter-learn-disable]] [vlan <vlan-id>]

device-name(config-if UU/SS/PP)#no port security [max-mac-count [filter-learn-
disable]] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port security all
device-name(config-if UU/SS/PP)#port security action {shutdown | trap} [vlan
<vlan-id>]
device-name(config-if UU/SS/PP)#no port security action {shutdown | trap} [vlan
<vlan-id>]

device-name(config-if-group)#port security [max-mac-count <number-of-addresses>
[filter-learn-disable]] [vlan <vlan-id>]

device-name(config-if-group)#no port security [max-mac-count [filter-learn-
disable]] [vlan <vlan-id>]
device-name(config-if-group)#no port security all

device-name(config-if-group)#port security action {shutdown | trap} [vlan
<vlan-id>]
device-name(config-if-group)#no port security action {shutdown | trap} [vlan
<vlan-id>]

T-Marc 300 Series User Guide


Page 54
Configuring Interfaces (Rev. 08)

Argument Description
The argumentsare mutually exclusive. You can specify an action (shutdown or trap) in one port
security command and specify the maximum number of secured MAC addresses (max-mac-
count) in a second port security command for the same port. Both settings are effective.
action {shutdown |
trap}
Defines the port reaction upon a security violation:
The port shuts down
An SNMP trap and log message are generated
max-mac-count
<number-of-
addresses>
(Optional). The maximum numbers of secured MAC addresses the
port supports, in the range of <12048>.
In this case, an attempt to exceed the maximum-allowed secured
MAC addresses on the port produces an address violation event.
NOTE
Enable new MAC address learning prior to using this
argument to ensure its proper function (see the
Device Administration chapter of this User Guide).
When MAC address learning is not enabled the
following warning message is displayed: Warning!
Port security may not work correctly since
learning is disabled on the port.
filter-learn-
disable
(Optional). The filtered MAC addresses are not learned in the MAC
address table.
vlan <vlan-id> (Optional). Enables port security on the specified VLAN the port is a
member of. The VLAN ID number is in the range of <24094>.
no Restores to default.
NOTE
Using the no por t secur i t y act i on t r ap command
stops the SNMP trap generation when a security violation
occurs.
Example 1
The following example disables learning of the violating MAC address in the MAC address table:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 15 filter-learn-
disable
Example 2
The following example displays how to secure port 1/ 2/ 3 for VLAN 5 with a maximum of 5
secured MAC addresses:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 5 vlan 5

T-Marc 300 Series User Guide


Page 55
Configuring Interfaces (Rev. 08)

Re-Enabling a Shut Down Port
The port security enable-shutdown-port command re-enables a port shut down due to a
security violation.
CLI Mode:
Interface Configuration and Range Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#port security enable-shutdown-port [vlan <vlan-
id>]
device-name(config-if-group)#port security enable-shutdown-port [vlan <vlan-
id>]
Argument Description
vlan <vlan-id>
(Optional). Re-enables the port also on the VLAN this port is a member of.
The VLAN ID number is in the range of <14094>.
Displaying the Port Security Configuration
The show port security command displays the port security configuration for all device ports.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show port security [UU/SS/PP] [vlan <vlan-id>]
Argument Description
UU/SS/PP (Optional). Displays the port security configuration of a specified port.
vlan <vlan-id>
(Optional). Displays the port security configuration of a specified VLAN.
Example 1
The following example shows the port security configuration on port 1/ 1/ 1 and VLAN 5 when
the allowed numbers of secured MAC addresses is 5:
device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5
device-name(config-if 1/1/1)#end
device-name#show port security
| ===================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - +- - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 1/ 1 | 5 | t r ap | 5 | 0 | 0 | enabl ed|

T-Marc 300 Series User Guide


Page 56
Configuring Interfaces (Rev. 08)

Example 2
The following example details how to enable port security on port 1/ 1/ 1 per VLAN 5, set a
maximum of 5 MAC addresses, and set the action to shutdown:
device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5
device-name(config-if 1/1/1)#port security action shutdown vlan 5
device-name(config-if 1/1/1)#end
device-name#show port security
| ===================================================================|
| por t # | vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - +- - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 1/ 1 | 5 | shut down| 5 | 0 | 0 | enabl ed|
After sending traffic with tag 5 on port 1/ 1/ 1 with more than 5 source MAC addresses, only 5
MAC addresses are learned and the port is disabled:
device-name#show port security
| ===================================================================|
| por t # | vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - |
| 1/ 1/ 1 | 5 | shut down| 5 | 5 | 0 | di sabl ed|
Example 3
The following example details how to set the port security on port 1/ 2/ 4 with a maximum of 20
secured MAC addresses. The example also details how to set a maximum of 10 secured MAC
addresses per port and VLAN:
device-name(config-if 1/2/4)#port security max-mac-count 20
device-name(config-if 1/2/4)#port security max-mac-count 10 vlan 100
device-name(config-if 1/2/4)#end
device-name#show port security
| ===================================================================|
| por t # | vi d | act i on| max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - - - - - +- - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 2/ 4 | al l vl ans| t r ap | 20 | 0 | 0 | enabl ed|
| 1/ 2/ 4 | 100 | t r ap | 10 | 0 | 0 | enabl ed|

device-name#show port security 1/2/4 vlan 100
VLAN 100:
The por t / vl an i s : secur ed
St at e : enabl ed
Act i on : send a t r ap
Li mi t Type: : l ear n as f i l t er ed
Max secur ed addr esses = 10
Cur r ent secur ed addr esses = 0
Cur r ent f i l t er ed addr esses = 0

T-Marc 300 Series User Guide


Page 57
Configuring Interfaces (Rev. 08)

Configuration Examples
Defining Port Security with Dynamic Learned MAC Addresses
The following example configures various port security settings for ports 1/ 1/ 2, 1/ 1/ 3, and 1/ 1/ 4
for all VLANs.
1. Enable port security with default settings on port 1/ 2/ 2. All the MAC addresses are learned as
secure.
device-name#configure terminal
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#port security
2. Enable port security on port 1/ 2/ 3 with action shutdown and a maximum of six MAC
addresses. After six MAC addresses are learned as secure, any additional MAC address sent to
this interface causes the interface to shut down:
device-name(config-if 1/2/2)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 6
device-name(config-if 1/2/3)#port security action shutdown
3. Enable port security on port 1/ 2/ 4 with a maximum of six MAC addresses. After six MAC
addresses are learned as secure, the following MAC addresses are learned as filtered and a
security violation trap is generated:
device-name(config-if 1/2/3)#interface 1/2/4
device-name(config-if 1/2/4)#port security max-mac-count 6
device-name(config-if 1/2/4)#end
4. The configured settings are displayed by the show command in Privileged mode as follows:
device-name#show port security
| ======================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - | - - - - - - - |
| 1/ 2/ 2| al l vl ans| t r ap | unl i mi t ed | 0 | 0 | enabl ed|
| 1/ 2/ 3| al l vl ans| shut down| 6 | 0 | 0 | enabl ed|
| 1/ 2/ 4| al l vl ans| t r ap | 6 | 0 | 0 | enabl ed|

T-Marc 300 Series User Guide


Page 58
Configuring Interfaces (Rev. 08)

Defining Port Security with Static MAC Addresses
The following example sets a maximum three addresses and sends SNMP traps in the event of
over-learning.
1. Configure the SNMP trap host to receive traps:
device-name#configure terminal
device-name(config)#snmp-server enable
device-name(config)#snmp-server view viewAll 1.3 included
device-name(config)#snmp-server group notify_only v1 read none write none
notify viewAll
device-name(config)#snmp-server user notify_user group notify_only v1
device-name(config)#snmp-server target-param MyParam notify_user v1
device-name(config)#snmp-server target-addr blaaddr1 10.2.3.44 162 MyParam
tag_1
device-name(config)#snmp-server notify portSecurityViolation tag_1
2. Configure the port 1/ 2/ 2 to learn a maximum of three MAC addresses.
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#port security max-mac-count 3
device-name(config-if 1/2/2)#exit
3. Return to Global Configuration mode and define three MAC addresses to be learned:
device-name(config)#mac-address-table secure 00:02:4b:82:60:e2 interface
1/2/2 vlan 2
device-name(config)#mac-address-table secure 00:02:55:58:0d:8c interface
1/2/2 vlan 2
device-name(config)#mac-address-table secure 00:02:55:98:52:f4 interface
1/2/2 vlan 2
4. In Privileged (Enable) mode, check that the MAC addresses are learned:
device-name(config)#exit
device-name#show mac-address-table
+===========+===================+=========+===========+==========
| vi d | mac | por t | st at us | pr i or i t y
+- - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - -
| 0000 | 00: a0: 12: 07: 13: 29| | sel f | 0
| 0001 | 00: a0: 12: 07: 13: 29| | sel f | 0
| 0002 | 00: 02: 4b: 82: 60: e2| 1/ 2/ 2 | secur e | 0
| 0002 | 00: 02: 55: 58: 0d: 8c| 1/ 2/ 2 | secur e | 0
| 0002 | 00: 02: 55: 98: 52: f 4| 1/ 2/ 2 | secur e | 0
| 0002 | 00: 40: 95: 30: 0b: f 8| 1/ 2/ 3 | dynami c | 0

T-Marc 300 Series User Guide


Page 59
Configuring Interfaces (Rev. 08)

5. Check the port security definitions:
device-name#show port security 1/2/2
ALL VLANS:
The por t i s : secur ed
St at e : enabl ed
Act i on : send a t r ap
Li mi t Type: : l ear n as f i l t er ed
Max secur ed addr esses = 3
Cur r ent secur ed addr esses = 3
Cur r ent f i l t er ed addr esses = 0
Re-Enabling Shut-down Ports
The following example sets the maximum number of secure addresses to five. The example details
how to re-enable a port that is shut down due to a security violation.
1. Configure port 1/ 2/ 4 as secured, learning maximum 5 secure addresses, and shutting down in
case of a security violation:
device-name#configure terminal
device-name(config)#interface 1/2/4
device-name(config-if 1/2/4)#port security max-mac-count 5
device-name(config-if 1/2/4)#port security action shutdown
device-name(config-if 1/ 2/ 4)#end

device-name#show port security
| ===================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 2/ 4| al l vl ans| shut down| 5 | 1 | 0 | enabl ed|
2. Allow the port to learn 10 addresses and inspect what show port security displays. The
port has learned 5 addresses as secure and the rest as filtered. The ports current state is
disabled (shut down):
device-name#show port security
| ====================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - |
| 1/ 2/ 4| al l vl ans| shut down| 5 | 5 | 5 | di sabl ed|

T-Marc 300 Series User Guide


Page 60
Configuring Interfaces (Rev. 08)

3. Re-enable the port:
device-name#configure terminal
device-name(config)#interface 1/2/4
device-name(config-if 1/2/4)#port security enable-shutdown-port
device-name(config-if 1/2/4)#end
device-name#show port security
| ===================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 2/ 4| al l vl ans| shut down| 5 | 5 | 5 | enabl ed|

device-name#show port security 1/2/4
Al l Vl ans:
The por t i s : secur ed
St at e : enabl ed
Act i on : shut down
Max secur ed addr esses = 5
Cur r ent secur ed addr esses = 5
Cur r ent f i l t er ed addr esses = 5

T-Marc 300 Series User Guide


Page 61
Configuring Interfaces (Rev. 08)

The Port Limit Feature
Overview
The Port Limit feature limits the number of MAC addresses learned by a port. When enabling this
feature:
MAC addresses within the limit are learned as dynamic
MAC addresses that exceed the limit are learned as filtered MAC addresses.
Port Limit Default Configuration
Table 19: Port Limit Default Configuration
Parameter Default Value
Port limit Disabled
Port Limit Commands
Table 20: Port Limit Configuration Commands
Command Description
port limit Configures a limit on the number of learned MAC addresses on
a physical interface or a group of interfaces (see Limiting MAC
Addresses a Port)

Table 21: Port Limit Display Commands
Command Description
show port limit Displays the port limit configuration for all device ports (see
Displaying the Port Limit Configuration)

T-Marc 300 Series User Guide


Page 62
Configuring Interfaces (Rev. 08)

Limiting MAC Addresses a Port
The port limit command limits the number of learned MAC addresses on a physical interface or
a group of interfaces.
CLI Mode: Interface Configuration and Range Interface Configuration

NOTE
When configuring port limit on a port, the initial frame is lost since the first packet
received from any source is used solely for learning its MAC address.

NOTE
A secured port does not support the port limit functionality.
By default, the port limit feature is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#port limit max-mac-count <max-count> [filter-
learn-disable] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port limit [max-mac-count filter-learn-
disable] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port limit all

device-name(config-if UU/SS/PP)#port limit forward-unknown
device-name(config-if UU/SS/PP)#no port limit forward-unknown

device-name(config-if-group)#port limit max-mac-count <max-count> [filter-
learn-disable] [vlan <vlan-id>]
device-name(config-if-group)#no port limit [max-mac-count filter-learn-disable]
[vlan <vlan-id>]

device-name(config-if-group)#port limit forward-unknown
device-name(config-if-group)#no port limit forward-unknown

device-name(config-if-group)#no port limit all
Argument Description
max-mac-count <max-
count>
The number of MAC addresses the port is allowed to learn, in the
range of <12048>.
NOTE
Enable new MAC address learning prior to using this
argument to ensure its proper function (see the
Device Administration chapter of this User Guide).
When MAC address learning is not enabled the
following warning message is displayed: Warning!
Port limit may not work correctly since
learning is disabled on the port.
filter-learn-
disable
(Optional). The filtered MAC addresses are not learned in the MAC
address table.

T-Marc 300 Series User Guide


Page 63
Configuring Interfaces (Rev. 08)

MAC addresses are learned in the MAC address table
vlan <vlan-id>
(Optional). Enables port limit on the specified VLAN the port is a
member of. The VLAN ID number is in the range of <14094>.
forward-unknown
Forwards unknown egress traffic on a port when this port is
secured/limited. This command can be used together with the
port security command to allow egress flooding.
no
Restores to default.
NOTE
Using the no por t l i mi t al l command removes port
limit on a port per all VLANs.
Example
The following example disables learning of the violating MAC address in the MAC address table.
The filtered MAC addresses corresponding to VLAN 20 are not learned on port 1/ 2/ 3.
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port limit max-mac-count 15 filter-learn-disable
vlan 20
Displaying the Port Limit Configuration
The show port limit command displays the port limit configuration for all device ports.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show port limit [UU/SS/PP] [vlan <vlan-id>]
Argument Description
UU/SS/PP
(Optional). Displays the port limit configuration of a specified port.
vlan <vlan-id>
(Optional). Displays the port limit configuration of a specified VLAN.
Example 1
device-name#show port limit
===========================================================
| por t num | vl an | max- mac- count | cur r ent mac- count
- - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - -
1/ 2/ 3 20 15 0
Example 2
device-name#show port limit 1/2/3
VLAN 20:
The por t / vl an i s : l i mi t ed
Li mi t t ype : l ear n as f i l t er ed
Max l i mi t ed addr esses = 15

T-Marc 300 Series User Guide


Page 64
Configuring Interfaces (Rev. 08)

Cur r ent l i mi t ed addr esses = 0

T-Marc 300 Series User Guide


Page 65
Configuring Interfaces (Rev. 08)

Interfaces Management
Overview
The interface management feature allows system administrators to isolate the devices management
traffic from the normal data traffic. This way they can eliminate unauthorized users and malicious
attacks to the device.
Disabling port management disallows:
Telnet to the device
SSH to the device
SNMP management
SNMP traps and informs
Ping to the device
TFTP download or upload
Outgoing Syslog messages
Interfaces Management Commands
Table 22: Interface management Commands
Command Description
port management Limits the device management access only to ports that you
specify in the PORT LIST (see Setting Management Ports)
show port management Displays which ports provide management access (see Displaying
Management Ports)

Setting Management Ports
The port management command limits the device management access only to specified ports.
NOTE
Ensure that your PC is connected to a management enabled port prior to disabling
management on ports.

NOTE
You can also disable management on a VLAN (refer to the Configuring VLANs and
Super VLANs chapter of this User Guide). Management traffic on a VLAN is
allowed on a member port only if management is enabled both on the port and the
VLAN.

CLI Mode: Global Configuration
By default, management of the device is accessible on all ports.

T-Marc 300 Series User Guide


Page 66
Configuring Interfaces (Rev. 08)

Command Syntax
device-name(config)#port management PORT-LIST
device-name(config)#no port management PORT-LIST
Argument Description
PORT-LIST
Specifies one or more port numbers. Use commas as separators and hyphens
to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).
no
Specifies a list of ports prohibited from management access.
Displaying Management Ports
The show port management command displays the ports that provide management access to the
device.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show port management
Example
device-name#show port management
Management por t s: 1/ 2/ 1, 1/ 2/ 2


T-Marc 300 Series User Guide


Page 67
Configuring Interfaces (Rev. 08)

Alarm Propagation Feature
Overview
Alarm Propagation is a fault detection feature that identifies faults in network uplinks and
alarms downstream devices. When the uplink interface goes down, the user interfaces are also shut
down and the customer device stops sending traffic over the original route, until the authorized
person becomes aware of the alarm.
The customer device can attempt to forward traffic over another available (alternative) route.
Alarm Propagation Commands
Table 23: Alarm Propagation Commands
Command Description
alarm-status-
inherit source-port
Enables the alarm propagation process on a group of interfaces or a
group of aggregated interfaces (see Enabling Alarm Propagation )
show alarm-inherit Displays the alarm propagation configuration (see Displaying the
Alarm Propagation)
Enabling Alarm Propagation
The alarm-status-inherit source-port command enables the alarm propagation process on a
group of interfaces or a group of aggregated interfaces that will be shut down when the network
uplink goes down.
CLI Mode: Interface Configuration

NOTE
Notes and limitations:
If all alarm-inherit configurations on a port are either a user (downlink) or
uplink, for example a port cannot be uplink in part of the configurations and
user in the rest of them.
An alarm-inheriting (user) port cannot be part of a resilient link nor can port
security with shutdown-violation-action be configured on it.
Command Syntax
device-name(config-if UU/SS/PP)#alarm-status-inherit source-port {PORT-LIST |
PORT-AG-LIST}
device-name(config-if UU/SS/PP)#no alarm-inherit

T-Marc 300 Series User Guide


Page 68
Configuring Interfaces (Rev. 08)

Argument Description
PORT-LIST Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).
PORT-AG-LIST Specifies the list of LAG names (for example AG01, AG04AG06).
The LAG ID is in the range <17>.
no Disables the Alarm Propagation.
Displaying the Alarm Propagation
The show alarm-inherit command displays the alarm propagation configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show alarm-inherit
Example
device-name#show alarm-inherit
| ==================================================|
| por t # | pr opagat i ng al ar mf or upl i nk por t s |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 1/ 2/ 1 | 1/ 1/ 2

T-Marc 300 Series User Guide


Page 69
Configuring Interfaces (Rev. 08)

Configuration Example
The following example (Figure6) shows how to the set alarm propagation feature:

Figure 6: Alarm Propagation Configuration Example
1. Set user port 1/ 2/ 1 link state to be dependent upon the state of uplink port 1/ 1/ 2 (inherit
alarm on the uplink port):
DeviceC#configure terminal
DeviceC(config)#interface 1/2/1
DeviceC(config-if 1/2/1)#alarm-status-inherit source-port 1/1/2
DeviceC(config-if 1/2/1)#end

DeviceC#show alarm-inherit
| ==================================================|
| por t # | pr opagat i ng al ar mf or upl i nk por t s |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 1/ 2/ 1 | 1/ 1/ 2

T-Marc 300 Series User Guide


Page 70
Configuring Interfaces (Rev. 08)

2. Verify the port states and configuration. Port 1/ 2/ 1 inherits on the state of port 1/ 1/ 2.Initially
the two ports are up:
DeviceC#show interface 1/1/2
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = up
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 10000
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632

DeviceC#show interface 1/2/1
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = up
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 10000
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632

T-Marc 300 Series User Guide


Page 71
Configuring Interfaces (Rev. 08)

3. Disconnect port 1/ 1/ 2 forces port link state 1/ 2/ 1 to go also down:
DeviceC#show interface 1/1/2
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = down
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = unknown
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632

DeviceC#show interface 1/2/1
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = down
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = unknown
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632

T-Marc 300 Series User Guide


Page 72
Configuring Interfaces (Rev. 08)

Supported Platforms
Features T-Marc 340 T-Marc 380
Fast Ethernet and Giga Ethernet Port + +
Link Aggregation Groups (LAGs) + +
Resilience Links + +
Port Security Techniques + +
Alarm Propagation + +
Supported Standards, MIBs, and RFCs
Features Standards MIBs RFCs
Fast Ethernet
and Giga
Ethernet Port
IEEE 802.3 Ethernet
IEEE 802.3u Fast
Ethernet
IEEE 802.3x Flow
Control
IEEE 802.3z Gigabit
Ethernet
Public MIBs:
RFC 1213, Management
Information Base for
Network Management of
TCP/IP-based
internets:MIB-II
(qwerinterface table and
onfigL2IfaceTable)
RMON MIB
Private MIB, prvt_switch.mib
RFC 2863 The
Interfaces Group
MIB
(configL2IfaceTable
and interface table)
Link Aggregation
Groups (LAGs)
IEEE 802.3ad Private MIB,
prvt_Ports_Aggregation.mib
No RFCs are
supported by this
feature.
Resilience Links No standards are
supported by this
feature.
Private MIB,
prvt_resilient_link.mib
No RFCs are
supported by this
feature.
Port Security
Techniques
No standards are
supported by this
feature.
No MIBs are supported by
this feature.
No RFCs are
supported by this
feature.
Alarm
Propagation
IEEE 802.3 Ethernet
IEEE 802.3u Fast
Ethernet
IEEE 802.3x Flow
Control
IEEE 802.3z Gigabit
Ethernet
Public MIBs:
RFC 1213, Management
Information Base for
Network Management of
TCP/IP-based
internets:MIB-II
(qwerinterface table and
onfigL2IfaceTable)
RMON MIB
Private MIB, prvt_switch.mib
RFC 2863 The
Interfaces Group
MIB
(configL2IfaceTable
and interface table)


Page 1
Configuring VLANs and Super VLANs (Rev. 07)

Configuring VLANs and Super VLANs
Table of Figures 3
Features Included in this Chapter 4
Virtual LANs 5
Overview 5
The VLAN Tagging Benefits 5
VLAN Traffic Behavior 6
VLAN Tagging and Ingress Traffic 6
VLAN Tagging and Egress Traffic 7
VLAN Default Configuration 8
VLAN Configuration Flow 9
VLAN Configuration Commands 10
Entering the VLAN Configuration Mode12
Creating a New VLAN12
Entering an Existing VLAN Configuration Mode12
Adding Ports to a VLAN13
Adding Ports to a Default VLAN14
Creating a Range of VLANs 14
Securing Management Access Based on VLAN ID15
Modifying the CPU Port Membership16
Removing the CPU Port16
Deleting a VLAN (by VLAN Name) 17
Deleting a VLAN (by VLAN ID) 17
Deleting a Range of VLANs18
Removing Ports from a VLAN19
Removing Ports from a Default VLAN20
Displaying the VLAN Configuration20
Displaying VLAN Management Information20
T-Marc 300 Series User Guide

Page 2
Configuring VLANs and Super VLANs (Rev. 08)

Configuration Examples21
VLAN Configuration Example21
Management VLAN Configuration Example31
Super VLANs33
Overview33
Super VLAN Types 34
The Super VLAN Default Configuration35
The Super VLAN Configuration Commands35
Defining a Super VLAN35
Configuring the Super VLAN Ring Topology36
Displaying the Super VLAN Configuration36
Configuration Examples37
Super VLAN Configuration Example37
Super VLAN with Aggregated Uplink Configuration Example39
Super VLAN Ring Topology Configuration41
Supported Platforms44
Supported Standards, MIBs and RFCs44
T-Marc 300 Series User Guide

Page 3
Configuring VLANs and Super VLANs (Rev. 08)

Table of Figures
Figure 1: IEEE 802.1Q Frame Tag Structure 6
Figure 2: VLANs in Ingress Traffic 7
Figure 3: VLANs in Egress Traffic 7
Figure 4: VLAN Configuration Flow 9
Figure 5: VLAN Configuration Example21
Figure 6: Management VLAN Configuration Example31
Figure 7: Switching Decisions without the Super VLAN Agent 33
Figure 8: Switching Decisions with the Super VLAN Agent33
Figure 9: Super VLAN Ring Mode Configuration Example34
Figure 10: Super VLAN Configuration37
Figure 11: Super VLAN Configuration with LAG Uplink39
Figure 12: Super VLAN Ring Topology Example41
T-Marc 300 Series User Guide

Page 4
Configuring VLANs and Super VLANs (Rev. 08)

Features Included in this Chapter
This chapter provides an overall understanding of Virtual Local Area Network (VLAN) concepts,
including different configuration examples.
The chapter contains the following sections:
Virtual LANs
VLANs are used to group users traffic with common requirements, as if they were on the
same LAN although they may be in separate physical locations. The key benefit of
VLANs is its flexibility in allowing any logical LAN to be implemented on any physical
infrastructure.
Super VLANs
The Super VLAN is a mechanism for aggregating VLANs that share the same default
router address and subnet mask, but remain isolated from one another's network traffic.
T-Marc 300 Series User Guide

Page 5
Configuring VLANs and Super VLANs (Rev. 08)

Virtual LANs
Overview
VLAN tagging is a standard designed for grouping hosts with common requirements, allowing
them to communicate as if they were on the same LAN regardless of their physical location. This
allows a logical partition of a physical LAN into different broadcast domains.
This standard also ensures that VLAN traffic is isolated from hosts that are not members of the
VLAN.
This technology is based on tagging Ethernet frames with VLAN IDs, assigning each user to a
specific VLAN. This prohibits Layer 2 mutual access between workgroups with different VLAN
IDs.
The VLAN Tagging Benefits
Implementing VLANs on the network has the following advantages:
Flexibilitywhen a user moves to a different broadcast domain, the system administrator only
has to reconfigure the port the user is connected to.
SecurityVLANs provide a greater degree of security than a traditional LAN since data
packets of one VLAN are not transmitted to a different VLAN.
ScalabilityVLANs are not limited to a single device, spanning over an enterprise
organization or a WAN link.
Service per VLANyou can use separate VLANs for different services and features
corresponding to each VLAN.
T-Marc 300 Series User Guide

Page 6
Configuring VLANs and Super VLANs (Rev. 08)

VLAN Traffic Behavior
VLAN tagging inserts a VLAN ID into the Ethernet frame header, associating each frame with a
specific VLAN. Using this method, the port that interconnects devices can carry traffic for multiple
VLANs over the same physical connection.

Figure 1: I EEE 802.1Q Frame Tag Structure
A port can be a member of one or more VLANs. However, only one of these VLANs can be the
ports default VLAN. Initially all the device ports are members of a VLAN named Default (VLAN
ID 1).
Ports assigned to different VLANs can communicate only through routing (and not on Layer 2).
VLAN Tagging and Ingress Traffic
The VLAN membership and the ports default VLAN affect the incoming (ingress) traffic process
as follows:
When the traffic has a VLAN tagging:
if the port is a member of the VLAN, it processes the traffic
otherwise, the port drops this traffic
If the traffic has no VLAN tagging, the port adds its default VLAN ID to the frames and
processes them accordingly.
T-Marc 300 Series User Guide

Page 7
Configuring VLANs and Super VLANs (Rev. 08)


Figure 2: VLANs in I ngress Traffic
VLAN Tagging and Egress Traffic
In addition to the VLANs a port is assigned to, the system administrator defines whether the port is
a tagged or an untagged member of a specified VLAN. This affects the outgoing (egress) traffic
process:
If the port is an untagged member of a VLAN, it removes the VLAN ID tagging from these
VLANs frames before forwarding them
If the port is a tagged member of a VLAN, it forwards these VLANs frames with their
VLAN ID (without changing the frames)

Figure 3: VLANs in Egress Traffic

T-Marc 300 Series User Guide

Page 8
Configuring VLANs and Super VLANs (Rev. 08)

VLAN Default Configuration
Table 1: VLAN Default Configuration
Parameter Default Value
All ports VLAN VLAN 1
PVID of all ports VLAN 1
VLAN management Enabled
T-Marc 300 Series User Guide

Page 9
Configuring VLANs and Super VLANs (Rev. 08)

VLAN Configuration Flow





























Figure 4: VLAN Configuration Flow
Start
Yes
No
End
Remove the CPU port
Modify the CPU
port membership
Enter a specific VLAN
Configuration mode
Add port(s) as tagged or untagged
members
Enter VLAN Configuration mode
Create a VLAN
Yes
No
Secure management access
Remove CPU from VLAN
Modify
Management
VLANs
Yes
No
Add ports to a default VLAN
Configure a
Default VLAN
T-Marc 300 Series User Guide

Page 10
Configuring VLANs and Super VLANs (Rev. 08)

VLAN Configuration Commands
Table 2: VLAN Configuration Commands
Command Description
vlan
Enters the VLAN Configuration mode (see Entering the VLAN
Configuration Mode)
create
Creates a VLAN with a specific name and ID number (see Creating
a New VLAN)
config
Enters a specific VLAN Configuration mode (see Entering an
Existing VLAN Configuration Mode)
add ports
Adds specified ports as either tagged or untagged ports (see Adding
Ports to a Default VLAN)
add ports default
Specifies a default VLAN for a group of ports (see Adding Ports to a
Default VLAN)
create range
Creates a range of VLANs (see Creating a Range of VLANs)

Table 3: VLAN Optional Commands
Command Description
management Limits the device management access to VLANs that you specify by
a list of VLAN ID numbers (see Securing Management Access
Based on VLAN ID)
add cpu-port
Enables the device to receive broadcast and multicast traffic in the
specified VLAN (see Modifying the CPU Port Membership)
remove cpu-port
Protects the device from receiving broadcast and multicast traffic in
the specified VLAN (see Removing the CPU Port)

Table 4: Commands for Removing VLANs
Command Description
delete
Deletes a VLAN, specified by its name (see Deleting a VLAN (by
VLAN Name))
delete id
Deletes a VLAN, specified by its VLAN ID (see Deleting a VLAN (by
VLAN ID))
delete range
Deletes a range of VLANs (see Deleting a Range of VLANs)

Table 5: Commands for Removing Ports from a VLAN
Command Description
remove ports
Removes ports from a VLAN (see Removing Ports from a VLAN)
remove ports default
Removes ports from the default VLAN (see Removing Ports from a
Default VLAN)

T-Marc 300 Series User Guide

Page 11
Configuring VLANs and Super VLANs (Rev. 08)

Table 6: VLAN Display Commands
Command Description
show, show vlan
Displays the static VLAN configuration (see Displaying the VLAN
Configuration)
show vlan
management
Display VLAN management access information (see Displaying
VLAN Management Information)
T-Marc 300 Series User Guide

Page 12
Configuring VLANs and Super VLANs (Rev. 08)

Entering the VLAN Configuration Mode
The vlan command enters the VLAN Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#vlan
device-name(config vlan)#
Creating a New VLAN
The create command creates a VLAN with the specified name and ID (VLAN tag).
CLI Mode: VLAN Configuration

NOTE
vlan_ and default are reserved names and you cannot use them as VLAN names.
Attempting to do so generates the following message (vlan-id represents the VLAN
ID that the user is attempting to create): % VLAN <vlan-id> system name
Command Syntax
device-name(config vlan)#create NAME <vlan-id>
Argument Description
NAME The VLAN name.
vlan-id The VLAN tag number, in the range <24094>.
Example
Use the following example to create a VLAN named accountingwith tag number 2:
device-name(config vlan)#create accounting 2
Entering an Existing VLAN Configuration Mode
The config command enters the configuration mode for a specific VLAN.
Use this command in a Specific VLAN Configuration mode to switch to a different VLANs
Configuration mode.
CLI Mode: VLAN Configuration and Specific VLAN Configuration

T-Marc 300 Series User Guide

Page 13
Configuring VLANs and Super VLANs (Rev. 08)

Command Syntax
device-name(config vlan)#config NAME1
device-name(config-vlan NAME1)#

device-name(config-vlan NAME1)#config NAME2
device-name(config-vlan NAME2)#
Argument Description
NAME1, NAME2 The names of existing VLANs.
Examples
Access vlan_52 configuration from Global VLAN Configuration mode, as indicated by the
prompt-line:
device-name(config vlan)#config vlan_52
device-name(config-vlan vlan_52)#
Switch from vlan_52 Configuration mode to XYZ Configuration mode, as indicated by the
prompt-line:
device-name(config-vlan vlan_52)#config XYZ
device-name(config-vlan XYZ)#
Adding Ports to a VLAN
The add ports command assigns ports to a VLAN. Ports drop ingress packets tagged with a
different VLAN-tag than the one they belong to.
In egress traffic tagged ports send tagged packets while untagged ports send these packets without a
VLAN tag.
CLI Mode: Specific VLAN Configuration

Command Syntax
device-name(config-vlan VLAN-NAME)#add ports PORT-LIST {tagged | untagged}
Argument Description
PORT-LIST
(Optional) specifies one or more port numbers. Use commas as separators
and hyphens to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).

NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
tagged
(Optional) the specified ports are tagged.
untagged
(Optional) the specified ports are untagged
T-Marc 300 Series User Guide

Page 14
Configuring VLANs and Super VLANs (Rev. 08)

Adding Ports to a Default VLAN
The add ports default command specifies a default VLAN for a group of ports.
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#add ports default PORT-LIST
Argument Description
See the Argument Description table above.
Creating a Range of VLANs
The create range command creates a range of VLANs and automatically assigns VLAN names
that match the tag-numbers.
The VLAN name format is Vlan_dddd, where ddddrepresents the matching VLAN ID. For
example, VLAN ID 123 is named Vlan_123.
CLI Mode: VLAN Configuration

Command Syntax
device-name(config vlan)#create range <vlan-id1> <vlan-id2> [PORT-LIST tagged
[PORT-LIST untagged]] [remove cpu-port]
device-name(config vlan)#create range <vlan-id1> <vlan-id2> [PORT-LIST untagged
[PORT-LIST tagged]] [remove cpu-port]
Argument Description
vlan-id1 The first VLAN ID, in the range of <24094>
vlan-id2 The last VLAN ID, in the range of <24094>
PORT-LIST (Optional) one or more port numbers, specified by the following options:
UU/SS/PPa single port specified by unit, slot, and port number
UUall ports on the specified unit
UU/SSall ports on the specified slot that
A hyphenated range of ports
(for example: 1/2/11/2/8 or 1/11/2)
Several port numbers and/or ranges, separated by commas (for
example: 1/1/1, 1/1/2, 1/2/11/2/8).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
tagged (Optional) the specified ports are tagged
untagged (Optional) the specified ports are untagged
T-Marc 300 Series User Guide

Page 15
Configuring VLANs and Super VLANs (Rev. 08)

remove cpu-
port
(Optional) prevents the device from receiving broadcast and multicast traffic
in the specified VLAN (see the remove cpu-port command)
Example
Use the following example to create a sequence of VLANs and then to display the results:
device-name(config vlan)#create range 15 21 1/1/1-1/1/2 untagged 1/2/2 tagged
device-name(config vlan)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
Vl an_15 | 15 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_16 | 16 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_17 | 17 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_18 | 18 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_19 | 19 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_20 | 20 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_21 | 21 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Securing Management Access Based on VLAN ID
The management command limits the device management access only to VLANs that you specify
by a list of VLAN ID numbers. You may include VLANs that have not been created yet.
The management VLAN isolates the devices management IP address from data traffic, preventing
unauthorized access and malicious attacks.
When using this feature, you can manage the device though a PCconnected to a port assigned to
a management VLANvia Telnet or SNMP.
When management VLAN is disabled, you are not allowed to perform the following tasks:
Telnet to the device
SSH to the device
SNMP management
Ping the device
TFTP download or upload
Receive outgoing Syslog messages
You cannot delete the management VLAN 1.
By default, management of the device is accessible on all VLANs.
NOTE
You can also disable management on a port by the por t management command in
Global Configuration mode (refer to the Configuring Interfaces chapter of this User
Guide).
Management traffic on a VLAN is allowed on a port that is a member of that VLAN
only if management is enabled both on the port and on the VLAN.


T-Marc 300 Series User Guide

Page 16
Configuring VLANs and Super VLANs (Rev. 08)

CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#management VLAN-LIST
device-name(config vlan)#no management VLAN-LIST
Argument Description
VLAN-LIST A list of VLAN IDs in the below format:
A hyphenated range of VLANs (for example: 832)
Several VLAN numbers and/or ranges, separated by commas (for example:
2,4,832)
no The list of VLANs with no management access.
Modifying the CPU Port Membership
The add cpu-port command enables the device to receive broadcast and multicast traffic in the
specified VLAN.
CLI Mode: Specific VLAN Configuration
By default, the CPU port is a member of all VLANs.
Command Syntax
device-name(config-vlan VLAN-NAME)#add cpu-port
Removing the CPU Port
The remove cpu-port command protects the device's CPU from receiving broadcast and
multicast traffic on the specified VLAN.

NOTE
The device performs switching even if its CPU is not a member of the VLAN.
Enabling this feature does not block unicast traffic to the CPU.

CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#remove cpu-port
T-Marc 300 Series User Guide

Page 17
Configuring VLANs and Super VLANs (Rev. 08)

Deleting a VLAN (by VLAN Name)
The delete command deletes an existing VLAN by its VLAN name.

NOTE
The VLAN named default (VLAN ID 1) is part of the default configuration and you
cannot delete it.

CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#delete NAME
Argument Description
NAME The name of an existing VLAN
Example
The following example deletes the VLAN named accounting:
device-name(config vlan)#delete accounting
Deleting a VLAN (by VLAN ID)
The delete id command deletes an existing VLAN by its VLAN ID.
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#delete id <vlan-id>
Argument Description
vlan-id An existing VLAN ID
Example
This following example deletes the VLAN with ID 10:
device-name(config vlan)#delete id 10
T-Marc 300 Series User Guide

Page 18
Configuring VLANs and Super VLANs (Rev. 08)

Deleting a Range of VLANs
The delete range command deletes a range of VLANs.
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#delete range <vlan-id1> <vlan-id2>
Argument Description
vlan-id1 The first VLAN ID in the range (must be smaller than vlan-id2).
The valid range is <24094>.
vlan-id2 The last VLAN ID (must be greater than vlan-id1).
The valid range is <24094>.
Example
device-name(config vlan)#show
===================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
Vl an_15 | 15 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_16 | 16 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_17 | 17 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_18 | 18 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_19 | 19 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_20 | 20 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_21 | 21 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2

device-name(config vlan)#delete range 15 19
device-name(config vlan)#show
===================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
Vl an_20 | 20 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_21 | 21 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
T-Marc 300 Series User Guide

Page 19
Configuring VLANs and Super VLANs (Rev. 08)

Removing Ports from a VLAN
The remove ports command removes the specified port(s).
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#remove ports PORT-LIST
Argument Description
PORT-
LIST
(Optional) one or more port numbers assigned to the VLANs, specified by the
following options:
UU/SS/PPa single port specified by unit, slot, and port number
UUall ports on the specified unit
UU/SSall ports on the specified slot that
A hyphenated range of ports
(for example: 1/2/11/2/8 or 1/11/2)
Several port numbers and/or ranges, separated by commas (for example: 1/1/1,
1/1/2, 1/2/11/2/8).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
Example
The example shows how to remove ports from the VLAN named xxx. The result displayed by the
show command that can be applied in any Specific or Global VLAN Configuration mode:
device-name(config-vlan xxx)#remove ports 1/2/2-1/2/4
device-name(config-vlan xxx)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
xxx | 9 | | 1/ 1/ 1, 1/ 2/ 1, | 1/ 2/ 1, 1/ 2/ 5
| | | 1/ 2/ 5- 1/ 2/ 7 |
T-Marc 300 Series User Guide

Page 20
Configuring VLANs and Super VLANs (Rev. 08)

Removing Ports from a Default VLAN
The remove ports default command removes ports from the default VLAN.
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#remove ports default PORT-LIST
Argument Description
See the argument table above.
Displaying the VLAN Configuration
The commands below display VLAN configuration information:
show command
CLI Mode: VLAN Configuration and Specific VLAN Configuration
show vlan command
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show vlan
device-name(config vlan)#show
device-name(config-vlan VLAN-NAME)#show
Displaying VLAN Management Information
The show vlan management command displays VLAN management access information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show vlan management
Example
The following example shows that by default, management is accessible on all VLANs.
device-name#show vlan management
Management VLANs: 1- 4094
T-Marc 300 Series User Guide

Page 21
Configuring VLANs and Super VLANs (Rev. 08)

Configuration Examples
VLAN Configuration Example
The figure below represents an example of a simple VLAN configuration.

Figure 5: VLAN Configuration Example
Configuring Device 1:
1. Create VLAN user_100 with VLAN ID 100:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_100 100
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to
VLAN user_100 and add VLAN user_100 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_100
device-name(config-vlan user_100)#add ports 1/1/1 untagged
device-name(config-vlan user_100)#add ports default 1/1/1
device-name(config-vlan user_100)#add ports 1/2/1 tagged
device-name(config-vlan user_100)#exit
T-Marc 300 Series User Guide

Page 22
Configuring VLANs and Super VLANs (Rev. 08)

3. Create VLAN user_101 with VLAN ID 101:
device-name(config vlan)#create user_101 101
4. Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to
VLAN user_101, and add VLAN user_101 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_101
device-name(config-vlan user_101)#add ports 1/1/2 untagged
device-name(config-vlan user_101)#add ports default 1/1/2
device-name(config-vlan user_101)#add ports 1/2/1 tagged
device-name(config-vlan user_101)#exit
5. Create the VLAN user_102 with VLAN ID 102:
device-name(config vlan)#create user_102 102
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_102, and add VLAN user_102 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_102
device-name(config-vlan user_102)#add ports 1/2/3 untagged
device-name(config-vlan user_102)#add ports default 1/2/3
device-name(config-vlan user_102)#add ports 1/2/1 tagged
7. Display the configured VLANs:
device-name(config-vlan user_102)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _100 | 100 | | 1/ 2/ 1 | 1/ 1/ 1
user _101 | 101 | | 1/ 2/ 1 | 1/ 1/ 2
user _102 | 102 | | 1/ 2/ 1 | 1/ 2/ 3

device-name(config-vlan user_102)#end
device-name#show running-config port
. . .
! Por t conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
def aul t vl an 100
!
i nt er f ace 1/ 1/ 2
def aul t vl an 101
!
T-Marc 300 Series User Guide

Page 23
Configuring VLANs and Super VLANs (Rev. 08)

i nt er f ace 1/ 2/ 3
def aul t vl an 102
!
. . .

! VLAN conf i gur at i on:
!
vl an
cr eat e user _100 100
conf i g user _100
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 1 unt agged
!
vl an
cr eat e user _101 101
conf i g user _101
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 2 unt agged
!
vl an
cr eat e user _102 102
conf i g user _102
add por t s 1/ 2/ 1 t agged
add por t s 1/ 2/ 3 unt agged
!
. . .
Configuring Device 2:
1. Create VLAN user_200 with VLAN ID 200:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_200 200
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user)
to VLAN user_200, and add VLAN user_200 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_200
device-name(config-vlan user_200)#add ports 1/1/1 untagged
device-name(config-vlan user_200)#add ports default 1/1/1
device-name(config-vlan user_200)#add ports 1/2/1 tagged
device-name(config-vlan user_200)#exit
3. Create VLAN user_201 with VLAN ID 201:
device-name(config vlan)#create user_201 201
T-Marc 300 Series User Guide

Page 24
Configuring VLANs and Super VLANs (Rev. 08)

4. Remove port 1/1/2 from Default VLAN add port 1/1/2 as untagged (connected to a user) to
VLAN user_201 and add VLAN user_201 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_201
device-name(config-vlan user_201)#add ports 1/1/2 untagged
device-name(config-vlan user_201)#add ports default 1/1/2
device-name(config-vlan user_201)#add ports 1/2/1 tagged
device-name(config-vlan user_201)#exit
5. Create the VLAN user_202 with VLAN ID 202:
device-name(config vlan)#create user_202 202
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_202, and add VLAN user_202 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4)
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_202
device-name(config-vlan user_202)#add ports 1/2/3 untagged
device-name(config-vlan user_202)#add ports default 1/2/3
device-name(config-vlan user_202)#add ports 1/2/1 tagged
device-name(config-vlan user_202)#exit
7. Display the configured VLANs:
device-name(config-vlan user_202)#show
=================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _200 | 200 | | 1/ 2/ 1 | 1/ 1/ 1
user _201 | 201 | | 1/ 2/ 1 | 1/ 1/ 2
user _202 | 202 | | 1/ 2/ 1 | 1/ 2/ 3

device-name(config-vlan user_202)#end
device-name#show running-config port
. . .
! Por t conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
def aul t vl an 200
!
i nt er f ace 1/ 1/ 2
def aul t vl an 201
!
i nt er f ace 1/ 2/ 3
def aul t vl an 202
!
T-Marc 300 Series User Guide

Page 25
Configuring VLANs and Super VLANs (Rev. 08)

. . .

! VLAN conf i gur at i on:
!
vl an
cr eat e user _200 200
conf i g user _200
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 1 unt agged
!
vl an
cr eat e user _201 201
conf i g user _201
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 2 unt agged
!
vl an
cr eat e user _202 202
conf i g user _202
add por t s 1/ 2/ 1 t agged
add por t s 1/ 2/ 3 unt agged
!
. . .
Configuring Device 3:
1. Create VLAN user_300 with VLAN ID 300:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_300 300
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to
VLAN user_300, and add VLAN user_300 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_300
device-name(config-vlan user_300)#add ports 1/1/1 untagged
device-name(config-vlan user_300)#add ports default 1/1/1
device-name(config-vlan user_300)#add ports 1/2/1 tagged
device-name(config-vlan user_300)#exit
3. Create VLAN user_301 with VLAN ID 301:
device-name(config vlan)#create user_301 301
T-Marc 300 Series User Guide

Page 26
Configuring VLANs and Super VLANs (Rev. 08)

4. Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to
VLAN user_301 and add VLAN user_301 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_301
device-name(config-vlan user_301)#add ports 1/1/2 untagged
device-name(config-vlan user_301)#add ports default 1/1/2
device-name(config-vlan user_301)#add ports 1/2/1 tagged
device-name(config-vlan user_301)#exit
5. Create VLAN user_302 with VLAN ID 302:
device-name(config vlan)#create user_302 302
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_302, and add VLAN user_302 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4)
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_302
device-name(config-vlan user_302)#add ports 1/2/3 untagged
device-name(config-vlan user_302)#add ports default 1/2/3
device-name(config-vlan user_302)#add ports 1/2/1 tagged
device-name(config-vlan user_302)#exit
7. Display the configured VLANs:
device-name(config-vlan user_302)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _300 | 300 | | 1/ 2/ 1 | 1/ 1/ 1
user _301 | 301 | | 1/ 2/ 1 | 1/ 1/ 2
user _302 | 302 | | 1/ 2/ 1 | 1/ 2/ 3

device-name(config-vlan user_302)#end
device-name#show running-config port
. . .
! Por t conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
def aul t vl an 300
!
i nt er f ace 1/ 1/ 2
def aul t vl an 301
!
i nt er f ace 1/ 2/ 3
def aul t vl an 302
!
T-Marc 300 Series User Guide

Page 27
Configuring VLANs and Super VLANs (Rev. 08)

. . .

! VLAN conf i gur at i on:
!
vl an
cr eat e user _300 300
conf i g user _300
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 1 unt agged
!
vl an
cr eat e user _301 301
conf i g user _301
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 2 unt agged
!
vl an
cr eat e user _302 302
conf i g user _302
add por t s 1/ 2/ 1 t agged
add por t s 1/ 2/ 3 unt agged
!
. . .
Configuring Device 4:
1. Create VLAN user_100 with VLAN ID 100:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_100 100
2. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1 is
connected to the router) to VLAN user_100:
device-name(config vlan)#config user_100
device-name(config-vlan user_100)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_100)#exit
3. Create the VLAN user_101 with VLAN ID 101:
device-name(config vlan)#create user_101 101
4. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1
is connected to the router) to VLAN user_101:
device-name(config vlan)#config user_101
device-name(config-vlan user_101)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_101)#exit
5. Create the VLAN user_102 with VLAN ID 102:
device-name(config vlan)#create user_102 102
T-Marc 300 Series User Guide

Page 28
Configuring VLANs and Super VLANs (Rev. 08)

6. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1
is connected to the router) to VLAN user_102:
device-name(config vlan)#config user_102
device-name(config-vlan user_102)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_102)#exit
7. Create the VLAN user_200 with VLAN ID 200:
device-name(config vlan)#create user_200 200
8. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_200:
device-name(config vlan)#config user_200
device-name(config-vlan user_200)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_200)#exit
9. Create the VLAN user_201 with VLAN ID 201:
device-name(config vlan)#create user_201 201
10. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_201:
device-name(config vlan)#config user_201
device-name(config-vlan user_201)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_201)#exit
11. Create the VLAN user_202 with VLAN ID 202:
device-name(config vlan)#create user_202 202
12. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_202:
device-name(config vlan)#config user_202
device-name(config-vlan user_202)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_202)#exit
13. Create the VLAN user_300 with VLAN ID 300:
device-name(config vlan)#create user_300 300
14. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_300:
device-name(config vlan)#config user_300
device-name(config-vlan user_300)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_300)#exit
15. Create the VLAN user_301 with VLAN ID 301:
device-name(config vlan)#create user_301 301
16. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_301:
device-name(config vlan)#config user_301
device-name(config-vlan user_301)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_301)#exit
T-Marc 300 Series User Guide

Page 29
Configuring VLANs and Super VLANs (Rev. 08)

17. Create the VLAN user_302 with VLAN ID 302:
device-name(config vlan)#create user_302 302
18. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_302:
device-name(config vlan)#config user_302
device-name(config-vlan user_302)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_302)#exit
19. Display the configured VLANs:
device-name(config-vlan user_302)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _100 | 100 | | 1/ 1/ 1, 1/ 2/ 1 |
user _101 | 101 | | 1/ 1/ 1, 1/ 2/ 1 |
user _102 | 102 | | 1/ 1/ 1, 1/ 2/ 1 |
user _200 | 200 | | 1/ 1/ 2, 1/ 2/ 1 |
user _201 | 201 | | 1/ 1/ 2, 1/ 2/ 1 |
user _202 | 202 | | 1/ 1/ 2, 1/ 2/ 1 |
user _300 | 300 | | 1/ 2/ 3, 1/ 2/ 1 |
user _301 | 301 | | 1/ 2/ 3, 1/ 2/ 1 |
user _302 | 302 | | 1/ 2/ 3, 1/ 2/ 1 |
device-name(config-vlan user_302)#end

device-name#show running-config vlan
. . .
! VLAN conf i gur at i on:
!
vl an
cr eat e user _100 100
conf i g user _100
add por t s 1/ 1/ 1, 1/ 2/ 1 t agged
!
vl an
cr eat e user _101 101
conf i g user _101
add por t s 1/ 1/ 1, 1/ 2/ 1 t agged
!
vl an
cr eat e user _102 102
conf i g user _102
add por t s 1/ 1/ 1, 1/ 2/ 1 t agged
!
vl an
cr eat e user _200 200
conf i g user _200
add por t s 1/ 1/ 2, 1/ 2/ 1 t agged
!
vl an
T-Marc 300 Series User Guide

Page 30
Configuring VLANs and Super VLANs (Rev. 08)

cr eat e user _201 201
conf i g user _201
add por t s 1/ 1/ 2, 1/ 2/ 1 t agged
!
vl an
cr eat e user _202 202
conf i g user _202
add por t s 1/ 1/ 2, 1/ 2/ 1 t agged
!
vl an
cr eat e user _300 300
conf i g user _300
add por t s 1/ 2/ 3, 1/ 2/ 1 t agged
!
vl an
cr eat e user _301 301
conf i g user _301
add por t s 1/ 2/ 3, 1/ 2/ 1 t agged
!
vl an
cr eat e user _302 302
conf i g user _302
add por t s 1/ 2/ 3, 1/ 2/ 1 t agged
! . . .
T-Marc 300 Series User Guide

Page 31
Configuring VLANs and Super VLANs (Rev. 08)

Management VLAN Configuration Example
This is an example for the management VLAN configuration. The device can be managed only by
VLAN 2. VLANs 100, 101 and 102 are created but the device cannot be managed from the
workstations, only from the management station.

Figure 6: Management VLAN Configuration Example
1. Enter VLAN Configuration mode:
device-name#configure terminal
device-name(config)#vlan
2. Remove management from VLANs 1, 34094 (only ports configured with VLAN ID 2 can
be use to manage the device):
device-name(config vlan)#no management 1,3-4094
3. Create the VLAN manage with VLAN ID 2:
device-name(config vlan)#create manage 2
4. Add port 1/1/2 as untagged to VLAN manage and add VLAN manage as PVID to port
1/1/2:
device-name(config vlan)#config manage
device-name(config-vlan manage)#add ports 1/1/2 untagged
device-name(config-vlan manage)#add ports default 1/1/2
device-name(config-vlan manage)#exit
5. Create the VLAN v100 with VLAN ID 100:
device-name(config vlan)#create v100 100
T-Marc 300 Series User Guide

Page 32
Configuring VLANs and Super VLANs (Rev. 08)

6. Add port 1/2/3 as untagged to VLAN v100 and add VLAN v100 as PVID to port 1/2/3.
Add port 1/2/7 as tagged to VLAN v100:
device-name(config vlan)#config v100
device-name(config-vlan v100)#add ports 1/2/3 untagged
device-name(config-vlan v100)#add ports default 1/2/3
device-name(config-vlan v100)#add ports 1/2/7 tagged
device-name(config-vlan v100)#exit
7. Create the VLAN v101 with VLAN ID 101:
device-name(config vlan)#create v101 101
8. Add port 1/2/4 as untagged to VLAN v101 and set VLAN v101 as PVID. Add port 1/2/7
as tagged to VLAN v101:
device-name(config vlan)#config v101
device-name(config-vlan v101)#add ports 1/2/4 untagged
device-name(config-vlan v101)#add ports default 1/2/4
device-name(config-vlan v101)#add ports 1/2/7 tagged
device-name(config-vlan v101)#exit
9. Create the VLAN v102 with VLAN ID 102:
device-name(config vlan)#create v102 102
10. Add port 1/2/5 as untagged to VLAN v102 and set VLAN v102 as PVID. Add port 1/2/7 as
tagged to VLAN v102:
device-name(config vlan)#config v102
device-name(config-vlan v102)#add ports 1/2/5 untagged
device-name(config-vlan v102)#add ports default 1/2/5
device-name(config-vlan v102)#add ports 1/2/7 tagged
device-name(config-vlan v102)#exit
11. Remove ports 1/1/21/2/5 from VLAN default:
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2-1/2/5
device-name(config-vlan default)#end
12. Display the management VLANs:
device-name#show vlan management
Management VLANs: 2
13. Display the VLAN configuration:
device-name#show vlan
===================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1, 1/ 2/ 6- 1/ 2/ 8
manage | 2 | | | 1/ 1/ 2
v100 | 100 | | 1/ 2/ 7 | 1/ 2/ 3
v101 | 101 | | 1/ 2/ 7 | 1/ 2/ 4
v102 | 102 | | 1/ 2/ 7 | 1/ 2/ 5
T-Marc 300 Series User Guide

Page 33
Configuring VLANs and Super VLANs (Rev. 08)

Super VLANs
Overview
Super VLAN is a mechanism used to separate users which reside in the same VLAN into multiple
virtual broadcast domains.
With Super VLAN, systems administrators can use the same IPv4 subnet and default gateway IP
address for users residing in the same switched infrastructure. This helps in decreasing IPv4 address
consumption and the need for dedicated IP subnet for each VLAN.
VLANs that are members of a Super VLAN are called sub-VLANs. Each sub-VLAN is a
broadcast domain isolated at Layer 2. When users in different sub-VLANs need to communicate
with each other, they use the IP address of the virtual interface of the Super VLAN as the IP
address of the gateway. The virtual interface IP address is shared by multiple VLANs. This
minimizes the number of required IP addresses.
In case a sub VLAN needs to communicate with a sub VLAN in a different sub VLAN at Layer 3,
or in case a sub-VLAN communicates with other networks, you need to enable ARP proxy (for
more information, refer to the DeviceAdministrationchapter of this User Guide).
The below example illustrates the traffic flow in case Super VLAN is not configured: traffic
entering the user device port is not restricted to the uplink port; therefore, all the broadcast,
unknown, and multicast packets are spread over the entire device VLANs.

Figure 7: Switching Decisions without the Super VLAN Agent
As oppose to the above, the below example illustrates the traffic flow in case Super VLAN is
configured: once switching decisions are done, the Super VLAN agent overrules these decisions
and directs the traffic to the Super VLAN uplink port.

Figure 8: Switching Decisions with the Super VLAN Agent
T-Marc 300 Series User Guide

Page 34
Configuring VLANs and Super VLANs (Rev. 08)

Super VLAN Types
There are two types of Super VLAN:
Super VLAN layer 2Suitable for a Layer-2 switching environment, where the sub-VLANs
and Super VLAN share the same IP subnet mask. The Super VLAN provides enhanced
security between the customers, by disallowing communication between the sub-VLANs,
whether or not they are located in the same LAN.
Super VLAN ringtopologySuitable for ring topology networks using the Multiple Spanning
Tree Protocol (MSTP). In these cases traffic can flow either clockwise or counterclockwise.
Both ports connected to the ring are referred to as uplink ports, while the rest of the ports are
referred to as user ports. In this case the Super VLAN uplink has to be one of the two ports
that are connected to the rest of the ring.
Use this topology when the Super VLAN port has to be the root port of the bridge. In
this topology, the Super VLAN uplink-port is selected dynamically by the bridge between
the two uplink ports. If a topology change occurs, the Super VLAN uplink changes
automatically and the new Root port is selected as a Super VLAN uplink port.
In the figure below, one of the clients connected to device D sends broadcast traffic. The
traffic travels counterclockwise only, since the Super VLAN active uplink-port is the root
port. If the link between device B and A is disconnected, a topology change occurs and
Device D selects a new Super VLAN uplink-port. As a result traffic flows clockwise only.
Dynamic Super VLAN takes affect on all the bridges, except for the root bridge since it
does not have a root port (only designated ports).

Figure 9: Super VLAN Ring Mode Configuration Example
T-Marc 300 Series User Guide

Page 35
Configuring VLANs and Super VLANs (Rev. 08)

The Super VLAN Default Configuration
Table 7: Super VLAN Default Configuration
Parameter Default Value
Super VLAN Disabled
Residential user Disabled
Super VLAN ring mode Disabled
The Super VLAN Configuration Commands
Table 8: Super VLAN Commands
Command Description
super-vlan
Configures Super VLAN (see Defining a Super VLAN)
super-vlan ring-topology
Configures Super VLAN for networks with a ring topology
(see Configuring the Super VLAN Ring Topology)
show super-vlan
Displays the Super VLAN configuration (see Displaying
the Super VLAN Configuration)
Defining a Super VLAN
The super-vlan command configures Super VLAN on a physical port or a group of ports.
CLI Mode: Interface Configuration, Range Interface Configuration, LAG Range Interface
Configuration, and LAG Interface Configuration
Command Syntax
device-name(config-if UU1/SS1/PP1)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if UU1/SS1/PP1)#no super-vlan

device-name(config-if-group)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if-group)#no super-vlan

device-name(config-ag-group)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-ag-group)#no super-vlan

device-name(config-if AG0N)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if AG0N)#no super-vlan
Argument Description
UU2/SS2/PP2 The Unit, slot, and port number of the uplink port.
ag0N The LAG interface name, where N represents the LAG ID number in the range of
<0107>.
For detailed information, refer to the Configuring Interfaces chapter of this User
Guide.
T-Marc 300 Series User Guide

Page 36
Configuring VLANs and Super VLANs (Rev. 08)

no
Removes the Super VLAN from the port.
Configuring the Super VLAN Ring Topology
The super-vlan ring-topology command configures Super VLAN for networks with a ring
topology.

NOTE
You can enable the Super VLAN for a ring topology only if the MSTP (Multiple
Spanning Tree Protocol) is enabled.
By default, the Super VLAN ring topology is disabled.

CLI Mode:: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#super-vlan ring-topology UU1/SS1/PP1
UU2/SS2/PP2 [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no super-vlan
Argument Description
UU1/SS1/PP1 The first ring-port of the Super VLAN.
UU2/SS2/PP2 The second ring-port of the Super VLAN.
vlan <vlan-id> (Optional) an existing VLAN ID in the range <24094>. When you
specify this argument, only the corresponding MSTP instance root
decision is taken. If you do not use this argument, the MSTP instance
zero root decision is taken.
no
Removes Super VLAN from the configured user port.
Displaying the Super VLAN Configuration
The show super-vlan command displays the Super VLAN configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show super-vlan
Example
device-name#show super-vlan
===========================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - -
1/ 1/ 1 | r egul ar | 1/ 2/ 2
1/ 2/ 2 | r egul ar | 1/ 2/ 4
T-Marc 300 Series User Guide

Page 37
Configuring VLANs and Super VLANs (Rev. 08)

Configuration Examples
Super VLAN Configuration Example
In the figure below three users are connected to one uplink port. The users can connect only to this
uplink port.

Figure 10: Super VLAN Configuration
1. Enable Super VLAN on port 1/1/1 with the uplink 1/2/1:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#super-vlan 1/2/1
2. Enable Super VLAN on port 1/1/2 with the uplink 1/2/1:
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#super-vlan 1/2/1
3. Enable Super VLAN on port 1/2/3 with the uplink 1/2/1:
device-name(config-if 1/1/2)#interface 1/2/3
device-name(config-if 1/2/3)#super-vlan 1/2/1
device-name(config-if 1/2/3)#end
T-Marc 300 Series User Guide

Page 38
Configuring VLANs and Super VLANs (Rev. 08)

4. Display the port 1/1/1 configuration:
device-name#show interface 1/1/1
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = down
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 100
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = 1/ 2/ 1
Lear ni ng new addr ess = Enabl ed
5. Display the Super VLAN configuration:
device-name#show super-vlan
==================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - -
1/ 1/ 1 | r egul ar | 1/ 2/ 1
1/ 1/ 2 | r egul ar | 1/ 2/ 1
1/ 2/ 3 | r egul ar | 1/ 2/ 1
T-Marc 300 Series User Guide

Page 39
Configuring VLANs and Super VLANs (Rev. 08)

Super VLAN with Aggregated Uplink Configuration Example
In the following example, two users are connected to one uplink LAG (Link Aggregation Group)
port.

Figure 11: Super VLAN Configuration with LAG Uplink
Configuring Device 1:
Configure static link aggregation on ports 1/1/1 and 1/1/2:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation static id 1
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#link-aggregation static id 1
T-Marc 300 Series User Guide

Page 40
Configuring VLANs and Super VLANs (Rev. 08)

Configuring Device 2:
1. Configure static link aggregation on ports 1/2/1 and 1/2/2:
device-name#configure terminal
device-name(config)#interface 1/2/1
device-name(config-if 1/2/1)#link-aggregation static id 7
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#link-aggregation static id 7
2. Enable Super VLAN on ports 1/1/1 and 1/1/2 with uplink ag07:
device-name(config-if 1/2/2)#interface 1/1/1
device-name(config-if 1/1/1)#super-vlan ag07
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#super-vlan ag07
device-name(config-if 1/1/2)#end
3. Display the Super VLAN configuration:
device-name#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 1/ 1 | r egul ar | AG07
1/ 1/ 2 | r egul ar | AG07
T-Marc 300 Series User Guide

Page 41
Configuring VLANs and Super VLANs (Rev. 08)

Super VLAN Ring Topology Configuration
The figure below shows a ring topology with an entry point. Devices 2, 3 and 4 are configured with
Super VLAN in ring mode and MSTP is enabled. Device 1 is the MSTP Root and port 1/2/8 of
Device 4 is blocked.
For more information regarding the MSTP, refer to the ConfiguringMultipleSpanningTreeProtocol
(MSTP) chapter of this User Guide.

Figure 12: Super VLAN Ring Topology Example
Configuring Device 1
1. Configure Device 1 as MSTP Root and the bridge priority 0 for MST instance 0:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp 0 priority 0
Device1(cfg protocol)#exit
2. Configure the ring ports as Super VLAN ports:
Device1(config)#interface 1/2/6
Device1(config-if 1/2/6)#super-vlan ring-topology 1/1/1 1/1/2
Device1(config-if 1/2/6)#end
T-Marc 300 Series User Guide

Page 42
Configuring VLANs and Super VLANs (Rev. 08)

3. Display the Super VLAN configuration:
Device1#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 6 | r i ng- t opol ogy | 1/ 1/ 1 ( act i ve) , 1/ 1/ 2
Configuring Device 2
1. Enable MSTP and MSTP fast ring:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#mstp fast-ring enable
2. Configure the ring ports as Super VLAN ports:
Device2(config)#interface 1/2/6
Device2(config-if 1/2/6)#super-vlan ring-topology 1/1/1 1/1/2
Device2(config-if 1/2/6)#end
3. Display the Super VLAN configuration:
Device2#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 6 | r i ng- t opol ogy | 1/ 1/ 1 ( act i ve) , 1/ 1/ 2
Configuring Device 3
1. Enable MSTP and MSTP fast ring:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#mstp fast-ring enable
Device3(cfg protocol)#mstp fast-ring ring-ports 1/1/1 1/1/2
2. Configure Super VLAN on the user port 1/2/2:
Device3(config)#interface 1/2/2
Device3(config-if 1/2/2)#super-vlan ring-topology 1/1/1 1/1/2
Device3(config-if 1/2/2)#end
3. Display the Super VLAN configuration:
Device3#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 2 | r i ng- t opol ogy | 1/ 1/ 1, 1/ 1/ 2 ( act i ve)
T-Marc 300 Series User Guide

Page 43
Configuring VLANs and Super VLANs (Rev. 08)

Configuring Device 4
1. Enable MSTP and MSTP fast ring:
Device4#configure terminal
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
Device4(cfg protocol)#mstp fast-ring enable
Device4(cfg protocol)#mstp fast-ring ring-ports 1/2/7 1/2/8
Device3(cfg protocol)#end
2. Configure Super VLAN on the user port 1/2/2:
Device4(config)#interface 1/2/2
Device4(config-if 1/2/2)#super-vlan ring-topology 1/2/7 1/2/8
Device4(config-if 1/2/2)#end
3. Display port 1/2/2 configuration:
Device4#show interface 1/2/2

Super VLAN Por t s = 1/ 2/ 7 ( act i ve) , 1/ 2/ 8


4. Display the Super VLAN configuration:
Device4#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 2 | r i ng- t opol ogy | 1/ 2/ 7 ( act i ve) , 1/ 2/ 8
5. Display the MSTP Configuration:
Device4#show mstp

SpanI gmpFast Recover y = enabl ed


Fast Ri ng = enabl ed

01/ 01/ 21 128 Root f r wr d 200000 0 04096. 00A012170100 128. 002


01/ 01/ 22 128 Al t er nat e bl ock 200000 0 32768. 00A012171600 128. 001
01/ 01/ 24 128 Desi gnat ed f r wr d 200000 0 32768. 00A012010102 128. 024
T-Marc 300 Series User Guide

Page 44
Configuring VLANs and Super VLANs (Rev. 08)

Supported Platforms
Features T-Marc 340 T-Marc 380
Virtual LANs + +
Super VLANs + +
Supported Standards, MIBs, and RFCs
Features Standards MIBs RFCs
Virtual LANs IEEE 802.1Q-1998
IEEE 802.1Q-2003
IEEE 802.1P
IEEE 802.1u-2001
IEEE 802.1Q No RFCs are
supported by this
feature.
Super VLANs No standards are
supported by this feature.
No MIBs are
supported by this
feature.
RFC 3069, VLAN
Aggregation for
Efficient IP Address
Allocation





Page 1
Configuring Transparent LAN Services (TLS) (Rev. 10)

Configuring Transparent LAN Services (TLS)
Table of Figures 3
TLS Overview 4
802.1Q Tunneling 4
Layer-2 Protocol Tunneling (L2PT) 5
The TLS Default Configuration 6
TLS Configuration Flow 7
The TLS Configuration Commands 8
Configuring a TLS Service10
Configuring TLS Service Distribution Paths (SDP)10
Configuring TLS Service Access Point (SAP)12
Configuring TLS13
Configuring the TLS EtherType Value13
Selecting a TLS Core (Uplink) Port13
Selecting a TLS Access (User) Port14
Securing the Management Device Access based on C-VLAN15
Configuring the Layer-2 Protocol Tunneling15
TLS Tunnel Profile Configuration Mode16
Configuring Layer-2 Protocol PDUs16
Defining Tunnel MAC Addresses for Predefined Protocols17
Defining Tunnel MAC Addresses for User-Defined Protocols19
Tunneling of Layer-2 Protocol PDUs for SDP20
Tunneling of Layer-2 Protocol PDUs for SAP21
Displaying the TLS Configuration22
Displaying the L2PT Encapsulation Information22
Displaying the L2PT Configuration Information23
Displaying Layer-2 Protocol Tunneling Statistics24
Displaying TLS Profile Names25
Displaying TLS Services 26
TLS Configuration Examples27
T-Marc 300 Series User Guide

Page 2
Configuring Transparent LAN Services (TLS) (Rev. 10)

Example 127
Example 228
Supported Platforms30
Supported Standards, MIBs, and RFCs30
T-Marc 300 Series User Guide

Page 3
Configuring Transparent LAN Services (TLS) (Rev. 10)

Table of Figures
Figure 1: 802.1Q Tunneling Configuration 4
Figure 2: TLS Configuration Flow 7
Figure 3: TLS Interface Example27
Figure 4: TLS Tunneling Example28
T-Marc 300 Series User Guide

Page 4
Configuring Transparent LAN Services (TLS) (Rev. 10)

Overview
Deploying the Transparent LAN Services(TLS) requires network operators to transport a large
number of customers virtual LANs (VLANs) while keeping traffic secured in each VLAN. This
mechanism establishes Layer-2 tunnels inside the service provider network where traffic from
different customers is segregated and where it is marked with an appropriate tunnel name.
802.1Q Tunneling
802.1Q tunneling allows the deployment of secure TLS, using IEEE 802.1Q standard tags. The
main advantage of 802.1Q tunneling is that it enables service providers to use a separate VLAN
(service VLAN, S-VLAN) to support the customers who have multiple VLANs, while preserving
the customer VLAN IDs and keeping traffic in the different customers VLANs (C-VLAN)
segregated.
802.1Q tunneling expands the VLAN space by adding an additional 802.1Q tag (the tunnel ID) to
all previously-tagged packets when they enter the service provider infrastructure, as illustrated in
below figure.

Figure 1: 802.1Q Tunneling Configuration
The new frame contains the original C-VLAN tag and the new S-VLAN tag.
A port that is configured to support 802.1Q tunneling is called a tunnel port. When you configure
tunneling, you assign a tunnel port to a VLAN that you dedicate to tunneling. To keep the
customer traffic segregated, each customer requires a separate VLAN, but that one VLAN
supports all of the customers VLANs.

T-Marc 300 Series User Guide

Page 5
Configuring Transparent LAN Services (TLS) (Rev. 10)

Three types of ports are defined in the network devices deployed by the service provider:
Residential porta port that is connected to a user and does not participate in the TLS. Packets
that are transmitted through this port have no added tag
Access(SAP) portsa port that is connected to a user. Packets that are transmitted through this
port have no added tag (see ConfiguringTLS ServiceAccessPoint (SAP))
Core(SDP) porta port that is connected to the service providers network. All packets that are
transmitted through this port are either control packets or packets with an additional tag. If the
packets arrive from an access (user) port the additional tag header will be added. If the packets
arrive from a residential port the additional tag header will not be added (see ConfiguringTLS
ServiceDistributionPaths(SDP))
When a access port (SAP) receives tagged customer traffic from an 802.1Q-port on the customer
device, it does not strip the received 802.1Q tag from the frame header; instead, the access port
(SAP) leaves the 802.1Q tag intact, adds a 2-byte EtherType field (0x8100) followed by a 2-byte
field containing the priority (CoS) and the VLAN (see ConfiguringtheTLS EtherTypeValue).
An egress core port (SDP) strips the 2-byte EtherType field (0x8100) and the 2-byte length field
and transmits the traffic with the 802.1Q tag still intact to the customer device. The 802.1Q-port on
the customer device strips the 802.1Q tag and puts the traffic into the appropriate customer
VLAN.
Layer-2 Protocol Tunneling (L2PT)
Layer-2 protocol tunneling allows IEEE Layer-2 protocol data units (PDUs) to be tunneled
through a network. The L2PT is based on PDUs software encapsulating in the ingress service
provide edge devices. All devices inside the service provider network treat these encapsulated
frames as regular data packets and forward them out appropriately. The egress service provides
edge devices that listen for these special encapsulated frames and decapsulates them before
forwarding them out of the tunnel.
The encapsulation involves rewriting the destination media access control (MAC) address in the
PDU. An ingress service provides edge devices that rewrite the destination multicast MAC address
of the PDUs received with a predefined multicast tunnel MAC addresses that ensure transparent
L2CP traffic flow (see DefiningTunnel MAC Addressesfor PredefinedProtocolsand DefiningTunnel MAC
Addressesfor User-DefinedProtocols).
T-Marc 300 Series User Guide

Page 6
Configuring Transparent LAN Services (TLS) (Rev. 10)

The TLS Default Configuration
Table 1: TLS Default Configuration
Parameter Default Value
Transparent LAN Services (TLS) Disabled
TLS port Residential port
EtherType 0x8100
IEEE control packets tunneling Disabled

T-Marc 300 Series User Guide

Page 7
Configuring Transparent LAN Services (TLS) (Rev. 10)

TLS Configuration Flow



























Figure 2: TLS Configuration Flow
Start
End
Enable/disable
the Layer 2
Protocol
Tunneling
Yes
No
Create TLS service
Configure the
TLS tunnel
profile
Yes
No
Configure
Custom MAC
Address for
Tunneled
Packets
Yes
No
Set the TLS
EtherType
value
Yes
Create SDP
Create SAP
Specify the TLS
EtherType value
Define Tunnel MAC
Addresses for
Predefined Protocols
Configure the TLS
tunnel profile
Enable
Tunneling of
IEEE Control
Packets
Yes
Define Tunnel MAC
Addresses for User-
Defined Protocols
No
T-Marc 300 Series User Guide

Page 8
Configuring Transparent LAN Services (TLS) (Rev. 10)

The TLS Configuration Commands
Table 2: TLS Services Configuration Commands
Command Description
tls
Creates a specific TLS service instance (see Configuring
a TLS Service)
sdp
Configures a service distribution point (SDP) for the
specified TLS instance (see Configuring TLS Service
Distribution Paths (SDP))
sap
Configures a service access point (SAP) for the specified
TLS instance (see Configuring TLS Service Access Point
(SAP))

Table 3: TLS Services Optional Commands
Command Description
tls
Enables/disables the TLS (see Configuring TLS)
tls ethertype
Assigns an EtherType value (see Configuring the TLS
EtherType Value)
tls uplink
Configures a physical interface or group of interfaces as a
TLS core (uplink) port/groups (see Selecting a TLS Core
(Uplink) Port)
tls user
Configures a physical interface or group of interfaces as a
TLS access (user) port/groups (see Selecting a TLS
Access (User) Port )
management c-vlan
Limits the device management access only to a specified
C-VLAN
(see Securing the Management Device Access based on
C-VLAN)
The following table lists the command for configuring L2PT. The whole L2PT configuration is
optional.
NOTE
For the t l s t unnel ed- i eee- pdu command to take effect, first enable TLS
tunneling globally by the t l s t unnel ed- i eee- pdu enabl e command.
Table 4: L2PT Configuration Command
Command Description
tls tunneled-ieee-pdu
enable/disable
Enables/disables the Layer-2 protocol tunneling (see
Configuring the Layer-2 Protocol Tunneling)
tls tunnel-profile
Enables a configuration of a specific TLS tunnel profile
(see TLS Tunnel Profile Configuration Mode)
tls tunnel/discard
Specifies one of the allowed Layer-2 protocol PDUs to be
tunneled/discarded (see Configuring Layer-2 Protocol
PDUs)
T-Marc 300 Series User Guide

Page 9
Configuring Transparent LAN Services (TLS) (Rev. 10)

Command Description
tls tunneled-ieee-pdu
HH:HH:HH:HH:HH:HH
Defines a multicast tunnel MAC address that rewrites the
original multicast destination MAC address (see Defining
Tunnel MAC Addresses for Predefined Protocols )
tls tunneled-ieee-pdu add
Defines a multicast tunnel MAC address that rewrites the
original multicast destination MAC address (Defining
Tunnel MAC Addresses for User-Defined Protocols)
tls tunneled-ieee-pdu
(in SDP Service Configuration)
Enables tunneling of IEEE control packets for SDP (see
Tunneling of Layer-2 Protocol PDUs for SDP)
tls tunneled-ieee-pdu
(in SAP Service Configuration)
Enables tunneling of IEEE control packets for SAP (see
Tunneling of Layer-2 Protocol PDUs for SAP)

Table 5: TLS Display Commands
Command Description
show tls
Displays the global TLS configuration (see Displaying the
TLS Configuration)
show tls tunneled-ieee-pdu
Displays the L2PT encapsulation information (see
Displaying the L2PT Encapsulation Information)
show tls tunneled-ieee-pdu
service
Displays the L2PT configuration information (see
Displaying the L2PT Configuration Information)
show tls tunneled-ieee-pdu
statistics
Displays Layer-2 protocol tunneling statistics (see
Displaying Layer-2 Protocol Tunneling Statistics)
show tls tunnel-profile
Displays the specified custom profile name (see
Displaying TLS Profile Names)
show tls-services
Displays information about all currently configured TLS
services (see Displaying TLS Services)
T-Marc 300 Series User Guide

Page 10
Configuring Transparent LAN Services (TLS) (Rev. 10)

Configuring a TLS Service
The tls command creates a specific TLS service instance.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#tls SERVICE-NAME [<service ID>]
device-name(config)#no tls SERVICE-NAME
device-name(config)#no tls id <service ID>
Argument Description
SERVICE-NAME
A unique alpha-numeric string service name. When defining the service
via SNMP, it generates dynamically
service ID
(Optional) the unique service identifier, in the range <14294967295>
no
Removes the defined TLS instance
Example
device-name(config)#tls serv 5
device-name(config-tls serv)
Configuring TLS Service Distribution Paths (SDP)
The sdp command configures a service distribution point (SDP) for the specified TLS instance.
CLI Mode: TLS Service Configuration


NOTE
Create the SDP VLAN and add ports as tagged to this VLAN before creating the
SDP, see Example 1.
Command Syntax
device-name(config-tls SERVICE-NAME)#sdp {UU/SS/PP | ag0N} s-vlan <SVLAN-ID>
[primary | secondary]
device-name(config-tls SERVICE-NAME)#sdp {UU/SS/PP | ag0N} s-vlan <SVLAN-ID>
[option]
device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#
device-name(config-tls-sdp AG0N:SVLAN-ID:)#
device-name(config-tls SERVICE-NAME)#no sdp {UU/SS/PP | ag0N}
T-Marc 300 Series User Guide

Page 11
Configuring Transparent LAN Services (TLS) (Rev. 10)

Argument Description
UU/SS/PP
The SDP port. The SDP port has to be a tagged member of the S-
VLAN
ag0N
The SDP aggregation port. N in the range <17>
s-vlan <SVLAN-ID>
The SDP Service VLAN ID, in the range of <14094>
primary
(Optional) SDP EPS primary
secondary
(Optional) SDP EPS secondary
option
(Optional) changes the mode to SDP Service Configuration mode (see
Example 2)
no
Removes the defined SDP
For detailed information about EPS, refer to the ITU-T G.8031 Ethernet ProtectionSwitching(EPS)
section of Operations, AdministrationandMaintenance(OAM) chapter.
Examples
1. Create the SDP VLAN and add ports as tagged to this VLAN before creating the SDP:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create v5 5
device-name(config vlan)#config v5
device-name(config-vlan v5)#add ports 1/2/1 tagged
device-name(config-vlan v5)#exit
device-name(config vlan)#exit
device-name(config)#tls tunneled-ieee-pdu enable
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5
device-name(config-tls serv)#
2. Enter SDP Service Configuration mode:
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option
device-name(config-tls-sdp 1/2/1:5:)#
T-Marc 300 Series User Guide

Page 12
Configuring Transparent LAN Services (TLS) (Rev. 10)

Configuring TLS Service Access Point (SAP)
The sap command configures a service access point (SAP) for the specified TLS instance.
CLI Mode: TLS Service Configuration

Command Syntax
device-name(config-tls SERVICE-NAME)#sap UU/SS/PP {c-vlans <CVLAN-ID> | c-
vlans VLAN-LIST | c-vlan-wildcard 0xffff 0xffff | c-vlan-wildcard all}
[option | untagged]

device-name(config-tls SERVICE-NAME)#no sap UU/SS/PP {c-vlans <CVLAN-ID> | c-
vlans VLAN-LIST | c-vlan-wildcard 0xffff 0xffff | c-vlan-wildcard all}
[untagged]
Argument Description
UU/SS/PP
The SAP port. The SAP port has to be an untagged member of the S-
VLAN. Default VLAN for SAP port is the S-VLAN
CVLAN-ID
The SAP Customer VLAN ID, in the range of <14094>
VLAN-LIST
The SAP Customer VLAN ID list (for example 24,8) defining the
number of SAPs
c-vlan-wildcard
0xffff 0xffff
A group of Customer VLANs, identified by matching mask
c-vlan-wildcard
all
Tunnels the tagged traffic only
option
(Optional) changes the mode to SAP Service Configuration mode (see
Example 2)
untagged
(Optional) tunnels untagged traffic only
no
Removes the defined SAP
Examples
1. Configure SAP:
device-name(config-tls serv)#sap 1/1/1 c-vlan-wildcard all
device-name(config-tls serv)#sap 1/2/2 c-vlans 4,7-9
device-name(config-tls serv)#sap 1/2/3 c-vlans 5 untagged
2. Enter SAP Service Configuration mode:
device-name(config-tls serv)#sap 1/2/2 c-vlans 4 option
device-name(config-tls-sap 1/2/2:4:)#
T-Marc 300 Series User Guide

Page 13
Configuring Transparent LAN Services (TLS) (Rev. 10)

Configuring TLS
The tls command enables/ disables the TLS.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#tls {enable | disable}
Argument Description
enable
Enables TLS
disable
Disables TLS
Configuring the TLS EtherType Value
The tls ethertype command configures the EtherType value.
CLI Mode: Global Configuration
By default, the EtherType value is 0x8100.
Command Syntax
device-name(config)#tls ethertype <number>
Argument Description
number
Hexadecimal VLAN EtherType value (for example 0x9000)
Selecting a TLS Core (Uplink) Port
The tls uplink command configures a physical interface or group of interfaces as a TLS core
(uplink) port/ groups.
CLI Mode:
Interface Configuration, LAG Interface Configuration, Range Interface
Configuration, and LAG Range Interface Configuration
The TLS core port is configured at the Provider-network side of the provider-edge (PE) switch.

NOTE
For the t l s upl i nk command to take effect, first enable TLS by using the t l s
enabl e command.

T-Marc 300 Series User Guide

Page 14
Configuring Transparent LAN Services (TLS) (Rev. 10)


NOTE
For TLS to be successfully enabled on an uplink, which is a port aggregation (LAG),
the t l s upl i nk command should be executed in Interface LAG Configuration
mode. Enabling TLS on a single port of the LAG will have no effect on the
aggregation.
By default, all ports are residential.
Command Syntax
device-name(config-if UU/SS/PP)#[no] tls uplink
device-name(config-if AG0N)#[no] tls uplink
device-name(config-if-group)#[no] tls uplink
device-name(config-ag-group)#[no] tls uplink
Argument Description
no
Configures the selected port or link aggregation to a residential port/group of ports
Selecting a TLS Access (User) Port
The tls user command configures a physical interface or group of interfaces as a TLS access
(user) port/ groups.
CLI Mode:
Interface Configuration, LAG Interface Configuration, Range Interface
Configuration, and LAG Range Interface Configuration
The TLS access port is configured at the Provider-network side of the Customer Edge (CE) switch.
NOTE
For the t l s user command to take effect, first enable TLS by using the t l s
enabl e command.
By default, all the ports are set as residential ports.
Command Syntax
device-name(config-if UU/SS/PP)#[no] tls user
device-name(config-if AG0N)#[no] tls user
device-name(config-if-group)#[no] tls user
device-name(config-ag-group)#[no] tls user
Argument Description
no
Configures the selected port or link aggregation to a residential port/group of ports
T-Marc 300 Series User Guide

Page 15
Configuring Transparent LAN Services (TLS) (Rev. 10)

Securing the Management Device Access based on
C-VLAN
The management c-vlan command limits the device management access only through specified C-
VLANs.
CLI Mode: TLS Service Configuration
TLS service-enabled devices are located at the edge of two domains and thus at the administrative
edge of two business entities. A remote business entity manages these devices remotely through a
service-encapsulated traffic (the traffic that is encapsulated with TLS service tag).
The management service-encapsulated traffic is tunneled through a dedicated management C-
VLAN in order to separate it from the data service-encapsulated traffic.
Configuring a management C-VLAN is mandatory, in order to manage these devices through the
TLS Service.
If the management C-VLAN is disabled, the following are not allowed:
Telnet to the device
SSH to the device
SNMP management

NOTE
Only one management C-VLAN per TLS service is supported.
The management C-VLAN must not match C-VLANs that are used in SAP definitions.
By default, no management C-VLAN is configured on a TLS service.
Command Syntax
device-name(config-tls SERVICE-NAME)#management c-vlan <CVLAN-ID>
Argument Description
CVLAN-ID
The C-VLAN ID, in the range of <14094>(CVLAN-ID)
Configuring the Layer-2 Protocol Tunneling
The tls tunneled-ieee-pdu enable/disable command enables or disables the Layer-2
protocol tunneling.
CLI Mode: Global Configuration
By default, the Layer-2 protocol tunneling is disabled.
Command Syntax
device-name(config)#tls tunneled-ieee-pdu {enable | disable}
T-Marc 300 Series User Guide

Page 16
Configuring Transparent LAN Services (TLS) (Rev. 10)

Argument Description
enable
Enables the Layer-2 protocol tunneling
disable
Disables the Layer-2 protocol tunneling
TLS Tunnel Profile Configuration Mode
The tls tunnel-profile command enters the configuration mode for a specific TLS tunnel
profile.
CLI Mode: Global Configuration and TLS Tunnel Profile Configuration

NOTE
Use this command in a Specific TLS Tunnel Profile Configuration mode to switch to
the Configuration mode of another TLS tunnel profile; see Example.

Command Syntax
device-name(config)#tls tunnel-profile TLS-PROFILE-NAME
device-name(tls-profile TLS-PROFILE-NAME)#

device-name(tls-profile TLS-PROFILE-NAME)#tls tunnel-profile TLS-PROFILE-
NAME1
device-name(tls-profile TLS-PROFILE-NAME1)#
Argument Description
TLS-PROFILE-NAME
The TLS profile name
Example
device-name(config)#tls tunnel-profile system
device-name(tls-profile system)#tls tunnel-profile p5
device-name(tls-profile p5)#tls tunnel stp
Configuring Layer-2 Protocol PDUs
The tls tunnel/discard command specifies one of the allowed Layer-2 protocol PDUs to be
tunneled or discarded.
CLI Mode: TLS Tunnel Profile Configuration
Command Syntax
device-name(tls-profile PROFILE-NAME)#tls {tunnel | discard} {all-brs | other
| dot1x | efm-oam | e-lmi | garp | lacp | lldp | pvst | pb-stp | stp}
T-Marc 300 Series User Guide

Page 17
Configuring Transparent LAN Services (TLS) (Rev. 10)

Argument Description
tunnel
Specifies one of the allowed Layer-2 Protocol PDUs to be tunneled
discard
Specifies one of the allowed Layer-2 Protocol PDUs to be discarded
all-brs
Specifies that the PDUs intended for the MAC address that is reserved
for the exclusive use by the All Bridges are tunneled
other
Specifies that the PDUs intended for the MAC addresses from the bridge
block but are not PDUs of any of the specified protocols are tunneled
dot1x
IEEE 802.1x standard
efm-oam
Ethernet in the First Mile-Operations, Administration and Maintenance
standard
e-lmi
Enhanced Local Management Interface
garp
Generic Attribute Registration Protocol
lacp
Link Aggregation Protocol
lldp
Link Layer Discovery Protocol
pvst
Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance for
each VLAN configured in the network. Since PVST treats each VLAN as
a separate network, it has the ability to load balance traffic (at layer-2) by
forwarding some VLANs on one link and other VLANs on another link
without causing a spanning tree loop.
pb-stp Provider Bridge Spanning Tree Protocol
stp
Spanning Tree Protocol
Defining Tunnel MAC Addresses for Predefined
Protocols
The tls tunneled-ieee-pdu HH:HH:HH:HH:HH:HH command defines a multicast tunnel MAC
address that rewrites the original multicast destination MAC address in the encapsulated Layer-2
PDUs.
The Layer-2 PDU is transported across the provider network transparently to the other end of the
tunnel and the original multicast destination MAC address is restored when the packet is
transmitted.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#tls tunneled-ieee-pdu {all-brs | other | dot1x | efm-oam |
e-lmi | garp | lacp | lldp | pvst | pb-stp | stp} HH:HH:HH:HH:HH:HH
T-Marc 300 Series User Guide

Page 18
Configuring Transparent LAN Services (TLS) (Rev. 10)

Argument Description
all-brs
Specifies that PDUs intended for the MAC address that is reserved for
the exclusive use by the All Bridges are tunneled
other
Specifies that PDUs intended for the MAC addresses from the bridge
block but are not PDUs of any of the specified protocols are tunneled
dot1x
IEEE 802.1x standard
efm-oam
Ethernet in the First Mile-Operations, Administration and Maintenance
standard
e-lmi
Enhanced Local Management Interface
garp
Generic Attribute Registration Protocol
lacp
Link Aggregation Protocol
lldp
Link Layer Discovery Protocol
pvst
Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance
for each VLAN configured in the network. Since PVST treats each
VLAN as a separate network, it has the ability to load balance traffic
(at layer-2) by forwarding some VLANs on one link and other VLANs
on another link without causing a spanning tree loop.
pb-stp Provider Bridge Spanning Tree Protocol
stp
Spanning Tree Protocol
HH:HH:HH:HH:HH:HH
Multicast tunnel MAC address, in hexadecimal format
Refer to Table 6 for default multicast tunnel MAC addresses
NOTE
If you do not specify a MAC address, the default
replacement MAC address for each of the specified
protocols is used.
Table 6: Default Multicast Tunnel MAC Addresses
Protocol MAC Address
xSTP 01-A0-12-FF-FF-00
LACP/LAMP 01-A0-12-FF-FF-02
Link OAM (802.3ah) 01-A0-12-FF-FF-02
Port Authentication (802.1x) 01-A0-12-FF-FF-03
E-LMI 01-A0-12-FF-FF-07
LLDP (802.1AB) 01-A0-12-FF-FF-0E
Bridge block of protocols 01-A0-12-FF-FF-0X
NOTE
X denotes a random digit from 0 to F. When it
is found in the original MAC, is preserved in
the replacement MAC.
All Bridges 01-A0-12-FF-FF-10
T-Marc 300 Series User Guide

Page 19
Configuring Transparent LAN Services (TLS) (Rev. 10)

Protocol MAC Address
GARP Block of protocols 01-A0-12-FF-FF-2X
NOTE
X denotes a random digit from 0 to F. When it
is found in the original MAC, is preserved in
the replacement MAC.
Provider bridge STP 01-A0-12-FF-FF-08
PVST 01-A0-12-CC-CC-CD
When you configure the destination MAC address for encapsulated PDUs, you must leave the last
byte of the MAC address for protocols Bridgeblock of protocolsand GARP Block of protocolsas default
values:
00for Bridge block of protocols
20for GARP Block of protocols
Defining Tunnel MAC Addresses for User-Defined
Protocols
The tls tunneled-ieee-pdu add command defines a multicast tunnel MAC address that
rewrites the original multicast destination MAC address in the encapsulated PDU for user-defined
Layer-2 protocols.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#tls tunneled-ieee-pdu add L2TUN-PROTOCOL-NAME
ORIGINAL_HH:HH:HH:HH:HH:HH [TUNNEL_HH:HH:HH:HH:HH:HH] [ETHERTYPE]
device-name(config)#no tls tunneled-ieee-pdu L2TUN-PROTOCOL-NAME
Argument Description
L2TUN-PROTOCOL-NAME
A text string of <116>characters
ORIGINAL_HH:HH:HH:HH:HH:HH
Original multicast destination MAC address of the specified
protocol
TUNNEL_HH:HH:HH:HH:HH:HH
(Optional) multicast tunnel MAC address used for the
replacement
ETHERTYPE
(Optional) indicates which protocol is encapsulated in the
payload of the Ethernet frame
no
Restores the original multicast destination MAC address
T-Marc 300 Series User Guide

Page 20
Configuring Transparent LAN Services (TLS) (Rev. 10)

Tunneling of Layer-2 Protocol PDUs for SDP
The tls tunneled-ieee-pdu command enables tunneling of Layer-2 protocol PDUs for SDP.
CLI Mode: SDP Service Configuration
By default, TLS tunneling is disabled. When TLS tunneling is enabled on a TLS service, the default
policy is Discard-all.
Command Syntax
device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#tls tunneled-ieee-pdu [discard-
all | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME]
device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#no tls tunneled-ieee-pdu

device-name(config-tls-sdp AG0N:SVLAN-ID:)#tls tunneled-ieee-pdu [discard-all
| tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME]
device-name(config-tls-sdp AG0N:SVLAN-ID:)#no tls tunneled-ieee-pdu
Argument Description
discard-all (Optional) specifies a policy of discarding only Layer-2 protocol PDUs
tunnel-all (Optional) specifies a policy of tunneling only Layer-2 protocol PDUs
tunnel-bpdu (Optional) specifies a policy of tunneling only xSTP packets. When the
tunneling of xSTP protocols is enabled, it allows tunneling BPDUs
between the TLS access (user) ports over the TLS core (uplink) ports.
The tunneling is done for packets with Multicast DA of 01-80-c2-00-00-
00 (STP).
TLS-PROFILE-NAME
(Optional) specifies the custom profile name used to define the tunneling
policy on the specified SDP
no Disables tunneling of IEEE Control packets
Example
device-name(config-tls-sdp 1/1/1:4:)#tls tunneled-ieee-pdu tunnel-bpdu
T-Marc 300 Series User Guide

Page 21
Configuring Transparent LAN Services (TLS) (Rev. 10)

Tunneling of Layer-2 Protocol PDUs for SAP
The tls tunneled-ieee-pdu command enables tunneling of Layer-2 protocol PDUs for SAP.
CLI Mode: SAP Service Configuration


NOTE
In SAP Service Configuration mode also exist:
the appl y- qos- ser vi ce- pol i cy command. For more information, refer to the
Applying the Service Policy on a SAP section of the Configuring Quality of
Service (QoS) chapter.
the mac access- gr oup and i p access- gr oup commands. For more
information, refer to the Configuring Access Control Lists (ACLs) chapter.
the event - pr opagat i on pr of i l e command. For more information, refer to
the Applying a Profile to a SAP or a Port section of the Operations,
Administration & Maintenance (OAM) chapter.
By default, TLS tunneling is disabled. When TLS tunneling is enabled on a TLS service, the default
policy is Discard-all.
Command Syntax
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#tls tunneled-ieee-pdu [discard-
all | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME]
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#no tls tunneled-ieee-pdu
Argument Description
discard-all (Optional) specifies a policy of discarding only Layer-2 protocol PDUs
tunnel-all (Optional) specifies a policy of tunneling only Layer-2 protocol PDUs
tunnel-bpdu (Optional) specifies a policy of tunneling only xSTP packets. When the
tunneling of xSTP protocols is enabled, it allows tunneling the BPDUs
between the TLS access (user) ports over the TLS core (uplink) ports.
The tunneling is done for packets with Multicast DA of 01-80-c2-00-00-
00 (STP).
TLS-PROFILE-NAME
(Optional) specifies the custom profile name used to define the
tunneling policy on the specified SAP
no
Disables tunneling of IEEE Control packets
Example
device-name(config-tls-sap 1/1/1:5:)#tls tunneled-ieee-pdu tunnel-all
T-Marc 300 Series User Guide

Page 22
Configuring Transparent LAN Services (TLS) (Rev. 10)

Displaying the TLS Configuration
The show tls command displays the TLS configuration.
CLI Mode: Privileged (Enable)
The TLS configuration includes:
The TLS status
The TLS EtherType
The TLS core (uplink) ports
The TLS access (user) ports
Command Syntax
device-name#show tls
Example
device-name#show tls
TLS i s enabl ed
TLS Et her Type 0x8100
==============================+
| I nt er f ace | Mode |
- - - - - - - - - - - - - +- - - - - - - - - - - - - - - - +
| 1/ 2/ 1 | User |
| 1/ 3/ 1 | Upl i nk |
| AG01 | Resi dent i al |
| AG02 | Resi dent i al |
| AG03 | Resi dent i al |
| AG04 | Resi dent i al |
| AG05 | Resi dent i al |
| AG06 | Resi dent i al |
| AG07 | Resi dent i al |
Displaying the L2PT Encapsulation Information
The show tls tunneled-ieee-pdu command displays the L2PT encapsulation information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show tls tunneled-ieee-pdu
T-Marc 300 Series User Guide

Page 23
Configuring Transparent LAN Services (TLS) (Rev. 10)

Example
device-name#show tls tunneled-ieee-pdu
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - +
| Pr ot ocol | Pr ot ocol MAC | Encapsul at i on MAC | Et her Type |
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - +
| st p | 01: 80: c2: 00: 00: 00 | 01: a0: 12: f f : f f : 00 | N/ A |
| l acp | 01: 80: c2: 00: 00: 02 | 01: a0: 12: f f : f f : 02 | 0x8809 |
| ef m- oam | 01: 80: c2: 00: 00: 02 | 01: a0: 12: f f : f f : 02 | 0x8809 |
| dot 1x | 01: 80: c2: 00: 00: 03 | 01: a0: 12: f f : f f : 03 | N/ A |
| e- l mi | 01: 80: c2: 00: 00: 07 | 01: a0: 12: f f : f f : 07 | N/ A |
| l l dp | 01: 80: c2: 00: 00: 0e | 01: a0: 12: f f : f f : 0e | N/ A |
| ot her | 01: 80: c2: 00: 00: 0X | 01: a0: 12: f f : f f : 0X | N/ A |
| al l - br s | 01: 80: c2: 00: 00: 10 | 01: a0: 12: f f : f f : 10 | N/ A |
| gar p | 01: 80: c2: 00: 00: 2X | 01: a0: 12: f f : f f : 2X | N/ A |
| pb- st p | 01: 80: c2: 00: 00: 08 | 01: a0: 12: f f : f f : 08 | N/ A |
| pvst | 01: 00: 0c: cc: cc: cd | 01: a0: 12: cc: cc: cd | N/ A |
| pr ot ocol _name | 01: 80: c2: 00: 00: 02 | 01: a0: 12: f f : f f : 02 | 0x9530 |
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - +
Displaying the L2PT Configuration Information
The show tls tunneled-ieee-pdu service command displays the L2PT configuration
information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show tls tunneled-ieee-pdu service <service ID> {sap SAPSTRING |
sdp SDPSTRING}
Argument Description
service ID
The unique service identifier, in the range of <14294967295>
sap SAPSTRING
The SAPSTRING has the form UU/SS/PP:CVLANID:
The C-VLAN ID is in the range of <14094>.
sdp SDPSTRING
The SDPSTRING has the forms:
UU/SS/PP:SVLANID:use it if you configured the SDP on a port
ag0N:SVLANID:use it if you configured the SDP on a link
aggregation
The S-VLAN ID is in the range of <14094>
T-Marc 300 Series User Guide

Page 24
Configuring Transparent LAN Services (TLS) (Rev. 10)

Example
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option
device-name(config-tls-sdp 1/2/1:5:)#tls tunneled-ieee-pdu tunnel-bpdu
device-name(config-tls-sdp 1/2/1:5:)#end
device-name#show tls tunneled-ieee-pdu service 5 sdp 1/2/1:5:
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Vi I d | Pr of i l e Appl i ed |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| 1/ 2/ 1: 5: | t unnel - bpdu |
Displaying Layer-2 Protocol Tunneling Statistics
The show tls tunneled-ieee-pdu statistics command displays Layer-2 protocol tunneling
statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show tls tunneled-ieee-pdu statistics
Example
device-name#show tls tunneled-ieee-pdu statistics
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| SVC_I D| SAP/ SDP_STRI NG| PROTO_NAME| ACTI ON| RX| TX|
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| 7268| 1/ 1/ 2: 5| st p| t unnel | 0| 0|
| 7268| 1/ 1/ 2: 5| l acp| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| ef m- oam| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| dot 1x| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| e- l mi | di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| l l dp| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| ot her | di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| al l - br s| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| gar p| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| pb- st p| di scar d| 0| 0|
| 7268| 1/ 1/ 2: 5| pvst | di scar d| 0| 0|
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
T-Marc 300 Series User Guide

Page 25
Configuring Transparent LAN Services (TLS) (Rev. 10)

Displaying TLS Profile Names
The show tls tunnel-profile command displays the TLS profile names used to define the
tunneling policy.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show tls tunnel-profile [TLS-PROFILE-NAME]
Argument Description
TLS-PROFILE-NAME
(Optional) displays the specified custom profile name used to define
the tunneling policy on a specified port
Example
device-name#show tls tunnel-profile
Pr of i l eName: my_t unnel
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - +
| Pr ot ocol | Act i on |
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - +
| st p | t unnel |
| l acp | t unnel |
| ef m- oam | di scar d |
| dot 1x | di scar d |
| e- l mi | di scar d |
| l l dp | di scar d |
| ot her | di scar d |
| al l - br s | t unnel |
| gar p | di scar d |
| pb- st p | di scar d |
| pvst | di scar d |
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - +

Pr of i l eName: l acp_t unnel
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - +
| Pr ot ocol | Act i on |
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - +
| st p | di scar d |
| l acp | t unnel |
| ef m- oam | di scar d |
| dot 1x | di scar d |
| e- l mi | di scar d |
| l l dp | di scar d |
| ot her | di scar d |
| al l - br s | di scar d |
| gar p | di scar d |
| pb- st p | di scar d |
T-Marc 300 Series User Guide

Page 26
Configuring Transparent LAN Services (TLS) (Rev. 10)

| pvst | di scar d |
+- - - - - - - - - - - - - - - - - +- - - - - - - - - - - +
Displaying TLS Services
The show tls-services command displays information about all currently configured TLS
services.
CLI Mode:
Privileged (Enable), and TLS Service Configuration
Command Syntax
device-name#show tls-services
device-name(config-tls SERVICE-NAME)#show tls-services
Example
device-name#show tls-services
+- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - +
| I dx | Ser vi ce Name | S- VLAN| Encap| St at e|
+- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - +
| 00007615 | t est | 0002 | Qi nQ | Up |
T-Marc 300 Series User Guide

Page 27
Configuring Transparent LAN Services (TLS) (Rev. 10)

TLS Configuration Examples
Example 1
The following figure shows an example of an interface TLS configuration.

Figure 3: TLS I nterface Example
1. Enable TLS:
device-name#configure terminal
device-name(config)#tls enable
2. Configure the TLS core (uplink) port on port 1/ 2/ 1:
device-name(config)#interface 1/2/1
device-name(config-if 1/2/1)#tls uplink
3. Configure the TLS access (user) port on port 1/ 2/ 8:
device-name(config-if 1/2/1)#interface 1/2/8
device-name(config-if 1/2/8)#tls user
device-name(config-if 1/2/8)#exit
4. Add the TLS core (uplink) port as a tagged member to VLAN 10. Also add access (user) port
as an untagged member to that VLAN.
device-name(config)#vlan
device-name(config vlan)#create v10 10
device-name(config vlan)#config v10
device-name(config-vlan v10)#add ports 1/2/1 tagged
device-name(config-vlan v10)#add ports 1/2/8 untagged
device-name(config-vlan v10)#add ports default 1/2/8
device-name(config-vlan v10)#end
T-Marc 300 Series User Guide

Page 28
Configuring Transparent LAN Services (TLS) (Rev. 10)

5. Display the TLS configuration:
device-name#show tls
TLS i s enabl ed
TLS Et her Type 0x8100

+===========+================+
| I nt er f ace | Mode |
+- - - - - - - - - - - +- - - - - - - - - - - - - - - - +
| 1/ 2/ 1 | upl i nk |
| 1/ 2/ 8 | user |
| AG01 | Resi dent i al |

| AG07 | Resi dent i al |


Example 2
Figure4 shows an example of a TLS tunneling configuration.

Figure 4: TLS Tunneling Example
1. Create the VLAN vl5 with ID 5 and add to it the 1/ 2/ 1 port (SDP port) as tagged and 1/ 2/ 2
port (SAP port) as untagged:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create v5 5
device-name(config vlan)#config v5
device-name(config-vlan v5)#add ports 1/2/1 tagged
device-name(config-vlan v5)#add ports 1/2/2 untagged
device-name(config-vlan v5)#add ports default 1/2/2
device-name(config-vlan v5)#exit
device-name(config vlan)#exit
2. Define a new TLS service and enable TLS tunneling:
device-name(config)#tls tunneled-ieee-pdu enable
device-name(config)#tls serv 5
3. Define SDP:
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option
device-name(config-tls-sdp 1/2/1:5:)#tls tunneled-ieee-pdu tunnel-bpdu
device-name(config-tls-sdp 1/2/1:5:)#exit
T-Marc 300 Series User Guide

Page 29
Configuring Transparent LAN Services (TLS) (Rev. 10)

4. Add wildcard VLAN for SAP:
device-name(config-tls serv)#sap 1/2/2 c-vlans 6
device-name(config-tls serv)#sap 1/2/2 c-vlans 6 option
device-name(config-tls-sap 1/2/2:6:)#tls tunneled-ieee-pdu tunnel-bpdu
device-name(config-tls-sap 1/2/2:6:)#end
5. Display TLS services:
device-name#show tls-services
+- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - +
| I dx | Ser vi ce Name | S- VLAN| Encap| St at e|
+- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - +
| 00000005 | ser v | 0005 | Qi nQ | Up |
6. Display TLS tunneling:
device-name#show tls tunneled-ieee-pdu service 5 sdp 1/2/1:5:
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Vi I d | Pr of i l e Appl i ed |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| 1/ 2/ 1: 5: | t unnel - bpdu |

device-name#show tls tunneled-ieee-pdu service 5 sap 1/2/2:6:
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Vi I d | Pr of i l e Appl i ed |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| 1/ 2/ 2: 6: | t unnel - bpdu |
T-Marc 300 Series User Guide

Page 30
Configuring Transparent LAN Services (TLS) (Rev. 10)

Supported Platforms
Feature T-Marc 340 T-Marc 380
Transparent LAN Services (TLS) + +
Supported Standards, MIBs, and RFCs
Feature Standards MIBs RFCs
Transparent LAN
Services (TLS)
No standards are
supported by this
feature.
Private MIBs:
prvt_serv.mib
prvt_L2tunneling.mib
No RFCs are
supported by this
feature.


Page 1
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Configuring Spanning Tree Protocol (STP)
Table of Figures 3
Overview 4
Architecture 4
The Election Algorithm 4
Selecting a Root Bridge 4
Selecting a Designated Bridge per Network Segment 4
Selecting the Root and Alternate Ports 5
Line Error Detection 5
Bridge Protocol Data Units (BPDUs) 5
The STP Path Cost 6
The STP Port States 6
Topology Changes Detection 8
Broadcasting an Event to the Network 9
The STP Timers 9
Message Age 10
The STP Diameter11
Calculating the STP Timers11
STP Address Management12
STP Loop Guard12
Internet Group Multicast Protocol (IGMP) Fast Recovery 13
STP Default Configuration 15
STP Configuration Flow16
STP Configuration Commands17
Enabling/Disabling STP19
Enabling/Disabling STP per Port19
Defining the STP Bridge Priority 20
Defining the STP Priority per Port 20
T-Marc 300 Series User Guide

Page 2
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Defining the Hello-Time21
Defining the Maximum Aging Timer 21
Defining the Forward-Delay Timer 22
Defining the Port Path Cost 22
Enabling/Disabling STP Topology Change Detection 23
Enabling/Disabling Line Error Detection 23
Enabling/Disabling Line Flapping Detection 24
Setting the BPDU Guard 24
Enabling/Disabling the Loop Guard per Port25
Enabling/Disabling Root Restriction25
Configuring the BPDUs MAC Address 26
Restoring STP Port Parameters to Defaults26
Configuring IGMP Fast Recovery 26
Displaying the STP Configuration 27
Displaying the Ports STP Configuration28
Displaying the STP Topology for a Specific Port 32
Enabling STP Debug Information33
Displaying the STP Debug Status 33
STP Configuration Example34
Supported Platforms38
Supported Standards, MIBs, and RFCs38

T-Marc 300 Series User Guide

Page 3
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Table of Figures
Figure 1: The Spanning Tree Port States 7
Figure 2: Topology Change 8
Figure 3: Topology Change with TC Message 9
Figure 4: BPDU Age Parameter 10
Figure 5: Calculating the Diameter 11
Figure 6: Spanning Tree IGMP Configuration13
Figure 7: Spanning Tree IGMP Fast Recovery Configuration 14
Figure 8: STP Configuration Flow16
Figure 9: Spanning Tree Configuration Example34


T-Marc 300 Series Series User Guide
Page 4
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Overview
Spanning Tree Protocol (STP, IEEE 802.1d) is a Layer 2 protocol that provides path redundancy,
ensuring a loop-free topology for bridged LANs.
Using this protocol, a network can include redundant links that provide automatic backup paths in
case of an active link failure. It controls the links, leaving only a single active path between any two
network nodes.
Architecture
The STP algorithm calculates each path cost throughout all the devices within the networks
spanning tree, remaining the paths with the lower cost as active paths and blocking others. It
activates the blocked paths in case the active link fails or if the path cost changes.
The Election Algorithm
Selecting a Root Bridge
In order to elect the active paths within a network, STP first determines a Rootbridge. The Root is
the device towards which all other devices calculate the path cost. The protocol then selects the
path with the lowest cost between each device to the Root as the active path, while blocking all
other redundant paths.
Each bridge within the spanning tree has a unique ID that is made up of the bridges user-defined
priority and MAC address. The protocol selects the bridge with the lowest ID as the Root.
System administrators can alter the bridge ID by configuring the bridge priority, thus control the
probability of a bridge becoming a Root.
Selecting a Designated Bridge per Network Segment
After selecting the Root bridge, STP selects a Designatedbridge per network segment. This is the
closest bridge to the Root, forwarding packets from that segment towards the root bridge.
Each segment has only one Designated bridge. The Designated bridge has one Designated port
that forwards packets from the Root bridge to this segment.
T-Marc 300 Series Series User Guide

Page 5
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Selecting the Root and Alternate Ports
The last election step is selecting a Root port (per bridge) that sends data towards the Root bridge.
In order to avoid loops, all other ports that provide redundant paths to the Root bridge are set as
Alternate ports. These ports do not forward traffic unless the Root port goes down.
Each bridge has only one Root port, as a single path toward the Root bridge.
Line Error Detection
The protocol allows interchanging the roles of the Root port and an Alternate port when the CRC
errors on the line reach a critical level. In this case the Root ports path cost automatically changes
into a higher value, triggering the interchange of the Root and Alternate port statuses.
For detailed information regarding the port role assignments, refer to the RSTP Port Rolessection
from ConfiguringRapidSpanningTreeProtocol (RSTP) chapter.
Bridge Protocol Data Units (BPDUs)
Bridges exchange the above information using Bridge Protocol Data Units (BPDUs) that include
the following information:
the Root bridge ID
the designated bridge ID
the path costthe distance between the Root to the device
the designated port ID
The protocol uses three BPDU types:
Configuration BPDUs, used for the election algorithm
Topology Change Notification (TCN) BPDUs, announcing network topology changes
Topology Change Notification Acknowledgment BPDUs, sent when a device receives a TCN,
forwarding the TCN on its Root port.
T-Marc 300 Series Series User Guide

Page 6
Configuring Spanning Tree Protocol (STP) (Rev. 06)


The STP Path Cost
Each bridge port has an assigned path cost, a user-definable parameter that determines the ports
preference to be included in the active spanning tree topology. During BPDU exchange, STP sums
up the path costs along all Designated ports (Designatedpathcost). This value then serves as the
bridges distance from the Root.
The lower the cost, the closer the device is to the Root. If two devices have identical path costs,
STP selects the path based on port priority and bridge IDs as a tiebreaker.
The STP Port States
STP uses five port states controlling the BDPU traffic.
To ensure a loop-free network during topology changes inactive ports:
cannot start forwarding prior to the new topology-information propagating through the
switched LAN
have to allow framesthat were forwarded using the old topologyto expire
Table 1: STP States
STP State Description
Blocking The port does not forward frames. It moves to this state after the initialization
phase, when a different device/port was elected as Root.
If there is only one device in the network, no exchange occurs, the forward-
delay timer expires, and the ports move to Listening state.
A port in blocking state:
discards frames
discards frames switched from another port for forwarding
does not learn MAC addresses
receives BPDUs
A Blocking port can enter Listening or Disabled states.
Listening This is the first state a Blocking port transitions to when STP determines that
the port should participate in frame forwarding. The device processes
BPDUs and waits for possible new information that might cause it to return to
the Blocking state.
A port in Listening state performs the same steps as Blocking state.
From this state the port can enter Learning or Disabled states.
T-Marc 300 Series Series User Guide

Page 7
Configuring Spanning Tree Protocol (STP) (Rev. 06)

STP State Description
Learning This is the second state the port enters when preparing to participate in
frame-forwarding.
The port does not yet forward frames. However it learns source addresses
from received frames, adding them to the filtering database.
A port in Learning state:
discards frames
discards frames switched from another port for forwarding
learns MAC addresses
receives BPDUs
From this state the port can enter Forwarding or Disabled states.
Forwarding The port forwards frames. The device processes BPDUs and waits for
possible new information that might cause it to return to Blocking state to
prevent a loop.
A port in Forwarding state:
receives and forwards frames
forwards frames switched from other ports
learns MAC addresses
receives BPDUs
From this state the port can enter Disabled state.
Disabled A port in this state does not participate in frame forwarding and spanning
tree.
The port performs the same steps as Blocking state, except it does not
receive BPDUs.
The following figure illustrates how a port moves through the above states.

Figure 1: The Spanning Tree Port States
T-Marc 300 Series Series User Guide

Page 8
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Topology Changes Detection
When a bridge detects a topology change in the network (such as a link failure or the link changing
to Forwarding state), it sends this event to the entire bridged network.
The process is done in two stages:
1. The bridge notifies the STP Root.
2. The Root broadcasts the information to the whole network.
Upon a topology change the address tables of all devices are flushed and new paths are learned.
The below figure illustrates the networks reaction to a topology change. The initial data path
between Computer 1 and Computer 2 is via Device ADevice BDevice C.

Figure 2: Topology Change
After a topology change the new data path becomes Device ADevice DDevice C.
During the topology-change period, devices C and D are not aware of the topology change. During
this period frames sent from Computer 1 are forwarded to Device B and there is no connection
between the Computer 1 and Computer 2 until the address table ages out.
To avoid connection loss caused by a topology change, STP implements a mechanism called
Topology Change Notification (TCN). This mechanism flushes the devices MAC addresses upon a
topology change.
T-Marc 300 Series Series User Guide

Page 9
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Broadcasting an Event to the Network
When the Root is aware of a topology change, it sends out configuration BPDUs with the
Topology Change (TC) flag set. As a result, all bridges become aware of the topology change and
reduce the MaxAge timer to the forward-delay timer (see below TheSTP Timers).
Bridges receive topology-change BPDUs on both forwarding and blocking ports.

Figure 3: Topology Change with TC Message
The STP Timers
The following table describes the timers affecting the STP performance.
Table 2: STP Timers
Variable Description
Hello timer The interval between two consecutive BPDUs a device sends to other
devices.
Forward-delay timer The time a port is in Listening and Learning states before the port begins
forwarding.
Maximum-age timer
(MaxAge)
The time the device stores protocol information received on a port.
Message Age How far a device is from the Root when it receives a BDPU

T-Marc 300 Series Series User Guide

Page 10
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Message Age
The message age value of all BPDUs the Root sends are zero. Each subsequent device increments
the message age value by one, as illustrated in the below figure:

Figure 4: BPDU Age Parameter
After receiving a new BPDU equal to or greater than the recorded information on the port, all
BPDU information is stored, and the age timer begins to run, starting at the message age. If this age
timer reaches MaxAgebefore receiving another BPDU, the information ages out for that port.
For example, in the above figure:
Device B and C receive a BPDU from Device A with message age value zero. On the port
going to Device A, it takes MaxAgeseconds before the information ages out.
Device D and E receive a BPDU from Device B with message age value one. On the port
going to Device A, it takes MaxAge-1seconds before the information ages out.
Device F receives a BPDU from Device E with message age value two. On the port going to
Device E, it takes MaxAge-2 seconds before the information ages out.
T-Marc 300 Series Series User Guide

Page 11
Configuring Spanning Tree Protocol (STP) (Rev. 06)


The STP Diameter
The STP timers settings are based on the STP diameter, the maximum number of bridges between
any two end points on the network. IEEE 802.1D specification recommends a maximum network
diameter of 7 hops. (Therefore the maximum STP ring size is 14 devices: a distance of seven hops
from the root to the last bridge in the ring.)
The below figure illustrates a network built up of a diameter of five (path A-C-B-E-D). It contains
three access devices (C, D, and E) attached to two distribution devices (A and B) and a Layer 3
boundary between the distribution devices and the core. The bridged domain stops at the
distribution devices.
The maximum STP diameter of five is between:
C-A-D-B-E
D-A-C-B-E

Figure 5: Calculating the Diameter

Calculating the STP Timers
To calculate the STP timers use the following formulas:
Max_age = 4 x hello +2 x dia - 2

Forward_delay = (4 x hello + 3 x dia) / 2
Based on the above formulas, lowering the hello-timer value decreases the other STP parameters.
However, it doubles the amount of BPDUs sent/received by each bridge, causing additional load
on the CPU.
T-Marc 300 Series Series User Guide

Page 12
Configuring Spanning Tree Protocol (STP) (Rev. 06)

STP Address Management
IEEE 802.1D specifies 17 multicast MAC addresses, with a valid range from 0x0180C2000000 to
0x0180C2000010, to use by different bridge protocols. These addresses are static addresses that
cannot be removed.
Regardless of the STP state, the device receives but does not forward packets destined for addresses
between 0x0180c2000000 and 0x0180C200000F.
If STP is enabled, the CPU of the device receives packets destined for 0x0180C2000000 and
0x0180C2000010. If STP is disabled, the device forwards those packets as unknown multicast
addresses.
STP Loop Guard
STP relies on continuous reception or transmission of BPDUs based on port roles.
However, there are cases where an STP loop is created when a Blocking port in a redundant
topology transitions to Forwarding state by mistake. This happens when one of the ports of a
physically redundant topology no longer receives STP BPDUs. As a result the Alternate port,
Backup port, or Root port eventually becomes Designated and moves to Forwarding state, creating
a loop.
The STP Loop Guard feature provides additional protection against STP loops. This feature
implements a mechanism that maintains the port in Blocking state, instead of transitioning it to
Forwarding state, whenever BPDUs from a neighbor are lost.
T-Marc 300 Series Series User Guide

Page 13
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Internet Group Multicast Protocol (IGMP) Fast
Recovery
When using the IGMP Fast Recovery feature, the multicast traffic takes advantage of the
connectivity and convergence time provided by STP.
In the following figure, all devices run IGMP snooping and a spanning tree protocol (STP, RSTP,
or MSTP). In this figure:
1. The Multicast Router floods traffic for multicast groups that the client is subscribed to.

Figure 6: Spanning Tree I GMP Configuration
2. The Multicast Router sends an IGMP query to the clients for their multicast group
memberships.
3. The client(s) reply with IGMP Reports. The traffic flows from the Multicast Router, through
Device D and Device A, to Device C. All ports between the devices and the Multicast Router
are mrouter ports. Device Cs mrouter port that links to Device B is blocked. If a topology
change occurs and the link between Device C and Device A goes down, the Device Cs
blocked port transitions into Forwarding state.
4. If you configure IGMP Fast Recovery on Device C, the device reacts to the topology change
by sending an IGMP General Query to all its non-mrouter ports.
T-Marc 300 Series Series User Guide

Page 14
Configuring Spanning Tree Protocol (STP) (Rev. 06)

5. The client(s) respond to the General IGMP Query with an IGMP report.
6. Device C forwards the IGMP report to its mrouter ports and the report is then sent to the
Multicast Router through Device B and Device D.
7. Client(s) traffic connected to Device C is transmitted through Device B instead of Device A,
as shown on the figure below.

Figure 7: Spanning Tree I GMP Fast Recovery Configuration

T-Marc 300 Series Series User Guide

Page 15
Configuring Spanning Tree Protocol (STP) (Rev. 06)

STP Default Configuration
Table 3: STP Default Configuration
Parameter Default Value
Spanning Tree Protocol Disabled
STP bridge priority 32768
STP hello-time 2 seconds
STP forward-delay timer 15 seconds
STP MaxAge timer 20 seconds
Line error detection Disabled
STP path cost 10
STP port priority 128
STP topology change detection Enabled
Debug STP Disabled
T-Marc 300 Series Series User Guide

Page 16
Configuring Spanning Tree Protocol (STP) (Rev. 06)

STP Configuration Flow


















Figure 8: STP Configuration Flow
Start
Enable STP
Change the priority to the
lowest in the network
Set the STP Timers (hello-timer, MaxAge, forward-delay)
Is this bridge the
root?
Yes
Define the ports path cost
Disable TC detection on loop-free ports (Optional)
No
End
Optional STP Configuration
T-Marc 300 Series Series User Guide

Page 17
Configuring Spanning Tree Protocol (STP) (Rev. 06)

STP Configuration Commands
The STP default values are sufficient for obtaining a loop-free redundant network topology.
However, to enforce topology demands on the dynamically built topology, configure several
parameters before connecting the network.
Table 4: STP Configuration Commands
Command Description
spanning-tree Enables/disables the STP on the device (see
Enabling/Disabling STP)
spanning-tree Enables/disables the STP per port (see Enabling/Disabling
STP per Port)
spanning-tree priority Defines the STP bridge priority (see Defining the STP Bridge
Priority)
spanning-tree priority Defines the STP port priority (see Enabling/Disabling STP per
Port)
spanning-tree hello-time Defines the hello-time interval (see Defining the Hello-Time)
spanning-tree max-age Defines the Maximum Age timer (see Defining the Maximum
Aging Timer)
spanning-tree forward-
delay
Defines the forward-delay timer (see Defining the Forward-
Delay Timer)
spanning-tree path-cost Defines the STP port path cost (see Defining the Port Path
Cost)

Table 5: Optional STP Configuration Commands
Command Description
spanning-tree detect-tc Enables topology-change detection on the configured port
(see Enabling/Disabling STP Topology Change Detection)
spanning-tree line-
error-detect
Enables line-error detection (see Enabling/Disabling Line Error
Detection)
spanning-tree line-
flapping-detect
Causes the Root and Alternate ports to change roles in case
of flapping (see Enabling/Disabling Line Flapping Detection)
spanning-tree bpdu-rx Prevents an STP port from receiving BPDUs (see Setting the
BPDU Guard)
spanning-tree detect-
bpdu-loss
Enables/disables the Loop Guard on a port (see
Enabling/Disabling the Loop )
spanning-tree restrict-
root
Enables/disables the selection of a port as the Root port (see
Enabling/Disabling Root Restriction)
spanning-tree
destination
Specifies the MAC address used for BPDUs destination
address (see Configuring the BPDUs MAC Address)
spanning-tree defaults Restores a ports STP parameters to their defaults (see
Restoring STP Port Parameters to Defaults)
spanning-tree igmp-fast-
recovery
Configures the IGMP fast recovery feature (see Configuring
IGMP Fast Recovery)
T-Marc 300 Series Series User Guide

Page 18
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Table 6: STP Display Commands
Command Description
spanning-tree Displays the current STP configuration (see Displaying the
STP Configuration)
spanning-tree interface
spanning-tree all
show spanning-tree
Displays the STP settings and topology per port or for all ports
(see Displaying the Ports STP Configuration)
show spanning-tree
interface
Displays the spanning tree topology for a specified port (see
Displaying the STP Topology for a Specific Port)

Table 7: STP Debugging Commands
Command Description
debug stp Enables the debugging STP information (see Enabling STP
Debug Information)
show debug stp Displays the STP debug status (see Displaying the STP
Debug Status)
T-Marc 300 Series Series User Guide

Page 19
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Enabling/Disabling STP
The spanning-tree command enables/disables STP on the device.
CLI Mode: Protocol Configuration
STP is disabled by default.
Command Syntax
device-name(cfg protocol)#spanning-tree [enable | disable]
device-name(cfg protocol)#no spanning-tree
Argument Description
enable (Optional) enables STP, the device becoming a node in the tree
disable (Optional) disables STP
no Restores to default
Enabling/Disabling STP per Port
The spanning-tree command enables/disables STP per port. You can enable/disable STP per
port only if the feature is enabled on the device.
CLI Modes: Interface Configuration and Interface Range Configuration
By default, enabling STP on the device enables the feature on all ports. Disabling STP on the device
disables it on all ports.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree [enable | disable | all]
device-name(config-if-group)#spanning-tree [enable | disable]
Argument Description
enable (Optional) enables STP on the specified port
disable (Optional) disables STP on the specified port
all (Optional) enables STP on all ports

T-Marc 300 Series Series User Guide

Page 20
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Defining the STP Bridge Priority
The spanning-tree priority command defines the STP bridge priority.
CLI Mode: Protocol Configuration
The default bridge priority is 32768.
Command Syntax
device-name(cfg protocol)#spanning-tree priority <bridge-priority>
device-name(cfg protocol)#no spanning-tree priority
Argument Description
bridge-priority
The bridge priority, in the range of <065535>. The bridge with the highest
bridge priority (the lowest numerical priority value) is selected as Root
device
no
Restores to default
Defining the STP Priority per Port
The spanning-tree priority command defines the STP port priority. The STP port priority
represents the location of a port in the network topology and determines how well it is located for
forwarding traffic.
CLI Modes: Interface Configuration and Interface Range Configuration
The default port priority is 128.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree priority <priority>
device-name(config-if UU/SS/PP)#no spanning-tree priority

device-name(config-if-group)#spanning-tree priority <priority>
device-name(config-if-group)#no spanning-tree priority
Argument Description
priority
The port STP priority, in the range of <0240>. This value is a multiple of 16.
Assign lower values (higher priorities) to preferred ports.
If all the ports have the same priority value, STP selects the port with the lowest
number in Forwarding state and blocks other ports.
no
Restores to default

T-Marc 300 Series Series User Guide

Page 21
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Defining the Hello-Time
The spanning-tree hello-time command defines the interval between consecutive BPDUs the
device transmits.
Use this command when the device is the Root, or trying to become one.
CLI Mode: Protocol Configuration
The default hello-time is 2 seconds.
Command Syntax
device-name(cfg protocol)#spanning-tree hello-time <hello-time>
device-name(cfg protocol)#no spanning-tree hello-time
Argument Description
hello-time
The interval between transmitting BPDUs, in the range of <19>seconds.
This value must be less than MaxAge/2-1 (refer to the Defining the Maximum
Aging Timer section).
no
Configures the hello-time interval to its default value.
Defining the Maximum Aging Timer
The spanning-tree max-age command defines the interval the device waits for receiving a
BPDU before attempting a reconfiguration.
CLI Mode: Protocol Configuration
The default value is 20 seconds.
Command Syntax
device-name(cfg protocol)#spanning-tree max-age <max-age>
device-name(cfg protocol)#no spanning-tree max-age
Argument Description
max-age
The maximum aging time, in the range of <628>seconds.
The MaxAge value must be greater than 2*(hello-time+1) and less than 2*(forward-
delay-1).
no
Restores to default

T-Marc 300 Series Series User Guide

Page 22
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Defining the Forward-Delay Timer
The spanning-tree forward-delay command defines the interval the device waits before
transitioning from Learning and Listening states to Forwarding state.
CLI Mode: Protocol Configuration
The default forward-delay value is 15 seconds.

NOTE
The forward-delay value must be greater than MaxAge/ 2+1.
Command Syntax
device-name(cfg protocol)#spanning-tree forward-delay <forward-delay>
device-name(cfg protocol)#no spanning-tree forward-delay
Argument Description
forward-delay
The interval before transitioning from Listening and Learning states to
Forwarding State, in the range of <1130>seconds.
This value must be greater than MaxAge/2+1.
When a topology change is underway and is detected, use this parameter to
age all dynamic entries in the Forwarding database.
no
Restores to default
Defining the Port Path Cost
The spanning-tree path-cost command defines the STP port path cost.
CLI Modes: Interface Configuration and Interface Range Configuration
The default port path cost is 10.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree path-cost <path-cost>
device-name(config-if UU/SS/PP)#no spanning-tree path-cost

device-name(config-if-group)#spanning-tree path-cost <path-cost>
device-name(config-if-group)#no spanning-tree path-cost
Argument Description
path-cost
The path cost value, in the range of <1200000000>.
Assign lower cost values to ports that you want to select first. If all ports have
the same cost value, STP selects the port with the lowest number in
Forwarding state and blocks other ports.
no
Restores to default
T-Marc 300 Series Series User Guide

Page 23
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Enabling/Disabling STP Topology Change Detection
The spanning-tree detect-tc command enables topology change detection on the configured
port.
CLI Modes: Interface Configuration and Interface Range Configuration
Topology change detection is enabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree detect-tc
device-name(config-if UU/SS/PP)#no spanning-tree detect-tc

device-name(config-if-group)#spanning-tree detect-tc
device-name(config-if-group)#no spanning-tree detect-tc
Argument Description
no
Disables topology change detection on specified ports, preventing the switch from
detecting and propagating topology changes on the specified port/s.
Enabling/Disabling Line Error Detection
The spanning-tree line-error-detect command enables/disables line error detection. The
error level is considered critical when the CRC error rate exceeds 1% within a 3 seconds interval.
CLI Mode: Protocol Configuration
Line error detection is disabled by default.
Command Syntax
device-name(cfg protocol)#spanning-tree line-error-detect {enable | disable}
Argument Description
enable Enables line error detection
disable Disables line error detection

T-Marc 300 Series Series User Guide

Page 24
Configuring Spanning Tree Protocol (STP) (Rev. 06)


Enabling/Disabling Line Flapping Detection
The spanning-tree line-flapping-detect command causes the Root and Alternate ports to
change roles in case of flapping (continued and uncontrolled link up and down event) on a physical
port.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#spanning-tree line-flapping-detect {enable | disable}
Argument Description
enable Enables line flapping detection
disable Disables line flapping detection
Setting the BPDU Guard
The spanning-tree bpdu-rx command defines the STP reaction when receiving a BPDU on the
specified port.
CLI Modes: Interface Configuration and Interface Range Configuration
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree bpdu-rx {discard | disable-port
| standard}
device-name(config-if-group)#spanning-tree bpdu-rx {discard | disable-port |
standard}
Argument Description
discard The device drops received BPDUs (ignores the BPDU information)
disable-port Receiving a BPDU disables the port
standard BPDUs are processed according to standard STP mechanisms (default)
T-Marc 300 Series Series User Guide

Page 25
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Enabling/Disabling the Loop Guard per Port
The spanning-tree detect-bpdu-loss command enables/disables the Loop Guard on a
specific port.
CLI Modes: Interface Configuration and Interface Range Configuration
The Loop Guard is disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree detect-bpdu-loss {enable |
disable}
device-name(config-if-group)#spanning-tree detect-bpdu-loss {enable | disable}
Argument Description
enable Enables BPDU loss detection (Loop Guard is disabled).
disable Disables BPDU loss detection (Enables Loop Guard on the port).
This parameter does not change the ports state, if the port is not a
Designated port, even if the port stops receiving BPDUs from its peer port.
Disables Loop Guard on the specified port: the port state does not change,
even if stops receiving BPDUs.
Enabling/Disabling Root Restriction
The spanning-tree restrict-root command enables/disables selecting a port as the Root port.
CLI Modes: Interface Configuration and Interface Range Configuration
Root restriction is disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree restrict-root {enable |
disable}
device-name(config-if-group)#spanning-tree restrict-root {enable | disable}
Argument Description
enable Enables root restriction on the specified port (the port is not selected as Root
port)
disable Disables root restriction
T-Marc 300 Series Series User Guide

Page 26
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Configuring the BPDUs MAC Address
The spanning-tree destination command specifies the MAC address used for BPDUs
destination address.
This command configures STP to send BPDUs to destination MAC address 01:80:C2:00:00:08.
CLI Mode: Protocol Configuration
The default value is customer, when BPDUs are sent to destination MAC address
01:80:C2:00:00:00.
Command Syntax
device-name(cfg protocol)#spanning-tree destination {customer | provider}
Argument Description
customer Customer mode 802.1D compliant
provider Provider mode 802.1ad compliant
Restoring STP Port Parameters to Defaults
The spanning-tree defaults command restores the ports STP parameters to default values.
CLI Modes: Interface Configuration and Interface Range Configuration
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree defaults
device-name(config-if-group)#spanning-tree defaults
Configuring IGMP Fast Recovery
The spanning-tree igmp-fast-recovery command configures the IGMP fast recovery feature
on the device.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#spanning-tree igmp-fast-recovery {enable | disable |
vlan VLAN-LIST ports PORT-LIST}
device-name(cfg protocol)#no spanning-tree igmp-fast-recovery vlan VLAN-LIST
ports PORT-LIST
T-Marc 300 Series Series User Guide

Page 27
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Argument Description
enable
Globally enables the fast recovery
disable
Globally disables the fast recovery
Disabled
vlan VLAN-LIST
A list of VLAN IDs, in the range of <14094>, in the below format:
A hyphenated range of VLANs (for example: 832)
Several VLAN numbers and/or ranges, separated by commas (for
example: 2,4,832)
ports PORT-LIST
Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example: 1/1/1, 1/2/11/2/8)
no
Disables the fast recovery on specified VLAN and port lists.
Displaying the STP Configuration
The spanning-tree command displays the current STP configuration.
CLI Mode: Protocol Configuration

NOTE
You can also display the current STP configuration using the show spanni ng- t r ee
command.
Command Syntax
device-name(cfg protocol)#spanning-tree
Example
device-name(cfg protocol)#spanning-tree
Spanni ng t r ee enabl ed
Pr ot ocol Speci f i cat i on = i eee8021d
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 372 ( Sec)
TopChanges = 3
Desi gnat edRoot = Thi s br i dge i s t he r oot
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Hol dTi me = 1 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
T-Marc 300 Series Series User Guide

Page 28
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Table 8: The Parameters Displayed by the STP show Commands
Parameter Description
Spanni ng t r ee The STP global state
Pr ot ocol Speci f i cat i on The protocol standard
Pr i or i t y The bridge priority
Ti meSi nceTopol ogyChange The time since the last topology change, in seconds
TopChanges The number of times the topology change flag parameter for
the bridge was set the last time the device was turned on
Desi gnat edRoot The Roots unique bridge identifier. This value is used in all
Configuration BPDUs transmitted by the bridge.
MaxAge The configured maximum-aging timer, in seconds
Hel l oTi me The configured hello timer, in seconds
For war dDel ay The configured forward-delay timer, in seconds
Hol dTi me The minimum interval between Configuration BPDUs
transmission through a given LAN port (this parameter is fixed
to 1 second)
Br i dgeMaxAge The maximum-aging timer when the bridge is the Root or is
attempting to become the Root, in seconds
Br i dgeHel l oTi me The hello timer when the bridge is the Root or is attempting to
become the Root, in seconds
Br i dgeFor war dDel ay The forward-delay timer when the bridge is the Root or is
attempting to become the Root, in seconds
Det ect Li neCRCReconf i g Indicates whether line error detection is enabled or not
Det ect Li neFl appi ng Indicates whether link flapping is enabled or not
SpanI gmpFast Recover y Indicates whether IGMP fast recovery is enabled or disabled
Displaying the Ports STP Configuration
The spanning-tree interface command displays the STP settings for a specified port. This
command also enters the Interface Configuration mode.
CLI Mode: Protocol Configuration
The spanning-tree all command displays the STP topology for all ports.
CLI Modes: Interface Configuration and Interface Range Configuration
The show spanning-tree command displays the STP settings and the STP topology for all ports.
CLI Mode: Privileged (Enable)

T-Marc 300 Series Series User Guide

Page 29
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Command Syntax
device-name(cfg protocol)#spanning-tree interface UU/SS/PP
device-name(config-if UU/SS/PP)#

device-name(cfg protocol)#spanning-tree interface all

device-name(config-if UU/SS/PP)#spanning-tree all

device-name#show spanning-tree
Argument Description
UU/SS/PP The port number, in a unit, slot, and port number format
all Displays the STP settings for all ports
Example 1
Display the STP settings for port 1/1/1:
device-name(cfg protocol)#spanning-tree interface 1/1/1
Por t Pr i or i t y = 128
Por t St at e = di sabl ed
Por t Enabl e = di sabl ed
Por t Pat hCost = 10
Desi gnat edRoot = 08192. 00: A0: 12: 00: 00: 03
Desi gnat edCost = 19
Desi gnat edBr i dge = 32768. 00: A0: 12: 11: 29: 82
Desi gnat edPor t = 128. 1
Fr wr dTr ansi t i ons = 0
TopChangeDet ect i on = Enabl ed
Example 2
Display the STP topology for all ports:
device-name(cfg protocol)#spanning-tree interface all
========================================================================
Por t | Pr i | St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT| Dt ct Tc
- - - - - - - - +- - - +- - - - - +- - - - - +- - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - - -
01/ 02/ 01 128 l i st n 19 19 32768. 00A012000003 128. 01 2 Di sabl ed
01/ 02/ 02 128 bl ock 19 0 32768. 000002030405 128. 63 0 Enabl ed
01/ 02/ 03 128 l i st n 19 0 32768. 000002030405 128. 62 2 Enabl ed
T-Marc 300 Series Series User Guide

Page 30
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Example 3
Display the STP settings and topology for all ports:
device-name#show spanning-tree
Spanni ng t r ee enabl ed
Pr ot ocol Speci f i cat i on = i eee8021d
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 0
Desi gnat edRoot = Thi s br i dge i s t he r oot
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Hol dTi me = 1 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
Por t | Pr i | St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT| Dt ct Tc
- - - - - - - - +- - - +- - - - - +- - - - - - +- - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - - - -
01/ 02/ 01 128 l i st n 19 19 32768. 00A012000003 128. 02 2 Di sabl ed
01/ 02/ 02 128 bl ock 19 0 32768. 000002030405 128. 03 0 Enabl ed
01/ 02/ 03 128 l i st n 19 0 32768. 000002030405 128. 04 2 Enabl ed
Table 9: Parameters Displayed by the spanni ng- t r ee i nt er f ace command
Parameter Description
Por t Pr i or i t y The port priority
Por t St at e The port state
Por t Enabl e Displays whether the port is enabled or disabled
Por t Pat hCost The STP port path cost
Desi gnat edRoot The unique Root bridge identifier, in the root identifier parameter of
Configuration BPDUs transmitted by the designated bridge of the
LAN to which the port is attached.
Use this parameter to test the root identifier parameter value
conveyed in received Configuration BPDUs.
Desi gnat edCost The designated ports path cost (equal to the root path cost of the
bridge), offered to the LAN to which the port is attached.
Otherwise, this is the path cost to the root offered by the
designated port on the LAN to which this port is attached.
Use this parameter to test the value of the root path-cost
parameter conveyed in received Configuration BPDUs.
T-Marc 300 Series Series User Guide

Page 31
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Parameter Description
Desi gnat edBr i dge The unique bridge identifier of one of the following:
in the case of a designated port, the bridge the port belongs
to
the designated bridge of the LAN to which this port is
attached
Use this parameter:
together with the designated port and port identifier
parameters to test if this port is the designated port for the
LAN to which it is attached
to test the value of the bridge identifier parameter conveyed
in received configuration BPDUs
Desi gnat edPor t The designated bridge-port identifier, through which the bridge
transmits the configuration message-information stored by this
port.
Use this parameter:
together with the designated bridge and port identifier
parameters to test if this port is the designated port for the
LAN to which it is attached
by management to determine the topology of the bridged LAN
Fr wr dTr ansi t i ons The number time the port transitioned into Forwarding state.
TopChangeDet ect i on Indicates whether topology-changes detection is enabled or not.

Table 10: Parameters Displayed by the spanni ng- t r ee al l and spanni ng- t r ee
i nt er f ace al l commands
Parameter Description
Por t The ports unit/slot/port
Pr i Refer to Por t Pr i or i t y in the above table
St at e Refer to Por t St at e in the above table
PCost Refer to Por t Pat hCost in the above table
DCost Refer to Desi gnat edCost in the above table
Desi gnat ed br i dge Refer to Desi gnat edBr i dge in the above table
DPr t Refer to Desi gnat edPor t in the above table
Fwr dT Refer to Fr wr dTr ansi t i ons in the above table
Dt ct Tc Refer to TopChangeDet ect i on in the above table
T-Marc 300 Series Series User Guide

Page 32
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Displaying the STP Topology for a Specific Port
The show spanning-tree interface command displays the STP topology for the specified port.
CLI Mode: Privileged (Enable)
Table 9 describes the parameters displayed by this command.
Command Syntax
device-name#show spanning-tree interface UU/SS/PP
Example 1
Display the STP topology when the bridge is not the root bridge:
device-name#show spanning-tree interface 1/1/1
Por t Pr i or i t y = 128
Por t St at e = di sabl ed
Por t Enabl e = di sabl ed
Por t Pat hCost = 10
Desi gnat edRoot = 08192. 00: A0: 12: 00: 00: 03
Desi gnat edCost = 19
Desi gnat edBr i dge = 32768. 00: A0: 12: 11: 29: 82
Desi gnat edPor t = 128. 1
Fr wr dTr ansi t i ons = 0
TopChangeDet ect i on = Enabl ed
Example 2
Display the STP topology when the bridge is the root bridge:
device-name#show spanning-tree interface 1/1/1
Por t Pr i or i t y = 128
Por t St at e = di sabl ed
Por t Enabl e = di sabl ed
Por t Pat hCost = 10
Desi gnat edRoot = Thi s br i dge i s t he r oot
Desi gnat edCost = 0
Desi gnat edBr i dge = Thi s br i dge
Desi gnat edPor t = 128. 1
Fr wr dTr ansi t i ons = 0
TopChangeDet ect i on = Enabl ed
T-Marc 300 Series Series User Guide

Page 33
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Enabling STP Debug Information
The debug stp command enables the STP debug information.
This command is not saved after a device reload.
CLI Mode: Privileged (Enable)
Debugging is disabled by default.
Command Syntax
device-name#debug stp {all | flush | tc | tcn}
device-name#no debug stp {all | flush | tc | tcn}
Argument Description
all Activates all STP debug options
flush Activates MAC address table flush debugging
tc Activates debugging when the device receives or transmits BPDUs with topology
changes
tcn Activates debugging when the device receives TCNs or transmits BPDUs with
topology change acknowledgment
no Disables the debug information display
Displaying the STP Debug Status
The show debug stp command displays the STP debug status.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show debug stp
Example
device-name#show debug stp
STP debuggi ng st at us:
STP debug TNC i s on
STP debug f l ush i s on
STP debug TC i s on
T-Marc 300 Series Series User Guide

Page 34
Configuring Spanning Tree Protocol (STP) (Rev. 06)

STP Configuration Example
The following figure is a configuration example using STP.

Figure 9: Spanning Tree Configuration Example
Configuring Device A:
1. Enable STP:
DeviceA#configure terminal
DeviceA(config)#protocol
DeviceA(cfg protocol)#spanning-tree enable
2. Set the STP bridge priority to 4096, to make Device A the Bridge Root.
DeviceA(cfg protocol)#spanning-tree priority 4096
3. Set the STP MaxAge timer to 10. Calculate the timer according to the following formula:
Max_age= (4 x hello) + (2 x dia) - 2, when the hello-timeis 2 and the diameteris 2 (based on
the figure above):
DeviceA(cfg protocol)#spanning-tree max-age 10
T-Marc 300 Series Series User Guide

Page 35
Configuring Spanning Tree Protocol (STP) (Rev. 06)

4. Set the STP forward-delay timer to 7. Calculate this timer according to the following formula:
Forward_delay= ((4 x hello) + (3 x dia)) / 2, when the hello-timeis 2 and the diameteris 2
(based on the figure above):
DeviceA(cfg protocol)#spanning-tree forward-delay 7
Configuring Device B:
1. Enable STP:
DeviceB#configure terminal
DeviceB(config)#protocol
DeviceB(cfg protocol)#spanning-tree enable
2. Set port 1/2/1 with path cost 1:
DeviceB(config)#interface 1/2/1
DeviceB(config-if 1/2/1)#spanning-tree path-cost 1
Configuring Device C:
Enable STP:
DeviceC#configure terminal
DeviceC(config)#protocol
DeviceC(cfg protocol)#spanning-tree enable
Configuring Device D:
1. Enable STP:
DeviceD#configure terminal
DeviceD(config)#protocol
DeviceD(cfg protocol)#spanning-tree enable
DeviceD(cfg protocol)#exit
2. Set port 1/2/1 with path cost 4:
DeviceD(config)#interface 1/2/1
DeviceD(config-if 1/2/1)#spanning-tree path-cost 4
3. Disable topology change detection on ports 1/2/3 and 1/2/4 (these ports are attached to
PCs):
DeviceD(config-if 1/2/1)#interface 1/2/3
DeviceD(config-if 1/2/3)#no spanning-tree detect-tc
DeviceD(config-if 1/2/3)#interface 1/2/4
DeviceD(config-if 1/2/4)#no spanning-tree detect-tc
DeviceD(config-if 1/2/4)#end
T-Marc 300 Series Series User Guide

Page 36
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Configuring Device E:
1. Enable STP:
DeviceE#configure terminal
DeviceE(config)#protocol
DeviceE(cfg protocol)#spanning-tree enable
DeviceE(cfg protocol)#exit
2. Disable topology change detection on ports 1/2/3 and 1/2/4 (these ports are attached to
PCs):
DeviceE(config)#interface 1/2/3
DeviceE(config-if 1/2/3)#no spanning-tree detect-tc
DeviceE(config-if 1/2/3)#interface 1/2/4
DeviceE(config-if 1/2/4)#no spanning-tree detect-tc
DeviceE(config-if 1/2/4)#end
Displaying Device D Configuration:
DeviceD#show spanning-tree
Spanni ng t r ee enabl ed
Pr ot ocol Speci f i cat i on = i eee8021d
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 4
Desi gnat edRoot = 04096. 00: A0: 12: 27: 00: C0
Root Por t = 1/ 2/ 1
Root Cost = 8
MaxAge = 10 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 7 ( Sec)
Hol dTi me = 1 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed

===============================================================================
Por t | Pr i | St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT| Dt ct Tc
- - - - - - - - +- - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - - - -
01/ 01/ 01 128 f r wr d 4 8 32768. 00A012271420 128. 01 1 Enabl ed
01/ 02/ 01 128 f r wr d 4 4 32768. 00A012270080 128. 03 1 Enabl ed
01/ 02/ 02 128 bl ock 19 4 32768. 00A012270080 128. 04 1 Enabl ed
01/ 02/ 03 128 f r wr d 19 8 32768. 00A012010101 128. 05 1 Di sabl ed
01/ 02/ 04 128 f r wr d 19 8 32768. 00A012010101 128. 06 1 Di sabl ed
T-Marc 300 Series Series User Guide

Page 37
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Displaying Device E Configuration:
DeviceE#show spanning-tree
Spanni ng t r ee enabl ed
Pr ot ocol Speci f i cat i on = i eee8021d
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 32 ( Sec)
TopChanges = 2
Desi gnat edRoot = 04096. 00: A0: 12: 27: 00: C0
Root Por t = 1/ 1/ 1
Root Cost = 12
MaxAge = 10 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 7 ( Sec)
Hol dTi me = 1 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed

===============================================================================
Por t | Pr i | St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT| Dt ct Tc
- - - - - - - - +- - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - +- - - - - - - -
01/ 01/ 01 128 f r wr d 4 8 32768. 00A012271420 128. 01 2 Enabl ed
01/ 02/ 02 128 bl ock 19 1 32768. 00A012271240 128. 01 2 Enabl ed
01/ 02/ 03 128 f r wr d 19 38 32768. 00A012270120 128. 03 1 Di sabl ed
01/ 02/ 04 128 f r wr d 19 38 32768. 00A012270120 128. 04 1 Di sabl ed
T-Marc 300 Series Series User Guide

Page 38
Configuring Spanning Tree Protocol (STP) (Rev. 06)

Supported Platforms
Feature T-Marc 340 T-Marc 380
Spanning Tree Protocol (STP) + +
Supported Standards, MIBs, and RFCs
Feature Standards MIBs RFCs
Spanning Tree Protocol (STP) IEEE 802.1d-1998 Public MIBs:
bridge.mib
rstp.mib
Private MIB,
prvt_switch.mib
RFC 1493,
Definitions of
Managed Objects for
Bridges
RFC 2863, Interfaces
Group MIB
(configL2IfaceTable)


Page 1
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Configuring Rapid Spanning Tree Protocol
(RSTP)
Table of Figures 3
Architecture 4
RSTP Port States 4
RSTP Port Roles 5
Rapid Recovery and Convergence 6
Determining the Port Link-Type 7
Synchronization of Port Roles 7
RSTP BPDU Format and Processing 8
Line Error Detection 9
IGMP Fast Recovery 9
RSTP Default Configuration10
RSTP Configuration Flow 11
RSTP Configuration Commands12
Enabling/ Disabling RSTP on the Device14
Enabling/ Disabling RSTP per Port15
Defining the RSTP Bridge Priority15
Defining the RSTP Priority per Port16
Defining the RSTP Hello-Time17
Defining the RSTP Maximum Aging Timer17
Defining the RSTP Forward-Delay Timer18
Defining Edge Port(s)18
Defining the RSTP Port Path Cost 20
Defining the Link-Type21
Forcing a Port to Work with RSTP22
Restoring the RSTP Port Parameters to Defaults23
Displaying the RSTP Configuration23
Displaying the RSTP Port Configuration25
Displaying the RSTP for a Specific Port28
T-Marc 300 Series User Guide

Page 2
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Displaying the RSTP Configuration and Topology for All Ports29
Enabling RSTP Debug Information30
Displaying the RSTP Debug Status31
RSTP Configuration Example32
Supported Platforms36
Supported Standards, MIBs and RFCs36
T-Marc 300 Series User Guide

Page 3
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Table of Figures
Figure 1: Proposal and Agreement Handshaking for Rapid Convergence 6
Figure 2: Sequence of Events during Rapid Convergence 8
Figure 3: RSTP BPDU Flags 8
Figure 4: RSTP Configuration Flow11
Figure 5: Point-to-point MAC21
Figure 6: Rapid Spanning Tree Configuration Example32
T-Marc 300 Series User Guide

Page 4
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Overview
Rapid Spanning Tree Protocol (RSTP) is an evolution of STP providing faster convergence (less
than one second) upon a network topology change. This is critical in networks that carry voice,
video, and other delay-sensitive traffic.
The RSTP algorithm dynamically creates a tree through the network, used to efficiently direct
packets to their destinations. It reduces the bridged network to a single spanning tree topology in
order to eliminate packet loops (multiple paths linking one device to another, resulting in an infinite
loop situation).
The RSTP algorithm reactivates redundant connections in the event of a link or device failure.
Architecture
RSTP distinguishes between the port state and the port role:
The port statedescribes the relationship of that port to the frame processing (filtering and
forwarding) and learning functions.
The port roledescribes the role of the port in the spanning tree function.
RSTP Port States
There are three RSTP port states (as oppose to five STP states):
Table 1: RSTP Port States
Port State Description
Learning As in STP, the port prepares to participate in frame-forwarding. It learns
source addresses from frames received and adds them to the filtering
database.
From this state the port can enter a Forwarding state.
Forwarding As in STP, the port enters this state from the Learning state. The device
processes BPDUs and waits for possible new information that may cause
it to switch to the Discarding state to prevent a loop.
A port in Forwarding state:
Receives and forwards frames
Forwards frames switched from another port
Learns MAC addresses
Receives BPDUs
From this state, the port can only switch to Discarding state.
Discarding STP states Disabled, Blocking, and Listening are merged into this state.
This state describes a port that does not forward user traffic in either
direction. The port discards received frames and no learning occurs. As a
result, there are no entries in the filtering database pointing to this port and
no traffic is forwarded across it.
T-Marc 300 Series User Guide

Page 5
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

RSTP Port Roles
In order to create a loop-free environment and to provide rapid convergence, RSTP selects the
device with the highest priority as the root bridge, assigns port roles, and determines the active
topology.
RSTP assigns a role to each bridge port throughout the bridged LAN:
Table 2: RSTP Port Role Assignments
Port Role Description
Root port Provides the best path (lowest cost) for packets forwarded from a device
to the root device.
A Root port is in Forwarding state.
Designated port Connects to the designated device that provides the best path for packets
forwarded from that LAN to the root device.
A Designated port is in Forwarding state.
Alternate port Offers an alternative path to the one provided by the current Root port.
Alternate ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Backup port Acts as a backup for the path provided by a Designated port in the
direction of the spanning tree leaves (end nodes).
A Backup port exists only when two ports are connected together in a
loopback by a point-to-point link or when a device has two or more
connections to a shared LAN segment.
Backup ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Disabled port Disabled ports do not participate in frame forwarding and are not
operational. These ports:
discard frames
discard frames switched from another port for forwarding
do not learn MAC addresses
do not receive BPDUs
T-Marc 300 Series User Guide

Page 6
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)


Rapid Recovery and Convergence
Edge ports, new Root ports, and ports connected through point-to-point links converge rapidly
upon a link failure.
Table 3: The RSTP Rapid Convergence
Port Type Description
Edge ports Edge ports are configured by users on RSTP enables devices. Once
configured, these ports immediately transit to Forwarding state.
NOTE
You should configure Edge ports only on ports
connected to end devices (such as hosts and printers).
Root ports When RSTP selects a new Root port, it blocks the old Root port and
immediately transitions the new Root port to Forwarding state.
Point-to-point links Point-to-point links are links directly connecting two devices.
When you connect two devices using a point-to-point link the
Designated port negotiates rapid transition with the remote port by using
the proposal-agreement handshake to ensure a loop-free topology.

The figure below shows a rapid convergence example. In this example, Devices A and B are
connected through a point-to-point link and all the ports are in blocking state. Assume that Device
As priority is higher than Device Bs.
The proposal-agreement handshaking proceeds as follows:
1. Device A proposes itself as the designated device by sending a proposal message (a
configuration BPDU with the proposal flag set).
2. Device B reacts to Device As proposal message as follows:
1.1. It assigns the port on which the proposal message was received as its new Root port.
1.2. It forces all non-edge ports to Discarding state to avoid loops.
1.3. It sends an agreement message to Device A (a BPDU with the agreement flag set)
through its new Root port.

Figure 1: Proposal and Agreement Handshaking for Rapid Convergence
T-Marc 300 Series User Guide

Page 7
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

3. Device A immediately transitions its Designated port to Forwarding state.
4. The same handshaking process is repeated for each device that joins the active topology,
progressing from the root toward the leaves of the spanning tree as the network converges.
Determining the Port Link-Type
RSTP can implement a rapid transition only on point-to-point links. The link type is automatically
derived from the ports duplex mode:
A port operating in full-duplex mode is assumed to be point-to-point
A port operating in half-duplex mode is considered as a shared port by default.
You can override this automatic link-type setting by explicit configuration.
Today in most switched networks most links operate in full-duplex mode and are treated as point-
to-point links by RSTP. This makes them candidates for rapid transition to Forwarding state.
You can override the default setting that is determined by the duplex mode by using the rapid-
spanning-tree link-type command.
Synchronization of Port Roles
Upon receiving a proposal message for best path to the root through a port, the RSTP selects that
port as the new Root port and forces all other ports to synchronize with the new root information.
An individual port on the device is synchronized if:
the port is in Discarding state
it is an edge port
If a Designated port is in Forwarding state and is not configured as an edge port, it transitions to
Discarding state when RSTP forces it to synchronize with new root information. When RSTP
forces a port to synchronize with root information and the port does not satisfy any of the above
conditions, it transitions to Discarding state.
After synchronizing all ports, the device sends an agreement message to the designated device
corresponding to its Root port. At this point RSTP immediately transitions the port states to
Forwarding.
T-Marc 300 Series User Guide

Page 8
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

The sequence of events is displayed in the figure below:

Figure 2: Sequence of Events during Rapid Convergence
RSTP BPDU Format and Processing
The RSTP BPDU has the same format as the STP BPDU except for the protocol version that is
set to 2.

Figure 3: RSTP BPDU Flags
The sending device proposes itself to be the designated device by setting:
the Proposal flag (bit 1)
the Port Role flag (bits 2-3) to Designated port
The receiving device accepts the proposal by setting:
the Agreement flag (bit 6)
the Port role flag to Root port
T-Marc 300 Series User Guide

Page 9
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

RSTP uses the Topology Change (TC) flag to indicate topology changes. Unlike STP, the RSTP
does not have a separate topology change notification (TCN) BPDU. However, for interoperability
with STP devices, the RSTP device processes and generates TCN BPDUs.
The Learning and Forwarding flags (bits 4 and 5) are determined according to the sending port
state.
Line Error Detection
This feature is the same as in STP. For more information, refer to the LineError Detectionsection of
ConfiguringSpanningTreeProtocol (STP) chapter of this User Guide.
IGMP Fast Recovery
This feature is the same as in STP. For more information, refer to the Internet GroupMulticast Protocol
(IGMP) Fast Recoverysection of the ConfiguringSpanningTreeProtocol (STP) chapter of this User Guide.
T-Marc 300 Series User Guide

Page 10
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

RSTP Default Configuration
Table 4: RSTP Default Configuration

Parameter Default Value
Rapid Spanning Tree Protocol Disabled
RSTP bridge priority 32768
RSTP hello-time 2 seconds
RSTP forward-delay 15 seconds
RSTP MaxAge time 20 seconds
Line error detection Disabled
RSTP edge port Disabled
RSTP link-type Auto
RSTP port path cost See
Table 5
RSTP port priority 128
RSTP debug Disabled


Table 5: Path Cost Default Configuration (IEEE802.1s)

Link Speed Recommended Value Recommended Range Range
<=100 Kbps 200,000,000 20,000,000200,000,000 1200,000,000
1 Mbps 20,000,000 2,000,00020,000,000 1200,000,000
10 Mbps 2,000,000 200,0002,000,000 1200,000,000
100 Mbps 200,000 20,000200,000 1200,000,000
1 Gbps 20,000 2,000200,000 1200,000,000
10 Gbps 2,000 20020,000 1200,000,000
100 Gbps 200 202,000 1200,000,000
1 Tbps 20 2200 1200,000,000
10 Tbps 2 120 1200,000,000

T-Marc 300 Series User Guide

Page 11
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

RSTP Configuration Flow



















Figure 4: RSTP Configuration Flow

Yes
No
Start
Enable RSTP
Change the priority to be
the lowest in the network
Set the RSTP Timers (hello-time, MaxAge, forward-
delay)
Is the bridge selected
as root?
Set the loop free ports as edge ports
Optional RSTP Configuration
End
Change the path cost of ports to customize the topology
T-Marc 300 Series User Guide

Page 12
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

RSTP Configuration Commands
Normally, the RSTP default parameter values are sufficient for obtaining a loop free redundant
network topology. However, to enforce topology demands on the dynamically built topology,
configure several parameters before connecting the network.

Table 6: RSTP Global Configuration Commands
Command Description
rapid-spanning-tree
Enables/disables the RSTP option (see
Enabling/Disabling RSTP on the Device)
rapid-spanning-tree
Enables/disables the Rapid Spanning Tree Protocol per
port (see Defining the RSTP Priority per Port)
rapid-spanning-tree priority
Assigns the RSTP bridge priority value (see Defining the
RSTP Priority)
rapid-spanning-tree priority
Sets the RSTP priority for the configured port (see
Defining the RSTP Priority per Port)
rapid-spanning-tree
hello-time
Sets the time interval, in seconds, between BPDU
transmissions from the ports of this device (see Defining
the RSTP Hello-Time)
rapid-spanning-tree max-age
Sets the time, in seconds, that learned Rapid Spanning
Tree information is kept before being discarded (see
Defining the RSTP Maximum Aging Timer)
rapid-spanning-tree
forward-delay
Sets the time duration in Listening and Learning states
that precede the Forwarding state, in seconds (see
Defining the RSTP Forward-Delay Timer)
rapid-spanning-tree edge-port
Changes the ports admin status (see Defining Edge
Port(s))
rapid-spanning-tree path-cost
Sets the RSTP port path cost for the configured port
(see

Defining the RSTP Port Path Cost)

T-Marc 300 Series User Guide

Page 13
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)


Table 7: Optional RSTP Configuration Commands
Command Description
rapid-spanning-tree link-type
Sets the RSTP ports administrative link-type (see
Defining the Link-Type)
rapid-spanning-tree detect-
protocols
Forces the port to work using the RSTP instead of the
STP (see Forcing a Port to Work with RSTP)
rapid-spanning-tree defaults
Restores the RSTP parameters to their defaults for the
configured port (see
Restoring the RSTP Port Parameters to Defaults)

Table 8: RSTP Display Commands
Command Description
rapid-spanning-tree
Displays the current RSTP parameter configuration (see
Enabling/Disabling RSTP on the Device)
rapid-spanning-tree interface
and
rapid-spanning-tree all
Displays the RSTP settings for a specified port or for all
ports (see Displaying the RSTP Port Configuration)
show rapid-spanning-tree
interface
Displays the RSTP topology for the specified port (see
Displaying the RSTP for a Specific Port)
show rapid-spanning-tree
Displays the current RSTP parameters settings and the
RSTP topology for all ports (see Displaying the RSTP
Configuration and Topology for All Ports)

Table 9: RSTP Debugging Commands
Command Description
debug rstp
Enables and displays RSTP-related debug information
(see Enabling RSTP Debug Information)
show debug rstp
Displays the status of Rapid Spanning Tree protocol
(RSTP) debugging (see Displaying the RSTP Debug
Status)
T-Marc 300 Series User Guide

Page 14
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Enabling/Disabling RSTP on the Device
The rapid-spanning-tree command enables/ disables the RSTP. Using this command without
any argument displays the RSTP configuration.
CLI Mode: Protocol Configuration
By default, RSTP is disabled.
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree [enable | disable]
device-name(cfg protocol)#no rapid-spanning-tree
Argument Description
enable
(Optional) enables RSTP. When enabling RSTP, the device acts as a node in
the tree.
disable
(Optional) disables RSTP.
no
Removes the RSTP configuration.
Example 1
device-name(cfg protocol)#rapid-spanning-tree
%Rst p i s di sabl ed
device-name(cfg protocol)#rapid-spanning-tree enable
Example 2
device-name(cfg protocol)#rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 102 ( Sec)
TopChanges = 4
Desi gnat edRoot = 04096. 00: A0: 12: 00: 00: 03
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 3 ( Sec)
Br i dgeFor war dDel ay = 11 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
T-Marc 300 Series User Guide

Page 15
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Enabling/Disabling RSTP per Port
The rapid-spanning-tree command enables/ disables the Rapid Spanning Tree Protocol per
port.
Using this command without any argument displays the RSTP configuration.
CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration

NOTE
You can enable/ disable RSTP per port only if RSTP is enabled globally.
By default, when enabling RSTP in Protocol Configuration mode, it is enabled on all ports and
when disabling RSTP in Protocol Configuration mode, it is disabled on all ports.
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree [enable | disable | all]
device-name(config-if-group)#rapid-spanning-tree [enable | disable]
device-name(config-ag-group)#rapid-spanning-tree [enable | disable]
device-name(config-if AG0N)#rapid-spanning-tree [enable | disable]
Argument Description
enable
(Optional) enables RSTP on the specified port.
disable
(Optional) disables RSTP on the specified port.
all
(Optional) displays RSTP on all ports.
Defining the RSTP Bridge Priority
The rapid-spanning-tree priority command defines the RSTP bridge priority value. Using
this command without any argument displays the configured bridge priority.
CLI Mode: Protocol Configuration
By default, the RSTP priority value is 32768 (IEEE802.1w).
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree priority [<bridge-priority>]
device-name(cfg protocol)#no rapid-spanning-tree priority
T-Marc 300 Series User Guide

Page 16
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)


Argument Description
bridge-
priority
(Optional) specifies the RSTP bridge priority in increments of 4096.
The valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576,
28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
no
Restores to default.
Example
device-name(cfg protocol)#rapid-spanning-tree priority
Rapi d- spanni ng- t r ee br i dge pr i or i t y i s 32768
Defining the RSTP Priority per Port
The rapid-spanning-tree priority command defines the ports RSTP priority.
CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration
By default, the priority value is 128.
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree priority <priority>
device-name(config-if UU/SS/PP)#no rapid-spanning-tree priority

device-name(config-if-group)#rapid-spanning-tree priority <priority>
device-name(config-if-group)#no rapid-spanning-tree priority

device-name(config-ag-group)#rapid-spanning-tree priority <priority>
device-name(config-ag-group)#no rapid-spanning-tree priority

device-name(config-if AG0N)#rapid-spanning-tree priority <priority>
device-name(config-if AG0N)#no rapid-spanning-tree priority
Argument Description
priority
Specifies the RSTP priority value in the range of 0 (highest priority) to 240
(lowest priority) in increments of 16.
Assign high-priority values (low numerical values) to ports that you want to
select first and low-priority values to ports that you want to select last.
If all ports that connect to the root-bridges redundant paths have the same
priority, RSTP puts the port with the lowest port number in Forwarding state
and blocks all other ports.
no
Restores to default.
T-Marc 300 Series User Guide

Page 17
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Defining the RSTP Hello-Time
The rapid-spanning-tree hello-time command sets the time interval between BPDU
transmissions by the root, indicating that the device is alive.
CLI Mode: Protocol Configuration
By default, the hello-time value is 2 seconds and its range depends on the MaxAge value (between 1
and 9 seconds).
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree hello-time <hello-time>
device-name(cfg protocol)#no rapid-spanning-tree hello-time
Argument Description
hello-time
The hello-time interval in the range of <19>seconds.
NOTE
Define a value that is less than MaxAge/ 2-1(see below command)
no
Restores to default.
Defining the RSTP Maximum Aging Timer
The rapid-spanning-tree max-age command defines the time that learned RSTP information is
kept before being discarded.
CLI Mode: Protocol Configuration
By default, the MaxAge value is 20 seconds, and its range depends on the hello-time and forward-
delay values (between 6 and 28 seconds).
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree max-age <max-age>
device-name(cfg protocol)#no rapid-spanning-tree max-age
Argument Description
max-age
The MaxAge time in the range of <460>seconds.
NOTE
The value must be greater than 2*(hello-time+1) and less
than 2*(forward-delay-1).
no
Restores to default.
T-Marc 300 Series User Guide

Page 18
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Defining the RSTP Forward-Delay Timer
The rapid-spanning-tree forward-delay command defines the time duration for the listening
and learning states that precede Forwarding state. In addition this timer is used when aging the
dynamic Forwarding database entries when a topology change is detected
CLI Mode: Protocol Configuration
By default, the forward-delay value is 15 seconds, and its range depends on the MaxAge value
(between 11 and 30 seconds).
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree forward-delay <forward-delay>
device-name(cfg protocol)#no rapid-spanning-tree forward-delay
Argument Description
forward-delay
The forward-delay time, in the range of <460>seconds).
NOTE
The value must be greater than MaxAge/ 2+1.
no
Restores to default.
Defining Edge Port(s)
The rapid-spanning-tree edge-port command changes the ports administrative status, setting
it as an Edge Port.
CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration

NOTES
If the device receives a BPDU on a port configured as an edge port, the port
automatically changes its operational state to operate as a non-Edge Port. After a
link up/ down, the port returns to the Edge port administrative status.
By default, the Adminstatusis disabled.
T-Marc 300 Series User Guide

Page 19
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

The EdgePort parameter is controlled by the RSTP state machine and CLI:
Table 10: RSTP Edge Port
Type Description
Admin
EdgePort
Configuring a port as an Edge port is known as Administrative Edge Port. This
indicates that the port is permitted to transition directly to Forwarding state when
it becomes designated.
Configure Edge ports on ports that are known to be at the edge of the bridged
LAN in order to transition to Forwarding without delay.
EdgePort The ports actual status is known as its operational state. This indicates whether
the port operates as an Edge Port or not.
When a port that was configured as Administrative Edge Port receives a BPDU,
it automatically changes its operational state to operate as a non-Edge Port, in
order to prevent loops in the network.
Therefore, if a port marked as an edge port proves not to be one (due to the
presence of another bridge), it ceases to behave like an edge port until it is
reinitialized (either by a link up/down event or by reissuing the CLI command).
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree edge-port
device-name(config-if UU/SS/PP)#no rapid-spanning-tree edge-port

device-name(config-if-group)#rapid-spanning-tree edge-port
device-name(config-if-group)#no rapid-spanning-tree edge-port

device-name(config-ag-group)#rapid-spanning-tree edge-port
device-name(config-ag-group)#no rapid-spanning-tree edge-port

device-name(config-if AG0N)#rapid-spanning-tree edge-port
device-name(config-if AG0N)#no rapid-spanning-tree edge-port
Argument Description
no
Restores to default.

T-Marc 300 Series User Guide

Page 20
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)


Defining the RSTP Port Path Cost
The rapid-spanning-tree path-cost command defines the RSTP path cost for the configured
port.
CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree path-cost <path-cost>
device-name(config-if UU/SS/PP)#no rapid-spanning-tree path-cost

device-name(config-if-group)#rapid-spanning-tree path-cost <path-cost>
device-name(config-if-group)#no rapid-spanning-tree path-cost

device-name(config-ag-group)#rapid-spanning-tree path-cost <path-cost>
device-name(config-ag-group)#no rapid-spanning-tree path-cost

device-name(config-if AG0N)#rapid-spanning-tree path-cost <path-cost>
device-name(config-if AG0N)#no rapid-spanning-tree path-cost
Argument Description
path-cost
The RSTP path cost value, in the range of <1200000000>.
You can use the path cost value to give priority to preferred links (for
example physical speed and bandwidth). When building the active
spanning tree, the port path-cost determines which port is included in the
active topology. Ports with lower-cost values are preferred to ports with
higher cost values. If all ports that provide redundant paths to the root
bridge have the same path-cost value, RSTP puts the port with the lowest
number in Forwarding state and blocks the other ports.
no
Restores to default.

Table 11: Path Cost Default Configuration
Link Speed Default Value
4 Mbps 5,000,000
10 Mbps 2,000,000
16 Mbps 1,250,000
100 Mbps 200,000
1 Gbps 20,000
2 Gbps 10,000
10 Gbps 2,000
T-Marc 300 Series User Guide

Page 21
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Defining the Link-Type
The rapid-spanning-tree link-type command defines the RSTP ports administrative link-type.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the admin link type is Auto.
There are two statuses of link-type:
Table 12: RSTP Link-types
Link-Type Description
auto
The device automatically manages the port's link-type.
The device considers the port connected to a point-to-
point LAN segment if any of the following conditions
are met:
The MST algorithm determines that the LAN
segment operates in full duplex mode.
If you configure the port by management means
to a full duplex operation. Otherwise, consider the
MAC to be connected to a LAN segment that is
not point-to-point (shared media).
point-to-
point
Consider the device connected to a point-to-point LAN
segment that forces the operational link-type to be
point-to-point.
Admin Link-Type
shared
Consider the device connected to a shared media
LAN segment that forces the operational link-type to
be shared.
Operational
Link-Type
If you configure Admin link-type to auto, then you can determine the
value of Operational link-type in accordance with the specific procedures
defined for the device entity, as defined in Admin link-type (auto).
If the port is connected to a point-to-point LAN segment, then
Operational link-type is set to point-to-point, otherwise it is set to shared.
In the absence of a specific definition of how to determine whether the
device is connected to a point-to-point LAN segment or not, the value of
link-type is shared.


Figure 5: Point- to- point MAC
T-Marc 300 Series User Guide

Page 22
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree link-type {auto | point-
to-point | shared}
device-name(config-if UU/SS/PP)#no rapid-spanning-tree link-type

device-name(config-if-group)#rapid-spanning-tree link-type {auto | point-to-
point | shared}
device-name(config-if-group)#no rapid-spanning-tree link-type
Argument Description
auto
Sets the RSTP link-type to auto.
point-to-point
Sets the RSTP link-type to point-to-point.
shared
Sets the RSTP link-type to share.
no
Restores to default.
Forcing a Port to Work with RSTP
A device running RSTP supports a built-in protocol migration mechanism that enables RSTP to
interoperate with legacy 802.1D STP.
When an RSTP device receives a legacy 802.1D configuration BPDU (BPDU with protocol
version 0) it starts transmitting legacy 802.1D BPDUs (configuration messages and TCN messages).
However, when the device stops receiving BPDUs, it does not automatically revert to RSTP mode.
The device cannot determine whether the legacy device is removed from that link unless the legacy
device is a designated device.
RSTP supports a mechanism that forces the port to restart a protocol migration process (force re-
negotiation with neighboring devices).
The rapid-spanning-tree detect-protocols command forces the port to operate using RSTP
instead of the STP in the case of a link up event

CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree detect-protocols
device-name(config-if-group)#rapid-spanning-tree detect-protocols
device-name(config-ag-group)#rapid-spanning-tree detect-protocols
device-name(config-if AG0N)#rapid-spanning-tree detect-protocols
T-Marc 300 Series User Guide

Page 23
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)


Restoring the RSTP Port Parameters to Defaults
The rapid-spanning-tree defaults command restores the ports RSTP parameters to their
default values.
CLI Mode: Interface Configuration and Range Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree defaults
device-name(config-if-group)#rapid-spanning-tree defaults
Displaying the RSTP Configuration
The rapid-spanning-tree command displays the current RSTP configuration.
CLI Mode: Protocol Configuration

You can also use the show rapid-spanning-tree command.
CLI Mode: Privileged (Enable)
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree
Example
device-name(cfg protocol)#rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 102 ( Sec)
TopChanges = 4
Desi gnat edRoot = 04096. 00: A0: 12: 00: 00: 03
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 3 ( Sec)
Br i dgeFor war dDel ay = 11 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
T-Marc 300 Series User Guide

Page 24
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Table 13: Parameters Displayed by the r api d- spanni ng- t r ee Commands
Parameter Description
Rapid Spanning tree
The RSTP global state.
ProtocolSpecification
The protocol standard.
Priority
The bridge priority that is part of the bridge identifier.
TimeSinceTopologyChange
The time since the last topology change in seconds.
TopChanges
The number of times the Topology Change flag was changed
since the device was turned on.
DesignatedRoot
The unique Bridge Identifier of the root.
Use this parameter as the Root Identifier value in all
Configuration BPDUs transmitted by the bridge.
MaxAge
The maximum time, in seconds, of learned protocol
information before it is discarded.
HelloTime
The time interval, in seconds, between the transmission of
Configuration BPDUs by a bridge that is attempting to become
the root or is the root.
ForwardDelay
The minimum time period, in seconds, to elapse between the
transmissions of Configuration BPDUs through a given LAN
port. At most, one Configuration BPDU is transmitted in any
hold-time period. This parameter is fixed at 1 second.
BridgeMaxAge
The value of the MaxAge parameter, in seconds, when the
bridge is the root or is attempting to become the root.
BridgeHelloTime
The value of the hello-time parameter, in seconds,
determining the time interval between transmissions of:
BPDUs to all Designated ports of the root device
BPDUs to Designated ports of all devices in the topology
having the same root
BPDUs to the Root port during Topology Change
notification
BridgeForwardDelay
The value of the forward-delay parameter, in seconds, when
the bridge is the root or is attempting to become the root.
TxHoldCount
Maximum number of BPDUs transmitted during the hello-time
interval.
MigrationTimer
The time interval to wait before performing protocol
migrations. A protocol migration occurs when the device
degrades from RSTP to a legacy spanning protocol (such as,
STP).
DetectLineCRCReconfig
Indicates whether CRC errors detection is enabled.
DetectLineFlapping
Indicates whether link flapping detection is enabled on the
line.
SpanIgmpFastRecovery
Indicates whether IGMP fast recovery is enabled on the line.
T-Marc 300 Series User Guide

Page 25
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Displaying the RSTP Port Configuration
The rapid-spanning-tree interface command displays the ports RSTP parameters. The
command also changes the mode to the Interface Configuration mode and enables the setting of
the RSTP in the specified port.
CLI Mode: Protocol Configuration
The rapid-spanning-tree all command displays the settings of the RSTP parameters for all
ports.
CLI Mode: Protocol Configuration and Interface Configuration
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree interface UU/SS/PP
device-name(config-if UU/SS/PP)#

device-name(cfg protocol)#rapid-spanning-tree interface all
device-name(config-if UU/SS/PP)#rapid-spanning-tree all
Argument Description
UU/SS/PP
Specifies the unit, slot, and port number
all
Displays the RSTP settings for all ports. The configuration mode does not
change.
Example 1
Display the output of the RSTP configuration for port 1/ 1/ 1 with link enabled:
device-name(cfg protocol)#rapid-spanning-tree interface 1/1/1
Por t Pr i or i t y = 128
Por t St at e = f or war di ng
Por t Rol e = Desi gnat ed Por t
Por t Enabl e = enabl ed
Por t Pat hCost = 20000
Desi gnat edRoot = Thi s br i dge i s t he r oot
Desi gnat edCost = 0
Desi gnat edBr i dge = Thi s br i dge
Desi gnat edPor t = 128. 62
Fr wr dTr ansi t i ons = 1
Admi n EdgePor t = di sabl ed
EdgePor t = di sabl ed
Admi nLi nk- Type = Aut o
Li nk- Type = P2P
Mi gr at i onTi mer = 3
Det ect ed Pr ot ocol = RSTP
T-Marc 300 Series User Guide

Page 26
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Example 2
Display the RSTP topology for all ports:
device-name(cfg protocol)#rapid-spanning-tree interface all
============================================================================
Por t | Pr i | Pr t r ol e| St at e | PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +-
01/ 01/ 01 128 Desi gnat f r wr d 40000 400000 32768. 00A012010101 128. 01 2
01/ 01/ 02 128 Desi gnat f r wr d 200000 400000 32768. 00A012010101 128. 03 1
01/ 02/ 01 128 Desi gnat f r wr d 200000 400000 32768. 00A012010101 128. 04 1
01/ 02/ 02 128 Al t er n di scr 200000 200000 32768. 00A012112990 128. 20 1
01/ 02/ 03 128 Root f r wr d 200000 200000 32768. 00A012112990 064. 21 3
Example 3
Display the RSTP topology for all ports from Interface Configuration mode:
device-name(config-if 1/1/1)#rapid-spanning-tree all
============================================================================
Por t | Pr i | Pr t r ol e| St at e | PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +-
01/ 01/ 01 128 Desi gnat f r wr d 40000 400000 32768. 00A012010101 128. 01 2
01/ 01/ 02 128 Desi gnat f r wr d 200000 400000 32768. 00A012010101 128. 03 1
01/ 02/ 01 128 Desi gnat f r wr d 200000 400000 32768. 00A012010101 128. 04 1
01/ 02/ 02 128 Al t er n di scr 200000 200000 32768. 00A012112990 128. 20 1
01/ 02/ 03 128 Root f r wr d 200000 200000 32768. 00A012112990 064. 21 3
Table 14: Parameters Displayed by r api d- spanni ng- t r ee i nt er f ace command
Parameter Description
Por t Pr i or i t y
The port priority that is part of the port identifier.
Por t St at e
The current port state of the port.
Por t Rol e
The current port role of the port
Por t Enabl e
The ports link state of the port.
Por t Pat hCost
The contribution of the path through this port, when the port is the
Root port, to the total cost of the path to the root for this bridge.
Desi gnat edRoot
The topology's root device.
Desi gnat edCost
For a Designated port, the path cost (equal to the root path cost of
the bridge) offered to the LAN to which the port is connected;
otherwise, it is the cost of the path to the root offered by the
Designated port on the LAN to which this port is connected.
Use this parameter to test the value of the root path cost parameter
conveyed in received Configuration BPDUs.
T-Marc 300 Series User Guide

Page 27
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Parameter Description
Desi gnat edBr i dge
The unique bridge Identifier of one of the following:
The bridge the port belongs to in case of a Designated port.
The bridge assumed to be the designated bridge for the LAN to
which this port is attached.
Use this parameter:
Together with the Designated port and port Identifier
parameters for the port to know if this port is the Designated
port for the LAN to which it is attached.
To test the value of the bridge Identifier parameter conveyed in
received Configuration BPDUs.
Desi gnat edPor t
The port Identifier of the bridge port, on the designated bridge,
through which the designated bridge transmits the configuration
message information stored by this port.
Use this parameter:
Together with the designated bridge and port Identifier
parameters for the port to know if this port is the Designated
port for the LAN to which it is attached.
By management to determine the topology of the bridged LAN.
Fr wr dTr ansi t i ons
Number of port state transitions into forwarding state that have
occurred.
Admi n EdgePor t
This value indicates whether the user forced the port to be an edge
port (a port attached to a PC or any non spanning tree capable
device on the edge of the network), or it is set by the RSTP.
EdgePor t
The actual value of the edge port parameter for this port either
forced by the user or set automatically by the RSTP.
Admi nLi nk- Type
This value reflects the user-defined link-type of this port. If you set it
to auto, then set the link-type according to the duplex mode of the
port.
Li nk- Type
The actual value of the link-type for this port either forced by the
user or set automatically by the RSTP.
Mi gr at i onTi mer
The time interval to wait before performing protocol migrations. A
protocol migration occurs when the device degrades from RSTP to
a legacy spanning protocol (such as, STP).

T-Marc 300 Series User Guide

Page 28
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)


Table 15: Parameters Displayed by r api d- spanni ng- t r ee i nt er f ace al l and r api d-
spanni ng- t r ee al l commands
Parameter Description
Por t
The ports unit/slot/port.
Pr i
See PortPriority in the above table.
Pr t Rol e
See PortRole in the above table.
St at e
See PortState in the above table.
PCost
See PortPathCost in the above table.
DCost
See DesignatedCost in the above table.
Desi gnat ed br i dge
See DesignatedBridge in the above table.
DPr t
See DesignatedPort in the above table.
Fwr dT
See FrwrdTransitions in the above table.
Displaying the RSTP for a Specific Port
The show rapid-spanning-tree interface command displays the RSTP topology for the
specified port.
CLI Mode: Privileged (Enable)
Table 14 describes the parameters displayed by this command.
Command Syntax
device-name#show rapid-spanning-tree interface UU/SS/PP
Example
In the following example the DesignatedRoot value indicates that the bridge is the root:
device-name#show rapid-spanning-tree interface 1/1/1
Por t Pr i or i t y = 128
Por t St at e = f or war di ng
Por t Rol e = Desi gnat ed Por t
Por t Enabl e = enabl ed
Por t Pat hCost = 200000
Desi gnat edRoot = Thi s br i dge i s t he r oot
Desi gnat edCost = 0
Desi gnat edRoot = Thi s br i dge
Desi gnat edPor t = 128. 62
Fr wr dTr ansi t i ons = 1
Admi n EdgePor t = di sabl ed
EdgePor t = di sabl ed
Admi nLi nk- Type = Aut o
Li nk- Type = P2P
Mi gr at i onTi mer = 3
T-Marc 300 Series User Guide

Page 29
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Det ect ed Pr ot ocol = RSTP
Displaying the RSTP Configuration and Topology for
All Ports
The show rapid-spanning-tree command displays the current RSTP parameters settings and the
RSTP topology for all ports.
CLI Mode: Privileged (Enable)
Table 13 and Table 15 describe the parameters displayed by this command.
Command Syntax
device-name#show rapid-spanning-tree
Example
device-name#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 4 ( Sec)
TopChanges = 5
Desi gnat edRoot = 04096. 00: A0: 12: 11: 29: 92
Root Por t = 1/ 1/ 1
Root Cost = 400000
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed

===================================================================
Por t | Pr i | Pr t r ol e| St at e | PCost | DCost | Desi gnat ed br i dge | DPr t Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - -
01/ 01/ 01 128 Desi gnat f r wr d 40000 400000 32768. 00A012010101 128. 01 2
01/ 02/ 01 128 Desi gnat f r wr d 200000 400000 32768. 00A012010101 128. 03 1
01/ 02/ 02 128 Desi gnat f r wr d 200000 400000 32768. 00A012010101 128. 04 1
01/ 02/ 03 128 Al t er n di scr 200000 200000 32768. 00A012112990 128. 20 1
01/ 02/ 04 128 Root f r wr d 200000 200000 32768. 00A012112990 064. 21 3
T-Marc 300 Series User Guide

Page 30
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Enabling RSTP Debug Information
The debug rstp command enables and displays RSTP-related debug information.
The RSTP debug commands are not saved after reload.
CLI Mode: Privileged (Enable)
By default, RSTP debug information is disabled.
Command Syntax
device-name#debug rstp {all | hand-shake | roles | flush}
device-name#no debug rstp {all | hand-shake | roles | flush}
Argument Description
all
Activates all RSTP debug options.
hand-shake
Activates Hand Shake protocol debugging (IEEE 802.1w).
roles
Activates port-role selection debugging
flush
Activates debugging of port table flushing (MAC addresses).
no
Disables the RSTP-related debug information display.
Example:
Below is an example of the debug output after a link failure:
t SpanRecv: 2008/ 01/ 01 04: 11: 03 : l i nk down on por t 1/ 2/ 4

0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Sel ect - Por t - Rol es
0xa1391880 ( t SpanPRS) :
=================
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 1 I s Desi gnat edPor t
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : End- Rol es- Sel ect i on


t SpanRecv: 2008/ 01/ 01 04: 11: 06 : l i nk up on por t 1/ 2/ 4

0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Sel ect - Por t - Rol es
0xa1391880 ( t SpanPRS) :
=================
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 1 I s Desi gnat edPor t
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 4 I s Desi gnat edPor t
0xa1391880 ( t SpanPRS) :
T-Marc 300 Series User Guide

Page 31
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : End- Rol es- Sel ect i on


0xa139eb20 ( t SpanPRT) : Desi gnat ed synced por t 1/ 2/ 4
0xa139eb20 ( t SpanPRT) : Desi gnat ed pr oposi ng por t 1/ 2/ 4
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Sel ect - Por t - Rol es
0xa1391880 ( t SpanPRS) :
=================
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 1 I s Desi gnat edPor t
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 4 I s Desi gnat edPor t
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : End- Rol es- Sel ect i on


0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Sel ect - Por t - Rol es
0xa1391880 ( t SpanPRS) :
=================
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 1 I s Desi gnat edPor t
0xa1391880 ( t SpanPRS) : Por t 1/ 2/ 4 I s BackupPor t
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) :
0xa1391880 ( t SpanPRS) : End- Rol es- Sel ect i on
Displaying the RSTP Debug Status
The show debug rstp command displays the RSTP debug status.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show debug rstp
Example
device-name#show debug rstp
RSTP debuggi ng st at us:
RSTP debug r ol es i s on
RSTP debug f l ush i s on
RSTP debug handshake i s on
T-Marc 300 Series User Guide

Page 32
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

RSTP Configuration Example
The following is details RSTP configuration in a network and the devices within the network. For
more information regarding the formulas that appear in this example, refer to CalculatingtheSTP
Timerssection of the ConfiguringSpanningTreeProtocol (STP) chapter.

Figure 6: Rapid Spanning Tree Configuration Example
Configuring Device A:
1. Enable RSTP:
DeviceA#configure terminal
DeviceA(config)#protocol
DeviceA(cfg protocol)#rapid-spanning-tree enable
2. Set the RSTP bridge priority to 4096, As a result the Device A becomes the Root Bridge:
DeviceA(cfg protocol)#rapid-spanning-tree priority 4096
3. Set the RSTP MaxAge timer to 10, due to the following calculation: Max_age = (4 x hello) +
(2 x dia) - 2, where the hello-time is 2 and the diameter is 2, according to the above figure:
DeviceA(cfg protocol)#rapid-spanning-tree max-age 10
T-Marc 300 Series User Guide

Page 33
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

4. Set the RSTP forward-delay timer to 7, due to the following calculation: Forward_delay= ((4 x
hello) + (3 x dia)) / 2, where the hello-time is 2 and the diameter is 2, according to the above
figure:
DeviceA(cfg protocol)#rapid-spanning-tree forward-delay 7
Configuring Device B:
Enable RSTP:
DeviceB#configure terminal
DeviceB(config)#protocol
DeviceB(cfg protocol)#rapid-spanning-tree enable
Configuring Device C:
1. Enable RSTP:
DeviceC#configure terminal
DeviceC(config)#protocol
DeviceC(cfg protocol)#rapid-spanning-tree enable
DeviceC(cfg protocol)#exit
2. Set port 1/ 1/ 1 priority to 64 to cause it to be the forwarding port of Device C:
DeviceC(config)#interface 1/1/1
DeviceC(config-if 1/1/1)#rapid-spanning-tree priority 64
Configuring Device D:
1. Enable RSTP:
DeviceD#configure terminal
DeviceD(config)#protocol
DeviceD(cfg protocol)#rapid-spanning-tree enable
DeviceD(cfg protocol)#exit
2. Set port 1/ 1/ 1 with path cost 40000:
DeviceD(config)#interface 1/1/1
DeviceD(config-if 1/1/1)#rapid-spanning-tree path-cost 40000
3. Configure ports 1/ 2/ 3 and 1/ 2/ 4 on Device D as edge ports, since they are attached to PCs.
This disables the topology change detection on these ports:
DeviceD(config-if 1/1/1)#interface 1/2/3
DeviceD(config-if 1/2/3)#rapid-spanning-tree edge-port
DeviceD(config-if 1/2/3)#interface 1/2/4
DeviceD(config-if 1/2/4)#rapid-spanning-tree edge-port
DeviceD(config-if 1/2/4)#end
T-Marc 300 Series User Guide

Page 34
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Configuring Device E:
1. Enable RSTP:
DeviceE#configure terminal
DeviceE(config)#protocol
DeviceE(cfg protocol)#rapid-spanning-tree enable
DeviceE(cfg protocol)#exit
2. Configure ports 1/ 2/ 3 and 1/ 2/ 4 on Device E as edge ports, since they are attached to PCs:
DeviceE(config)#interface 1/2/3
DeviceE(config-if 1/2/3)#rapid-spanning-tree edge-port
DeviceE(config-if 1/2/3)#interface 1/2/4
DeviceE(config-if 1/2/4)#rapid-spanning-tree edge-port
DeviceE(config-if 1/2/4)#end
Displaying Device D Configuration:
DeviceD#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 4 ( Sec)
TopChanges = 5
Desi gnat edRoot = 04096. 00: A0: 12: 27: 00: C0
Root Por t = 1/ 2/ 1
Root Cost = 220000
MaxAge = 10 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 7 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
====================================================================================
Por t | Pr i | Pr t r ol e| St at e | PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - - -
01/ 01/ 01 128 Desi gnat f r wr d 40000 220000 32768. 00A012271420 128. 01 2
01/ 02/ 01 128 Root f r wr d 200000 20000 32768. 00A012270080 128. 03 2
01/ 02/ 02 128 Al t er n di scr 200000 20000 32768. 00A012270080 128. 04 1
01/ 02/ 03 128 Desi gnat f r wr d 200000 220000 32768. 00A012271420 128. 05 2
01/ 02/ 04 128 Desi gnat f r wr d 200000 220000 32768. 00A012271420 064. 06 2

NOTE
Port 1/ 2/ 2 is the Alternate port since the value of DPrt (the port Identifier of
the bridge port) for 1/ 2/ 1is better than 1/ 2/ 2. Device A is the root since its
bridge priority has the lowest value (4096).

T-Marc 300 Series User Guide

Page 35
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Displaying Device E Configuration:
DeviceE#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 4 ( Sec)
TopChanges = 5
Desi gnat edRoot = 04096. 00: A0: 12: 27: 00: C0
Root Por t = 1/ 2/ 2
Root Cost = 240000
MaxAge = 10 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 7 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed

===============================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - -
01/ 01/ 01 128 Root f r wr d 20000 220000 32768. 00A012271420 128. 01 2
01/ 02/ 02 128 Al t er n di scr 200000 200000 32768. 00A012271240 128. 03 1
01/ 02/ 03 128 Desi gnat f r wr d 200000 240000 32768. 00A012270120 128. 04 2
01/ 02/ 04 128 Desi gnat f r wr d 200000 240000 32768. 00A012270120 128. 04 2

NOTE
Select port 1/ 2/ 2 (connected to Device D) as alternate since the cost to the
root via this port is higher than via port 1/ 1/ 1.

T-Marc 300 Series User Guide

Page 36
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)

Supported Platforms
Feature T-Marc 340 T-Marc 380
RSTP + +
Supported Standards, MIBs and RFCs
Feature Standard MIBs RFCs
RSTP
IEEE 802.1d-1998
IEEE 802.1t-2001
IEEE 802.1w-2001
Public MIBs:
bridge.mib
rstp.mib
Private MIB,
prvt_switch.mib
RFC 1493, Definitions of
Managed Objects for Bridges
RFC 2863, Interfaces Group
MIB (configL2IfaceTable)



Page 1
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Configuring Multiple Spanning Tree Protocol
(MSTP, IEEE 802.1s)
Table of Figures 3
Overview 4
MSTP Regions 4
MST Instances (MSTI) 4
MST-to-Single Spanning Tree (SST) Interoperability 5
The MSTI Parameters 6
Interoperability with 802.1D STP 7
Fast Ring Modes 8
Fast Ring 8
Interoperability Fast Ring10
IGMP Fast Recovery12
Cisco Compliance12
IEEE 802.1s-Compliant vs. Cisco-Compliant BPDUs12
MSTP Default Configuration17
MSTP Configuration Flow19
MSTP Configuration Commands20
Enabling/ Disabling MSTP22
Defining the Bridge Priority22
Defining the Port Priority23
Enabling/ Disabling MSTP and an MSTP Instance on a Port23
Mapping VLANs to an MST Instance24
Defining the MSTP Region Name24
Defining the Region Revision-Number 25
Saving the MSTP VLAN Mapping25
Exiting the MSTP Protocol Configuration Mode without Saving the MST Mapping25
Defining the Hello-Time26
T-Marc 300 Series User Guide

Page 2
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Defining the Forward-Delay Timer26
Defining the Maximum Aging Timer27
Defining the Maximum Hop Count 27
Enabling the MSTP Fast Ring Mode28
Configuring the Device as an MSTP Border Bridge28
Defining the Learning/ Flushing Mode in a Fast Ring29
Configuring Edge Ports29
Configuring the Path Cost31
Enabling the BPDU Guard31
Enabling/ Disabling BPDU Transmission32
Enabling/ Disabling the Loop Guard32
Enabling MSTP Migration (Interoperability with 802.1D) 33
Enabling MSTP Link Flapping33
Defining the Ports Link Type34
Enabling/ Disabling Root Restriction35
Enabling/ Disabling TCN Restriction35
Configuring the Cisco-Compliant Mode36
Restoring the Ports MSTP Defaults36
Displaying the MSTP Temporary Configuration36
Displaying the Current MSTP Configuration37
Displaying the MSTP Region Configuration38
Displaying the MSTP Configuration38
Displaying the MST Instances Configuration42
Enabling MSTP Debug Information44
Displaying the MSTP Debug45
MSTP Configuration Examples46
Pending Configuration46
MSTP Port Configuration47
MSTP Global Parameters Configuration48
Network Configuration50
Fast Recovery Configuration61
MSTP BPDU Guard, Loop Guard, Restricted Root and Restricted TCN Configuration63
Configuring a Fast Ring65
Supported Platforms70
Supported Standards, MIBs, and RFCs70
T-Marc 300 Series User Guide

Page 3
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Table of Figures
Figure 1: MSTP within a Region 5
Figure 3: MSTP in Ring Topology in a Link-Down Event 9
Figure 4: MSTP in Ring Topology with a Device in Link-Down Event 10
Figure 5: MSTP Configuration Flow19
Figure 6: Schematic MSTI Configuration50
Figure 7: Link Failure between Two Devicees58
Figure 8: Spanning Tree IGMP Fast Recovery Configuration Example61
Figure 9: BPDU Guard, Loop Guard, Restricted Root and Restricted TCN63
Figure 10: Fast Ring Topology65

T-Marc 300 Series User Guide

Page 4
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Overview
Based on RSTP, MSTP allows using multiple spanning tree instances (MSTI) while mapping each
VLAN or VLAN group to the most appropriate instance. Each MSTI is an RSTP instance that has
its own independent topology, thus improving network fault tolerance.
This protocol provides a faster convergence-time and load balancing. Telco Systems recovery time
for link or device failure is less than 50 milliseconds and can be tuned to as low as 15 milliseconds
(in a ring of up to 14 devices).
MSTP includes all its spanning tree information in a single BPDU format. This reduces the number
of BPDUs required on a LAN to communicate spanning tree information for each VLAN and
ensures backward compatibility with RSTP and STP.
For more information regarding VLANs, refer to the ConfiguringVLANsandSuper VLANs
chapter of this User Guide.
MSTP Regions
An MSTP region is a collection of interconnected bridges that share the same MSTP configuration.
Devices in the same MST region share the following attributes:
region name
the regions revision number
the MST instance-to-VLAN assignment map (each VLAN can be maped only to one instance)
MST Instances (MSTI)
Each bridge in the MSTP region contains up to 16 MSTIs which act like separate RSTP bridges for
a specific set of configured VLANs. All MSTIs within the same region share the same protocol
timers, but each instance has its own topology parameters, such as root-device ID, root path-cost,
and active topology. By manipulating these parameters, systems administrator can modify the
spanning tree topology (defining forwarding ports and blocked ports) for the MSTI VLANs, thus
achieving traffic load-balancing within the region.
The MSTIs are identified by their instance ID:
Instance 0: this is the Common Internal Spanning Tree (CIST) to which all VLANs are
mapped by default. This instance is obligatory and cannot be removed.
Instances 115: user-configurable, optional instances, to which the system administrator maps
sets of VLANs.
T-Marc 300 Series User Guide

Page 5
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

The figure below illustrates load balancing. In MSTI 1:
Device C is the MST Root
The port on Device B connected to Device A is blocked
Traffic for VLANs 101200 flows between Device C and Device A
However, for MSTI 2:
Device B is the MST Root
The port on Device C connected to Device A is blocked
Traffic for VLANs 201300 flows between Device B and Device A


Figure 1: MSTP within a Region
MST-to-Single Spanning Tree (SST) Interoperability
Load balancing is supported only within the MSTP region.
Outside the region the spanning tree information is carried by MST instance 0, enabling the MST
region to participate in the Common Spanning Tree (CST ) of legacy xSTP bridges and other
MSTP regions it is connected to.
This region is responsible for combining all Internal Spanning Tree (IST) information and
forwarding it to the CST, handling the CST information and setting the roles of the regions
boundary ports. As a consequence each MSTP region acts as a single RSTP bridge within the CST
topology.
Each region has only one boundary port that can be the regions Root port, connecting the region
to the CST Root bridge (the CIST Root). This port is called the Master port. Boundary ports
providing alternative paths from the region to the CIST Root are blocked (set to Alternative).
Boundary ports that provide connectivy to Designated LANs can be set as Designated ports.

T-Marc 300 Series User Guide

Page 6
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


The MSTI Parameters
Table 1: MSTI Parameters
Parameter Description
Boundary Ports Connect the designated bridge (an SST bridge or a bridge with a
different MST configuration) to a LAN.
A designated port identifies itself as a boundary port (the boundary flag
set) if it detects an STP bridge or receives an agreement message from
an RST or MST bridge with a different configuration.
The MST ports role at the boundary is not important; since they are
forced the same state as the IST port state. The IST port at the
boundary can take any port role except a backup port role.
IST Master The IST master of an MST region is the bridge with the lowest bridge
identifier and the lowest path cost to the CST root.
If an MST bridge is the root bridge of the CIST in a region, then it is
the IST master of that MST region.
If the CST root is outside the MST region, then one of the MST
bridges at the boundary is selected as the IST master. Other
bridges on the boundary that belong to the same region eventually
block the boundary ports that lead to the root.
If two or more bridges have an identical path to the root, you can
set a lower bridge priority value to make a specific bridge the IST
master.
The root path-cost and message age inside a region stay constant.
However the IST path cost is incremented and the IST remaining hops
are decremented at each hop.
Regional Root The MSTI Regional root is the root bridge of each MSTI within a region.
In case of IST, it is the CIST Regional root. Therefore, the terms IST
Master and CIST Regional root are interchangeable.
Edge Ports A port connected to a non-bridging device (for example, a host or a
device). A port that connects to a hub is also an edge port if the hub or
any LAN that is connected to it does not have a bridge.
An edge port can start forwarding as soon as its link is up.
Link-Type Rapid connectivity is established only on point-to-point links.
When connecting a port to another port through a point-to-point link and
the local port becomes a designated port, RSTP negotiates a rapid
transition with the other port, using the proposal-agreement handshake
to ensure a loop-free topology.
By default, the link-type is automatically determined by the ports duplex
state. However in case of a half-duplex link physically connected point-
to-point to a single port on a remote device running RSTP, you can
override the link-type default setting and enable rapid transitions to
Forwarding state.
T-Marc 300 Series User Guide

Page 7
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Parameter Description
Message Age and
Hop Count
IST and MSTIs use a hop count mechanism similar to the IP time-to live
(TTL) mechanism. Users can configure the maximum MST bridge hop
count.
The MSTI root bridge sends a BPDU (or M-record) with the remaining
hop count. The bridge receiving the BPDU (or M-record) decrements the
remaining hop count by one.
If after decrementing, the hop count reaches zero, the bridge discards
the BPDU and ages out the port information. Non-root bridges propagate
the decremented count as the remaining hop count in the BPDUs they
generate.
Port Priority The port priority determines the ports Forwarding state in case of a loop.
MSTP selects the port with the highest priority (lower priority value) first.
In case all ports have the same priority, MSTP selects the port with the
lowest number and blocks all other ports.
Path Cost MSTP uses the path cost when selecting the forwarding port in case of a
loop.
The ports default path-cost derives from its link speed. However, you
can define lower cost values to ports you want selected first and higher
cost values to ports you want selected last.
In case all ports have the same path cost value, MSTP selects the port
with the lowest number and blocks all other ports.
Interoperability with 802.1D STP
A device running both MSTP and RSTP supports a built-in protocol migration mechanism that
enables it to interoperate with legacy 802.1D devices.
If this device receives a legacy 802.1D configuration BPDU (a BPDU with the protocol version set
to 0), it sends only 802.1D BPDUs on that port. An MSTP device can also detect that a port is at
the boundary of a region when it receives a legacy BPDU, an MST BPDU (version 3) associated
with a different region, or an RST BPDU (version 2).
However, the device cannot determine whether the legacy device is removed from the link (unless
the legacy device is the designated device). Therefore, it does not automatically revert to the MSTP
mode if it no longer receives 802.1D BPDUs.
Also, a device might continue to assign a boundary role to a port when the device to which it is
connected has joined the region.
If all the legacy devices on the link are RSTP devices, they can process MSTP BPDUs as if they are
RSTP BPDUs. Therefore, MSTP devices send either a version 0 configuration and TCN BPDUs
or version 3 MSTP BPDUs on a boundary port. A boundary port connects the designated device
to a LAN that is either a single spanning tree device or a device with a different MST configuration.
T-Marc 300 Series User Guide

Page 8
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Fast Ring Modes
Telco Systems fast ring mode shortens the MSTP convergence time below 50 milliseconds in case
of a disconnection in a ring topology.
To achieve this recovery time you have to ensure the following conditions:
Set the mstp learn-mode command to none or temporary-disabled (see Definingthe
Learning/ FlushingModeina Fast Ring). Alternatively use up to 100 MAC addresses in a standard
learning mode.
Configure up to 50 VLANs in MSTI 0.

NOTE
You can use the MSTP Fast Ring solution only in instance 0 .

Telco Systems offers two Fast Ring solutions:
Fast Ring
Interoperability Fast Ring

NOTE
Use a standard MSTP as a ring solution, if your network demands a topology
different from the one offered here.
Fast Ring
Use this solution when all the devices in the ring are Telco Systems devices.
To use Fast Ring:
1. Select one bridge to be the root bridge: set this bridges priority to the lowest value (0) and do
not enable the Fast Ring feature on this bridge (to avoid instability).
2. Configure all the user ports as MSTP edge ports.
3. To optimize network performance, increment the bridges priority value as you draw away
from the root bridge.
T-Marc 300 Series User Guide

Page 9
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


The figure below shows a ring topology using MSTP:
Device 1 is the MST root bridge
All the ports have equal priority thus one of Device 8's uplink ports is in Alternate state.
In case of a link failure between Device 14 and Device 1:
1. Device 14 detects the link failure on its root port.
2. Telco Systems ring solution immediately changes the traffic flow to a new direction.

Figure 2: MSTP in Ring Topology in a Link- Down Event
T-Marc 300 Series User Guide

Page 10
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Interoperability Fast Ring
This solution is designed especially for interoperation with devices that do not support MSTP or
RSTP protocols. Use Interoperability Fast Ring when you use a non Telco Systems gateway as a
part of the ring.
The figure below shows a ring topology using MSTP, when one of the devices (Router, in the figure
below) does not support MSTP, but is capable of switching the MSTP BPDUs between the ports
connected in the topology.


Figure 3: MSTP in Ring Topology with a Device in Link- Down Event
To use an Interoperability Fast Ring:
1. Configure the two devices closest to the Router (Device 1 and Device 8) as Border Bridges to
avoid network-performance degrade.
2. Do not define any MSTP priorities on Border Bridges. These are automatically set once the
brdiges are set as border bridges.
T-Marc 300 Series User Guide

Page 11
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

3. Increment the bridges priority value as you draw away from the root bridge, starting with
priority value 8192.
4. Configure all the user ports as MSTP edge ports.
T-Marc 300 Series User Guide

Page 12
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

In case the link between Device 8 and the Router fails:
Device 1 becomes the root
Traffic changes its direction toward the new root
IGMP Fast Recovery
When using the IGMP Fast Recovery feature, multicast traffic takes advantage of the connectivity
and convergence time provided by MSTP.
For more information, refer to the Internet GroupMulticast Protocol (IGMP) Fast Recoverysection of the
ConfiguringSpanningTreeProtocol (STP) chapter of this User Guide.
Cisco Compliance
Cisco compliance is a feature that enables the Cisco-compliant mode, changing the BPDU format
to conform to the standard adopted in Cisco devices.
When the device is not in Cisco-compliant mode, the root port is synchronized only if it receives an
agreement together with the proposal flag from the designated port.
IEEE 802.1s-Compliant vs. Cisco-Compliant BPDUs
Both Cisco-compliant and IEEE 802.1s-compliant modes, send an Agreement flag in response to a
Proposal flag when the port transitions to Root role. However there are differences between the
two modes in the conditions under which the Agreement flag is set:
In the standard IEEE 802.1s-compliant mode, MSTP sets the Agreement flag when:
the port is either a Designated or a Root port
and
all the device ports are synchronized (when all the ports participate only in loop-free
topologies)
In Cisco-compliant mode the Agreement flag is set also when the port is going to Alternate
role.
The following two tables compare two BPDUs:
Table2 displays a BPDU generated in IEEE 802.1s-compliant mode and includes two
M-records.
Table3 displays a BPDU generated in Cisco-compliant mode, parsed in the format generated
by Cisco devices.
T-Marc 300 Series User Guide

Page 13
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Standard BiNOS Dump (IEEE 802.1s-Compliant)
01 80 c2 00 00 00 00 a0 12 11 29 92 00 89 42 42
03 00 00 03 02 4e 80 00 00 a0 12 11 29 92 00 00
00 00 80 00 00 a0 12 11 29 92 80 0b 00 00 14 00
02 00 0f 00 00 00 60 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 01 60 b0 d3 6e cc e1
45 40 14 da 65 22 bd 08 f 3 cd 00 00 00 00 80 00
00 a0 12 11 29 92 28 4e 80 01 00 a0 12 11 29 92
00 00 00 00 80 80 28 4e 80 02 00 a0 12 11 29 92
00 00 00 00 80 80 28
Cisco-Compliant Dump
01 80 c2 00 00 00 00 08 a3 37 f 1 c1 00 84 42 42
03 00 00 03 02 68 60 00 00 07 eb d5 a2 00 00 00
00 00 60 00 00 07 eb d5 a2 00 80 01 00 00 14 00
02 00 0f 00 00 00 00 5a 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 64 b1 f 4 bb 1f 3c
6d 4d a3 00 94 c1 11 b7 c0 92 60 00 00 07 eb d5
a2 00 00 00 00 00 14 00 01 69 60 01 00 07 eb d5
a2 00 00 00 00 00 60 01 00 07 eb d5 a2 00 80 01
14 00

Table 2: BiNOS BPDU Parsed According to IEEE 802.1s
Field Name Content
ETH Dest. 01 80 c2 00 00 00
ETH Src 00 a0 12 11 29 92
ETH Len 00 89
LLC 42 42 03
Protocol Identifier 00 00
Protocol version Identifier 03
BPDU type 02
CIST Flags 4e
CIST Root Identifier 80 00 00 a0 12 11 29 92
CIST Ext. Path Cost 00 00 00 00
CIST Regional Root Identifier 80 00 00 a0 12 11 29 92
CIST Port Identifier 80 0b
Message age 00 00
MaxAge 14 00
Hello-time 02 00
Forward-delay 0f 00
T-Marc 300 Series User Guide

Page 14
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Field Name Content
Version 1 length (must be 0) 00
Version 3 length (Mrecords total length) 00 60
MSTI configuration Identifier (Key,
Revision, Name) 51 Bytes
00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 01 60
b0 d3 6e cc e1 45 40 14 da 65 22 bd
08 f3 cd
CIST Internal Root Path Cost 00 00 00 00
CIST Bridge Identifier 80 00 00 a0 12 11 29 92
CIST Remaining hops 28
MSTI1
Flags
MSTI Regional Root Identifier
MSTI Internal root path cost
MSTI Bridge Priority
MSTI Port Priority
MSTI Remaining hops

4e
80 01 00 a0 12 11 29 92
00 00 00 00
80
80
28
MSTI2
Flags
MSTI Regional Root Identifier
MSTI Internal root path cost
MSTI Bridge Priority
MSTI Port Priority
MSTI Remaining hops

4e
80 02 00 a0 12 11 29 92
00 00 00 00
80
80
28

Table 3: Cisco BPDU Parsed by a Telco Systems Device
Field Name Content Notes
ETH Dest. 01 80 c2 00 00 00 Matches the IEEE-802.1s
ETH Src 00 08 a3 37 f1 c1
ETH Len 00 84
LLC 42 42 03
Protocol Identifier 00 00
Protocol version Identifier 03
BPDU type 02
CIST Flags 68
CIST Root Identifier 60 00 00 07 eb d5 a2 00
CIST Ext. Path Cost 00 00 00 00
CIST Bridge Identifier 60 00 00 07 eb d5 a2 00
CIST Port Identifier 80 01
T-Marc 300 Series User Guide

Page 15
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Field Name Content Notes
Message age 00 00
MaxAge 14 00
Hello-time 02 00
Forward-delay 0f 00
Version 1 length (must be
0)
00
Extra byte 00 If the Cisco BPDUs are parsed
as specified in the IEEE 802.1s
standard, some offsets and
shifts may cause wrong values
for the M-records and for the
matching fields that are located
after the version 3 length
CIST Internal root path cost,
CIST Bridge identifier, CIST
remaining hops.
Version 3 length (Mrecords
total length)
00 5a
MSTI configuration
Identifier (Key, Revision,
Name) 50 Bytes.
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00 00 00 64 b1 f4 bb 1f 3c
6d 4d a3 00 94 c1 11 b7 c0 92
The first byte of the
configuration is called selector,
and is omitted (or over-ridden
by the version 3 length field).
CIST Regional Root
Identifier
60 00 00 07 eb d5 a2 00 Fields order is flipped.
CIST Remaining hops2
bytes instead of 1.
14 00 Extra byte-Cisco BPDU with no
MSTIs ends here and contains
the extra byte.
MSTI1 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
MSTID 01 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
Flags 69 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
T-Marc 300 Series User Guide

Page 16
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Field Name Content Notes
MSTI Regional Root
Identifier
60 01 00 07 eb d5 a2 00 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
MSTI Internal root path
cost
00 00 00 00 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
MSTI Transmitting Bridge
Identifier
60 01 00 07 eb d5 a2 00 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
MSTI Port Identifier 80 01 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
MSTI Remaining hops 14 00 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
T-Marc 300 Series User Guide

Page 17
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

MSTP Default Configuration
Table 4: MSTP Default Configuration
Parameter Default Value
MSTP Disabled
MSTP port priority 128
Hello-time 2 seconds
Forward-delay time 15 seconds
Maximum aging time 20 seconds
Maximum hop count 40 hops
Revision number 1
Default MST Instance 0
Bridge priority 32768
Path cost See Table 5
Edge port Disabled
Flush edge port Disabled
Link-type Auto
MSTP Link Flapping feature Disabled
Cisco MSTP compliance Disabled (IEE 802.1s-2002 compliance is enabled)
Fast Ring mode Disabled
Fast Ring Border Bridge mode Disabled
Learn mode Standard
BPDU guard Disabled
Loop guard Disabled
Restricted root Disabled
Restricted TCN Disabled
MSTP debug Disabled
T-Marc 300 Series User Guide

Page 18
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Table 5: Default Path Cost Configuration (IEEE802.1s)
Link Speed Recommended Value Recommended Range Range
<=100 Kbps 200,000,000 20,000,000200,000,000 1200,000,000
1 Mbps 20,000,000 2,000,00020,000,000 1200,000,000
10 Mbps 2,000,000 200,0002,000,000 1200,000,000
100 Mbps 200,000 20,000200,000 1200,000,000
1 Gbps 20,000 2,000200,000 1200,000,000
10 Gbps 2,000 20020,000 1200,000,000
100 Gbps 200 202,000 1200,000,000
1 Tbps 20 2200 1200,000,000
10 Tbps 2 120 1200,000,000
T-Marc 300 Series User Guide

Page 19
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

MSTP Configuration Flow














Figure 4: MSTP Configuration Flow
Start
Define the MSTP Timers (hello-time, forward-delay,
MaxAge, max-hops)
Configure the loop free ports as edge ports
Enable the BPDU Guard
Enable the MSTP Fast Ring mode
Configure the learning mode
End
T-Marc 300 Series User Guide

Page 20
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

MSTP Configuration Commands
The MSTP default values are sufficient for obtaining a loop-free redundant network topology.
However, to enforce topology demands on the dynamically built topology, configure several
parameters before connecting the network.
Table 6: MSTP Global Configuration Commands
Command Description
mstp Enables/disables MSTP (see Enabling/Disabling MSTP)
mstp priority Defines the MSTP bridge priority (see Defining the Bridge
Priority)
mstp port-priority Defines the MSTP port priority (see Defining the Port Priority)
mstp Enables/disables MSTP on a specified port (see
Enabling/Disabling MSTP and an MSTP Instance on a Port)
instance vlan Maps a VLAN to an MSTP instance (see Mapping VLANs to an
MST Instance)
name Defines the configuration name (see Defining the MSTP Region
Name)
revision Defines the configuration revision (see Defining the Region
Revision-Number)
apply Saves the MST configuration map and exits the configuration
(see Saving the MSTP VLAN Mapping)
abort Exits the MSTP configuration without saving the MST
configuration map (see Exiting the MSTP Protocol Configuration
Mode without Saving the MST Mapping)
mstp hello-time Defines the hello-time (see Defining the Hello-Time)
mstp forward-delay Defines the forward-delay timer (see Defining the Forward-Delay
Timer)
mstp max-age Defines the maximum aging time (seeDefining the Maximum
Aging Timer)
mstp max-hops Defines the max-hop count (see Defining the Maximum Hop
Count)
mstp fast-ring ring-
ports
Enables the Fast Ring mode (see Enabling the MSTP Fast Ring
Mode)
mstp fast-ring border-
bridge
Enables the Ring Border Bridge functionality (see Configuring
the Device as an MSTP Border Bridge)
mstp learn-mode Defines the mode in which the MAC addresses are
learnt/flushed (see Defining the Learning/Flushing Mode in a
Fast Ring)
mstp edge-port Configures the edge port (see Configuring Edge Ports)
mstp path-cost Configures sn MSTP port path-cost (see Configuring the Path
Cost )
mstp bpdu-rx Prevents an MSTP edge port from receiving BPDUs (see
Enabling the BPDU Guard)

T-Marc 300 Series User Guide

Page 21
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Table 7: MSTP Port Configuration Commands
Command Description
mstp bpdu-tx Enables/disables sending BPDU packets on a specified port
(see Enabling/Disabling BPDU Transmission)
mstp detect-bpdu-loss Enables/disables Loop Guard on a port (see Enabling/Disabling
the Loop Guard)
mstp detect-protocols Enables MSTP migration (see Enabling MSTP Migration
(Interoperability with 802.1D))
mstp link-flapping Enables the MSTP Link Flapping feature (see Enabling MSTP
Link Flapping)
mstp link-type Specifies a ports link type (see Defining the Ports Link Type)
mstp restrict-root Enables/disables the selection of a port as the root port (see
Enabling/Disabling Root Restriction)
mstp restrict-tcn Enables/disables the propagation of TCNs to other ports on the
device (see Enabling/Disabling TCN Restriction)
mstp cisco-compliant Forces the port to work in compliance with Cisco devices (see
Configuring the Cisco-Compliant Mode)
mstp default Restores the default MSTP settings (see Restoring the Ports
MSTP Defaults)

Table 8: MSTP Display Commands
Command Description
show pending Displays the temporary MSTP configuration (see Displaying the
MSTP Temporary Configuration)
show Displays the MSTP configuration (see Displaying the Current
MSTP Configuration)
show mstp configuration Displays the MSTP configuration in the current region (see
Displaying the MSTP Region Configuration)
show mstp Displays the whole MSTP configuration (see Displaying the
MSTP Configuration)
show mstp instance Displays the configured instances (see Displaying the MST
Instances Configuration)

Table 9: MSTP Debug Commands
Command Description
debug mstp Debugs the port roles and port handshaking (see Enabling
MSTP Debug Information)
show debug mstp Displays the debug MSTP logs (see Displaying the MSTP
Debug)
T-Marc 300 Series User Guide

Page 22
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Enabling/Disabling MSTP
The mstp command enables/ disables the MSTP and enters MSTP Protocol Configuration mode.
CLI Mode: Protocol Configuration
MSTP is disabled by default.
Command Syntax
device-name(cfg protocol)#mstp [enable | disable]
Argument Description
enable
(Optional) enables MSTP
disable
(Optional) disables MSTP
Defining the Bridge Priority
The mstp priority command defines the bridge priority of an MSTP instance.

NOTE
Do not define any bridge priority to 0 or 4096 when using Fast Ring Border Bridge
mode.

CLI Mode: Protocol Configuration
The default MSTP priority is 32768.
Command Syntax
device-name(cfg protocol)#mstp <instance-id> priority <priority>
device-name(cfg protocol)#no mstp <instance-id> priority
Argument Description
instance-id
The MSTP instance ID, in the range of <115>
priority
<priority>
The bridge priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576,
28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
The bridge with the highest bridge priority (the lowest numerical priority
value) is selected as Root device.
no
Restored to default

T-Marc 300 Series User Guide

Page 23
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Defining the Port Priority
The mstp port-priority command defines the MSTP port priority.
CLI Mode: Interface Configuration
The default port priority is 128.
Command Syntax
device-name(config-if UU/SS/PP)#mstp <instance-id> port-priority <priority>
device-name(config-if UU/SS/PP)#no mstp <instance-id> port-priority
Argument Description
instance-id
The MSTP instance ID, in the range of <115>
priority
<priority>
The port priority value, in the range of <0240>, in multiple of 16 (for
example: 0, 16, 32)
Assign higher priority (lower values) to ports you want selected first
no
Restores to default
Enabling/Disabling MSTP and an MSTP Instance on a
Port
The mstp command enables/ disables MSTP on a specified port.
Using this command, you can also enable/ disable an MSTP instance on the port. When enabling
this option, the port forwards traffic of all VLANs belonging to the particular MSTP instance.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, all instances are enabled on all ports.
Command Syntax
device-name(config-if UU/SS/PP)#mstp <instance-id> {enable | disable}
device-name(config-if-group)#mstp <instance-id> {enable | disable}
Argument Description
enable
Enables MSTP on the specified port
disable
Disables MSTP on the specified port
instance-id
The MSTP instance ID, in the range of <115>
If you specify this option, the selected MSTP instance is disabled and the
MSTP port role in that instance is disabled.

T-Marc 300 Series User Guide

Page 24
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Mapping VLANs to an MST Instance
The instance vlan command maps VLANs to an MST instance. You can map each VLAN to
one MST instance; therefore mapping a VLAN to an MST instance removes them from the VLAN
list.
CLI Mode: MSTP Protocol Configuration
By default, all VLANs are mapped to instance 0.
Command Syntax
device-name(cfg protocol mstp)#instance <instance-id> vlan VLAN-LIST
device-name(cfg protocol mstp)#no instance <instance-id>
Argument Description
instance-id
The MSTP instance ID, in the range of <115>. Instance 0 is mandatory while
others are optional.
VLAN-LIST
The list of VLANs mapped to this instance, in the range of <24094>.
To specify a VLAN rane, use a hyphen, for example:
instance 1 vlan 1-63
To specify a VLAN list, type the VLAN numbers in an increasing order,
separating them with commas, for example:
instance 1 vlan 10, 20, 30
no
Restores to default
Defining the MSTP Region Name
The name command defines the MSTP region name.
CLI Mode: MSTP Protocol Configuration
Command Syntax
device-name(cfg protocol mstp)#name NAME
device-name(cfg protocol mstp)#no name
Argument Description
NAME
The MSTP region name, a case-sensitive string of up to 31 characters
no
Removes the name
Example
device-name(cfg protocol mstp)#name region1
T-Marc 300 Series User Guide

Page 25
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Defining the Region Revision-Number
The revision command defines the region revision-number.
CLI Mode: MSTP Protocol Configuration
The default revision number is 1.
Command Syntax
device-name(cfg protocol mstp)#revision <revision-number>
device-name(cfg protocol mstp)#no revision
Argument Description
revision-number
The revision number, in the range of <065535>
no
Restores to default
Example
device-name(cfg protocol mstp)#revision 1
Saving the MSTP VLAN Mapping
The apply command saves the MSTP VLAN mapping and exits the MSTP Protocol
Configuration mode (this commands has the same affect as the exit command or <Ctrl+D>).
CLI Mode: MSTP Protocol Configuration
Command Syntax
device-name(cfg protocol mstp)#apply
Exiting the MSTP Protocol Configuration Mode without
Saving the MST Mapping
The abort command exits the MSTP Protocol Configuration mode without saving the MST
configuration map. Use this command if you do not want to save the VLAN mapping.
CLI Mode: MSTP Protocol Configuration
Command Syntax
device-name(cfg protocol mstp)#abort
T-Marc 300 Series User Guide

Page 26
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Defining the Hello-Time
The mstp hello-time command defines the hello-time for all MST instances. The hello-time is
the interval between consecutive configuration messages generated by the root device, indicating
that the device is alive.
CLI Mode: Protocol Configuration
The default hello-time is 2 seconds.
Command Syntax
device-name(cfg protocol)#mstp hello-time <seconds>
device-name(cfg protocol)#no mstp hello-time
Argument Description
seconds
The MSTP hello-time, in the range of <110>seconds
no
Restores to default
Defining the Forward-Delay Timer
The mstp forward-delay command configures the forward-delay time for all MST instances. The
forward-delay is the time the port waits in Learning and Listening states before moving to
Forwarding state.
CLI Mode: Protocol Configuration
The default forward-delay time is 15 seconds.
Command Syntax
device-name(cfg protocol)#mstp forward-delay <seconds>
device-name(cfg protocol)#no mstp forward-delay
Argument Description
seconds
The MSTP forward-delay time, in the range of <430>seconds
no
Restores to default

T-Marc 300 Series User Guide

Page 27
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Defining the Maximum Aging Timer
The mstp max-age command configures the maximum-aging (MaxAge) time for all MST
instances. The MaxAge time is the number of seconds a device waits without receiving
configuration messages before attempting a reconfiguration.
CLI Mode: Protocol Configuration
The default maximum aging time is 20 seconds.
Command Syntax
device-name(cfg protocol)#mstp max-age <seconds>
device-name(cfg protocol)#no mstp max-age
Argument Description
seconds
The MSTP MaxAge time, in the range of <640>seconds
no
Restores to default
Defining the Maximum Hop Count
The mstp max-hops command defines the maximum number of hops allowed in a region before
discarding a BPDU.
CLI Mode: Protocol Configuration
The default max-hops count is 40.
Command Syntax
device-name(cfg protocol)#mstp max-hops <hops-count>
device-name(cfg protocol)#no mstp max-hops
Argument Description
hops-count
The number of hops in a region, in the range of <140>
no
Restores to default

T-Marc 300 Series User Guide

Page 28
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Enabling the MSTP Fast Ring Mode
The mstp fast-ring ring-ports command enables the MSTP Fast Ring mode. The command
defines the two physical ports that provide connectivity in the ring.

NOTE
Avoid using this command for any topology other than a ring topology.

CLI Mode: Protocol Configuration
By default, MSTP Fast Ring is disabled.
Command Syntax
device-name(cfg protocol)#mstp fast-ring ring-ports UU1/SS1/PP1 UU2/SS2/PP2
device-name(cfg protocol)#no mstp fast-ring
Argument Description
UU1/SS1/PP1
Specifies the first ring port
UU2/SS2/PP2
Specifies the second ring port
no
Restores to default
Configuring the Device as an MSTP Border Bridge
The mstp fast-ring border-bridge command configures the device as a border bridge,
enabling the Ring Border Bridge functionality.
CLI Mode: Protocol Configuration
By default, the MSTP Ring Border Bridge is disabled.
Command Syntax
device-name(cfg protocol)#mstp fast-ring <instance-id> border-bridge
preferred-link UU/SS/PP
device-name(cfg protocol)#no mstp fast-ring <instance-id> border-bridge
Argument Description
instance-id
The instance ID the Ring Border Bridge functionality operates.
NOTE
Uou can use the MSTP Fast Ring solution only in instance 0
(CIST).
preferred-link
The preferred MSTP Fast Ring physical port that connects the ring
topology to the network gateway.
Configure the preferred Fast Ring physical using the mstp fast-ring
ring-ports command.
T-Marc 300 Series User Guide

Page 29
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

UU/SS/PP
The preferred ring port.
no
Restores to default
Defining the Learning/Flushing Mode in a Fast Ring
The mstp learn-mode command defines the mode in which MAC addresses are learned and
flushed.
CLI Mode: Protocol Configuration
By default, learning/ flushing is permanently enabled, using a standard learning mode.
Command Syntax
device-name(cfg protocol)#mstp learn-mode {none | temporary-disabled [<2-100>]
| standard}
Argument Description
none
Permanently disables learning on non-edge/ring ports
temporary-
disabled
Enables learning, except for cases where an MSTP topology change occurs
and learning is temporarily disabled
2-100
(Optional) defines the time period learning is disabled after a topology change
occurred, in the range of <2100>seconds
standard
Permanently enables learning on non-edge/ring ports
Configuring Edge Ports
The mstp edge-port command changes the ports administrative status, setting it as an Edge Port
CLI Mode: Interface Configuration and Range Interface Configuration

NOTE
If the device receives a BPDU on a port configured as an edge port, the port
automatically reverts to Disabled status. After a link up/ down, the port returns to the
Edge port administrative status.

T-Marc 300 Series User Guide

Page 30
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


The EdgePort parameter is controlled by the MSTP state machine and the CLI.
Table 10: MSTP Edge Port
Type Description
Admin
EdgePort
Configuring a port as an Edge port is known as Administrative Edge Port. This
indicates that the port is permitted to transition directly to Forwarding state when
it becomes designated.
Configure Edge ports on ports that are known to be at the edge of the bridged
LAN in order to transition to Forwarding without delay.
EdgePort The ports actual status is known as its operational state. This indicates whether
the port operates as an Edge Port or not.
When a port that was configured as Administrative Edge Port receives a BPDU,
it automatically changes its operational state to operate as a non-Edge Port, in
order to prevent loops in the network.
Therefore, if a port marked as an edge port proves not to be one (due to the
presence of another bridge), it ceases to behave like an edge port until it is
reinitialized (either by a link up/down event or by reissuing the CLI command).
By default, the port is not an edge port. If you set the port as an edge port, the Flush Port option is
disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp edge-port [flush-port]
device-name(config-if UU/SS/PP)#no mstp edge-port [flush-port]

device-name(config-if-group)#mstp edge-port [flush-port]
device-name(config-if-group)#no mstp edge-port [flush-port
Argument Description
flush-port
(Optional) MSTP flushes the edge port it is configured on, when the link on
the port is down.
Use the MSTP edge port when neither the device connected to the port nor
the network connected to this device is MSTP enabled (configure an MSTP
edge port only if there is no possibility that BPDUs are received on the
connected port). If you connect a network (not a single device) to the port,
use the Flush Port option to prevent sending packets to unconnected links.
no
Configures the edge port value to its default settings. Also it disables the
admin status.

T-Marc 300 Series User Guide

Page 31
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Configuring the Path Cost
The mstp path-cost command configures the path cost of an MST instance. A lower path cost
represents a higher-speed transmission.
Table5 displays the default value calculated by the ports media speed.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#mstp <instance-id> path-cost <cost>
device-name(config-if UU/SS/PP)#no mstp <instance-id> path-cost
Argument Description
instance-id
The MSTP instance ID, in the range of <115>
cost
The path cost value, in the range of <1200000000>. Assign lower cost
values to ports you want to select first and higher-cost values to other
ports.
no
Restores to default
Enabling the BPDU Guard
The mstp bpdu-rx command prevents an MSTP edge port from receiving BPDUs.

NOTE
This command takes effect only if the port is an MSTP edge port.

CLI Mode: Interface Configuration and Range Interface Configuration
The default value is standard.
Command Syntax
device-name(config-if UU/SS/PP)#mstp bpdu-rx {discard | disable-port |
standard}
device-name(config-if-group)#mstp bpdu-rx {discard | disable-port | standard}
Argument Description
discard
The port drops BPDUs received on it and continues to operate as an edge
port.
NOTE
Use this option to prevent receiving unwanted BPDU packets
from user ports.
disable-port
Disables the port when it receives
standard
Processes received BPDUs and invalidates the edge ports operational status
T-Marc 300 Series User Guide

Page 32
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Example
Configure the device to disable port 1/ 2/ 3 if a BPDU is received on it:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#mstp bpdu-rx disable-port
Enabling/Disabling BPDU Transmission
The mstp bpdu-tx command enables/ disables BPDU packets transmission on the specified port.
CLI Mode: Interface Configuration, Interface Range Configuration
BPDU transmission is enabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp bpdu-tx {enable | disable}
device-name(config-if-group)#mstp bpdu-tx {enable | disable}
Argument Description
enable
Enables the BPDU transmission
disable
Disables the BPDU transmission
Enabling/Disabling the Loop Guard
The mstp detect-bpdu-loss command enables/ disables the Loop Guard on a port.
For more information regarding this feature, refer to the STP LoopGuardsection of Configuring
SpanningTreeProtocol (STP) chapter.
CLI Mode: Interface Configuration, Interface Range Configuration
Loop Guard is disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp detect-bpdu-loss {enable | disable}
device-name(config-if-group)#mstp detect-bpdu-loss {enable | disable}
Argument Description
enable
Enables Loop Guard on the port
disable
Disables Loop Guard on the port
This parameter does not change the ports state, if the port is not a Designated
port, even if the port stops receiving BPDUs from its peer port.
T-Marc 300 Series User Guide

Page 33
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Example
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#mstp detect-bpdu-loss disable
Enabling MSTP Migration (Interoperability with 802.1D)
The mstp detect-protocols command defines the MSTP communication mode. The command
instructs MSTP to send the next BPDU as an MSTP/ RSTP BPDU.
The command does not reboot the port or send a BPDU immediately.
CLI Mode: Interface Configuration and Range Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#mstp detect-protocols
device-name(config-if-group)#mstp detect-protocols
Enabling MSTP Link Flapping
The mstp link-flapping command enables the MSTP Link Flapping detection feature.
CLI Mode: Interface Configuration and Range Interface Configuration
MSTP Link Flapping is disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp link-flapping <period>
device-name(config-if UU/SS/PP)#no mstp link-flapping

device-name(config-if-group)#mstp link-flapping <period>
device-name(config-if-group)#no mstp link-flapping
Argument Description
period
The flapping interval (the time between a LinkDown and LinkUp status), in the range
of <20010000>milliseconds (recommended interval is 2000 ms). The link shuts
down if the flapping interval is lower than the time defined.
no
Restores to default.
Example 1
Set the MSTP Link Flapping control period to 1.5 seconds on port 1/ 1/ 1:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mstp link-flapping 1500
T-Marc 300 Series User Guide

Page 34
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Example 2
Disable MSTP Link Flapping on ports 1/ 2/ 11/ 2/ 4:
device-name(config)#interface range 1/2/1-1/2/4
device-name(config-if-group)#no mstp link-flapping
Defining the Ports Link Type
The mstp link-type command defines the RSTP ports administrative link-type.
CLI Mode: Interface Configuration and Range Interface Configuration
There are two statuses of link-type:
Table 11: MSTP Link-types
Link-Type Description
auto The device automatically manages the port's link-type. The
device considers the port connected to a point-to-point LAN
segment if any of the following conditions are met:
The MST algorithm determines that the LAN segment
operates in full duplex mode.
If you configure the port by management means to a
full duplex operation. Otherwise, consider the MAC to
be connected to a LAN segment that is not point-to-
point (shared media).
point-to-point Consider the device connected to a point-to-point LAN
segment that forces the operational link-type to be point-to-
point.
Admin Link-Type
shared Consider the device connected to a shared media LAN
segment that forces the operational link-type to be shared.
Operational Link-
Type
If you configure Admin link-type to auto, then you can determine the value of
Operational link-type in accordance with the specific procedures defined for
the device entity, as defined in Admin link-type (auto).
If the port is connected to a point-to-point LAN segment, then Operational
link-type is set to point-to-point, otherwise it is set to shared.
In the absence of a specific definition of how to determine whether the
device is connected to a point-to-point LAN segment or not, the value of link-
type is shared.

The default link type is Auto.
Command Syntax
device-name(config-if UU/SS/PP)#mstp link-type {auto | point-to-point |
shared}
device-name(config-if UU/SS/PP)#no mstp link-type {auto | point-to-point |
shared}

device-name(config-if-group)#mstp link-type {auto | point-to-point | shared}
device-name(config-if-group)#no mstp link-type {auto | point-to-point | shared}
T-Marc 300 Series User Guide

Page 35
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Argument Description
auto Sets the RSTP link-type to auto.
point-to-point Sets the RSTP link-type to point-to-point.
shared Sets the RSTP link-type to share.
no Restores to default
Enabling/Disabling Root Restriction
The mstp restrict-root command enables/ disables the selection of a port as the Root port.
CLI Mode: Interface Configuration and Range Interface Configuration
Root restriction is disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp restrict-root {enable | disable}
device-name(config-if-group)#mstp restrict-root {enable | disable}
Argument Description
enable
Enables root restriction on the specified port (the port is not selected as Root
port)
disable
Disables root restriction
Enabling/Disabling TCN Restriction
The mstp restrict-tcn command enables/ disables receiving Topology Change notifications
(TCN) and propagating them to other ports on the device (for more information refer to the
ConfiguringSpanningTreeProtocol (STP) chapter).
CLI Mode: Interface Configuration and Range Interface Configuration
TCN restriction is disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp restrict-tcn {enable | disable}
device-name(config-if-group)#mstp restrict-tcn {enable | disable}
Argument Description
enable
Enables TCN restriction: the port does not propagate detected topology
changes to other ports on the bridge and other bridges in the topology. This
prevents the unnecessary update of learnt devices locations.
disable
Disables TCN restriction.

T-Marc 300 Series User Guide

Page 36
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Configuring the Cisco-Compliant Mode
The mstp cisco-compliant command changes the ports mode to Cisco-compliant mode. Use
this mode for ports connected to Cisco devices.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the device is IEEE 802.1s-compliant.
Command Syntax
device-name(config-if UU/SS/PP)#mstp cisco-compliant
device-name(config-if UU/SS/PP)#no mstp cisco-compliant

device-name(config-if-group)#mstp cisco-compliant
device-name(config-if-group)#no mstp cisco-compliant
Argument Description
no
Restores to default
Restoring the Ports MSTP Defaults
The mstp default command restores the ports MSTP configuration default values.
CLI Mode: Interface Configuration and Range Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#mstp default
device-name(config-if-group)#mstp default
Displaying the MSTP Temporary Configuration
The show pending command displays the temporary MSTP configuration. The command displays
the region name, revision number, and the VLAN-to-MSTI mapping.
CLI Mode: MSTP Protocol Configuration
Command Syntax
device-name(cfg protocol mstp)#show pending
T-Marc 300 Series User Guide

Page 37
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Example
device-name(cfg protocol mstp)#show pending
Pendi ng MST conf i gur at i on
Name r egi on 1
Revi si on 1
I nst ance Vl ans mapped
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 1- 4094
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Displaying the Current MSTP Configuration
The show command displays the current MSTP configuration. The command displays the region
name, revision number, and the VLAN-to-MSTI mapping.
CLI Mode: MSTP Protocol Configuration
Command Syntax
device-name(cfg protocol mstp)#show
Example
device-name(cfg protocol mstp)#show
Pendi ng MST conf i gur at i on
Name [ ]
Revi si on 1
I nst ance Vl ans mapped
- - - - - - - - - - - - - - - - - - - - - - - - - - -
0 1- 10, 12- 13
1 14- 4094
6 11
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
T-Marc 300 Series User Guide

Page 38
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Displaying the MSTP Region Configuration
The show mstp configuration command displays the current regions MSTP configuration.
CLI Mode: MSTP Protocol Configuration and Privileged (Enable)
Command Syntax
device-name(cfg protocol mstp)#show mstp configuration
device-name#show mstp configuration
Example
device-name(cfg protocol mstp)#show mstp configuration

Name [ man]
Revi si on 56
I nst ance Vl ans mapped
- - - - - - - - - - - - - - - - - - - - - - -
0 1- 10, 12- 13
1 14- 4094
6 11
- - - - - - - - - - - - - - - - - - - - - - - -
Displaying the MSTP Configuration
The show mstp command displays the MSTP configuration and the MSTP ports state.
The tables below describe the parameters displayed by this command.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mstp
T-Marc 300 Series User Guide

Page 39
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Example
device-name#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 9 ( Sec)
TopChanges = 1
CI ST Root = 32768. 00: A0: 12: 0A: 01: B6
CI ST Por t = 01/ 02/ 01
CI ST Ext er nal Pat h Cost = 200000
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 0 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 4094
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 40
Ti meSi nceTopol ogyChange = 9 ( Sec)
TopChanges = 1
Bor der Br i dge = di sabl ed
=====================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - +- - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 02 128 Root f r wr d 200000 0 00000. 00A0120F2F27 128. 006

MST01
VLAN mapped = 3
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 40
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 0
Bor der Br i dge = di sabl ed
========================================================================
Por t | Pr i | Pr t r ol e | St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - - +- - - +- - - - - - - - - - - +- - - - - +- - - - - - +- - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 01 128 Desi gnat ed f r wr d 200000 200000 32768. 00A012270120 128. 002
01/ 02/ 02 128 Root f r wr d 200000 200000 32768. 00A0120A01B6 128. 024
01/ 02/ 03 128 Al t er nat e bl ock 200000 200000 32768. 00A012270120 128. 007
T-Marc 300 Series User Guide

Page 40
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Table 12: Parameters Displayed by show mst p Command
Parameter Description
Mul t i pl e spanni ng t r ees Indicates whether MSTP is enabled or disabled on the device
Pr ot ocol Speci f i cat i on Displays the supported IEEE standard
Pr i or i t y The bridge priority
Ti meSi nceTopol ogyChange The time since the last topology change, in seconds
TopChanges The number of topology changes detected for all the MSTIs
CI ST Root The CIST regional root Identifier (the bridge Identifier of the
current CIST regional root)
CI ST Por t The port from which traffic flows to the CIST root
CI ST Cost The CIST path cost from the transmitting bridge to the CIST
regional root
MaxAge The maximum age of received protocol information before it is
discarded, in seconds
Hel l oTi me The hello-time time interval in seconds
For war dDel ay The forward-delay time in seconds
Br i dgeMaxAge The Max Age time in seconds
Br i dgeHel l oTi me The value of the hello-time parameter in seconds determining
the interval between transmissions of the following BPDUs:
BPDUs to all designated ports of the root device
BPDUs to designated ports of all devices in the topology
that have the same root
BPDUs to the root port during TCN
Br i dgeFor war dDel ay The forward-delay time in seconds, when the bridge is the root
or is attempting to become the root
Pr ot oMi gr at i oDel ay This value is used by the Protocol Migration Machine to limit the
transition between port states
MaxHopCount The maximum number of hops in a region before the BPDU is
discarded
TxHol dCount The value used to limit the rate of at which packets are sent
(relates to the port transmit state machine)
SpanI gmpFast Recover y Indicates whether the IGMP Fast Recovery feature is enabled
on the device
Fast Ri ng Indicates whether the Fast Ring feature is enabled on the device
MST00 Indicates MST instance 0
VLAN mapped The MSTI VLAN mapping
Regi onal Root The MSTI regional root
Remai ni ngHopCount The value that determines the scope of an MSTP region
TopChanges The number of the topology changes occurred in the specified
MSTI
Bor der Br i dge The MSTP ring border bridge status

T-Marc 300 Series User Guide

Page 41
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Table 13: Interface Parameters Displayed by show mst p Command
Parameter Description
Por t The ports unit/slot/port
Pr i The port priority
Pr t Rol e The current port role(Root, Designated, Alternate, Backup, or
Disabled)
St at e The current port state(Disabled, Listening, Learning, Forwarding,
or Discarding)
PCost The actual cumulative distance to the Root bridge through this
port, when the port is the Root port, This is the sum of all
designated costs of the bridges along the path to the Root.
This value is added to the designaed cost parameter of the
Designated ports of this bridge and transmitted in the BPDUs
through Designated ports.
DCost The Root bridge path cost in the Configuration BPDUs root
identifier parameter, transmitted by the designated bridge for the
LAN the port is connected to.
Use this parameter to test the port identifier parameter value
conveyed in received Configuration BPDUs.
Desi gnat ed br i dge The unique bridge identifier of one of the following:
(in case of a designated port) the bridge the port belongs to
the bridge believed to be the designated bridge for the LAN to
which the port is attached
Use this parameter:
together with the designated port and port identifier
parameters for the port to verify if this port is the designated
port of the LAN it is attached to
to test the value of the bridge identifier parameter conveyed
in received Configuration BPDUs
DPr t The bridge ports identifier through which the designated bridge
transmits configuration message information stored by this port.
Use this parameter:
together with the designated bridge and port identifier
parameters to verify if this port is the designated port of the
LAN to which the port is attached
by management to determine the topology of the bridged LAN
T-Marc 300 Series User Guide

Page 42
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Displaying the MST Instances Configuration
The show mstp instance command displays the specified MST instance configuration for a
specified port or for all ports.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mstp instance {<instance-id> | all} [interface UU/SS/PP]
Argument Description
instance-id
The MST instance ID, in the range of <015>
all
Displays all instances
interface UU/SS/PP
(Optional) specifies a port to display
Example
device-name#show mstp instance 0 interface 1/1/1
MST i nst ance 0
Por t Enabl e = enabl ed
Por t Pr i or i t y = 128
Por t St at e = f or war di ng
For war d Tr ansi t i ons = 34
Por t Rol e = Root
Por t Pat h Cost = 200000
CI ST Root = 24576. 0009B7990300
Ext er nal Por t Pat hCost = 200000
Desi gnat ed Root = Thi s br i dge i s t he r egi onal r oot
Desi gnat ed Br i dge = 24576. 0009B7990300
Desi gnat ed Por t I d = 96. 1
Desi gnat ed Pat h Cost = 200000
Admi nEdgePor t = di sabl ed
Oper EdgePor t = di sabl ed
BPDU pr ocessi ng = St andar d
Admi nLi nk- Type = Poi nt ToPoi nt
Li nk- Type = Poi nt ToPoi nt
Rest r i ct Root = enabl ed
Rest r i ct TCN = di sabl ed
Det ect l ost BPDUs = enabl ed
Runni ng Ver si on = RSTP
Li nk f l appi ng = di sabl ed
T-Marc 300 Series User Guide

Page 43
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Table 14: The MSTP show mst p i nst ance Command Parameters
Parameter Description
Por t Enabl e
Indicates whether the port is enabled or disabled
Por t Pr i or i t y
The port priority for this MST instance
Por t St at e
The port state for this MST instance
For war d Tr ansi t i ons
The number of times the port has transitioned into Forward state
Por t Rol e
The port role for this MST instance
Por t Pat h Cost
The port path cost for this MST instance
CI ST Root
The CIST regional root identifier (the bridge identifier of the current
CIST regional root)
Ext er nal Por t Pat hCost
The external port path cost
Desi gnat ed Root
The designated root ID
Desi gnat ed Br i dge
The designated bridge ID for this network
Desi gnat ed Por t I d
The designated bridge port ID
Desi gnat ed Pat h Cost
The designated bridge port path cost
Admi nEdgePor t
The edge ports administrative settings
Oper EdgePor t
The current edge port working mode
BPDU pr ocessi ng
The port action if it receives a BPDU (applies to edge ports only)
Admi nLi nk- Type
The link-type administrative settings
Li nk- Type
The current link-type working mode
Rest r i ct Root
Whether root restriction is enabled
Rest r i ct edTCN
Whether TCN restriction is enabled
Det ect l ost BPDUs
Whether a loss of BPDUs is an indication for a link failure
Runni ng Ver si on
The MSTP version:
RSTP when the neighbor is an RSTP or MSTP device
STP when the neighbor is an STP device
Cisco-compliant if the Cisco-compliant mode is defined
Li nk Fl appi ng
The Link Flapping feature status and (if enabled) the control period
T-Marc 300 Series User Guide

Page 44
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Enabling MSTP Debug Information
The debug mstp command displays information related to port roles and port handshaking.
This command is not saved after a device reload.
CLI Mode: Privileged (Enable)
Debug is disabled by default.
Command Syntax
device-name#debug mstp {roles | handshake} {all | <instance-id>}
device-name#no debug mstp {roles | handshake} {all | <instance-id>}
Argument Description
roles
The port roles to debug
handshake
Specifies the mechanism of proposals and agreements
all
Debugs all instances
instance-id
The MST instance ID, in the range of <015>
no
Disables the debug information display
Example
Below is a debug output:
mst p: Por t 1/ 1/ 1 mst i 1 Synced

mst p: Por t 1/ 1/ 1 mst i 1 Agr ees

mst p: Por t 1/ 1/ 1 mst i 0 Agr ees

mst p: Rer oot br i dge by ( 1/ 1/ 1 )

mst p: Por t 1/ 1/ 1 mst i 0 Rer oot ed
T-Marc 300 Series User Guide

Page 45
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Displaying the MSTP Debug
The show debug mstp command displays the MSTP debug status.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show debug mstp
Example
device-name#show debug mstp
MSTP debuggi ng st at us:
| MSTI | Dbg Rol e| Dbg Handshake|
| 0 | ON | ON |
| 10 | ON | ON |
| 11 | ON | ON |
T-Marc 300 Series User Guide

Page 46
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

MSTP Configuration Examples
Pending Configuration
The following example shows how to configure MSTP and display the temporary (pending)
configuration.
1. Enter the MSTP Protocol Configuration mode and map the VLANs ranging from 1 to 10 to
MST instance 1:
device-name#configure terminal
device-name(config)#protocol
device-name(cfg protocol)#mstp
device-name(cfg protocol mstp)#instance 1 vlan 1-10
2. Assign the name region1 and the revision number 1 to the MSTP region:
device-name(cfg protocol mstp)#name region1
device-name(cfg protocol mstp)#revision 1
3. Display the pending configuration:
device-name(cfg protocol mstp)#show pending

Pendi ng MST conf i gur at i on
Name [ r egi on1]
Revi si on 1
I nst ance Vl ans mapped
- - - - - - - - - - - - - - - - - - - - - - -
0 11- 4094
1 1- 10
T-Marc 300 Series User Guide

Page 47
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

MSTP Port Configuration
The following example shows how to configure MSTP on port 1/ 1/ 1 and how to display the
configuration.
1. Enable MSTP:
device-name#configure terminal
device-name(config)#protocol
device-name(cfg protocol)#mstp enable
device-name(cfg protocol)#exit
2. Assign port priority 16 to instance 0, and path cost 22 to instance 1. Enable BPDU guard,
restrict root, and restrict TCN on port 1/ 1/ 1:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mstp 0 port-priority 16
device-name(config-if 1/1/1)#mstp 1 path-cost 22
device-name(config-if 1/1/1)#mstp detect-bpdu-loss enable
device-name(config-if 1/1/1)#mstp restrict-root enable
device-name(config-if 1/1/1)#mstp restrict-tcn enable
device-name(config-if 1/1/1)#end
3. Display the MSTP port configuration:
device-name#show mstp instance all interface 1/1/1
MST i nst ance 0
Por t Enabl e = enabl ed
Por t Pr i or i t y = 16
Por t St at e = f or war di ng
For war d Tr ansi t i ons = 3
Por t Rol e = Desi gnat ed
Por t Pat h Cost = 200000
CI ST Root = 00000. 00A0120F2F27
Ext er nal Por t Pat hCost = 200000
Desi gnat ed Root = Thi s br i dge i s t he r egi onal r oot
Por t Pat h Cost = 200000
Desi gnat ed Br i dge = 32768. 00A01211227A
Desi gnat ed Por t I d = 128. 1
Desi gnat ed Pat h Cost = 0
Admi nEdgePor t = di sabl ed
Oper EdgePor t = di sabl ed
BPDU pr ocessi ng = St andar d
Admi nLi nk- Type = Poi nt ToPoi nt
Li nk- Type = Poi nt ToPoi nt
Rest r i ct edRoot = enabl ed
Rest r i ct edTCN = enabl ed
Det ect l ost BPDUs = enabl ed
Runni ng Ver si on = RSTP
Li nk f l appi ng = di sabl ed
MST i nst ance 1
Por t Enabl e = enabl ed
Por t Pr i or i t y = 0
T-Marc 300 Series User Guide

Page 48
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Por t St at e = f or war di ng
For war d Tr ansi t i ons = 1
Por t Rol e = Root
Por t Pat h Cost = 200000
CI ST Root = 00000. 000000000000
Ext er nal Por t Pat hCost = 200000
Desi gnat ed Root = 32768. 00A012110708
Por t Pat h Cost = 22
Desi gnat ed Br i dge = 32768. 00A01211227A
Desi gnat ed Por t I d = 128. 2
Admi nEdgePor t = di sabl ed
Oper EdgePor t = di sabl ed
BPDU pr ocessi ng = St andar d
Admi nLi nk- Type = Poi nt ToPoi nt
Li nk- Type = Poi nt ToPoi nt
Rest r i ct edRoot = enabl ed
Rest r i ct edTCN = enabl ed
Det ect l ost BPDUs = enabl ed
Runni ng Ver si on = RSTP
Li nk f l appi ng = di sabl ed
MSTP Global Parameters Configuration
The following example shows how to configure MSTP global parameters.
1. Enable MSTP and set the forward-delay value to 5 seconds:
device-name#configure terminal
device-name(config)#protocol
device-name(cfg protocol)#mstp enable
device-name(cfg protocol)#mstp forward-delay 5
2. Configure the following parameters: hello-time to 4 seconds, MaxAge time to 34 seconds, and
max-hop count to 23.
device-name(cfg protocol)#mstp hello-time 4
device-name(cfg protocol)#mstp max-age 34
device-name(cfg protocol)#mstp max-hops 23
device-name(cfg protocol)#end
T-Marc 300 Series User Guide

Page 49
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

3. Display the MSTP configuration:
device-name#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 8
CI ST Root = 00001. 00: A0: 12: 0F: 2F: 27
CI ST Por t = 01/ 01/ 01
CI CT Ext er nal Pat h Cost = 200000
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 5 ( Sec)
Br i dgeMaxAge = 34 ( Sec)
Br i dgeHel l oTi me = 4 ( Sec)
Br i dgeFor war dDel ay = 5 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 23
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed

MST00
VLAN mapped = 2- 4094
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 23
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 8
Bor der Br i dge = Di sabl ed

====================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | Pr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - +- - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 01/ 01 128 Desi gnat f r wr d 200000 200000 32768. 00A01211227A 128. 001
01/ 02/ 01 128 Root f r wr d 200000 200000 00000. 00A0120F2F27 128. 006
01/ 02/ 03 128 Desi gnat f r wr d 200000 200000 32768. 00A01211227A 128. 013

MST01
VLAN mapped = 1
Pr i or i t y = 32768
Regi onal Root = 32769. 00: A0: 12: 11: 07: 08
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 4
Bor der Br i dge = Di sabl ed

====================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 01/ 01 0 Root f r wr d 200000 0 32768. 00A01211227A 128. 001
T-Marc 300 Series User Guide

Page 50
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

01/ 02/ 01 128 Boundar y f r wr d 200000 0 32768. 00A01211227A 128. 010
01/ 02/ 03 128 Desi gnat f r wr d 200000 0 32768. 00A01211227A 128. 013
Network Configuration
In the following example, four devices are connected via VLANs V100 and V200 that are mapped
to two MST instances on each device. The example shows the redundancy achieved with MSTP.
After configuring the network, use the show mstp command on each device to verify that the MST
instances are configured correctly.

Figure 5: Schematic MSTI Configuration
Configuring Device 1:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device1#configure terminal
Device1(config)#vlan
Device1(config vlan)#config default
Device1(config-vlan default)# remove ports 1/2/1-1/2/3
Device1(config-vlan default)#exit
Device1(config vlan)#create v100 100
Device1(config vlan)#config v100
Device1(config-vlan v100)#add ports 1/2/1,1/2/3 tagged
Device1(config-vlan v100)#add ports 1/2/4 untagged
Device1(config-vlan default)#exit
Device1(config vlan)#create v200 200
Device1(config vlan)#config v200
Device1(config-vlan v200)#add ports 1/2/2,1/2/3 tagged
Device1(config-vlan v200)#exit
Device1(config vlan)#exit
2. Enable MSTP:
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
3. Set priority 0 to MSTI 1 to force Device 1 to be MSTI1 root:
Device1(cfg protocol)#mstp 1 priority 0
4. Enter the MSTP Protocol Configuration mode:
Device1(cfg protocol)#mstp
T-Marc 300 Series User Guide

Page 51
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

5. Add the VLANs to MSTIs 0, 1, and 2:
Device1(cfg protocol mstp)#instance 0 vlan 1-99,101-199,201-4094
Device1(cfg protocol mstp)#instance 1 vlan 100
Device1(cfg protocol mstp)#instance 2 vlan 200
Device1(cfg protocol mstp)#end
Configuring Device 2:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device2#configure terminal
Device2(config)#vlan
Device2(config vlan)#config default
Device2(config-vlan default)# remove ports 1/2/1-1/2/3
Device2(config-vlan default)#exit
Device2(config vlan)#create v100 100
Device2(config vlan)#config v100
Device2(config-vlan v100)#add ports 1/2/1,1/2/3 tagged
Device2(config-vlan default)#exit
Device2(config vlan)#create v200 200
Device2(config vlan)#config v200
Device2(config-vlan v200)#add ports 1/2/2,1/2/3 tagged
Device2(config-vlan v200)#add ports 1/2/4 untagged
Device2(config-vlan v200)#exit
Device2(config vlan)#exit
2. Enable MSTP:
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
3. Set priority 0 to MSTI 2 to force Device 2 to be MSTI2 root:
Device2(cfg protocol)#mstp 2 priority 0
4. Enter the MSTP Protocol Configuration mode:
Device2(cfg protocol)#mstp
5. Add the VLANS to MSTIs 0, 1, and 2:
Device2(cfg protocol mstp)#instance 0 vlan 1-99,101-199,201-4094
Device2(cfg protocol mstp)#instance 1 vlan 100
Device2(cfg protocol mstp)#instance 2 vlan 200
Device2(cfg protocol mstp)#end
T-Marc 300 Series User Guide

Page 52
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Configuring Device 3:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device3#configure terminal
Device3(config)#vlan
Device3(config vlan)#config default
Device3(config-vlan default)#remove ports 1/2/1,1/2/2,1/2/4
Device3(config-vlan default)#exit
Device3(config vlan)#create v100 100
Device3(config vlan)#config v100
Device3(config-vlan v100)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v100)#add ports 1/2/4 untagged
Device3(config-vlan v100)#exit
Device3(config vlan)#exit
2. Enable MSTP:
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
3. Enter the MSTP Protocol Configuration mode:
Device3(cfg protocol)#mstp
4. Add the VLANS to MSTIs 0, 1, and 2:
Device3(cfg protocol mstp)#instance 0 vlan 1-99,101-199,201-4094
Device3(cfg protocol mstp)#instance 1 vlan 100
Device3(cfg protocol mstp)#instance 2 vlan 200
Device3(cfg protocol mstp)#end
Configuring Device 4:
1. Create VLAN V200 and add the appropriate ports to each VLAN:
Device4#configure terminal
Device4(config)#vlan
Device4(config vlan)#config default
Device4(config-vlan default)#remove ports 1/2/1,1/2/2
Device4(config-vlan default)#exit
Device4(config vlan)#create v200 200
Device4(config vlan)#config v200
Device4(config-vlan v200)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v200)#add ports 1/2/4 untagged
Device4(config-vlan v200)#exit
Device4(config vlan)#exit
2. Enable MSTP:
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
3. Enter the MSTP Protocol Configuration mode:
Device4(cfg protocol)#mstp
T-Marc 300 Series User Guide

Page 53
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

4. Add the VLANs to MSTIs 0, 1 and 2:
Device4(cfg protocol mstp)#instance 0 vlan 1-99,101-199,201-4094
Device4(cfg protocol mstp)#instance 1 vlan 100
Device4(cfg protocol mstp)#instance 2 vlan 200
Device4(cfg protocol mstp)#end
Displaying Device 1 Configuration:
Device1#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 0
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 6
CI ST Root = 32768. 00: A0: 12: 27: 00: 80
CI ST Por t = 01/ 02/ 01
CI CT Ext er nal Pat h Cost = 0
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 99, 101- 199, 201- 4094
Pr i or i t y = 32768
Regi onal Root = 32768. 00: A0: 12: 27: 00: 80
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 6
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

MST01
VLAN mapped = 100
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 40
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 5
Bor der Br i dge = Di sabl ed

==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
T-Marc 300 Series User Guide

Page 54
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 01 128 Desi gnat f r wr d 200000 0 00000. 00A0122700C0 128. 003
01/ 02/ 03 128 Desi gnat f r wr d 200000 0 00000. 00A0122700C0 128. 005
01/ 02/ 04 128 Desi gnat f r wr d 200000 0 00000. 00A0120A0168 128. 006

MST02
VLAN mapped = 200
Pr i or i t y = 32768
Regi onal Root = 00002. 00: A0: 12: 27: 14: 20
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 7
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 02 128 Desi gnat f r wr d 200000 0 32768. 00A0122700C0 128. 004
01/ 02/ 03 128 Root f r wr d 200000 0 00000. 00A012271420 128. 005
Displaying Device 2 Configuration:
device-name#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 0
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 4
CI ST Root = 32768. 00: A0: 12: 27: 00: 80
CI ST Por t = 01/ 02/ 01
CI CT Ext er nal Pat h Cost = 200000
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 99, 101- 199, 201- 4094
Pr i or i t y = 32768
Regi onal Root = 32768. 00: A0: 12: 27: 00: 80
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 4
Bor der Br i dge = Di sabl ed
==========================================================================
T-Marc 300 Series User Guide

Page 55
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 04 128 Desi gnat f r wr d 200000 0 32768. 00A012271420 128. 005

MST01
VLAN mapped = 100
Pr i or i t y = 32768
Regi onal Root = 00001. 00: A0: 12: 27: 00: C0
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 4
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 01 128 Al t er nat bl ock 200000 200000 32768. 00A012270080 128. 004
01/ 02/ 03 128 Root f r wr d 200000 200000 00000. 00A0122700C0 128. 005

MST02
VLAN mapped = 200
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 40
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 4
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 02 128 Desi gnat f r wr d 200000 0 00000. 00A012271420 128. 002
01/ 02/ 03 128 Desi gnat f r wr d 200000 0 00000. 00A012271420 128. 003
01/ 02/ 04 128 Desi gnat f r wr d 200000 0 00000. 00A012271420 128. 005
Displaying Device 3 Configuration:
Device3#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 0
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 3
CI ST Root = Thi s br i dge i s t he r oot
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
T-Marc 300 Series User Guide

Page 56
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 99, 101- 199, 201- 4094
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 3
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

MST01
VLAN mapped = 100
Pr i or i t y = 32768
Regi onal Root = 0001. 00: A0: 12: 27: 00: C0
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 2
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 01 128 Root f r wr d 200000 0 00000. 00A012270080 128. 003
01/ 02/ 02 128 Desi gnat f r wr d 200000 0 32768. 00A012270080 128. 004
01/ 02/ 04 128 Desi gnat f r wr d 200000 0 32768. 00A012270080 128. 006

MST02
VLAN mapped = 200
Pr i or i t y = 32768
Regi onal Root = 00002. 00: A0: 12: 27: 14: 20
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 3
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i
T-Marc 300 Series User Guide

Page 57
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)


Displaying Device 4 Configuration:
Device4#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 0
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 2
CI ST Root = 32768. 00: A0: 12: 27: 00: 80
CI ST Por t = 01/ 02/ 01
CI CT Ext er nal Pat h Cost = 0
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 99, 101- 199, 201- 4094
Pr i or i t y = 32768
Regi onal Root = 32768. 00: A0: 12: 27: 00: 80
Remai ni ngHopCount = 38
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 2
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 01 128 Al t er nat f r wr d 200000 0 32768. 00A012271420 128. 003
01/ 02/ 02 128 Root f r wr d 200000 0 32768. 00A0122700C0 128. 004
01/ 02/ 04 128 Desi gnat f r wr d 200000 0 32768. 00A012271420 128. 006

MST01
VLAN mapped = 100
Pr i or i t y = 32768
Regi onal Root = 00001. 00: A0: 12: 27: 00: C0
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 5
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

MST02
VLAN mapped = 200
T-Marc 300 Series User Guide

Page 58
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Pr i or i t y = 32768
Regi onal Root = 00002. 00: A0: 12: 27: 14: 20
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 2
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

In this example if the direct link between Device 1 and Device 3 fails. MSTI01 is recalculated and
port 1/ 2/ 2 in Device 3 changes its role from alternate to root.

Figure 6: Link Failure between Two Devicees
In this case, the show mstp command displays the following:
Displaying Device 1 Configuration:
Device1#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 0
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 6
CI ST Root = 32768. 00: A0: 12: 27: 00: 80
CI ST Por t = 01/ 02/ 01
CI CT Ext er nal Pat h Cost = 0
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 99, 101- 199, 201- 4094
Pr i or i t y = 32768
Regi onal Root = 32768. 00: A0: 12: 27: 00: 80
T-Marc 300 Series User Guide

Page 59
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Remai ni ngHopCount = 38
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 6
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

MST01
VLAN mapped = 100
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 40
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 5
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 03 128 Desi gnat f r wr d 200000 0 00000. 00A0122700C0 128. 005

MST02
VLAN mapped = 200
Pr i or i t y = 32768
Regi onal Root = 00002. 00: A0: 12: 27: 14: 20
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 7
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 02 128 Desi gnat f r wr d 200000 0 32768. 00A0122700C0 128. 002
01/ 02/ 03 128 Root f r wr d 200000 0 00000. 00A012271420 128. 003
01/ 02/ 04 128 Desi gnat f r wr d 200000 0 32768. 00A0122700C0 128. 006
Displaying Device 3 Configuration:
Device3#show mstp
Mul t i pl e spanni ng t r ees = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021s
Pr i or i t y = 0
Ti meSi nceTopol ogyChange = 0 ( Sec)
TopChanges = 3
CI ST Root = Thi s br i dge i s t he r oot
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
Pr ot oMi gr at i oDel ay = 3 ( Sec)
MaxHopCount = 40
TxHol dCount = 3
T-Marc 300 Series User Guide

Page 60
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

SpanI gmpFast Recover y = di sabl ed
Fast Ri ng = di sabl ed
Lear nMode = St andar d

MST00
VLAN mapped = 1- 99, 101- 199, 201- 4094
Pr i or i t y = 32768
Regi onal Root = Thi s br i dge i s t he r oot
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 3
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

MST01
VLAN mapped = 100
Pr i or i t y = 32768
Regi onal Root = 00001. 00: A0: 12: 0A: 01: 68
Remai ni ngHopCount = 38
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 3
Bor der Br i dge = Di sabl ed
==========================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - -
01/ 02/ 02 128 Root f r wr d 200000 400000 32768. 00A00001090B 128. 002
01/ 02/ 04 128 Desi gnat f r wr d 200000 400000 32768. 00A012BBBBBB 128. 006

MST02
VLAN mapped = 200
Pr i or i t y = 32768
Regi onal Root = 00002. 00: A0: 12: 27: 14: 20
Remai ni ngHopCount = 39
Ti meSi nceTopol ogyChange = 3039 ( Sec)
TopChanges = 3
Bor der Br i dge = Di sabl ed
No act i ve por t s ar e mapped t o t he mst i

On Device 2 and Device 4:
This topology change does not affect Device 2 and Device 4 output.
T-Marc 300 Series User Guide

Page 61
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Fast Recovery Configuration
Following is a configuration example of a spanning tree IGMP fast recovery. The figure below
shows a network configuration with a triangle topology and the configuration steps of the three
devices. Device 1 is the MSTP Root for Instance 0 and there is one blocked port in the topology.
The multicast traffic flows from port 1/ 2/ 3 of Device 1 to port 1/ 2/ 3 of Device 3.


Figure 7: Spanning Tree I GMP Fast Recovery Configuration Example
Configuring Device 1:
1. Enable MSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
2. Configure the bridge priority for MST instance 0 to zero:
Device1(cfg protocol)#mstp 0 priority 0
3. Enable spanning tree IGMP fast recovery:
Device1(cfg protocol)#spanning-tree igmp-fast-recovery enable
Device1(cfg protocol)#exit
4. Configure port 1/ 2/ 3 as an edge port:
Device1(config)#interface 1/2/3
Device1(config-if 1/2/3)#mstp edge-port
Device1(config-if 1/2/3)#exit
5. Enable IGMP snooping and configure ports 1/ 1/ 1 and 1/ 1/ 2 as mrouter ports:
Device1(config)#ip igmp snooping
Device1(config)#ip igmp snooping vlan 1 mrouter interface 1/1/1
Device1(config)#ip igmp snooping vlan 1 mrouter interface 1/1/2
T-Marc 300 Series User Guide

Page 62
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Configuring Device 2:
1. Enable MSTP:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
2. Enable MSTP fast ring for accelerating its operation in a ring topology:
Device2(cfg protocol)#mstp fast-ring ring-ports 1/2/6 1/2/7
Device2(cfg protocol)#mstp learn-mode temporary-disabled 2
3. Enable spanning tree IGMP fast recovery:
Device2(cfg protocol)#spanning-tree igmp-fast-recovery enable
Device2(cfg protocol)#exit
4. Configure port 1/ 2/ 8 as an edge port:
Device2(config)#interface 1/2/8
Device2(config-if 1/2/8)#mstp edge-port
Device2(config-if 1/2/8)#exit
5. Enable IGMP snooping and configure ports 1/ 2/ 6 and 1/ 2/ 7 as mrouter ports:
Device2(config)#ip igmp snooping
Device2(config)#ip igmp snooping vlan 1 mrouter interface 1/2/6
Device2(config)#ip igmp snooping vlan 1 mrouter interface 1/2/7
Configuring Device 3:
1. Enable MSTP:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
2. Enable MSTP fast ring for accelerating its operation in a ring topology:
Device3(cfg protocol)#mstp fast-ring ring-ports 1/1/1 1/1/2
Device3(cfg protocol)#mstp learn-mode temporary-disabled 2
Device3(cfg protocol)#exit
3. Configure the port 1/ 2/ 3 as an edge port:
Device3(config)#interface 1/2/3
Device3(config-if 1/2/3)#mstp edge-port
Device3(config-if 1/2/3)#exit
4. Enable IGMP snooping and configure ports 1/ 1/ 1 and 1/ 1/ 2 as mrouter ports:
Device3(config)#ip igmp snooping
Device3(config)#ip igmp snooping vlan 1 mrouter interface 1/1/1
Device3(config)#ip igmp snooping vlan 1 mrouter interface 1/1/2
T-Marc 300 Series User Guide

Page 63
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

MSTP BPDU Guard, Loop Guard, Restricted Root and
Restricted TCN Configuration
The figure below shows a network configuration with a triangle topology followed by the
configuration of the three devices. BPDU guard, restricted root and restricted TCN are enabled on
edge port 1/ 2/ 4 to protect the backbone network from unauthorized user intervention in MSTP.
Loop guard is enabled on Device 2 and Device 3 for the ports connected to root Device 1.

Figure 8: BPDU Guard, Loop Guard, Restricted Root and Restricted TCN
Configuring Device 1:
1. Enable MSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
2. Set MST instance 0 bridge priority to 0:
Device1(cfg protocol)#mstp 0 priority 0
Device1(cfg protocol)#exit
3. Configure port 1/ 2/ 4 as an edge port. Enable BPDU guard, restricted root and restricted
TCN on this port:
Device1(config)#interface 1/2/4
Device1(config-if 1/2/4)#mstp edge-port
Device1(config-if 1/2/4)#mstp bpdu-rx discard
Device1(config-if 1/2/4)#mstp restrict-root enable
Device1(config-if 1/2/4)#mstp restrict-tcn enable
Device1(config-if 1/2/4)#exit
T-Marc 300 Series User Guide

Page 64
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Configuring Device 2:
1. Enable MSTP:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#exit
2. Configure port 1/ 2/ 4 as an edge port. Enable BPDU guard, restricted root and restricted
TCN on this port:
Device2(config)#interface 1/2/4
Device2(config-if 1/2/4)#mstp edge-port
Device2(config-if 1/2/4)#mstp bpdu-rx discard
Device2(config-if 1/2/4)#mstp restrict-root enable
Device2(config-if 1/2/4)#mstp restrict-tcn enable
Device2(config-if 1/2/4)#exit
3. Enable loop guard on ports 1/ 2/ 1 and 1/ 2/ 2:
Device2(config)#interface 1/2/1
Device2(config-if 1/2/1)#mstp detect-bpdu-loss enable
Device2(config-if 1/2/1)#interface 1/2/2
Device2(config-if 1/2/2)#mstp detect-bpdu-loss enable
Device2(config-if 1/2/2)#exit
Configuring Device 3:
1. Enable MSTP:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#exit
2. Configure port 1/ 2/ 4 as an edge port. Enable BPDU guard, restricted root and restricted
TCN on this port:
Device3(config)#interface 1/2/4
Device3(config-if 1/2/4)#mstp edge-port
Device3(config-if 1/2/4)#mstp bpdu-rx discard
Device3(config-if 1/2/4)#mstp restrict-root enable
Device3(config-if 1/2/4)#mstp restrict-tcn enable
Device3(config-if 1/2/4)#exit
3. Enable loop guard on ports 1/ 2/ 1 and 1/ 2/ 2:
Device3(config)#interface 1/2/1
Device3(config-if 1/2/1)#mstp detect-bpdu-loss enable
Device3(config-if 1/2/1)#interface 1/2/2
Device3(config-if 1/2/2)#mstp detect-bpdu-loss enable
Device3(config-if 1/2/2)#exit
T-Marc 300 Series User Guide

Page 65
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Configuring a Fast Ring
The following example shows how to configure the devices in a fast ring so that traffic is
distributed correctly among client networks.

Figure 9: Fast Ring Topology
Configuring Device 1:
1. Enable MSTP, disable learning, and configure Device 1 to be the root device:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
Device1(cfg protocol)#mstp learn-mode none
Device1(cfg protocol)#mstp 0 priority 8192
Device1(cfg protocol)#exit
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device1(config)#vlan
Device1(config vlan)#create v10 10
Device1(config vlan)#create v20 20
Device1(config vlan)#create v30 30
Device1(config vlan)#config default
Device1(config-vlan default)#remove ports 1/1/1-1/2/2
Device1(config-vlan default)#config v10
Device1(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
T-Marc 300 Series User Guide

Page 66
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Device1(config-vlan v10)#config v20
Device1(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device1(config-vlan v20)#config v30
Device1(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device1(config-vlan v30)#end
Configuring Device 2:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#mstp learn-mode none
Device2(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
Device2(cfg protocol)#exit
2. Configure an edge port and enable port security on the client port:
Device2(config)#interface 1/1/1
Device2(config-if 1/1/1)#mstp edge-port
Device2(config-if 1/1/1)#port security
Device2(config-if 1/1/1)#interface 1/2/3
Device2(config-if 1/2/3)#mstp edge-port
Device2(config-if 1/2/3)#port security
Device2(config-if 1/2/3)#interface 1/2/4
Device2(config-if 1/2/4)#mstp edge-port
Device2(config-if 1/2/4)#port security
Device2(cfg protocol)#exit
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device2(config)#vlan
Device2(config vlan)#create v10 10
Device2(config vlan)#create v20 20
Device2(config vlan)#create v30 30
Device2(config vlan)#config default
Device2(config-vlan default)#remove ports 1/1/1-1/2/2
Device2(config-vlan default)#config v10
Device2(config-vlan v10)#add ports 1/1/1 untagged
Device2(config-vlan v10)#add ports default 1/1/1
Device2(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device2(config-vlan v10)#config v20
Device2(config-vlan v20)#add ports 1/2/3 untagged
Device2(config-vlan v20)#add ports default 1/2/3
Device2(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device2(config-vlan v20)#config v30
Device2(config-vlan v30)#add ports 1/2/4 untagged
Device2(config-vlan v30)#add ports default 1/2/4
Device2(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device2(config-vlan v30)#end
T-Marc 300 Series User Guide

Page 67
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Configuring Device 3:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#mstp learn-mode none
Device3(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
Device3(cfg protocol)#exit
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device3(config)#vlan
Device3(config vlan)#create v10 10
Device3(config vlan)#create v20 20
Device3(config vlan)#create v30 30
Device3(config vlan)#config default
Device3(config-vlan default)#remove ports 1/1/1-1/2/2
Device3(config-vlan default)#config v10
Device3(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v10)#config v20
Device3(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v20)#config v30
Device3(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v30)#end
Configuring Device 4:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device4#configure terminal
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
Device4(cfg protocol)#mstp learn-mode none
Device4(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
Device4(cfg protocol)#exit
2. Configure an edge port and enable port security on the client port:
Device4(config)#interface 1/1/1
Device4(config-if 1/1/1)#mstp edge-port
Device4(config-if 1/1/1)#port security
Device4(config-if 1/1/1)#interface 1/2/3
Device4(config-if 1/2/3)#mstp edge-port
Device4(config-if 1/2/3)#port security
Device4(config-if 1/2/3)#interface 1/2/4
Device4(config-if 1/2/4)#mstp edge-port
Device4(config-if 1/2/4)#port security
Device4(config-if 1/2/4)#exit
T-Marc 300 Series User Guide

Page 68
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device4(config)#vlan
Device4(config vlan)#create v10 10
Device4(config vlan)#create v20 20
Device4(config vlan)#create v30 30
Device4(config vlan)#config default
Device4(config-vlan default)#remove ports 1/1/1-1/2/2
Device4(config-vlan default)#config v10
Device4(config-vlan v10)#add ports 1/1/1 untagged
Device4(config-vlan v10)#add ports default 1/1/1
Device4(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v10)#config v20
Device4(config-vlan v20)#add ports 1/2/3 untagged
Device4(config-vlan v20)#add ports default 1/2/3
Device4(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v20)#config v30
Device4(config-vlan v30)#add ports 1/2/4 untagged
Device4(config-vlan v30)#add ports default 1/2/4
Device4(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v30)#end
Configuring Device 5:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device5#configure terminal
Device5(config)#protocol
Device5(cfg protocol)#mstp enable
Device5(cfg protocol)#mstp learn-mode none
Device5(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
2. Configure an edge port and enable port security on the client port:
Device5#configure terminal
Device5(config)#interface 1/1/1
Device5(config-if 1/1/1)#mstp edge-port
Device5(config-if 1/1/1)#port security
Device5(config-if 1/1/1)#interface 1/2/3
Device5(config-if 1/2/3)#mstp edge-port
Device5(config-if 1/2/33)#port security
Device5(config-if 1/2/3)#interface 1/2/4
Device5(config-if 1/2/4)#mstp edge-port
Device5(config-if 1/2/4)#port security
Device5(config-if 1/2/4)#exit
T-Marc 300 Series User Guide

Page 69
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device5(config)#vlan
Device5(config vlan)#create v10 10
Device5(config vlan)#create v20 20
Device5(config vlan)#create v30 30
Device5(config vlan)#config default
Device5(config-vlan default)#remove ports 1/1/1-1/2/2
Device5(config-vlan default)#config v10
Device5(config-vlan v10)#add ports 1/1/1 untagged
Device5(config-vlan v10)#add ports default 1/1/1
Device5(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device5(config-vlan v10)#config v20
Device5(config-vlan v20)#add ports 1/2/3 untagged
Device5(config-vlan v20)#add ports default 1/2/3
Device5(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device5(config-vlan v20)#config v30
Device5(config-vlan v30)#add ports 1/2/4 untagged
Device5(config-vlan v30)#add ports default 1/2/4
Device5(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device5(config-vlan v30)#end
T-Marc 300 Series User Guide

Page 70
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)

Supported Platforms
Feature T-Marc 340 T-Marc 380
Multiple Spanning Tree Protocol (MSTP) + +
Supported Standards, MIBs, and RFCs
Feature Standards MIBs RFCs
Multiple Spanning Tree
Protocol (MSTP)
IEEE 802.1d-1998
IEEE 802.1t-2001
IEEE 802.1w-2001
IEEE 802.1s-2002
Private MIBs:
prvt_mst.mib
prvt_switch.mib
RFC 2863, Interfaces
Group MIB
(configL2IfaceTable)


Page 1
Configuring Access Control Lists (ACLs) (Rev. 09)

Configuring Access Control Lists (ACLs)
Table of Figures 3
Overview 4
ACL Types 4
ACL Process Options 5
Access Control Groups (ACG) 5
ACL Processing Rules 6
Traffic Remarking 6
Traffic Rate Limit and Shaping 6
Single Rate Three Color Marker (RFC 2697) 7
Two Rate Three Color Marker (RFC 2698) 7
Exceed Action 7
Color-Blind and Color-Aware 7
The ACL Default Configuration 8
ACL Configuration Flow 9
ACL Configuration Commands10
Creating a Standard IP ACL12
Creating an Extended IP ACL14
Creating an Extended MAC ACL16
Adding a Comment to an ACL20
Assigning an IP ACG 21
Assigning a MAC ACG22
Applying Rate Limiting by ACGs24
Adding a new VLAN Tag in Frames26
Applying QoS Settings on an ACG27
Changing the DSCP Value27
Changing the VPT Value28
Saving the ACG Configuration29
T-Marc 300 Series User Guide
Page 2
Configuring Access Control Lists (ACLs) (Rev 09)

Enabling Match Statistics29
Displaying the IP ACLs30
Displaying the MAC ACLs30
Displaying the IP ACG 32
Displaying the IP ACG Statistics33
Displaying the MAC ACG34
Displaying Match Statistics for MAC ACGs34
Clearing the IP ACG Statistics35
Clearing the MAC ACG Statistics36
Configuration Examples37
Configuring IP ACLs37
Configuring MAC ACLs39
Creating ACLs per SAP41
Configuring an ACG per Egress42
Configuring Rate Limit with DSCP Mapping42
Configuring Rate Limit with Priority Remarking44
Supported Platforms46
Supported Standards, MIBs and RFCs46

T-Marc 300 Series User Guide
Page 3
Configuring Access Control Lists (ACLs) (Rev 09)

Table of Figures
Figure 1: Configuration Flow for ACL 9
Figure 2: MAC ACG over Port Configuration Example23
Figure 3: Creating Standard and Extended IP ACLs37
Figure 4: Rate Limit over Port Configuration39

T-Marc 300 Series User Guide
Page 4
Configuring Access Control Lists (ACLs) (Rev 09)

Overview
Access Control Lists (ACLs) are sets of numbered rules that process packets going through the
device and provide the ability to control network traffic. Using ACLs, system administrators can
filter packets that pass through a port by defining different criteria, in order to ensure the network's
security, Quality of Service (QoS), traffic control, and traffic rate-limitation.
These rules are processed in a sequential order, either permitting or denying the traffic, based on the
specified ACL conditions. The hardware tests the packets parameters against the ACLs and acts
upon the first condition matched.
The main advantages in using ACLs are:
Securityby forwarding or dropping ingress traffic, ACLs aid administrators in managing
network security policies.
Traffic Controlby enforcing redirection rules, administrators can manipulate network traffic
flow, thus reducing bottlenecks and congestions.
Traffic Rate Limitationusing ACLs, administrators can control traffic rate per port, or SAP
port according to user defined criteria.
Quality of Service (QoS)administrators can assign packet-handling priority to data flow,
sorting the flow into eight priority queues, based on the ACL criteria. You can also use ACLs
to re-mark ToS/ DSCP values.
ACL Types
There are three basic ACL types, in predefined range of numbers. Each type matches specific fields
in the packets:
Standard IP ACLs (#199, or #10002999): match the packets source IP address.
Extended IP ACLs (#100199, or #1000011999): match both the source and destination IP
addresses. In addition, these ACLs can also match protocol types and optional DSCP values
for finer granularity of control.
Extended MAC ACLs (#400499, or #4000041999): match both the source and
destination MAC addresses. In addition, these ACLs can also match VPT, ToS, and other
Layer 2 header fields for finer granularity of control.
T-Marc 300 Series User Guide
Page 5
Configuring Access Control Lists (ACLs) (Rev 09)

ACL Process Options
Systems administrators can apply ACLs to both ingress (inbound) traffic and egress (outbound)
traffic:
Ingress ACLs process incoming packets, manipulating permitted packets and switching them
according to matched ACL conditions. Packets that do not match any of the ACLs are
discarded
Egress ACLs are only used for traffic remarking
Egress ACLs do not filter packets originated by the device (such as outgoing Telnet
session packets, NTP service packets, and various broadcast packets).
Access Control Groups (ACG)
An ACG is a collection of ACLs applied to port(s) or aggregation of ports or SAP port determining
the process of ingress or egress traffic.
They manipulate permitted ingress packets before forwarding them and discard denied packets,
performing an action that is based on the ACL conditions matched. When configured on egress
traffic, they manipulate permitted outgoing packets.
Using ACGs you can:
filter (drop) traffic
limit rate of the traffic
assign a priority to traffic
remark 802.1p / DSCP bits only for egress ACLs
redirect traffic to a specified VLAN
statistics collections
You can apply multiple ACGs per port/ aggregation/ SAP
T-Marc 300 Series User Guide
Page 6
Configuring Access Control Lists (ACLs) (Rev 09)

ACL Processing Rules
In order to use ACLs effectively, it is essential to understand the ACL processing rules:
Sequential processing: ACLs are processed sequentially, in the order they are entered
Once created, users can add new rules to the end of the ACL
Users cannot selectively add or remove ACL lines from a specific ACL
The device tests the packets only until it finds the first match, defining whether to permit or
deny the packets
If the packets do not match any of the ACLs:
in case of ingress ACL, they are denied. This is because the last rule is an implicit deny
statement
in case of egress ACL, they are permitted (unless the user configures a rule to implicitly
deny packets that do not match any of the rules)
Orderedprocessing: when applying multiple ACLs, these ACLs are applied in the same order the
user applies them. For example, when applying ACL5 and ACL2 to a port, the device first
matches ACL5 rules. If the packets do not match any rules in ACL 5, the device then matches
ACL2 rules
Due to the above processing rules, the order of the rules within an ACL and the order the ACLs
are applied is critical.
The total number of conditions for a single ACL rule that can be applied to the ports is limited to
62.
Traffic Remarking
ACLs allow users to impact QoS and its various aspects such as, bandwidth limitation, latency,
traffic prioritization, and drop precedence.
Users can also use ACLs to remark the ToS field values by defining a new ToS/ DSCP value, and to
perform rate control and priority assignment per flow.
Traffic Rate Limit and Shaping
Traffic congestion, caused by heavy network traffic, can cause incoming packet to drop.
To prevent congestion on provider networks, system administrators can use traffic rate limit and
traffic shaping by allocating a specific bandwidth per user port or traffic.
A traffic rate limiter monitors the incoming traffic by:
forwarding conforming traffic (within the predefined rate)
dropping non-conforming traffic or marking this traffic
T-Marc 300 Series User Guide
Page 7
Configuring Access Control Lists (ACLs) (Rev 09)

Single Rate Three Color Marker (RFC 2697)
The Single Rate Three Color Marker (srTCM) meters a traffic stream and marks it according to
three parameters:
The Committed Information Rate (CIR) determines the long-term average transmission rate
The Committed Burst Size (CBS) determines how large traffic bursts can be before some of
the traffic exceeds the rate limit
The traffic is then marked as follows:
Traffic within CIR always conforms and is marked green
Traffic that exceeds CBS is dropped or marked yellow
Two Rate Three Color Marker (RFC 2698)
The two rate Three Color Marker (trTCM) meters a traffic stream and marks it according to the
below parameters.
The Committed Information Rate (CIR) determines the long-term average transmission rate
The Committed Burst Size (CBS), associated with CIR, determines how large traffic bursts can
be before some of the traffic exceeds the rate limit
The Peak Information Rate (PIR) determines the long-term delimiter between yellow packets
and red ones
The Peak Burst Size (PBS), associated with PIR, determines the burst size before the traffic
exceeds PIR
The traffic is then marked as follows:
Traffic within CIR and CBS always conforms and is marked green
Traffic not conforming to CIR and CBS but conforming to PIR and PSB is marked yellow
Exceed Action
Once the packet is classified as exceeding a particular rate limit, the device:
either drops the packet
mark the packet with a yellow color and continue
Color-Blind and Color-Aware
Rate limiting operates in one of the below two modes:
in a Color-Blindmode, assumes that the packet stream is uncolored
in a Color-Awaremode, assumes that some preceding entity has pre-colored the incoming
packet stream so that each packet can be colored green or yellow.
T-Marc 300 Series User Guide
Page 8
Configuring Access Control Lists (ACLs) (Rev 09)

The ACL Default Configuration
Table 1: ACL Default Configuration
Parameter Default Value
Access Control List (ACL) Not defined
Access Control Group (ACG) Not defined
Rate limit color awareness Color blind
Rate limit exceed action Drop
T-Marc 300 Series User Guide
Page 9
Configuring Access Control Lists (ACLs) (Rev 09)

ACL Configuration Flow
























Figure 1: Configuration Flow for ACL
Start
End
Apply an ACG per port/SAP
Filter by source IP address
Filter traffic by source/destination IP
and/or IP type protocol
Filter by source/destination MAC
address
Select additional ACG options:
Assign Traffic Priority
Statistics
VLAN redirect
QoS Settings
Select additional ACG options:
Remark DSCP
Remark VPT
Filter by FC and color
Filter by FC, color and DSCP
Ingress or Egress
ACL
Ingress Egress
Apply an ACG per port
T-Marc 300 Series User Guide
Page 10
Configuring Access Control Lists (ACLs) (Rev 09)

ACL Configuration Commands
Table 2: ACLs Configuration Commands
Command Description
access-list ( st andar d i p) Defines standard IP ACLs (see Creating a Standard IP
ACL)
access-list ( ext ended i p) Defines extended IP ACL (see Creating an Extended IP
ACL)
access-list ( ext ended mac) Defines extended MAC ACL (see Creating an Extended
MAC ACL)
access-list remark Associates a remark to a specified IP ACL (see Adding a
Comment to an ACL)

Table 3: ACG Configuration Commands
Command Description
ip access-group Assigns an IP ACG to a port, LAG or SAP port (see
Assigning an IP ACG)
mac access-group Assigns a MAC ACG to a port, LAG or SAP port (see
Assigning a MAC ACG)

Table 4: Additional ACG Commands
Command Description
rate-limit single-rate Applies a single rate-limit (RFC 2697) on the ACG for the
specified port, LAG or SAP port (see Applying Rate
Limiting by ACGs)
rate-limit dual-rate Applies a dual rate-limit (RFC 2698) on the ACG for the
specified port, LAG or SAP port (see Applying Rate
Limiting by ACGs)
set vlan Changes the VLAN ID in the packet header (see Adding a
new VLAN Tag in Frames)
set txq Applies QoS on packets matching the ACG (see Applying
QoS Settings on an ACG)
set dscp Changes the DSCP field value of the packets on egress
interfaces (Changing the DSCP Value)
set vpt Changes the VPT field value of the packets on egress
interfaces (Changing the VPT Value)
apply Saves the ACG options and exits the ACG Configuration
mode (see Saving the ACG Configuration)
statistics Enables match statistics on a port, LAG or SAP port (see
Enabling Match Statistics)

T-Marc 300 Series User Guide
Page 11
Configuring Access Control Lists (ACLs) (Rev 09)


Table 5: ACL and ACG Display Commands
Command Description
show ip access-lists Displays the configured IP ACLs (see Displaying the IP
ACLs)
show mac access-lists Displays the configured MAC ACLs (see Displaying the
MAC ACLs)
show ip access-groups Displays the IP ACGs configured on ports, LAGs, and
VLANs (see Displaying the IP ACG)
show ip access-groups
statistics
Displays how many packets match the applied IP ACG
(see Displaying the IP ACG Statistics)
show mac access-groups Displays the MAC ACGs configured on ports, LAGs, and
VLANs (see Displaying the MAC ACG)
show mac access-groups
statistics
Displays how many packets match the applied MAC ACG
(see Displaying Match Statistics for MAC ACGs)

Table 6: Clear ACG Statistics Commands
Command Description
clear ip access-groups
statistics
Clears the IP ACG statistics (see Clearing the IP ACG
Statistics)
clear mac access-groups
statistics
Clears the MAC ACG statistics (see Clearing the MAC
ACG Statistics)
T-Marc 300 Series User Guide
Page 12
Configuring Access Control Lists (ACLs) (Rev 09)

Creating a Standard IP ACL
The access-list <acl-number> defines standard IP ACLs.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#access-list <acl-number> {deny | permit} SOURCE [SOURCE-
MASK] [fc FC-TYPE drop-level {green | yellow}]
device-name(config)#no access-list <acl-number>
Argument Description
acl-number The standard IP ACL number is in the range of <1-99>, or
<1000-2999>
{deny | permit}
Specifies whether this is a permit or deny rule
SOURCE
The packets source-address (network or host) specified as:
IP address in dotted-decimal notation (A.B.C.D)
the keyword any as an abbreviation for a source of 0.0.0.0 and
source-mask of 255.255.255.255
the keyword host source as an abbreviation for a source of 0.0.0.0
and source-mask of 0.0.0.0
SOURCE-MASK
(Optional) mask bits applied to source, specified as:
dotted-decimal notation (A.B.C.D). Place one in the bit positions
you want to ignore
CIDR notation (/M)
T-Marc 300 Series User Guide
Page 13
Configuring Access Control Lists (ACLs) (Rev 09)

fc FC-TYPE
Specifies a forwarding class traffic (FC) that match the ACL
(only for egress ACL)

FC Type
Description
be
Specifies that the forwarding class to be mapped is the
Best-Effort Forwarding Class
12
Specifies that the forwarding class to be mapped is the
Low-2 Forwarding Class
af
Specifies that the forwarding class to be mapped is the
Assured Forwarding Class
l 1
Specifies that the forwarding class to be mapped is the
Low-1 Forwarding Class
h2
Specifies that the forwarding class to be mapped is the
High-2 Forwarding Class
ef
Specifies that the forwarding class to be mapped is the
Expedited Forwarding Class
h1
Specifies that the forwarding class to be mapped is the
High-1 Forwarding Class
nc
Specifies that the forwarding class to be mapped is the
Network Control Forwarding Class

drop-level
Specifies the color of packets for which the following ACL takes effect
green
Match specific FC with color green
yellow
Match specific FC with color yellow
no
Removes the specified ACL
Examples
1. The IP address 192.98.2.1 is permitted, subnet 192.98.0.0/ 16 except for this address is denied,
but the entire subnet 192.0.0.0/ 8 is permitted. All other traffic is denied:
device-name(config)#access-list 1 permit host 192.98.2.1
device-name(config)#access-list 1 deny 192.98.0.0/16
device-name(config)#access-list 1 permit 192.0.0.0/8
2. To apply this ACL to port 1/ 1/ 1, use the ip access-group command:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#ip access-group 1
T-Marc 300 Series User Guide
Page 14
Configuring Access Control Lists (ACLs) (Rev 09)

Creating an Extended IP ACL
The access-list <acl-number> command defines extended IP ACLs.
CLI Mode: Global Configuration
The extended IP ACL filters the traffic by the following parameters:
SourceIP address in the IP packet header
DestinationIP address in the IP packet header
IP protocol in the IP packet header
DSCP matches DSCP value in the packet
Command Syntax
device-name(config)#access-list <acl-number> {deny | permit} {ip | icmp | igmp
| tcp | udp | <protocol-number>} SOURCE [SOURCE-MASK] DESTINATION
[DESTINATION-MASK] [dscp <dscp>] [fc FC-TYPE drop-level {green |
yellow}]
device-name(config)#no access-list <acl-number>
Argument Description
acl-number
The extended IP ACL number in the range of <100-199>, or
<10000-11999>.
{deny | permit}
Specifies whether this is a permit or deny rule
protocol-number Specifies the name or number of an IP protocol:
Valid IP protocol names are: tcp, udp, ip, igmp, icmp
Valid IP protocol numbers are integers in the range of <0255>
representing an IP protocol number
(http://www.iana.org/assignments/protocol-numbers (RFC5237))
To match any Internet protocol, use the keyword ip
Some protocols allow further qualifiers, as described below
SOURCE
The packets source-address (network or host) specified as:
IP address in dotted-decimal notation (A.B.C.D)
the keyword any as an abbreviation for a source of 0.0.0.0 and
source-mask of 255.255.255.255.
the keyword host source as an abbreviation for a source of 0.0.0.0
and source-mask of 0.0.0.0.
SOURCE-MASK
(Optional) mask bits applied to source, specified as:
dotted-decimal notation (A.B.C.D). Place one in the bit positions you
want to ignore
CIDR notation (/M)
T-Marc 300 Series User Guide
Page 15
Configuring Access Control Lists (ACLs) (Rev 09)

DESTINATION
The network or hosts number the packet is sent to:
IP address in dotted-decimal notation (A.B.C.D)
the keyword any as an abbreviation for a destination of 0.0.0.0 and
destination-mask of 255.255.255.255.
the keyword host source as an abbreviation for a destination of
0.0.0.0 and destination-mask of 0.0.0.0.
DESTINATION-
MASK
(Optional) the mask bits applied to the destination specified as:
dotted-decimal notation (M.M.M.M). Place one in the bit positions you
want to ignore
CIDR notation (/M)
dscp <dscp> (Optional) the number of packets filtered by DSCP value, in the valid range
of <063>.
fc FC-TYPE
Specifies a forwarding class traffic (FC) that match the ACL
(only for egress ACL)

FC Type Description
be
Specifies that the forwarding class to be mapped is the
Best-Effort Forwarding Class
12
Specifies that the forwarding class to be mapped is the
Low-2 Forwarding Class
af
Specifies that the forwarding class to be mapped is the
Assured Forwarding Class
l 1
Specifies that the forwarding class to be mapped is the
Low-1 Forwarding Class
h2
Specifies that the forwarding class to be mapped is the
High-2 Forwarding Class
ef
Specifies that the forwarding class to be mapped is the
Expedited Forwarding Class
h1
Specifies that the forwarding class to be mapped is the
High-1 Forwarding Class
nc
Specifies that the forwarding class to be mapped is the
Network Control Forwarding Class

drop-level
Specifies the color of packets for which the following ACL takes effect
green
Match the traffic with the above FC value with color green.
yellow
Match the traffic with the above FC value with color yellow.
no
Removes the specified ACL
T-Marc 300 Series User Guide
Page 16
Configuring Access Control Lists (ACLs) (Rev 09)

Creating an Extended MAC ACL
The access-list <acl-number> command defines extended MAC ACLs.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#access-list <acl-number> {deny | permit} {SOURCE-MAC
SOURCE-MAC-MASK | host SOURCE-MAC | any} {DESTINATION-MAC DESTINATION-
MAC-MASK | host DESTINATION-MAC | any} {unicast | multicast | broadcast}
[vlan <vlan-id> <VLAN mask>] [vpt <priority>] [inner-vlan <vlan-id>
<VLAN mask>] [inner-vpt <priority>] [untagged] [ether-type <ether-type>]
[dscp <dscp>] [tos <tos>] [precedence <precedence>] [fc FC-TYPE drop-
level {green | yellow}]

device-name(config )#no access-list <acl-number>
Argument Description
acl-number
The extended MAC ACL number in the range of <400-499>, or
<40000-41999>.
{deny | permit}
Specifies whether this is a permit or deny rule
SOURCE-MAC
The packets source MAC-address. Valid values are:
HH:HH:HH:HH:HH:HH notation
the keyword any representing all MAC addresses
the keyword host representing an abbreviation for a source-
mask of 00:00:00:00:00:00
SOURCE-MAC-MASK The source MAC address mask in HH:HH:HH:HH:HH:HH notation.
Use 0 for meaningful bits (exact-match) and 1 for meaningless bits
(any).
Examples:
permit 00:aa:bb:cc:dd:ee 00:00:00:00:00:00 equals
permit host 00:aa:bb:cc:dd:ee
permit 00:aa:bb:cc:dd:ee FF:FF:FF:FF:FF:FF equals
permit any
permit 00:aa:bb:cc:dd:ee 00:00:00:FF:FF:FF permits
the range <00:aa:bb:00:00:0000:aa:bb:ff:ff:ff>
DESTINATION-MAC
The destination MAC address the packet is sent to. Valid values are:
HH:HH:HH:HH:HH:HH notation
the keyword any representing all MAC addresses
the keyword host representing as an abbreviation for a
destination-mask of 00:00:00:00:00:00
DESTINATION-MAC-MASK
The destination MAC address mask in HH:HH:HH:HH:HH:HH
notation.
Use 0 for meaningful bits (exact-match), and 1 for meaningless bits
(any).
unicast
(Optional) matches the unicast traffic
T-Marc 300 Series User Guide
Page 17
Configuring Access Control Lists (ACLs) (Rev 09)

multicast
(Optional) matches the multicast traffic
broadcast
(Optional) matches the broadcast traffic
vlan <vlan-id>
(Optional) the VLAN ID in the outer VLAN tag header.
The valid range is <14092>.
VLAN mask
(Optional) matches the VLAN mask in hexadecimal format, 1 to 3
hexadecimal digits, prefixed with "0x".
Use 0 for meaningful bits (exact-match) and 1 for meaningless bits
(any).
vpt <priority> (Optional) the VPT in the outer VLAN tag header.
The valid range is <07>.
inner-vlan <vlan-id>
(Optional) matches the VLAN ID number in the inner VLAN tag
header. The valid range is <1-4092>.
inner-vpt <priority>
(Optional) matches packets by the VPT in the VLAN inner tag
header.
The valid range is <07>.
untagged
(Optional) matches untagged packets only.
If you do not specify the untagged option, all tagged and untagged
frames are matched.
ether-type <ether-
type>
(Optional) the EtherType filed in the Ethernet header of a packet.
The field is matched for non-IP and non-ARP traffic only.
Table 9 lists the valid EtherType known values.
dscp <dscp>
(Optional) the DiffServ Code Point (DSCP) value from IP header of a
packet. The valid range is <063>.
tos <tos> (Optional) matches packets by the service level type, in the range of
<07>or by any of the valid literal ToS values listed below (see
Table 8).
precedence
<precedence>
(Optional) matches packets by the precedence level, in the range of
<07>or by any of the valid literal precedence values listed below
(see Table 7).
T-Marc 300 Series User Guide
Page 18
Configuring Access Control Lists (ACLs) (Rev 09)

fc FC-TYPE
Specifies a forwarding class traffic (FC) that match the ACL
(only for egress ACL)

FC Type Description
be
Specifies that the forwarding class to be mapped is
the Best-Effort Forwarding Class
12
Specifies that the forwarding class to be mapped is
the Low-2 Forwarding Class
af
Specifies that the forwarding class to be mapped is
the Assured Forwarding Class
l 1
Specifies that the forwarding class to be mapped is
the Low-1 Forwarding Class
h2
Specifies that the forwarding class to be mapped is
the High-2 Forwarding Class
ef
Specifies that the forwarding class to be mapped is
the Expedited Forwarding Class
h1
Specifies that the forwarding class to be mapped is
the High-1 Forwarding Class
nc
Specifies that the forwarding class to be mapped is
the Network Control Forwarding Class

drop-level
Specifies the color of packets for which the following ACL takes
effect
green
Match the traffic with the above FC value with color green.
yellow
Match the traffic with the above FC value with color yellow.
no Removes the specified ACL
Table 7: Valid Precedence Literal Values
Valid Literal Value Description Value
cr i t i cal
Critical precedence 5
f l ash
Flash precedence 3
f l ash- over r i de
Flash override precedence 4
i mmedi at e
Immediate precedence 2
i nt er net
Internetwork control precedence 6
net wor k
Network control precedence 7
pr i or i t y
Priority precedence 1
r out i ne
Routine precedence 0
T-Marc 300 Series User Guide
Page 19
Configuring Access Control Lists (ACLs) (Rev 09)

Table 8: Valid ToS Literal Values
Valid Literal Value Description Value
max- r el i abi l i t y
Max reliable TOS 1
max- t hr oughput
Max throughput TOS 2
mi n- del ay
Min delay TOS 4
nor mal
Min monetary cost TOS 0
Table 9: EtherType Known Values
Value Description
0x00000x05DC
IEEE 802.3 length
0x0800
IP (Internet Protocol)
0x0806
ARP (Address Resolution Protocol)
0x8035
DRARP (Dynamic RARP)
RARP (Reverse Address Resolution Protocol)
0x80F3
AARP (AppleTalk Address Resolution Protocol)
0x8100
IPX (Internet Packet Exchange)
0x8137
IPv6 (Internet Protocol version 6)
0x86DD
PPP (Point-to-Point Protocol)
0x880B
GSMP (General Switch Management Protocol)
0x880C
MPLS (Multi-Protocol Label Switching) unicast
0x8863
MPLS (Multi-Protocol Label Switching) multicast
0x8864
PPPoE (PPP Over Ethernet) Discovery Stage
0x88BB
PPPoE (PPP Over Ethernet) PPP Session Stage
0x8E88
LWAPP (Light Weight Access Point Protocol)
0xFFFF
EAPOL (EAP over LAN)
Examples
Create extended MAC ACLs:
device-name(config)#access-list 404 permit host 00:00:0a:00:00:01 any
unicast
device-name(config)#access-list 405 permit host 00:00:09:00:00:01 any
unicast
device-name(config)#access-list 406 permit host 00:00:09:00:00:4e any
multicast
device-name(config)#access-list 407 permit host 00:00:0A:00:00:6e any
broadcast
Here, any tagged traffic is denied. Only the untagged traffic that ingresses a port, with the
default VLAN 20, is accepted:
device-name(config)#access-list 433 permit any any vlan 20 0x000 untagged
T-Marc 300 Series User Guide
Page 20
Configuring Access Control Lists (ACLs) (Rev 09)

Adding a Comment to an ACL
The access-list remark command associates an explanatory remark to a specified standard,
extended or MAC extended ACLs.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#access-list <acl-number> remark REMARK
device-name(config)#no access-list <acl-number> [remark REMARK]
Argument Description
acl-number The number of an existing ACL.
Valid values are:
<199>or <1000-2999>the ID for the standard ACL
<100199>or <10000-11999>the ID for the extended ACL
<400499>or <40000-41999>the ID for the MAC extended ACL
REMARK A string of up to 40 characters
no Removes the remark.
CAUTION
Using the no form of the command without specifying a remark
removes the ACL.
Example
Add the remark test-acl to the ACL with number 401:
device-name(config)#access-list 401 remark test-acl
device-name(config)#access-list 401 permit host 00:a0:12:02:43:32 any
T-Marc 300 Series User Guide
Page 21
Configuring Access Control Lists (ACLs) (Rev 09)

Assigning an IP ACG
The ip access-group command assigns an IP ACG to a port, LAG or SAP port.
CLI Mode:
Interface Configuration, LAG Interface Configuration and SAP Service
Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ip access-group [in | out] <acl-number>
[option]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#
device-name(config-if UU/SS/PP)#no ip access-group [in | out] <acl-number>

device-name(config-if AG0N)#ip access-group [in] <acl-number> [option]
device-name(config-if AG0N acg ACL-NUMBER)#
device-name(config-if AG0N)#no ip access-group [in] <acl-number>

device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#ip access-group [in] <acl-
number> [option]
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#no ip access-group [in] <acl-
number>
Argument Description
acl-number The number of an existing ACL. Valid values are:
<199>or <1000-2999>the ID for the standard ACL
<100199>or <10000-11999>the ID for the extended ACL
in (Optional) applies the ACL on the ingress traffic. If no keyword is specified, the
ACL is applied only on incoming traffic.
out
(Optional) applies the ACL on the egress traffic.
option (Optional) defines an action applied on matching traffic and changes the CLI
mode to the specified ACG configuration mode
no Removes the specified IP ACG.
Example
device-name(config)#tls serv 2
device-name(config-tls serv)#sap 1/1/1 c-vlans 10 option
device-name(config-tls-sap 1/1/1:10:)ip access-group 100 option
device-name(config-tls-sap 1/1/1:10: acg 100)#
T-Marc 300 Series User Guide
Page 22
Configuring Access Control Lists (ACLs) (Rev 09)

Assigning a MAC ACG
The mac access-group assigns a MAC ACG to a port, LAG or SAP port.
CLI Mode:
Interface Configuration, LAG Interface Configuration, and SAP Service
Configuration
Command Syntax
device-name(config-if UU/SS/PP)#mac access-group [in | out] <acl-number>
[option]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#
device-name(config-if UU/SS/PP)#no mac access-group [in | out] <acl-number>

device-name(config-if AG0N)#mac access-group [in] <acl-number> [option]
device-name(config-if AG0N acg ACL-NUMBER)#
device-name(config-if AG0N)#no mac access-group <acl-number>

device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#mac access-group [in] <acl-
number> [option]
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#no mac access-group [in] <acl-
number>
Argument Description
acl-number The number of an existing ACL. Valid values are in the range of <400499>, or
<4000041999>.
in (Optional) applies the ACL on the ingress traffic. If no keyword is specified, the
ACL is applied only on incoming traffic.
out
(Optional) applies the ACL on the egress traffic.
option (Optional) defines an action applied on matching traffic and changes the CLI
mode to the specified ACG configuration mode
no Removes the specified MAC ACG

T-Marc 300 Series User Guide
Page 23
Configuring Access Control Lists (ACLs) (Rev 09)

Examples
In the following example:
1. Port 1/ 1/ 1 is connected to a group of users. ACL 400 permits access to the server only for
users with MAC addresses 00:00:5a:63:56:78 (PC1) and 00:00:54:67:f5:61 (PC2).
2. Port 1/ 1/ 2 is connected to a server.

Figure 2: MAC ACG over Port Configuration Example
device-name#configure terminal
device-name(config)#access-list 400 permit 00:00:5a:63:56:78
00:00:00:00:00:00 00:a0:cc:d6:b0:fa 00:00:00:00:00:00
device-name(config)#access-list 400 permit 00:00:54:67:f5:61
00:00:00:00:00:00 00:a0:cc:d6:b0:fa 00:00:00:00:00:00
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 400 option
device-name(config-if 1/1/1 acg 400)#end
T-Marc 300 Series User Guide
Page 24
Configuring Access Control Lists (ACLs) (Rev 09)

Applying Rate Limiting by ACGs
The rate-limit command applies a rate-limit on the ACG for the specified port, LAG or SAP
port.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration, and SAP
Service ACG Configuration
This command takes affect only upon exiting the ACG Configuration mode.
By default, the color marking of the packet is ignored (color-blind).


NOTE
The real values for CIR, CBS, PIR, and PBS may be different than the configured
ones, due to granularity limitations. After configuring these values, a warning
message appears:
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!


NOTE
You cannot configure the dual - r at e on uplink ports for the T-Marc 340.
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#rate-limit single-rate <cir>
<cbs> [color-aware | [exceed-action mark-yellow] | [statistics]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#rate-limit dual-rate <cir>
<cbs> <pir> <pbs> [statistics]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no rate-limit

device-name(config-if AG0N acg ACL-NUMBER)#rate-limit single-rate <cir> <cbs>
[color-aware | [exceed-action mark-yellow] | [statistics]
device-name(config-if AG0N acg ACL-NUMBER)#rate-limit dual-rate <cir> <cbs>
<pir> <pbs> [statistics]
device-name(config-if AG0N acg ACL-NUMBER)#no rate-limit

device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#rate-limit
single-rate <cir> <cbs> [color-aware | [exceed-action mark-yellow] |
[statistics]
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#rate-limit dual-
rate <cir> <cbs> <pir> <pbs> [statistics]
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no rate-limit
Argument Description
single-rate
The Single Rate Three Color Marker (RFC 2697).
dual-rate
The Two Rate Three Color Marker (RFC 2698).
cir
The CIR in K, M or G (in bps). The valid range is <64K1G>with 64 kbps
granularity.
cbs
The CBS in K, M or G (in bytes). The valid range is <4K16384K>.
pir The PIR in K, M or G (in bytes). The valid range is <64K1G>with 64 kbps
granularity.
T-Marc 300 Series User Guide
Page 25
Configuring Access Control Lists (ACLs) (Rev 09)

pbs The PBS in K, M or G (in bytes). The valid range is <4K16384K>.
color-aware (Optional) the rate limit is color aware. If you do not specify the option, the rate
limit is color blind.
exceed-
action
(Optional) The action performed once the packet is classified as exceeding the
CIR. If you do not specify this option, the out-of-profile traffic is dropped.
mark-yellow Marks in yellow the packet classified as exceeding the CIR. If you do not
specify this option, the out-of-profile traffic is dropped.
statistics
(Optional) specifies the Bind counter set to a traffic police, when specified. The
statistics data consists of counts of the in-profile (green) and out-of-profile
bytes (yellow or dropped). There are up to sixteen supported counters.
no
Removes the rate limit from the configured ACG.
Example
Configure the single rate limit:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 410 option
device-name(config-if 1/1/1 acg 410)#rate-limit single-rate 100k 128k
exceed-action mark-yellow
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/1 acg 410)#apply
Configure the dual rate limit:
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#mac access-group 412 option
device-name(config-if 1/1/2 acg 412)#rate-limit dual-rate 100k 128k 256k
64k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/2 acg 412)#apply
T-Marc 300 Series User Guide
Page 26
Configuring Access Control Lists (ACLs) (Rev 09)

Adding a new VLAN Tag in Frames
The set vlan command changes the VLAN ID in the packet header. The switching decision is
made based on the new VLAN ID.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration, and SAP
Service ACG Configuration
This command takes affect only upon exiting the ACG Configuration mode.
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set vlan {<vlan-id> | tls
<vlan-id>}
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set vlan [tls]

device-name(config-if AG0N acg ACL-NUMBER)#set vlan {<vlan-id> | tls <vlan-
id>}
device-name(config-if AG0N acg ACL-NUMBER)#no set vlan [tls]

device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#set vlan
{<vlan-id> | tls <vlan-id>}
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no set vlan
[tls]
Argument Description
vlan-id The new VLAN ID in the range of <14094>.
tls The egress port treats the matching packets as untagged (like they are
received), regardless of whether packets are received tagged or not. If the
egress port is a tagged to VLAN port member, a new VLAN tag is added to the
packet based on the device VLAN ID assignment.
This parameter is optional for the no form of the command.
no Cancels this action for the configured ACG.
Example
Redirect traffic that matches ACL 410 on port 1/ 1/ 1 to VLAN ID 300:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 410 option
device-name(config-if 1/1/1 acg 410)#set vlan tls 300
T-Marc 300 Series User Guide
Page 27
Configuring Access Control Lists (ACLs) (Rev 09)

Applying QoS Settings on an ACG
The set txq command applies QoS on packets matching the ACG. New values of txq and Drop
Precedence (DP) are assigned to a matching traffic.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration, and SAP
Service ACG Configuration
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set txq <txq> drop-level
{green | yellow}
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set txq

device-name(config-if AG0N acg ACL-NUMBER)#set txq <txq> drop-level {green |
yellow}
device-name(config-if AG0N acg ACL-NUMBER)#no set txq

device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#set txq <txq>
drop-level {green | yellow}
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no set txq
Argument Description
txq Specifies to which txq matching traffic is mapped. The valid range is <07>
queues.
green The packets DP level is green.
yellow The packets DP level is yellow.
no Cancels this action for the configured ACG.
Changing the DSCP Value
The set dscp command changes the DSCP field value of packets on egress interfaces.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration, and SAP
Service ACG Configuration
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set dscp <0-63>
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set dscp
device-name(config-if AG0N acg ACL-NUMBER)#set dscp <0-63>
device-name(config-if AG0N acg ACL-NUMBER)#no set dscp
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#set dscp <0-63>
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no set dscp
Argument Description
0-63 DSCP value, configured for the remarked traffic on egress interfaces.
no Cancels this action for the changing the DSCP value.
T-Marc 300 Series User Guide
Page 28
Configuring Access Control Lists (ACLs) (Rev 09)

Changing the VPT Value
The set vpt command changes the VPT field value of the packets on egress interfaces.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration and SAP
Service ACG Configuration
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set vpt <0-7>
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set vpt
device-name(config-if AG0N acg ACL-NUMBER)#set vpt <0-7>
device-name(config-if AG0N acg ACL-NUMBER)#no set vpt
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#set vpt <0-7>
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no set vpt
Argument Description
0-7 VPT value, configured for the remarked traffic on egress interfaces.
no Cancels this action for the changing the VPT value.
Examples:
Egress remarking:
device-name(config)#access-list 400 permit any any fc h1 drop-level green
device-name(config-if 1/1/1)#mac access-group out 400 option
device-name(config-if 1/1/1 acg 400)#set dscp 4
device-name(config-if 1/1/1 acg 400)#apply
Egress VPT remarking:
device-name(config)#access-list 400 permit any any fc h1 drop level yellow
device-name(config-if 1/1/1)#mac access-group out 400 option
device-name(config-if 1/1/1 acg 400)#set vpt 3
device-name(config-if 1/1/1 acg 400)#apply
The color aware ACLs cannot be applied as ingress ACG Otherwise a warning message is
displayed:
device-name(config)#access-list 400 permit any any fc h1 drop-level green
device-name(config-if 1/1/1)#mac access-group in 400 option
device-name(config-if 1/1/1 acg 400)#set dscp 4
device-name(config-if 1/1/1 acg 400)#apply
[ Er r or ] Col or awar e access l i st can not be appl i ed on i ngr ess.
The VPT and DSCP options are mutually exclusive. Otherwise a warning message is displayed:
device-name(config)#access-list 111 permit ip any any fc ef drop-level
green
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#ip access-group out 111 option
device-name(config-if 1/1/1 acg 111)#set vpt 4
device-name(config-if 1/1/1 acg 111)#set dscp 44
%onl y one r emar k t ype i s al l owed
T-Marc 300 Series User Guide
Page 29
Configuring Access Control Lists (ACLs) (Rev 09)

Saving the ACG Configuration
The apply command saves the ACG options and exits the ACG Configuration mode.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration and SAP
Service ACG Configuration

NOTE
The appl y command has the same effect as the exi t command or the <Ct r l +D>.
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#apply
device-name(config-if AG0N acg ACL-NUMBER)#apply
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#apply
Example
device-name(config-if 1/1/1 acg 410)#apply
device-name(config-if 1/1/1)#
Enabling Match Statistics
The statistics command enables match statistics on a port, LAG or SAP port.
The match statistics data provides the dropped and non-dropped packets/ bytes counts, useful for
traffic monitoring.
CLI Mode:
Interface ACG Configuration, LAG Interface ACG Configuration, and SAP
Service ACG Configuration
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#statistics
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no statistics

device-name(config-if AG0N acg ACL-NUMBER)#statistics
device-name(config-if AG0N acg ACL-NUMBER)#no statistics

device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#statistics
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no statistics
Argument Description
no Disables collecting statistics on the ACG.
T-Marc 300 Series User Guide
Page 30
Configuring Access Control Lists (ACLs) (Rev 09)

Displaying the IP ACLs
The show ip access-lists command displays the configured IP ACLs. You can restrict the
output to a specified ACL by using the acl-number argument.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip access-lists [<acl-number>]
Argument Description
acl-number (Optional) the ACL number displayed.
Valid values are:
<199>or <1000-2999>the ID for the standard ACL
<100199>or <10000-11999>the ID for the extended ACL
Examples
device-name(config)#access-list 1 permit host 192.98.2.1
device-name(config)#access-list 1 deny 192.98.0.0/16
device-name(config)#access-list 1 permit 192.0.0.0/8
device-name(config)#end
device-name#show ip access-lists
St andar d I P access l i st 1
per mi t host 192. 98. 2. 1
deny 192. 98. 0. 0 0. 0. 255. 255
per mi t 192. 0. 0. 0 0. 255. 255. 255
Displaying the MAC ACLs
The show mac access-lists command displays the configured MAC ACLs. You can restrict the
output to a specified ACL by using the acl-number argument.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mac access-lists [<acl-number>]
Argument Description
acl-number (Optional) the ACL number displayed, in the range of <400499>, or <40000
41999>(extended MAC ACLs).

T-Marc 300 Series User Guide
Page 31
Configuring Access Control Lists (ACLs) (Rev 09)

Examples
device-name(config)#access-list 400 permit any host 00:00:0a:00:00:4e ether-
type 0x8080
device-name(config)#access-list 401 permit 00:00:0A:00:00:65
00:00:00:00:00:03 any broadcast
The ACL mat ches BROADCAST l ayer 2 t r af f i c.

device-name(config)#access-list 402 permit 00:00:0b:21:19:75
00:00:00:00:00:00 00:00:12:64:53:15 00:00:00:00:00:01
device-name(config)#access-list 403 permit host 00:00:0a:09:00:7F any vpt 4
device-name(config)#access-list 404 permit 00:00:0a:00:00:09
00:00:00:00:00:00 any vlan 9 0x00FF
device-name(config)#access-list 405 permit any host 00:a0:12:02:43:32 dscp 20
device-name(config)#access-list 406 permit any host 00:a0:12:02:43:32 tos 2
precedence 4
device-name(config)#access-list 407 permit 00:00:09:00:00:01
00:00:00:00:00:00 any unicast
The ACL mat ches UNI CAST l ayer 2 t r af f i c.

device-name(config)#access-list 408 permit 00:00:0A:00:00:6E
00:00:00:00:00:03 any multicast
The ACL mat ches MULTI CAST l ayer 2 t r af f i c.
device-name(config)#access-list 409 permit any host 00:00:09:00:00:78 untagged
device-name(config)#access-list 410 permit 00:00:0A:00:00:65
00:00:00:00:00:03 any precedence priority
device-name(config)#exit
device-name#show mac access-lists
Ext ended MAC access- l i st 400
per mi t any host 00: 00: 0a: 00: 00: 4e et her - t ype 0x8080
Ext ended MAC access- l i st 401
per mi t 00: 00: 0a: 00: 00: 65 00: 00: 00: 00: 00: 03 any br oadcast
Ext ended MAC access- l i st 402
per mi t host 00: 00: 0b: 21: 19: 75 00: 00: 12: 64: 53: 15 00: 00: 00: 00: 00: 01
Ext ended MAC access- l i st 403
per mi t host 00: 00: 0a: 09: 00: 7f any vpt 4
Ext ended MAC access- l i st 404
per mi t host 00: 00: 0a: 00: 00: 09 any vl an 9 0x00FF
Ext ended MAC access- l i st 405
per mi t any host 00: a0: 12: 02: 43: 32 dscp 20
Ext ended MAC access- l i st 406
per mi t any host 00: a0: 12: 02: 43: 32 t os max- t hr oughput pr ecedence f l ash-
over r i de
Ext ended MAC access- l i st 407
per mi t host 00: 00: 09: 00: 00: 01 any uni cast
Ext ended MAC access- l i st 408
per mi t 00: 00: 0a: 00: 00: 6e 00: 00: 00: 00: 00: 03 any mul t i cast
Ext ended MAC access- l i st 409
per mi t any host 00: 00: 09: 00: 00: 78 unt agged
Ext ended MAC access- l i st 410
per mi t 00: 00: 0a: 00: 00: 65 00: 00: 00: 00: 00: 03 any pr ecedence pr i or i t y
T-Marc 300 Series User Guide
Page 32
Configuring Access Control Lists (ACLs) (Rev 09)

Displaying the IP ACG
The show ip access-groups command displays the IP ACGs configured on ports, LAGs, and
VLANs.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip access-groups [<acl-number>]
Argument Description
acl-number (Optional) the IP ACG number displayed.
Valid values are:
<199>or <10002999>the ID for the standard ACL
<100199>or <1000011999>the ID for the extended ACL
Examples
device-name(config-if 1/1/1)#ip access-group 100
device-name(config-if 1/1/1)#ip access-group 101
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#ip access-group 2
device-name(config-if 1/1/2)#end
device-name#show ip access-groups
i nt er f ace 1/ 1/ 1
i p access- gr oup 100
i p access- gr oup 101
i nt er f ace 1/ 1/ 2
i p access- gr oup 2
T-Marc 300 Series User Guide
Page 33
Configuring Access Control Lists (ACLs) (Rev 09)

Displaying the IP ACG Statistics
The show ip access-groups statistics command displays how many packets match the
applied IP ACG.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip access-groups <acl-number> statistics [interface UU/SS/PP
| sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number (Optional) the IP ACG number displayed.
Valid values are:
<199>or <10002999>the ID for the standard ACL
<100199>or <1000011999>the ID for the extended ACL
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <14094>
Examples
device-name(config-if 1/1/1)#ip access-group 100 option
device-name(config-if 1/1/1 acg 100)#statistics
device-name(config-if 1/1/1 acg 100)#apply
device-name(config-if 1/1/1)#end
device-name#show ip access-groups 100 statistics
Access Li st 100 st at i st i cs:
i nt er f ace 1/ 1/ 1
Mat ch St at i st i cs:
Cl assi f i ed packet s: 926359

device-name#configure terminal
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#ip access-group 102 option
device-name(config-if 1/1/2 acg 102)#rate-limit single-rate 10M 128K
statistics
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/2 acg 102)#apply
device-name(config-if 1/1/2)#end
device-name#show ip access-groups 102 statistics
Access Li st 102 st at i st i cs:
i nt er f ace 1/ 1/ 2
Si ngl e r at e l i mi t :
Gr een byt es: 100500
Yel l ow byt es: NA
Dr op byt es: 35080
T-Marc 300 Series User Guide
Page 34
Configuring Access Control Lists (ACLs) (Rev 09)

Displaying the MAC ACG
The show mac access-groups command displays the MAC ACGs configured on ports, LAGs,
and VLANs.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mac access-groups [<acl-number>]
Argument Description
acl-number (Optional) the MAC ACG number displayed, in the range of <400499>or
<4000041999>.
Example
device-name#show mac access-groups
i nt er f ace 1/ 1/ 1
mac access- gr oup 400 opt i on
set vl an 4094
mac access- gr oup 401 opt i on
set t xq 7 dr op- l evel gr een
Displaying Match Statistics for MAC ACGs
The show mac access-groups statistics command displays how many packets match the
applied MAC ACG.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show mac access-groups <acl-number> statistics [interface UU/SS/PP
| sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number The MAC ACG number displayed, in the range of <400499>or
<4000041999>.
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <14094>
T-Marc 300 Series User Guide
Page 35
Configuring Access Control Lists (ACLs) (Rev 09)

Example
device-name(config-if 1/1/1)#mac access-group 402 option
device-name(config-if 1/1/1 acg 402)#rate-limit single-rate 10M 128K
statistics
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/1 acg 402)#apply
device-name(config-if 1/1/1)#end
device-name#show mac access-groups 402 statistics
Access Li st 402 st at i st i cs:
i nt er f ace 1/ 1/ 1
Si ngl e r at e l i mi t :
Gr een byt es: 100500
Yel l ow byt es: NA
Dr op byt es: 35080
Clearing the IP ACG Statistics
The clear ip access-groups statistics command clears the IP ACG statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear ip access-groups <acl-number> statistics [interface UU/SS/PP
| sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number (Optional) the IP ACG number cleared.
Valid values are:
<199>or <10002999>the ID for the standard ACL
<100199>or <1000011999>the ID for the extended ACL
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <14094>
T-Marc 300 Series User Guide
Page 36
Configuring Access Control Lists (ACLs) (Rev 09)

Clearing the MAC ACG Statistics
The clear mac access-groups statistics command clears the MAC ACG statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear mac access-groups <acl-number> statistics [interface
UU/SS/PP | sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number The MAC ACG number cleared, in the range of <400499>, or
<4000041999>.
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <14094>
T-Marc 300 Series User Guide
Page 37
Configuring Access Control Lists (ACLs) (Rev 09)

Configuration Examples
Configuring IP ACLs
In the example below:
the inbound and outbound traffic for PC 1 is limited to 3 Mbps for each direction
the inbound and outbound traffic for PC 2 is limited to 1 Mbps for each direction
the rest of the traffic that passes through the device is not controlled

Figure 3: Creating Standard and Extended I P ACLs
1. Define an ACL for the traffic from PC1 to the server:
device-name(config)#access-list 100 permit ip 211.202.212.1/26 any
2. Define an ACL for the traffic from the server to PC1:
device-name(config)#access-list 101 permit ip any 211.202.212.3/26
3. Define an ACL for the traffic from PC2 to the server:
device-name(config)#access-list 102 permit ip 211.202.212.2/26 any
4. Define an ACL for the traffic from the server to PC2:
device-name(config)#access-list 103 permit ip any 211.202.212.3/26
5. Define an ACL that permits the all traffic:
device-name(config)#access-list 1 permit any
T-Marc 300 Series User Guide
Page 38
Configuring Access Control Lists (ACLs) (Rev 09)

6. Define the rate limit on the server port: 3M to PC1 and 1M to PC2, and no rate limit to the
rest of the traffic on this port:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#ip access-group 101 option
device-name(config-if 1/1/1 acg 101)#rate-limit single-rate 3m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/1 acg 101)#exit
device-name(config-if 1/1/1)#ip access-group 103 option
device-name(config-if 1/1/1 acg 103)#rate-limit single-rate 1m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/1 acg 103)#exit
device-name(config-if 1/1/1)#ip access-group 1
7. Define the rate limit of 3M on PC1 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/1/1)#interface 1/2/1
device-name(config-if 1/2/1)#ip access-group 100 option
device-name(config-if 1/2/1 acg 100)#rate-limit single-rate 3m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/2/1 acg 100)#exit
device-name(config-if 1/2/1)#ip access-group 1
8. Define the rate limit of 1M on PC2 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#ip access-group 102 option
device-name(config-if 1/2/2 acg 102)#rate-limit single-rate 1m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/2/2 acg 102)#exit
device-name(config-if 1/2/2)#ip access-group 1
device-name(config-if 1/2/2)#end
9. Display the configured ACLs:
device-name#show ip access-lists
St andar d I P access l i st 1
per mi t any
Ext ended I P access l i st 100
per mi t i p 211. 202. 212. 1 0. 0. 0. 63 any
Ext ended I P access l i st 101
per mi t i p any 211. 202. 212. 3 0. 0. 0. 63
Ext ended I P access l i st 102
per mi t i p 211. 202. 212. 2 0. 0. 0. 63 any
Ext ended I P access l i st 103
per mi t i p any 211. 202. 212. 3 0. 0. 0. 63
T-Marc 300 Series User Guide
Page 39
Configuring Access Control Lists (ACLs) (Rev 09)

10. Display the configured ACGs:
device-name#show ip access-groups
i nt er f ace 1/ 1/ 1
i p access- gr oup 101 opt i on
r at e- l i mi t si ngl e- r at e 3000K 256K
i p access- gr oup 103 opt i on
r at e- l i mi t si ngl e- r at e 1000K 256K
i p access- gr oup 1
i nt er f ace 1/ 2/ 1
i p access- gr oup 100 opt i on
r at e- l i mi t si ngl e- r at e 3000K 256K
i p access- gr oup 1
i nt er f ace 1/ 2/ 2
i p access- gr oup 102 opt i on
r at e- l i mi t si ngl e- r at e 1000K 256K
i p access- gr oup 1
Configuring MAC ACLs
The example below shows how to define MAC ACLs and to assign rate limits to them.

Figure 4: Rate Limit over Port Configuration
1. Define an ACL for the traffic from PC1 to the server:
device-name(config)#access-list 401 permit 00:00:00:05:00:11
00:00:00:00:00:00 any
2. Define an ACL for the traffic from PC2 to the server:
device-name(config)#access-list 402 permit 00:00:00:05:00:08
00:00:00:00:00:00 any
3. Define an ACL for the traffic from the server to PC1 and PC2:
device-name(config)#access-list 403 permit any 00:00:05:00:00:14
00:00:00:00:00:00
T-Marc 300 Series User Guide
Page 40
Configuring Access Control Lists (ACLs) (Rev 09)

4. Define the rate limit on the server port, 10M, and no rate limit to the rest of the traffic on this
port:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 403 option
device-name(config-if 1/1/1 acg 403)#rate-limit single-rate 10m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/1 acg 403)#exit
5. Define the rate limit of 3M on PC1 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/1/1)#interface 1/2/1
device-name(config-if 1/2/1)#mac access-group 401 option
device-name(config-if 1/2/1 acg 401)#rate-limit single-rate 3m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/2/1 acg 401)#exit
6. Define the rate limit of 1M on PC2 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#mac access-group 402 option
device-name(config-if 1/2/2 acg 402)#rate-limit single-rate 1m 256k
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/2/2 acg 402)#end
7. Display the configured ACLs:
device-name#show mac access-lists
Ext ended MAC access- l i st 401
per mi t host 00: 00: 00: 05: 00: 11 any
Ext ended MAC access- l i st 402
per mi t host 00: 00: 05: 00: 00: 08 any
Ext ended MAC access- l i st 403
per mi t host 00: 00: 05: 00: 00: 14 any
8. Display the configured ACGs:
device-name#show mac access-groups
i nt er f ace 1/ 1/ 1
mac access- gr oup 403 opt i on
r at e- l i mi t si ngl e- r at e 10000K 256K
i nt er f ace 1/ 2/ 1
mac access- gr oup 401 opt i on
r at e- l i mi t si ngl e- r at e 3000K 256K
i nt er f ace 1/ 2/ 2
mac access- gr oup 402 opt i on
r at e- l i mi t si ngl e- r at e 1000K 256K
T-Marc 300 Series User Guide
Page 41
Configuring Access Control Lists (ACLs) (Rev 09)

Creating ACLs per SAP
In the following example (based on Figure2):
Port 1/ 1/ 1 is connected to a group of users. ACL 400 allows access to the server only to the
users with MAC addresses 00:00:5a:63:56:78 (PC1) and 00:00:54:67:f5:61 (PC2).
Port 1/ 1/ 2 is connected to a server.


1. Create the VLAN v20 with ID 20 and add to it the 1/ 1/ 2 port (SDP port) as tagged and
1/ 1/ 1 port (SAP port) as untagged:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create v20 20
device-name(config vlan)#config v20
device-name(config-vlan v20)#add ports 1/1/1 untagged
device-name(config-vlan v20)#add ports 1/1/2 tagged
device-name(config-vlan v20)#add ports default 1/1/1,1/1/2
device-name(config-vlan v20)#end
2. Create MAC ACLs:
device-name#configure terminal
device-name(config)#access-list 410 permit 00:00:5a:63:56:78
00:00:00:00:00:00 any
device-name(config)#access-list 411 permit 00:00:54:67:f5:61
00:00:00:00:00:00 any
3. Create a TLS service:
device-name(config)#tls serv 2
device-name(config-tls serv)#sdp 1/1/2 s-vlan 20
device-name(config-tls serv)#sap 1/1/1 c-vlan 11
4. Apply the MAC ACL 410 per SAP port with a rate-limit:
device-name(config-tls serv)#sap 1/1/1 c-vlan 11 option
device-name(config-tls-sap 1/1/1:11:)#mac access-group 410 option
device-name(config-tls-sap 1/1/1:11: acg 410)#rate-limit single-rate 3m 1m
statistics
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-tls-sap 1/1/1:11: acg 410)#statistics
device-name(config-tls-sap 1/1/1:11: acg 410)#apply
device-name(config-tls-sap 1/1/1:11:)#
5. Apply the MAC ACL 411 per SAP port with a rate-limit:
device-name(config-tls serv)#sap 1/1/1 c-vlan 11 option
device-name(config-tls-sap 1/1/1:11:)#mac access-group 411 option
device-name(config-tls-sap 1/1/1:11: acg 411)#rate-limit single-rate 3m 1m
statistics
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-tls-sap 1/1/1:11: acg 411)#statistics
device-name(config-tls-sap 1/1/1:11: acg 411)#apply
device-name(config-tls-sap 1/1/1:11:)#
T-Marc 300 Series User Guide
Page 42
Configuring Access Control Lists (ACLs) (Rev 09)

Configuring an ACG per Egress
The following example shows how to use ACL per egress. Traffic flows towards the interface
where an ACG per egress is applied.
1. Define an ACL with VPT 6:
device-name(config)#access-list 101 permit ip any any
2. Define the ACG on the desired interface with VPT rate-limit:
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#ip access-group out 101 option
device-name(config-if 1/1/2 acg 101)#rate-limit single-rate 3m 1m exceed-
action drop
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/2 acg 101)#apply
3. Display the existing ACLs:
device-name#show ip access-lists
Ext ended I P access l i st 101
per mi t i p any any
Configuring Rate Limit with DSCP Mapping
Configure a device with a single rate limiter with the following configuration:
traffic up to 1 Mbps with DSCP 0 is marked green and is remapped with priority 7 (according
to the given QoS policy rule)
traffic above 1 Mbps is marked as yellow

4. Create a MAC ACL:
device-name(config)#access-list 400 permit 00:00:10:02:00:00
00:00:00:00:00:00 any
5. Define trust DSCP mode per ingress network-policy:
device-name(config)#qos
device-name(config qos)#network-policy trust
device-name(config qos-net trust)#ingress
device-name(config qos-net-in trust)#trust-dscp
device-name(config qos-net-in trust)#end
6. Define trust DSCP network-policy per ingress port 1/ 1/ 2:
device-name#configure terminal
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#qos-network-policy trust
device-name(config-if 1/1/2)#exit
7. Change the DSCP mapping policy:
device-name(config)#qos
device-name(config qos)#map dscp 0 fc nc drop-level green
device-name(config qos)#map dscp 2 fc h1 drop-level yellow
device-name(config qos)#exit
T-Marc 300 Series User Guide
Page 43
Configuring Access Control Lists (ACLs) (Rev 09)

8. Define a rate limit on port 1/ 1/ 2:
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#mac access-group 400 option
device-name(config-if 1/1/2 acg 400)#rate-limit single-rate 1M 256K color-
aware exceed-action mark-yellow
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/2 acg 400)#apply
device-name(config-if 1/1/2)#end
9. Display the ACG configuration:
device-name#show mac access-groups
i nt er f ace 1/ 1/ 2
mac access- gr oup 400 opt i on
r at e- l i mi t si ngl e- r at e 1000K 256K col or - awar e exceed- act i on mar k- yel l ow
10. Display network-policy per port and DSCP mapping:
device-name#show qos network-policy trust
Pol i cy Name: t r ust
Descr i pt i on:
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| I ngr ess Pol i cy Conf i gur at i on |
+- - - - - - - - - - - - - - +- - - - - +- - - - - - - - - - - - +
| Tr ust Mode | FC | Dr op Level |
+- - - - - - - - - - - - - - +- - - - - +- - - - - - - - - - - - +
| t r ust - dscp | | |
+- - - - - - - - - - - - - - +- - - - - +- - - - - - - - - - - - +
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Egr ess Pol i cy Conf i gur at i on |
+- - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Schedul er Pr of i l e | Shaper Pr of i l e |
+- - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I D | Type | Shaper I D | CI R | CBS |
+- - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| - | - | - | - | - |
+- - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
+- - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| Queue I d | Shaper I d | CI R | CBS |
+- - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| | | | |
+- - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
Pol i cy i s appl i ed on t he f ol l owi ng por t ( s) :
1/ 1/ 2

device-name#show qos ingress dscp-map
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| DSCP | FC | Dr op Level |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 0 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 1 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 2 | h1 | yel l ow |
T-Marc 300 Series User Guide
Page 44
Configuring Access Control Lists (ACLs) (Rev 09)

+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 3 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 4 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 5 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 6 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 7 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 8 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 9 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - ++-

+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 61 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 62 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 63 | nc | gr een |
+-----------+--------+-------------+
Configuring Rate Limit with Priority Remarking
The following example configures a single rate limit on the device and remark the VPT on egress
packets. Any packet with source MAC 00:00:10:02:00:00 on port 1/1/2 is rate limited to 1
Mbps.
1. Create an ACL:
device-name(config)#access-list 401 permit host 00:00:10:02:00:00 any
2. Set the priority remarking policy:
device-name(config)#qos
device-name(config qos)#remark fc be drop-level green priority 5
device-name(config qos)#exit
3. Set the rate limit and apply statistics on port 1/ 1/ 2 :
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#mac access-group 401 option
device-name(config-if 1/1/2 acg 401)#rate-limit single-rate 1M 500K
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/2 acg 401)#statistics
device-name(config-if 1/1/2 acg 401)#apply
device-name(config-if 1/1/2)#end
T-Marc 300 Series User Guide
Page 45
Configuring Access Control Lists (ACLs) (Rev 09)

4. Display the priority remarking policy:
device-name#show qos egress remark
+- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - +
| QoS Par amet er s | Tx Remar k |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| FC | Dr op Level | Pr i or i t y |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| be | gr een | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| be | yel l ow | 0 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 2 | gr een | 1 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 2 | yel l ow | 1 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| af | gr een | 2 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| af | yel l ow | 2 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 1 | gr een | 3 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 1 | yel l ow | 3 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h2 | gr een | 4 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h2 | yel l ow | 4 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| ef | gr een | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| ef | yel l ow | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h1 | gr een | 6 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h1 | yel l ow | 6 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| nc | gr een | 7 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| nc | yel l ow | 7 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
5. Display configured MAC ACG:
device-name#show mac access-groups
i nt er f ace 1/ 1/ 2
mac access- gr oup 401 opt i on
r at e- l i mi t si ngl e- r at e 1000K 500K
6. Display configured MAC ACG statistics per port:
device-name#show mac access-groups 401 statistics interface 1/1/2
Access Li st 401 st at i st i cs:
i nt er f ace 1/ 1/ 2
Mat ch St at i st i cs:
Cl assi f i ed packet s: 0
T-Marc 300 Series User Guide
Page 46
Configuring Access Control Lists (ACLs) (Rev 09)

Supported Platforms
Feature T-Marc 340 T-Marc 380
Access Control Lists (ACLs) + +
Supported Standards, MIBs, and RFCs
Feature Standards MIBs RFCs
Access Control Lists
(ACLs)
No standards are
supported by this
feature.
Private MIB,
prvt_switch_access_list.mib
RFC 2697, A Single
Rate Three Color
Marker
RFC 2698, A Two
Rate Three Color
Marker



Page 1
Dhcp Snooping (Rev. 01)

DHCP Snooping
Table of Contents
Table of Figures 3
DHCP Snooping 4
Overview 4
The DHCP Snooping Command Hierarchy 5
Enabling/Disabling DHCP Snooping 7
Enabling DHCP Snooping on Ports 7
Enabling/Disabling DHCP Snooping on Trusted/Untrusted Ports 8
Configuring DHCP Snooping 9
Enabling/Disabling the DHCP-Snooping Binding Table 9
Adding Entries to the DHCP-Snooping Binding Table 10
Defining the Number of DHCP-Snooping Binding Table Entries 10
Copying the DHCP-Snooping Binding Table 11
Immediately Copying the DHCP-Snooping Binding Table 11
Configuring the DHCP-Snooping Port Security12
Enabling/Disabling the MAC-Address Match-Option 12
Enabling the DHCP-Snooping Chain Mode13
Enabling the Option-82 on a Port 14
Defining the Option-82 Circuit-ID14
Defining the Option-82 Fields Format 14
Filling the Relay Agent Field15
Defining the DHCP Option-82 Tag 16
Clearing the DHCP-Snooping Binding Table16
Clearing DHCP-Snooping Binding Entries 17
Displaying the DHCP-Snooping Binding Table 17
Displaying the DHCP Snooping Configuration Information 18
Displaying the DHCP Snooping Port Configuration Information 19
Displaying the DHCP-Snooping Option-82 Configuration 20
T-Marc 300 Series User Guide

Page 2
Dhcp Snooping (Rev. 01)

Displaying the GiaddrField Information 20
Configuration Example 21
Supported Standards, MIBs, and RFCs24

T-Marc 300 Series User Guide

Page 3
Dhcp Snooping (Rev. 01)

Table of Figures
Figure 1: DHCP Snooping in Action 4
Figure 2: DHCP Snooping Configuration Example21

T-Marc 300 Series User Guide

Page 4
Dhcp Snooping (Rev. 01)

DHCP Snooping
Overview
DHCP Snooping provides network security by filtering untrusted DHCP messages, (received from
outside the network and causing traffic attacks), and by building and maintaining a DHCP-
snooping binding table (see Enabling/ DisablingtheDHCP-SnoopingBindingTable).
DHCP Snooping works with information from a DHCP server to:
Track the physical location of hosts (DHCP clients)
Ensure that hosts only use the IP addresses assigned to them
Ensure that only authorized DHCP servers are accessible
DHCP Snooping acts like a firewall between untrusted hosts (DHCP clients) and DHCP servers.


Figure 1: DHCP Snooping in Action
T-Marc 300 Series User Guide

Page 5
Dhcp Snooping (Rev. 01)

The DHCP Snooping Command Hierarchy
+ enable
+ configure terminal
- ip dhcp snooping {enable | disable}
- [no] ip dhcp snooping interface-mode interface {PORT-LIST | PORT-
AG-LIST} [vlan VLAN-LIST]
- ip dhcp snooping interface {PORT-LIST | PORT-AG-LIST} {trusted |
untrusted}
- [no] ip dhcp snooping force-broadcast-request
- ip dhcp snooping binding-table {enable | disable}
- [no] ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH vlan
<vlan-id> interface UU/SS/PP
- ip dhcp snooping binding-table max-entries <binding-entries>
- [no] ip dhcp snooping binding-table tftp A.B.C.D file name FILE-
NAME write-delay <time period>
- ip dhcp snooping binding-table upload tftp A.B.C.D filename FILE-
NAME
- [no] ip dhcp snooping port-security interface PORT-LIST [vlan-id
<vlan-id>]
- ip dhcp snooping match-mac {enable | disable}
- ip dhcp snooping information option chain-mode
- [no] ip dhcp snooping information option circuit-id WORD port
UU/SS/PP vlan-id <vlan-id>
- ip dhcp snooping set-relay-agent-address
- ip dhcp snooping information option chain-mode set-relay-agent-
address
+ interface UU/SS/PP
- [no] ip dhcp snooping information option
- [no] ip dhcp snooping information option format binary
[remote-id]
- ip dhcp snooping information option tag <1-65535>
- no ip dhcp snooping information option tag
- ip dhcp snooping interface {trusted | untrusted}
- clear ip dhcp snooping binding-table [static | learned | all]
- clear ip dhcp snooping binding-table ip A.B.C.D vlan <vlan-id>
- clear ip dhcp snooping binding-table mac HH:HH:HH:HH:HH:HH vlan <vlan-
id>
- show ip dhcp snooping binding {interface UU/SS/PP | vlan <vlan-id>}
- show ip dhcp snooping configuration
- show ip dhcp snooping interface {UU/SS/PP | aggregations | all}
- show ip dhcp snooping option82
T-Marc 300 Series User Guide

Page 6
Dhcp Snooping (Rev. 01)

- show ip dhcp snooping set-relay-agent-address
T-Marc 300 Series User Guide

Page 7
Dhcp Snooping (Rev. 01)

Enabling/Disabling DHCP Snooping

Caution

Do not enable DHCP Snooping while DHCP Relay is enabled. DHCP Snooping
and DHCP Relay cannot operate concurrently on a device.

The ip dhcp snooping command enables/disables the DHCP Snooping globally.

NOTE
For DHCP Snooping to function properly, all DHCP servers must be connected to
the device through trusted interfaces.

CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping {enable | disable}
Argument Description
enable
Enables DHCP Snooping
disable
Disables DCHP Snooping
Disabled
Enabling DHCP Snooping on Ports
The ip dhcp snooping interface-mode command enables DHCP Snooping on ports and
optionally defines VLANs to which the ports belong.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping interface-mode interface {PORT-LIST |
PORT-AG-LIST} [vlan VLAN-LIST]
device-name(config)#no ip dhcp snooping interface-mode interface {PORT-LIST |
PORT-AG-LIST} [vlan VLAN-LIST]
Argument Description
PORT-LIST
List of ports. Use commas as separators and hyphens to indicate sub-
ranges (for example: 1/2/11/2/8, 1/1/2)
PORT-AG-LIST
LAG names list (for example, ag01, ag04ag07), in the range of <17>
T-Marc 300 Series User Guide

Page 8
Dhcp Snooping (Rev. 01)

VLAN-LIST
(Optional) a list of VLAN IDs to which the ports belong, in the following
format:
A hyphenated range of VLANs (for example: 832)
Several VLAN numbers and/or ranges, separated by commas (for
example: 2,4,832)
no
Restores to default
Enabling/Disabling DHCP Snooping on
Trusted/Untrusted Ports
The ip dhcp snooping interface command enables/disables DHCP Snooping on
trusted/untrusted ports.
CLI Mode: Global Configuration and Interface Configuration
Command Syntax
device-name(config)#ip dhcp snooping interface {PORT-LIST | PORT-AG-LIST}
{trusted | untrusted}
device-name(config-if UU/SS/PP)#ip dhcp snooping interface {trusted |
untrusted}
Argument Description
PORT-LIST
List of ports. Use commas as separators and hyphens to indicate sub-
ranges (for example: 1/2/11/2/8, 1/1/2)
PORT-AG-LIST
LAG names list (for example, ag01, ag04ag07), in the range of <17>
trusted
Enables DHCP Snooping on trusted port(s). Trusted ports receive only
packets from within the network, the outside-coming packets are simply
forwarded.
The trusted ports are used to reach a DHCP server or relay agent, and
DHCP information from them is not logged in the DHCP-snooping
binding table.
untrusted
Enables DHCP Snooping on untrusted port(s). Untrusted ports receive
messages from outside the network.
Untrusted

T-Marc 300 Series User Guide

Page 9
Dhcp Snooping (Rev. 01)


Configuring DHCP Snooping
The ip dhcp snooping force-broadcast-request command invokes DHCP Snooping when
intercepting a unicast RENEWING request. The renewing packet is rewritten with a full broadcast
destination address.

CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping force-broadcast-request
device-name(config)#no ip dhcp snooping force-broadcast-request
Argument Description
no
Disables the force-broadcast-request option
Enabling/Disabling the DHCP-Snooping Binding Table
The ip dhcp snooping binding-table command enables/disables the DHCP-snooping
binding table.
The DHCP-snooping binding table contains the MAC address, the IP address, the lease time, the
binding type, the VLAN number, and the ports information that corresponds to the local
untrusted ports.
The DHCP-snooping binding table does not contain information about hosts that are connected to
trusted ports.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table {enable | disable}
Argument Description
enable
Enables the DHCP-snooping binding table.
disable
Disables the DHCP-snooping binding table
Disabled

T-Marc 300 Series User Guide

Page 10
Dhcp Snooping (Rev. 01)


Adding Entries to the DHCP-Snooping Binding Table
The ip dhcp snooping binding command adds staticentries to the DHCP-snooping binding
table.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH vlan
<vlan-id> interface UU/SS/PP
device-name(config)#no ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH
vlan <vlan-id> interface UU/SS/PP
Argument Description
A.B.C.D
The binding entrys IP address
HH:HH:HH:HH:HH:HH
The binding entrys MAC address
vlan <vlan-id>
The VLAN to which the port belongs, in the range of <14094>
UU/SS/PP
An untrusted port for which to add/delete a binding entry
no
Deletes entries from the binding table
Defining the Number of DHCP-Snooping Binding Table
Entries
The ip dhcp snooping binding-table max-entries command defines the maximum number
of entries of the DHCP-snooping binding table.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table max-entries <binding-
entries>
Argument Description
binding-entries
The maximum number of the table entries, in the range of <10010000>

T-Marc 300 Series User Guide

Page 11
Dhcp Snooping (Rev. 01)


Copying the DHCP-Snooping Binding Table
The ip dhcp snooping binding-table tftp command periodically copies the DHCP-
snooping binding table to a TFTP server. Upon reload, the device reads the file to build the
database for the bindings.

CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table tftp A.B.C.D file name
FILE-NAME write-delay <time period>
device-name(config)#no ip dhcp snooping binding-table tftp
Argument Description
A.B.C.D
The TFTP servers IP address
FILE-NAME
The name of the copied file
write-delay
<time period>
The time at which the file is uploaded to the TFTP server, in the range of
<6086400>seconds
300 seconds
no
Disables the coping
Immediately Copying the DHCP-Snooping Binding
Table
The ip dhcp snooping binding-table upload tftp command immediately copies the
DHCP-snooping binding table to a TFTP server.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table upload tftp A.B.C.D
filename FILE-NAME
Argument Description
A.B.C.D
The TFTP servers IP address
FILE-NAME
The name of the copied file

T-Marc 300 Series User Guide

Page 12
Dhcp Snooping (Rev. 01)


Configuring the DHCP-Snooping Port Security
The ip dhcp snooping port-security interface command enables DHCP-snooping port
security (see chapter ConfiguringInterfacesof this User Guide) on an untrusted port(s). This feature
blocks the network traffic to DHCP clients that have not obtained their IP addresses from DHCP
servers connected to trusted ports. To communicate, the DHCP clients have to renew their IP
addresses.
Each time, when the DHCP client is plugged into an untrusted port on which DHCP-snooping
port security option is enabled, the DHCP clients have to renew their IP addresses.

NOTE
When the DHCP clients IP address is statically changed, the combination of Port
Security and Dynamic ARP Inspection features ensure blocking of the Layer-3 traffic
on untrusted ports of the DHCP-snooping-enabled device.

CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping port-security interface PORT-LIST [vlan-
id <vlan-id>]
device-name(config)#no ip dhcp snooping port-security interface PORT-LIST
[vlan-id <vlan-id>]
Argument Description
PORT-LIST
List of ports. Use commas as separators and hyphens to indicate sub-ranges
(for example: 1/2/11/2/8, 1/1/2).
vlan-id
<vlan-id>
(Optional) defines a VLAN ID in the range of <14094>to which the ports
belong.
no
Restores to default
Disabled
Enabling/Disabling the MAC-Address Match-Option
The ip dhcp snooping match-mac command enables/disables the MAC-address match-option.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping match-mac {enable | disable}
T-Marc 300 Series User Guide

Page 13
Dhcp Snooping (Rev. 01)

Argument Description
enable
Enables the MAC address match-option: the source MAC address in the
Ethernet header is compared to the chaddr field in the DHCP payload (within
the DHCP packet):
If the address does not match the chaddr field, the DHCP packet is
dropped
If the address matches the chaddr field, the deviceon which DHCP
Snooping is enabledforwards the packet
This comparison procedure is not performed for trusted ports.
disable
Disables the MAC address match-option
Disabled
Enabling the DHCP-Snooping Chain Mode
The ip dhcp snooping information option chain-mode command enables the DHCP-
snooping chain mode i.e. DHCP Snooping is enabled on more than one device on the providers
network. This feature allows DHCP packets to be exchanged between the DHCP client and
DHCP server without being dropped by the DHCP-snooping devices located between the DHCP
client and DHCP server.
Enabling the DHCP-snooping chain mode is also required when the DHCP server and the DHCP
client are located on different Layer-2 networks, and a DHCP-relay device exits between these
networks.
In the DHCP-snooping chain mode, DHCP Snooping requires all DHCP packets to contain
Option-82 data. Option 82 allows a DHCP-relay device to insert specific information into a request
forwarded to a DHCP server (see RFC 3046).
DHCP Snooping defines the DHCP packets destination by checking Option-82 fields. When a
DHCP-Snooping-enabled device receives a packet that is not destined for it, the device forwards
the packet to all trusted ports.
DHCP servers that do not support Option-82, strip the Option-82 field from the replies.

NOTE
Configure Option-82 on all devices in the ring topology.
Each device must have a unique Option-82 value. The unique Option-82 value
can be a remote-ID (MAC), a unique TAG, or a unique circuit-id.
In the ring topology, when the DHCP-snooping chain mode is enabled, all
Option-82-enabled devices and the DHCP servers must be in the same subnet.

CLI Mode: Global Configuration
Command Syntax
device-name(config)#[no] ip dhcp snooping information option chain-mode
Argument Description
no
Disables the chain mode
T-Marc 300 Series User Guide

Page 14
Dhcp Snooping (Rev. 01)

Defining the Option-82 Circuit-ID
The ip dhcp snooping information option circuit-id command defines the circuit-ID. The
circuit-ID describes the port originating the packet.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping information option circuit-id WORD port
UU/SS/PP vlan-id <vlan-id>
device-name(config)#no ip dhcp snooping information option circuit-id port
UU/SS/PP vlan-id <vlan-id>
Argument Description
WORD
Circuit-ID, a text string of 256 characters. The circuit-ID string cannot be
configured to 8, 15, 18, or 20 characters. Otherwise, a warning message
appears:
[ War ni ng] The speci f i ed ci r cui t I D mi ght not wor k pr oper l y
i f combi ned wi t h ot her conf i gur ed i nf or mat i on opt i ons.
More than one circuit-ID can be defined per port. If a port is a member of
several VLANs, only one circuit-id can be defined for a port-VLAN
combination.
UU/SS/PP
The related port
vlan-id
VLAN ID, in the range of <14094>
no
Removes the defined circuit-ID: the information contained in the Option-82
field is used to define the packet retransmit path
Enabling the Option-82 on a Port
The ip dhcp snooping information option command enables the Option-82 on a port.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#[no] ip dhcp snooping information option
Argument Description
no
Disables the Option-82
Disabled

T-Marc 300 Series User Guide

Page 15
Dhcp Snooping (Rev. 01)


Defining the Option-82 Fields Format
The ip dhcp snooping information option format binary command determines the format
of Option-82 field contained in packets coming from the DHCP client.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ip dhcp snooping information option format
binary [remote-id]
device-name(config-if UU/SS/PP)#no ip dhcp snooping information option format
binary
Argument Description
remote-id
(Optional) inserts the MAC address of the relay agent at the end of the Option-
82 field
no
Restores to default
ASCII format
Filling the Relay Agent Field
The ip dhcp snooping set-relay-agent-address and ip dhcp snooping information
option chain-mode set-relay-agent-address commands fill in the giaddr field (IP address of
a DHCP-relay device) of the DHCP clients packet. As a result, the DHCP server includes Option-
82 when returns DHCP packets to the DHCP clients.
DHCP servers do not echo Option-82 when a DHCP packet with giaddr field of 0 is received.


NOTE
To fill in the giaddr field using the i p dhcp snoopi ng set - r el ay- agent - addr ess
command in chain mode, first execute the i p dhcp snoopi ng i nf or mat i on
opt i on chai n- mode set - r el ay- agent - addr ess command.


CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping set-relay-agent-address
device-name(config)#ip dhcp snooping information option chain-mode set-relay-
agent-address
T-Marc 300 Series User Guide

Page 16
Dhcp Snooping (Rev. 01)


Defining the DHCP Option-82 Tag
The ip dhcp snooping information option tag command defines the DHCP Option-82 tag
value.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ip dhcp snooping information option tag <1-
65535>
device-name(config-if UU/SS/PP)#no ip dhcp snooping information option tag
Argument Description
tag <1-65535>
Option-82 tag value, in the range of <165535>
no
Removes the Option-82 tag
Clearing the DHCP-Snooping Binding Table
The clear ip dhcp snooping binding-table command clears all entries from the DHCP-
snooping binding table.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear ip dhcp snooping binding-table [static | learned | all]
Argument Description
static
(Optional) only static entries are cleared.
learned
(Optional) only dynamically learned entries are cleared.
all
(Optional) all entries are cleared.

T-Marc 300 Series User Guide

Page 17
Dhcp Snooping (Rev. 01)


Clearing DHCP-Snooping Binding Entries
The clear ip dhcp snooping binding-table ip command clears a DHCP-snooping binding
entry specified by the DHCP clients IP address.
The clear ip dhcp snooping binding-table mac command clears a DHCP-snooping binding
entry specified by the DHCP clients MAC address.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear ip dhcp snooping binding-table ip A.B.C.D vlan <vlan-id>
device-name#clear ip dhcp snooping binding-table mac HH:HH:HH:HH:HH:HH vlan
<vlan-id>
Argument Description
A.B.C.D
The DHCP clients IP address
HH:HH:HH:HH:HH:HH
The DHCP clients MAC address
vlan <vlan-id>
The VLAN ID, in the range of <14094>
Displaying the DHCP-Snooping Binding Table
The show ip dhcp snooping binding command displays DHCP-snooping binding table entries
learned from DHCP Snooping. If no argument is specified, all entries are displayed.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping binding {interface UU/SS/PP | vlan <vlan-
id>}
Argument Description
UU/SS/PP
Displays table entries for the selected untrusted port
vlan <vlan-id>
Displays table entries for the selected VLAN ID, in the range of <1
4094>

T-Marc 300 Series User Guide

Page 18
Dhcp Snooping (Rev. 01)

Example
Display the DHCP-snooping binding entries for a specified VLAN:
device-name#show ip dhcp snooping binding vlan 1
Fl ags : V - val i d, P - per m. l ease, I - i ncompl et e, L - l ear ned, S - st at i c
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| I P addr ess | VLAN | MAC addr ess | I nt er f ace | Fl ags | Lease |
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| 1. 1. 1. 2| 1| 00: FF: 00: 00: 00: 01 | 1/ 1/ 2| V L | 43187|
| 1. 1. 1. 3| 1| 00: FF: 00: 00: 00: 02 | 1/ 1/ 2| V L | 43199|
| 1. 1. 1. 1| 1| 00: FF: 00: 00: 00: 00 | 1/ 1/ 2| V L | 43175|
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
Table 1: Parameters Displayed by the show i p dhcp snoopi ng bi ndi ng Command
Field Description
IP Address DHCP clients IP address
VLAN VLAN ID of the DHCP clients port
MAC Address DHCP clients MAC address
Interface Port connected to the DHCP client
Type Binding type; statically configured from CLI or dynamically learned
Lease (seconds) IP address lease time
Displaying the DHCP Snooping Configuration
Information
The show ip dhcp snooping configuration command displays DHCP Snooping
configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping configuration
Example
device-name#show ip dhcp snooping configuration
=====================================================================
| DHCP SNOOPI NG - CONFI GURATI ON SUMMARY |
=====================================================================
DHCP Snoopi ng modul e cur r ent st at e : ENABLE
Cur r ent Mode : RI NG MODE
Mat ch MAC addr ess : DI SABLE
DHCP Snoopi ng Dat abase Use : ENABLE
DHCP Snoopi ng Dat abase Max Ent r i es Val ue : 10000
TFTP Ser ver I P addr ess : 192. 168. 0. 34
T-Marc 300 Series User Guide

Page 19
Dhcp Snooping (Rev. 01)

The f i l ename of Upl oaded DB : snoop_db. 4. 134. t xt
The i nt er val of per i odi c upl oads i n seconds : 180
set - r el ay- agent - addr ess opt i on : conf i gur ed
DHCP Snoopi ng debug messages : DI SABLE
===========================================================
| DHCP Snoopi ng I nt er f aces St at es |
===========================================================
TRUSTED 1/ 2/ 2
UNTRUSTED 1/ 2/ 1 | 1/ 2/ 3 - 1/ 2/ 8

===========================================================
| DHCP Snoopi ng Vl ans - I nt er f ace mode |
===========================================================
VLAN I D | 1
===========================================================
| DHCP Snoopi ng Aggr egat i ons - I nt er f ace mode |
===========================================================
AGGREGATI ON TRUSTED
AGGREGATI ON UNTRUSTED AG01
=====================================================================
| DHCP Snoopi ng Opt i on 82 Conf i gur at i on |
| I nt er f ace | Opt i on For mat | Tag | Opt i on Pol i cy |
=====================================================================

on vl an: 1 asci i 00001 dr op
Displaying the DHCP-Snooping Port Information
The show ip dhcp snooping interface command displays DHCP-snooping configuration
information for port(s).
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping interface {UU/SS/PP | aggregations | all}
Argument Description
UU/SS/PP
Displays information for a specific port
aggregations
Displays information for all trusted and untrusted LAGs
all
Displays information for all trusted and untrusted ports
Example
device-name#show ip dhcp snooping interface 1/1/1
| 1/ 1/ 1 | TRUSTED
T-Marc 300 Series User Guide

Page 20
Dhcp Snooping (Rev. 01)

Displaying the DHCP-Snooping Option-82 Information
The show ip dhcp snooping option82 command displays the DHCP-snooping Option-82
configuration information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping option82
Example
device-name#show ip dhcp snooping option82
ON PORT: 1/ 1/ 2
FORMAT: ASCI I
TAG: 1
POLI CY: DROP
Displaying the Giaddr Field Information
The show ip dhcp snooping set-relay-agent-address command displays whether the giaddr
field is inserted in the DHCP packet.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping set-relay-agent-address
Example
device-name#show ip dhcp snooping set-relay-agent-address
set - r el ay- agent - addr ess i s enabl ed
T-Marc 300 Series User Guide

Page 21
Dhcp Snooping (Rev. 01)


Configuration Example
The following example is based on Figure 2 and shows how to configure DHCP Snooping on the
devices.

Figure 2: DHCP Snooping Configuration Example
Configuring Device A:
1. Enter the VLAN Configuration mode and select the default VLAN:
DeviceA(config)#vlan
DeviceA(config vlan)#config default
2. Remove ports 1/2/1 to 1/2/8 from the default VLAN:
DeviceA(config-vlan default)#remove ports 1/2/11/2/8
DeviceA(config-vlan default)#exit
3. Configure a VLAN named V9 with VLAN ID 9 and add to it a port list 1/2/11/2/8 as
untagged:
DeviceA(config vlan)#create v9 9
DeviceA(config vlan)#config v9
DeviceA(config-vlan v9)#add ports 1/2/11/2/8 untagged
DeviceA(config-vlan v9)#add ports default 1/2/11/2/8
DeviceA(config-vlan v9)#exit
DeviceA(config-vlan)#exit
4. Enable DHCP Snooping:
DeviceA(config)#ip dhcp snooping enable
5. Enable DHCP-snooping binding table:
DeviceA(config)#ip dhcp snooping binding-table enable
6. Enable DHCP-snooping on a port list 1/2/11/2/8:
DeviceA(config)#ip dhcp snooping interface-mode interface 1/2/11/2/8 vlan
9
7. Define port 1/2/3 as trusted:
DeviceA(config)#ip dhcp snooping interface 1/2/3 trusted
T-Marc 300 Series User Guide

Page 22
Dhcp Snooping (Rev. 01)

Configuring DHCP server:
1. Define a subnet number:
DHCPS(config)#service dhcp
DHCPS(config-dhcp)#subnet 9.0.0.0/8
2. Define a IP address range for clients to 9.20.1.10 up to 9.20.1.100:
DHCPS(config-dhcp-subnet)#range 9.20.1.10 9.20.1.100
DHCPS(config-dhcp-subnet)#exit
3. Enable the DHCP server:
DHCPS(config)#service dhcp enable
Configuring Host1 as DHCP client:
Restart the DHCP client:
Host1(config)#ip address dhcp renew
Checking the DHCP-Snooping database:
DeviceA#show ip dhcp snooping binding interface 1/2/5

Fl ags : V - val i d, P - per m. l ease, I - i ncompl et e, L - l ear ned, S - st at i c
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| I P addr ess | VLAN | MAC addr ess | I nt er f ace | Fl ags | Lease |
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| 9. 20. 1. 99| 9| 00: 0B: 2B: 01: 56: 86 | 1/ 2/ 5| V L | 120|
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
Display configuration information for all ports on Device A:
DeviceA#show ip dhcp snooping configuration
=====================================================================
| DHCP SNOOPI NG - CONFI GURATI ON SUMMARY |
=====================================================================
DHCP Snoopi ng modul e cur r ent st at e : ENABLE
Cur r ent Mode : I NTERFACE MODE
Mat ch MAC addr ess : DI SABLE
DHCP Snoopi ng Dat abase Use : ENABLE
DHCP Snoopi ng Dat abase Max Ent r i es Val ue : 10000
TFTP Ser ver I P addr ess : NOT CONFI GURED
The f i l ename of Upl oaded DB : NOT CONFI GURED
The i nt er val of per i odi c upl oads i n seconds : 180
set - r el ay- agent - addr ess opt i on : conf i gur ed
DHCP Snoopi ng debug messages : DI SABLE
===========================================================
| DHCP Snoopi ng I nt er f aces St at es |
===========================================================
TRUSTED 1/ 2/ 3
UNTRUSTED 1/ 2/ 5
T-Marc 300 Series User Guide

Page 23
Dhcp Snooping (Rev. 01)


===========================================================
| DHCP Snoopi ng Vl ans - I nt er f ace mode |
===========================================================
VLAN I D | 9
===========================================================
| DHCP Snoopi ng Aggr egat i ons - I nt er f ace mode |
===========================================================
AGGREGATI ON TRUSTED
AGGREGATI ON UNTRUSTED AG01
=====================================================================
| DHCP Snoopi ng Opt i on 82 Conf i gur at i on |
| I nt er f ace | Opt i on For mat | Tag | Opt i on Pol i cy |
=====================================================================
i p dhcp snoopi ng i nf or mat i on opt i on not set

T-Marc 300 Series User Guide

Page 24
Dhcp Snooping (Rev. 01)

Supported Standards, MIBs, and RFCs
Features Standards MIBs RFCs
DHCP Snooping No standards are
supported by this
feature.
Private MIB,
prvt_dhcp.mib
RFC 951, Bootstrap
Protocol (BOOTP)
RFC 1542, Clarifications
and Extensions for the
Bootstrap Protocol
RFC 2131, Dynamic Host
Configuration Protocol
RFC 2132, DHCP Options
and BOOTP Vendor
Extensions
RFC 3046, DHCP Relay
Agent Information Option


Page 1
Configuring Quality of Service (QoS) (Rev. 11)

Configuring Quality of Service (QoS)
Table of Figures 4
Overview 5
Implementation 5
Traffic Analysis 5
Basic QoS Architecture 7
The Packets QoS Attributes 8
QoS Profile 8
Sorting Packets for QoS 9
Traffic Scheduling10
Strict Priority (SP) 10
Weighted Round Robin (WRR) 11
Hybrid Scheduling12
Egress Traffic Shaping12
Storm Control12
QoS Default Configuration13
QoS Mappings Default Configuration14
Scheduler Profile Default Configuration16
Shaper Default Configuration16
Port Default Configuration16
QoS Configuration Flow17
QoS Configuration Commands18
Configuring QoS22
Configuring the Network Policy22
Applying the Network Policy per Port 23
Adding the Description for Network Policy23
Configuring the Network Ingress Policy24
Enabling/ Disabling the Trusted Mode DSCP24
Enabling/ Disabling the Trusted Mode Priority24
T-Marc 300 Series User Guide

Page 2
Configuring Quality of Service (QoS) (Rev. 11)

Applying the QoS Default Mapping on Port 25
Configuring the Network Egress Remarking25
Defining Tail-Drop Profiles26
Configuring the Network Egress Policy27
Configuring the Queue on Egress Network27
Applying Tail-Drop Profiles28
Applying the Shaping Profile28
Applying Scheduling Profile on Egress Policy29
Configuring the DSCP to FC and Color Mapping29
Configuring the Dot1p to FC and Color Mapping30
Configuring the Service Policy31
Adding the Description for the Service Policy31
Configuring the Service Ingress Policy32
Configuring the Service Queues32
Applying Tail-Drop Profiles32
Applying the Service Policy Shaping Profile33
Applying the Service Scheduling Profile33
Binding the Service Policy on a TLS Service34
Applying the Service Policy on a SAP35
Configuring the Shaper Profile36
Configuring Scheduling SP Profile37
Configuring the Scheduling WRR Profile37
Configuring the Scheduling Hybrid-1 Profile38
Configuring the Scheduling Hybrid-2 Profile38
Configuring the Scheduling Hybrid-3 Profile39
Configuring the Scheduling Hybrid-4 Profile39
Configuring the Scheduling Hybrid-5 Profile40
Configuring the Scheduling Hybrid-6 Profile40
Displaying the Network Policy Configuration41
Displaying the QoS Port Configuration43
Displaying the Scheduler Profile Configuration43
Displaying the Shaper Profile Configuration44
Displaying the Tail-Drop Profile Information45
Displaying the SAP Service Information46
Displaying the Service Policy Information47
Displaying the Dot1p to FC Mapping48
T-Marc 300 Series User Guide

Page 3
Configuring Quality of Service (QoS) (Rev. 11)

Displaying the DSCP to FC Mapping48
Displaying the Egress Mapping and Remarking50
Configuring the Traffic Type51
Displaying the Storm Control Settings 52
Filtering Egress Broadcast Packets53
Filtering Egress Unknown-Unicast Packets53
Filtering Egress Multicast Packets54
Configuration Examples55
Mapping Priority55
Configuring the DSCP-to-FC Mapping56
Configuring the Traffic Shaping Per-port57
Configuring QoS Service Policy58
Supported Platforms60
Supported Standards, MIBs, and RFCs60
T-Marc 300 Series User Guide

Page 4
Configuring Quality of Service (QoS) (Rev. 11)

Table of Figures
Figure 1: Basic QoS Architecture 7
Figure 2: 802.1p Priority Header Fields 9
Figure 3: Type of Service (ToS) Header Fields 9
Figure 4: Strict Priority Queuing11
Figure 5: Weighted Round Robin Queuing12
Figure 6: QoS Configuration Flow17

T-Marc 300 Series User Guide

Page 5
Configuring Quality of Service (QoS) (Rev. 11)

Overview
QoS refers to the mechanisms used for controlling and reserving network resources in order to
provide different priority to specific applications/ data flows and to guarantee their level of
performance.