Professional Documents
Culture Documents
!
! Techni cal Suppor t I nf or mat i on Conf i gur at i on:
!
T-Marc 300 Series User Guide
Page 31
Device Administration (Rev. 11)
************ FI LE END **********
Displaying the Script-file Name and Length
Display the names and lengths of all script files stored in the script-file system with:
dir and show script-file-system commands
CLI Mode: Script-file-system Configuration
show script-file-system command
CLI Mode: View and Privileged (Enable)
Command Syntax
device-name(config script-file-system)#dir
device-name(config script-file-system)#show script-file-system
device-name>show script-file-system
device-name#show script-file-system
Example 1
device-name(config script-file-system)#dir
Li st i ng Di r ect or y f l ash: / Usr / :
d S 2048 J an 1 1993 01: 04 . /
d 2048 J an 1 1993 00: 00 . . /
- 9017 J an 1 1993 00: 21 t est 1. cf g
- 4220 J an 1 1993 01: 04 r unni ng_conf i g. cf g
Fr ee di sk space 1929216
Example 2
device-name(config script-file-system)#show script-file-system
f l ash: / Usr / .
f l ash: / Usr / . .
f l ash: / Usr / t est 1. cf g
f l ash: / Usr / r unni ng_conf i g. cf g
Listing Files
The ls command lists files in Flash memory file system.
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#ls
T-Marc 300 Series User Guide
Page 32
Device Administration (Rev. 11)
Example
device-name(config script-file-system)#ls
Li st i ng Di r ect or y f l ash: / Usr :
d S 2048 J an 1 1993 00: 59 . /
d 2048 J an 1 1993 00: 00 . . /
- 176 J an 1 1993 03: 18 pr of i l e. cf g
- 5804 J an 1 1993 00: 12 acl . cf g
- 7069 J an 1 1993 00: 29 snmp. cf g
Fr ee di sk space 18192384
Describing the Interactive Help System
The help command provides description of the interactive help system.
CLI Mode: Script-file-system Configuration
Command Syntax
device-name(config script-file-system)#help
T-Marc 300 Series User Guide
Page 33
Device Administration (Rev. 11)
File System
Overview
The Flash file system (also called Flash:) provides commands for defining, downloading, and
deleting software images and configuration files stored in a Flash memory. In addition, users can
define the different Loader parameters using the Flash file system.
The File System Default Folders
Table 11: System Directories Default Configuration
Directory Description
\Boot\ Contains all executable applications and firmware
images
\Log\ Stores all logs of the system operation
\Usr\ Contains all configuration scripts of the system
\Etc\ Contains default startup configuration
\Hidden\ Internal settings storage
\J ava\ Not supported
NOTE
The system directories are locked for editing.
Table 12: Default System File Names and Settings
Parameter Default Value
Startup configuration name dflt_startup.cfg
Image name Image.Z
Auto-boot timeout 5 seconds
BiNOS System Loader password batm
T-Marc 300 Series User Guide
Page 34
Device Administration (Rev. 11)
The File System Commands
Table 13: File System Directories Commands
Command Description
format
Formats the file system and removes its contents
(see Formatting the File System)
mkdir
Creates a new directory (see Creating a New Directory)
rmdir
Deletes a directory (see Deleting a Directory)
dir
Displays the contents of the current directory
(see Displaying the File System Contents)
pwd
Displays the working directory (see Displaying the Working Directory)
Table 14: File Content Management Commands
Command Description
copy
Copies a file from a TFTP server or from the local Flash system to the
specified path (see Copying a File)
rename
Renames a file (see Renaming a File)
move
Removes a file from its current location and places it at a new location
(see Moving a File)
del
Deletes a specified file (see Deleting a File)
display
Displays the contents of a text file (see Displaying the File Contents)
T-Marc 300 Series User Guide
Page 35
Device Administration (Rev. 11)
Formatting the File System
The format command formats the file system and removes its contents.
CLI Mode: Loader and Privileged (Enable)
After the next start of the loader (or start-up of downloaded application), the default set of system
directories will be restored automatically. The command deletes all saved configuration files
(starting configuration).
Command Syntax
Loader>format [DEVICE-NAME]
device-name#format [DEVICE-NAME]
Argument Description
DEVICE-NAME
The device name, valid device can be flash:/
Creating a New Directory
The mkdir command creates a new directory.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>mkdir PATH
device-name#mkdir PATH
Argument Description
PATH
The destination path (directory) ends with the new directory that is created. The
directory name is a case insensitive string.
Deleting a Directory
The rmdir command deletes a directory.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>rmdir [PATH]
device-name#rmdir [PATH]
Argument Description
PATH
The path ends with the directory to be deleted. The directory name is a case
insensitive string.
T-Marc 300 Series User Guide
Page 36
Device Administration (Rev. 11)
NOTE
Non-empty and system directories cannot be removed.
Displaying the File System Contents
The dir command displays a list of files in the file system.
CLI Mode: Loader, View and Privileged (Enable)
This command is equivalent to the ls command in all modes.
Command Syntax
Loader>dir [PATH]
device-name>dir [PATH]
device-name#dir [PATH]
Argument Description
PATH
(Optional) the name of a selected directory, which contents is displayed. The
directory name is a case insensitive string.
Displaying the Working Directory
The pwd command displays the working directory.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>pwd
device-name#pwd
Copying a File
The copy command copies a file from a TFTP/ FTP/ SFTP server or from the local Flash system
to another location. The name of the file can be optionally changed.
CLI Mode: Loader and Privileged (Enable)
This command is equivalent to the cp command in all modes.
Command Syntax (for Local Flash System)
Loader>copy [[device://]path/]file-name [[device1://]path1/]file-name1
device-name#copy [[device://]path/]file-name [[device1://]path1/]file-name1
Command Syntax (for TFTP/FTP Server)
Loader>copy protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
T-Marc 300 Series User Guide
Page 37
Device Administration (Rev. 11)
device-name#copy protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Command Syntax (for SFTP Server)
Loader>copy device://user:pass@host/[path/]file-name
device1/user1:pass1@host1/[path1/]file-name1
device-name#copy device://user:pass@host/[path/]file-name
device1/user1:pass1@host1/[path1/]file-name1
Argument Description
device
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
dath
(Optional) the path to the location where the file is copied.
protocol,
protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
path1
(Optional) the path to the location where the file is copied.
file-name1
The destination file name.
Examples
The following command copies a file from a TFTP server to the local / Usr directory:
device-name#copy tftp://10.0.0.60/test usr/test1
The following command copies a file from the local Flash root directory to a remote TFTP
server:
device-name#copy flash://profile.cfg tftp://10.0.0.60/profile.cfg
T-Marc 300 Series User Guide
Page 38
Device Administration (Rev. 11)
Renaming a File
The rename command renames a file.
CLI Mode: Loader and Privileged (Enable)
Command Syntax (for Local Flash System)
Loader>rename [path/]file-name NEW-FILE-NAME
device-name#rename [path/]file-name NEW-FILE-NAME
Command Syntax (for SFTP Server)
Loader>rename device://user:pass@host/[path/]file-name NEW-FILE-NAME
device-name#rename device://user:pass@host/[path/]file-name NEW-FILE-NAME
Argument Description
device
(Optional) the device on which the file to be renamed is stored. It can be a
SFTP server (in format sftp://user:pass@A.B.C.D), or the local Flash
system (in format flash:/)
path
(Optional) the path to the file to be renamed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
host
Specifies the server IP address in A.B.C.D format.
file-name
The original name of the file to be renamed.
NEW-FILE-NAME
The new name assigned to the file.
Moving a File
The move command removes a file from its current location and places it at a new location. The
name of the file can be optionally changed.
CLI Mode: Loader and Privileged (Enable)
This command is equivalent to the mv command in all modes.
Command Syntax (for Local Flash System)
Loader>move [[device://]path/]file-name [[device1://]path1/]file-name1
device-name#move [[device://]path/]file-name [[device1://]path1/]file-name1
Command Syntax (for TFTP/FTP Server)
Loader>move protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
device-name#move protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
T-Marc 300 Series User Guide
Page 39
Device Administration (Rev. 11)
Argument Description
device/
(Optional) the device from which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D), or the local
Flash system (in format flash:/)
path
(Optional) the path to the location where the file is moved.
protocol,
protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is moved. It can be a TFTP server
(in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D), or the local Flash
system (in format flash:/)
path1
(Optional) the path to the location where the file is moved.
file-name1
The destination file name.
Deleting a File
The del command deletes the specified file.
CLI Mode: Loader and Privileged (Enable)
This command is equivalent to the rm command.
Command Syntax (for Local Flash System)
Loader>del [path/]file-name
device-name#del [path/]file-name
Command Syntax (for SFTP Server)
Loader>del device://user:pass@host/[path/]file-name
device-name#del device://user:pass@host/[path/]file-name
Argument Description
device/
(Optional) the device from which the file is removed. It can be a SFTP
server (in format sftp://user:pass@A.B.C.D), or the local Flash system (in
format flash:/)
path
(Optional) the path to the location where the file is removed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
T-Marc 300 Series User Guide
Page 40
Device Administration (Rev. 11)
host
Specifies the server IP address in A.B.C.D format.
file-name
The name of the file to be removed.
Displaying the File Contents
The display command displays the contents of a text file.
CLI Mode: Loader, View and Privileged (Enable)
The command must not be applied to binary files.
Command Syntax
Loader>display {[path/] | [device://[path/]]}file-name [dump][START]
device-name>display {[path/] | [device://[path/]]}file-name [dump]
device-name#display {[path/] | [device://[path/]]}file-name [dump]
Argument Description
path
(Optional). The path to the file to be displayed. The path should end with
the name of the file.
device:
(Optional). The device on which the file to be displayed is stored. Can only
be flash:/ meaning the local Flash system.
device:path
(Optional). The device and the path to the file to be displayed. The path
should end with the name of the file.
file-name
The name of the file.
dump
(Optional). HEX format.
START
(Optional). Start offset.
NOTE
The dump option is mandatory to display binary files.
T-Marc 300 Series User Guide
Page 41
Device Administration (Rev. 11)
Modifying the Default Configuration
The default settings feature allows you to modify the running configuration according your
preferences and saves it as a default configuration.
Default Configuration Commands
Table 15: Default Configuration Commands
Command Description
copy running-config
default-config
Saves the running configuration as a default configuration
(see Modifying the Default Configuration)
copy default-config
Copies the default configuration to a TFTP/FTP server or to the
local Flash system
(see Copying the Default Configuration to a Specific Location)
copy
Copies the default configuration from a TFTP/FTP server or from
the local Flash system
(see Copying the Default Configuration from a Specific Location)
write erase default
Clears the default configuration
(see Clearing the Default Configuration)
show default-config
Displays the default configuration ( see Displaying the Default
Configuration)
T-Marc 300 Series User Guide
Page 42
Device Administration (Rev. 11)
Modifying the Default Configuration
The copy running-config default-config command saves the running configuration as a
default configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#copy running-config default-config
Copying the Default Configuration to a Specific Location
The copy default-config command copies the default configuration to a TFTP/ FTP server or
to the local Flash system.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#copy default-config [<device>:[<server IP>/]][<path>]<file name>
Argument Description
device/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D), a FTP server (in format ftp://user:pass@A.B.C.D), or the
local Flash system (in format flash:/):
userspecifies the name of the user performing the operation
passspecifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, no need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path to which the file is copied. The path should
end with the name of the file.
server IP
Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name
The original file name.
Copying the Default Configuration from a Specific Location
The copy command copies the default configuration from a TFTP/ FTP server or from the local
Flash system.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#copy [[<device>:[<server IP>/]][<path>]<file name> default-config
T-Marc 300 Series User Guide
Page 43
Device Administration (Rev. 11)
Argument Description
device/
(Optional) the device from which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D), a FTP server (in format ftp://user:pass@A.B.C.D), or
the local Flash system (in format flash:/):
userspecifies the name of the user performing the operation
passspecifies the password that authenticates the specified username.
Symbol (@) following the password is required
For the TFTP server, no need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path from which the file is copied. The path should
end with the name of the file.
server IP
Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name
The original file name.
Clearing the Default Configuration
The write erase default command clears the default configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#write erase default
Displaying the Default Configuration
The show default-config command displays the default configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show default-config
Example
device-name#show default-config
! Def aul t Conf i gur at i on:
!
. . .
! Et her net i n t he Fi r st Mi l e OAM
!
! ef m- oamdi sabl e
!
. . .
T-Marc 300 Series User Guide
Page 44
Device Administration (Rev. 11)
Zero-Touch Configuration
Overview
Zero-touch configuration is a set of operations that provides two options for automatically
configuring the device:
Via IP address that is assigned manually (static IP address).
Via IP address that is obtained from a DHCP server (dynamic IP address).
The BiNOS configuration file is downloaded from a TFTP server after the device reloads to
defaults. The configuration details are stored in NVRAM.
In case of a zero-touch configuration failure, the factory default configuration is executed.
NOTE
When using a DHCP client, the system administrator has to configure a TFTP
server IP address (the siaddr field as specified in RFC 2131) and a Boot filename (the
filename field as specified in RFC 2131) on the DHCP server.
The example displays part of the DHCP server configuration file:
next-server X.X.X.X;
filename configfile.cfg
Zero-touch Configuration Default Configuration
Table 16: Zero-touch Configuration Default Configuration
Feature Default Value
Zero Touch Configuration Disabled
TFTP IP address 0.0.0.0
Configuration file Not saved to NVRAM
Number of retries 3 times
The time interval between each retry 64 seconds
T-Marc 300 Series User Guide
Page 45
Device Administration (Rev. 11)
Zero-touch Configuration Commands
Table 17: Zero-touch Configuration Commands
Command Description
configure zero-touch
Enters the Zero-touch Configuration mode
(see Accessing the Zero-touch Configuration Mode)
zero-touch
Enables/disables the zero-touch configuration feature
(see Enabling/disabling the Zero-touch Configuration)
ip-address
Specifies the device IP address
(see Specifying the Device IP Address)
tftp-server
Specifies the TFTP IP address
(see Specifying the TFTP IP Address)
config-file
Specifies the path to the configuration file
(see Specifying the Location of the Configuration File)
save-configuration
Saves the downloaded configuration file to NVRAM
(see Saving the Configuration File to NVRAM)
retry-max
Specifies the maximum number of retries for downloading
the configuration file
(see Specifying the Number of Retries for Downloading the
Configuration File)
execute
Forces the device to reach the TFTP server and to obtain
the required configuration file
(see Forcing the Device to Reach the TFTP Server)
show zero-touch
show
Display the zero-touch configuration details
(see Displaying the Zero-touch Configuration)
T-Marc 300 Series User Guide
Page 46
Device Administration (Rev. 11)
Accessing the Zero-touch Configuration Mode
The configure zero-touch command enters the Zero-touch Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name#configure zero-touch
device-name(zero-touch)#
Enabling/disabling the Zero-touch Configuration
The zero-touch command enables/ disables the zero-touch configuration feature.
CLI Mode: Zero-touch Configuration
By default, zero-touch configuration feature is disabled.
Command Syntax
device-name(zero-touch)#zero-touch
device-name(zero-touch)#no zero-touch
Argument Description
no
Restores to default
Specifying the Device IP Address
The ip-address command specifies the device IP address.
CLI Mode: Zero-touch Configuration
Command Syntax
device-name(zero-touch)#ip-address A.B.C.D/M
device-name(zero-touch)#no ip-address
Argument Description
A.B.C.D/M
Specifies the device IP address and mask manually
no
Obtains the device IP address via DHCP
T-Marc 300 Series User Guide
Page 47
Device Administration (Rev. 11)
Specifying the TFTP IP Address
The tftp-address command specifies the TFTP IP address.
CLI Mode: Zero-touch Configuration
By default, the TFTP IP address is 0.0.0.0.
Command Syntax
device-name(zero-touch)#tftp-server A.B.C.D
device-name(zero-touch)#no tftp-server
Argument Description
A.B.C.D
Specifies the TFTP IP address
no
Restores to default
Specifying the Location of the Configuration File
The config-file command specifies the path to the configuration file.
CLI Mode: Zero-touch Configuration
Command Syntax
device-name(zero-touch)#config-file [<path>]<file name>
device-name(zero-touch)#no config-file
Argument Description
[<path>]<file name>
Specifies the original path to the configuration file. The path
should end with the name of the file. The maximum length of the
path is 20 symbols.
no
Removes the necessity of obtaining the configuration file from
the TFTP server
Saving the Configuration File to NVRAM
The save-configuration command saves the downloaded configuration file to NVRAM.
CLI Mode: Zero-touch Configuration
By default, the configuration file is not saved to NVRAM.
Command Syntax
device-name(zero-touch)#save-configuration
device-name(zero-touch)#no save-configuration
T-Marc 300 Series User Guide
Page 48
Device Administration (Rev. 11)
Argument Description
no
Restores to default
Specifying the Number of Retries for Downloading the
Configuration File
The retry-max command specifies the maximum number of retries for downloading the
configuration file.
CLI Mode: Zero-touch Configuration
By default:
the number of retries is 3 times
the time interval between each retry is 64 seconds
Command Syntax
device-name(zero-touch)#retry-max <1-10>
Argument Description
1-10
Specifies the number of retries.
Forcing the Device to Reach the TFTP Server
The execute command forces the device to reach the TFTP server and to obtain the required
configuration file. If the downloading is completed successfully, the configuration file is saved as a
start-up configuration, and it is not executed.
CLI Mode: Zero-touch Configuration
Command Syntax
device-name(zero-touch)#execute
Displaying the Zero-touch Configuration
The show command and the show zero-touch command display the zero-touch configuration
details.
CLI Mode: Privileged (Enable) and Zero-touch Configuration
Command Syntax
device-name#show zero-touch
device-name(zero-touch)#show
T-Marc 300 Series User Guide
Page 49
Device Administration (Rev. 11)
Example 1
device-name(zero-touch)#show
St at e = di sabl ed
I P addr ess = 9. 0. 0. 1/ 8
TFTP ser ver = 9. 0. 0. 34
Conf i gur at i on f i l e = di r name/ devi ce. cf g
Save f i l e t o NVRAM = Di sabl ed
Number of r et r i es = 3
St at us =
Example 2
device-name#show zero-touch
St at e = di sabl ed
I p addr ess = 0. 0. 0. 0/ 0
TFTP ser ver = 0. 0. 0. 0
Conf i gur at i on f i l e =
Save f i l e t o NVRAM = Di sabl ed
Number of r et r i es = 3
St at us =
T-Marc 300 Series User Guide
Page 50
Device Administration (Rev. 11)
Software Upgrade and Boot Options
Preparing to Download a BiNOS Software Image
Using TFTP/FTP Connection
Before you begin to download a file from a TFTP/ FTP server, take the following precautions:
1. Make sure that the device has a route to the TFTP/ FTP server. The device and the
TFTP/ FTP server must be in the same subnet, if you do not have a router to route traffic
between subnets. Check the connection to the TFTP/ FTP server using the ping command
(refer to the TroubleshootingandMonitoringchapter of this User Guide).
2. Make sure that the software image file is in the download directory on the TFTP/ FTP server.
3. Make sure that you have at least Readpermissions for the software image for your username.
4. A power outage (or other problem) during the download procedure can corrupt the Flash
code. If the Flash code is corrupted, connect to the device through the console port, format
the Flash memory and download the application (see the Boot Loader section of the current
chapter).
Make sure that there is enough free space in the bootflash (at least 9.5 MB). To verify
this, use the dir command, as illustrated in the example below:
device-name#dir
Li st i ng Di r ect or y f l ash: / :
d S 2048 J an 1 1993 01: 37 Boot /
d S 2048 J an 1 1980 00: 00 Et c/
d S 2048 J an 1 1980 00: 00 J ava/
d S 2048 J an 1 1980 00: 00 Log/
d S 2048 J an 1 1993 00: 59 Usr /
d SH 2048 J an 1 1993 00: 00 Hi dden/
- 43796 J an 1 1993 00: 00 df l t _st ar t up_bi n. cf g
- 217 J an 1 1993 03: 12 pr of i l e. cf g
- 2483 J an 1 1993 03: 37 st ar t . cf g-
Fr ee di sk space 4511744
If necessary, delete unnecessary files to free some space:
device-name#del <foldername>/<file_name>
Example:
device-name#del boot/T-Marc 380_bm_fisw_7_1_TMC3.Z
T-Marc 300 Series User Guide
Page 51
Device Administration (Rev. 11)
Downloading the BiNOS Software Image
To download a BiNOS software image from the TFTP/ FTP server, proceed as follows:
1. Log on to the device through the console port or through a Telnet session and type your
password.
2. Enter the Privileged (Enable) mode.
3. Use the upgrade boot-profile command to upgrade the software image:
device-name#upgrade boot-profile tftp://<TFTP_server_IP_adress>/
<software_image filename> <local_software_image filename>
Example 1:
device-name#upgrade boot-profile tftp://9.0.0.7/BiNOS-v9.4.Z BiNOS-
v9.4.Z
TFTP r ecei vi ng appl i cat i on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appl i cat i on upgr ade compl et ed
An alternative method to upgrade the software image in two steps is by using the copy
application command and then the application command:
device-name#copy application tftp://<TFTP_server_IP_adress>/
<software_image filename>
device-name#configure boot-param
device-name(boot param)#application <local_software_image filename>
Example 2:
device-name#copy application t f t p: / / 9.0.0.7/BiNOS-v9.4.Z
TFTP r ecei vi ng f i l e . . . 5300324
I mage Si ze = 0x50E036 CRC Val ue = 0xD66707AE
device-name#configure boot-param
device-name(boot param)#application BiNOS-v9.4.Z
4. If the upgrade fails, verify that precautions above are taken.
5. To run the new software image, reload the device using the reload save command.
6. After the device reloads, type the show version command to verify the current device version
and the show running-config command to check the configuration of the device (refer to
the DeviceSetupandMaintenancechapter of this User Guide) .
T-Marc 300 Series User Guide
Page 52
Device Administration (Rev. 11)
Commands for Upgrading Software Images
Table 18: Commands for Upgrading Software Images
Command Description
upgrade boot-profile
Downloads a new software image and sets boot statements to
load the new image on startup.
(see Upgrading the BiNOS Software Image)
copy application
Downloads a new software image to the device
(see Downloading a New BiNOS Software Image)
application
Boots the device with the new image
(see Applying the New Boot Statement)
Table 19: Boot Commands for Upgrading Software Images
Command Description
device
Displays the current software image location (see Displaying and
Specifying the Software Image Location)
ftp-password
Displays the FTP connection password (see Displaying and
Specifying the FTP Password)
ftp-server
Displays the FTP server IP-address (see Displaying and
Specifying the FTP Server IP-Address)
ftp-user
Displays the FTP username (see Displaying and Specifying the
FTP Username)
startup-config
Specifies which startup configuration file is loaded on startup (see
Specifying the Startup Configuration File)
show
Displays the current boot statement (see Displaying Boot
Statements)
Table 20: Display Commands
Command Description
show version
Displays the inventory information regarding the software versions
of the device
(see Displaying the Information Regarding the Software Versions)
show manufacturing-
details
Displays detailed hardware information
(see Displaying Hardware Information)
show uptime
Displays how long the selected device has been operational
(see Displaying the Device Uptime)
T-Marc 300 Series User Guide
Page 53
Device Administration (Rev. 11)
Upgrading the BiNOS Software Image
The upgrade boot-profile command downloads a new software image and sets boot statements
to load the new image on startup.
CLI Mode: Privileged (Enable)
Command Syntax (for Local Flash System)
device-name#upgrade boot-profile {[[device://]path/]file-name DESTINATION
FILE-NAME | apply [device/]path/]file-name}
Command Syntax (for TFTP/FTP Server)
device-name#upgrade boot-profile {protocol://[user[:pass]@]host[:port]/file-
name DESTINATION FILE-NAME | apply
protocol://[user[:pass]@]host[:port]/file-name}
Argument Description
device
(Optional) the device from which the file is copied. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, ftp://user:pass@A.B.C.D) or as the local
Flash system (in format flash:/).
path
(Optional) the path where the file is located
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port
(Optional) specifies the port number.
file-name
The original name of the file.
DESTINATION-
FILE-NAME
The destination file name as it appears on the local Flash system.
apply
Applies directly the new boot statement.
PARAMS
Specifies the parameters to be applied in the following format:
[[device/]path/]file-name, when flash:/ system is used.
protocol//[user[:pass]@]host[:port]/file-name, when TFTP or FTP
server is used.
T-Marc 300 Series User Guide
Page 54
Device Administration (Rev. 11)
Example
The example specifies that the new application image is downloaded via TFTP from server with IP
10.3.71.101. It is searched in a directory called / MyApps/ under the TFTP server root directory.
The application filename on the TFTP server is Imagev1.5.Z; it is stored under the / Boot
directory on the local file system as BootAppv1.5.Z after it is validated; the boot parameters device
and Application are set to local and BootAppv1.5.Z.
device-name#upgrade boot-profile tftp://10.3.71.101/MyApps/Imagev1.5.Z
flash://Boot/BootAppv1.5.Z
Downloading a New BiNOS Software Image
The copy application command downloads a new software image to the device.
CLI Mode: Privileged (Enable)
Command Syntax (for local Flash System)
device-name#copy appl i cat i on [ [ device://] path] file-name [ DESTINATION-FILE-
NAME] [ no- val i dat i on]
Command Syntax (for TFTP/FTP Server)
device-name#copy appl i cat i on protocol:/ / [ user[ :pass] @] host[ :port] / file-name
[ DESTINATION-FILE-NAME] [ no- val i dat i on]
Argument Description
device
(Optional) the device from which the file is copied. It can be a
TFTP/FTP server (in format tftp://A.B.C.D, ftp://user:pass@A.B.C.D)
or as the local Flash system (in format flash:/).
path
(Optional) the path where the file is located
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and
port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
file-name
The original name of the file.
DESTINATION-FILE-
NAME
The destination file name as it will appear on the local Flash system.
no-validation
(Optional) skips the image validation check.
Example
device-name#copy application tftp://192.168.0.2/image.Z
T-Marc 300 Series User Guide
Page 55
Device Administration (Rev. 11)
Applying the New Boot Statement
The application FILE NAME command boots the device with the new image.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#application FILE-NAME
Argument Description
FILE-NAME
The name of the image file, a case-sensitive string.
Displaying and Specifying the Software Image Location
The device command displays the current software image location. Use one of the below
command arguments to specify the software image location.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#device [local | network]
Argument Description
local
(Optional). The device boots from the local software image
Local Flash file system
network
(Optional). The device boots from a remote software image, using an FTP
server. Currently this option is not supported because an OutBound interface is
not available.
Displaying and Specifying the FTP Password
The ftp-password command displays the FTP connection password. Use the command argument
to specify the FTP password.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#ftp-password [PASSWORD]
Argument Description
PASSWORD
(Optional) specifies the password used for the FTP connection
T-Marc 300 Series User Guide
Page 56
Device Administration (Rev. 11)
Displaying and Specifying the FTP Server IP-Address
The ftp-server command displays the FTP server IP-address. Use the command argument to
specify the FTP server IP-address.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#ftp-server [A.B.C.D]
Argument Description
A.B.C.D
(Optional) specifies the FTP server IP-address
Displaying and Specifying the FTP Username
The ftp-user command displays the FTP username. Use the command argument to specify the
FTP username.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#ftp-user [NAME]
Argument Description
NAME
(Optional) specifies the FTP username
Specifying the Startup Configuration File
The startup-config command specifies which startup configuration file is loaded on startup.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#startup-config {FILE | binary {FILE | default} |
default}
Argument Description
FILE
The startup configuration filename
binary
Loads the startup configuration file in a binary format
default
Loads the default startup configuration file
T-Marc 300 Series User Guide
Page 57
Device Administration (Rev. 11)
Displaying Boot Statements
The show command displays the current boot statement.
CLI Mode: Boot Param Configuration
Command Syntax
device-name(boot param)#show
device-name(boot param)#application
Example 1
device-name(boot param)#show
I P addr ess = 2. 2. 2. 2: f f f f f f 00
Devi ce = l ocal
Appl i cat i on = Bi NOS- TMar c_3X0- 9. 4. 3. TMC3- pr e3. Z
St ar t up conf i gur at i on =
St at up bi nar y conf i g =
FTP ser ver = 2. 2. 2. 1
FTP user = mar k3
FTP passwor d = mar k3
Boot f l ags =
Example 2
device-name(boot param)#application
Bi NOS- TMar c_3X0- 9. 4. 3. TMC3- pr e3. Z
Displaying the Information Regarding the Software Versions
The show version command displays the inventory information regarding the software versions
of the device.
CLI Mode: View and Privileged (Enable)
The command displays the following information:
Device modelthe platform name
SW versiondisplays the installed application image
Java versionnot loaded
Loader versiondisplays the installed Loader image
Up timedisplays the time elapsed since the device is turned on
Command Syntax
device-name>show version
device-name#show version
T-Marc 300 Series User Guide
Page 58
Device Administration (Rev. 11)
Example
device-name#show version
BATM Advanced Communi cat i ons
Devi ce model : T- Mar c 380
Pr oduct Cat egor y : AccessEt her net ( TM)
Devi ce r unni ng SWver si on : 10. 1- pr e8 cr eat ed Mar 17 2010 - 20: 19: 58
Devi ce Def aul t SWf i l e : Bi NOS- TMar c_3X0- 10. 1. BETA- dev26. Z
Devi ce Def aul t SWver si on : 10. 1- pr e8
Bi NOSVi ew f i l e : j ava. i mg - NOT FOUND
Bi NOSVi ew ver si on : -
FPGA ver si on : 1. 2 ( mai nt / bui l d 9/ 1)
Loader ver si on : 8. 2. 0 cr eat ed J an 31 2008 - 16: 29: 48
Up t i me : 0 days, 0 hour s, 45 mi n, 16 sec.
Displaying Hardware Information
The show manufacturing-details command displays detailed hardware information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show manufacturing-details
Example
device-name#show manufacturing-details
Ser i al number : 8807340077
Assembl y No : AL001350
HWr evi si on : 05
HWsubr evi si on : 02
Displaying the Device Uptime
The show uptime command displays how long the selected device has been operational.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show uptime
Example:
T-Marc 300 Series User Guide
Page 59
Device Administration (Rev. 11)
device-name#show uptime
Up t i me : 0 days, 4 hour s, 1 mi n, 52 sec.
T-Marc 300 Series User Guide
Page 60
Device Administration (Rev. 11)
Downloading and Uploading Configuration Files
You can perform the following operations:
Download new embedded software versions to the Flash memory component of the device
Save the startup configuration on a remote server
Load a startup configuration from a remote server
Save the startup configuration as the running configuration
Table 21: Commands for Downloading and Uploading Configuration Files
Command Description
copy FILE-NAME
startup-config
Loads a start-up configuration with a specified file name from a
remote server (see Downloading the Startup Configuration)
copy FILE-NAME
running-config
Loads a running-configuration with a specified file name, from a
remote server (see Downloading the Running Configuration)
copy startup-config
Saves a copy of the start-up configuration on a remote server
(see Copying the Start-up Configuration)
copy running-config
Saves a copy of the running configuration on a remote server
(see Copying the Running Configuration)
copy running-config
startup-config
Saves the current running-configuration to the start-up configuration
file in NVRAM (see Saving the Device Configuration)
reload
Reloads the device (see Reloading the Operating System)
Downloading the Startup Configuration
The copy FILE-NAME startup-config command loads a start-up configuration with a specified
file name from a remote server.
CLI Mode: Privileged (Enable)
After the configuration is downloaded, you need to reload the device. When the device completes
booting, it treats the downloaded configuration file as a script of CLI commands, and automatically
executes them. If your CLI connection is through Telnet, the connection is terminated when the
device reloads, but the commands execute normally.
NOTE
After using this command, use the r el oad no- save command. Otherwise, the
downloaded configuration is removed.
T-Marc 300 Series User Guide
Page 61
Device Administration (Rev. 11)
Command Syntax (for Local Flash System)
device-name#copy [[device/]path]file-name startup-config
Command Syntax (for TFTP/FTP Server)
device-name#copy protocol://[user[:pass]@]host[:port]/file-name startup-
config
Command Syntax (for SFTP Server)
device-name#copy device/user:pass@host/[path/]file-name startup-config
Argument Description
device
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
user
(Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path from which the file is copied. The path
ends with the name of the file.
file-name
The original file name.
Example
The following command downloads the start-up configuration file named START001located on
the TFTP server at IP address 192.192.54.1:
device-name#copy tftp://192.192.54.1/START001 startup-config
Downloading the Running Configuration
The copy FILE-NAME running-config command loads the running-configuration with the
specified file name from a remote server.
CLI Mode: Privileged (Enable)
Command Syntax (for Local Flash System)
device-name#copy [[device/]path]file-name runni ng- conf i g
Command Syntax (for TFTP/FTP Server)
device-name#copy protocol://[user[:pass]@]host[:port]/file-name runni ng-
conf i g
T-Marc 300 Series User Guide
Page 62
Device Administration (Rev. 11)
Command Syntax (for SFTP Server)
device-name#copy device/user:pass@host/[path/]file-name runni ng- conf i g
Argument Description
device/
(Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D),as the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D).
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
path
(Optional) the exact location path from which the file is copied. The path
should end with the name of the file.
file-name
The original file name.
Example
The following command downloads the running-configuration file named RUN001located on the
TFTP server at IP address 192.192.54.1:
device-name#copy tftp://192.192.54.1/RUN001 running-config
Copying the Start-up Configuration
The copy startup-config command saves a copy of the start-up configuration on a remote
server to a specific folder under a specified file name.
CLI Mode: Privileged (Enable)
When you upload the current configuration, you can modify the configuration using a text editor.
Command Syntax (for Local Flash System and TFTP/FTP Server)
device-name#copy startup-config [<device>:[<server IP>/]][<path>]<file name>
Command Syntax (for SFTP Server)
device-name#copy startup-config device/user:pass@host/[path/]file-name
Argument Description
device/
(Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://:A.B.C.D), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D).
server IP
Server IP address.
T-Marc 300 Series User Guide
Page 63
Device Administration (Rev. 11)
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
For the TFTP server, not need to specify the user, password and port
For the FTP server, no need to specify the port number
path
(Optional) the exact location path where the file is copied.
file-name
The original file name.
Example
The following command uploads the start-up configuration under a file named START002 located
on the TFTP server at IP address 192.192.54.1:
device-name#copy startup-config tftp://192.192.54.1/START002
Copying the Running Configuration
The copy running-config command saves a copy of the running configuration on a remote
server to a specific folder under a specified file name.
CLI Mode: Privileged (Enable)
When you upload the current configuration, you can modify the configuration using a text editor.
Command Syntax (for Local Flash System and TFTP/FTP Server)
device-name#copy running-config [<device>:[<server IP>/]][<path>]<file name>
Command Syntax (for SFTP Server)
device-name#copy running-config device/user:pass@host/[path/]file-name
Argument Description
device/
(Optional). The device to which the file is to be copied. It can be a TFTP
server (in format tftp://:A.B.C.D), the local flash system (in format flash:/), or
a SFTP server (in format sftp://A.B.C.D).
server IP
(Optional). Server IP address.
path
(Optional). The exact location path where the file is to be copied.
file-name
The original file name.
Example
The following command uploads the running-configuration under a new file named RUN002 on
the TFTP server at IP address 192.192.54.1:
device-name#copy running-config tftp://192.192.54.1/RUN002
T-Marc 300 Series User Guide
Page 64
Device Administration (Rev. 11)
Saving the Device Configuration
The copy running-config startup-config command saves the current running configuration
to the start-up configuration file in NVRAM.
CLI Mode: Privileged (Enable)
This command is equivalent to the write memory command in Privileged (Enable) mode (refer to
the DeviceSetupandMaintenancechapter of the BiNOS User Guide).
Command Syntax
device-name#copy running-config startup-config
Reloading the Operating System
The reload command reloads the device.
CLI Mode: Privileged (Enable)
NOTE
Use the r el oad command after configuration information is entered into a file and
saved to the startup configuration.
The r el oad command requires confirmation before reloading!
NOTE
The r el oad t o- def aul t s command does not affect the contents of the file system.
Command Syntax
device-name#reload [save | no-save | to-defaults]
Argument Description
save
(Optional). Saves the running configuration to NVRAM and restart the
device. This is the default status.
no-save
(Optional). Does not save the current running configuration and restart the
device.
to-defaults
(Optional). Sets the device configuration to its factory defaults and restart.
Example 1
Saving the current configuration and reloading the device:
device-name#reload save
Save cur r ent conf i gur at i on and r eboot t he devi ce ? [ y/ n] : y
Reboot i ng . . .
T-Marc 300 Series User Guide
Page 65
Device Administration (Rev. 11)
Example 2
Reloading the device without saving the current configuration:
device-name#reload no-save
Pr oceed wi t h r el oad ? [ y/ n] : y
Reboot i ng . . .
T-Marc 300 Series User Guide
Page 66
Device Administration (Rev. 11)
Boot Loader
Overview
The boot process performs low-level CPU initialization, and loads a default operating system
software image into memory and boots the device.
When starting, the loader counts down a few seconds, allowing you an entry point into the loader
CLI. The loader then passes to interactive mode, requests a login password, and starts a CLI
session. If no key is pressed, the device initiates the auto-startup application is started.
Initially the device expects the default password batm. This password may be changed by using the
password loader command (refer to the DeviceSetupandMaintenancechapter of the BiNOS User
Guide).
While the device reboots, numbers appear on the console terminal following the line Pressanykeyto
stopauto-boot.... To enter the Loader mode, press <Enter> while the numbers are running.
device-name#reload no-save
Pr oceed wi t h r el oad ? [ y/ n] : y
Reboot i ng . . .
BATM Tel co Boot Loader
Devi ce model : T- Mar c 380
Loader ver si on : 8. 0. 0 cr eat ed Oct 29 2007 - 21: 59: 11
MAC Addr ess : 00: A0: 12: 27: 0E: E0
usr Boot Li neI ni t f i ni sh OK
At t achi ng net wor k i nt er f ace l o0. . . done.
Pr ess any key t o st op aut o- boot . . .
2
st ar t CLI
User Access Ver i f i cat i on
Passwor d: bat m
Loader>
T-Marc 300 Series User Guide
Page 67
Device Administration (Rev. 11)
The Device Loader's Default Configuration
Table 22: Default Loader Configuration
Feature Default Value
Password batm
Block start address 0
Block length 256
Simulation of CPM redundancy Disabled
The Loader Commands
Table 23: Loader Application Commands
Command Description
start application
Exits the loader and starts using the BiNOS software image
(see Starting the BiNOS Software Image)
copy application
Downloads the software image to the device by using TFTP
server
(see Downloading the Application Software by using TFTP)
download application
Downloads the BiNOS application using X-modem (see
Downloading the BiNOS Application by Using X-modem)
ip-address
Displays the OutBand port IP address
(see Displaying the Device IP Address and Mask)
version
Displays the device model type and the loader version
(see Displaying the Loader Version)
manufacturing-details
Displays detailed hardware information of the board
(see Displaying Hardware Details)
Table 24: Loader Configuration Commands
Command Description
config
Enters the loader configuration mode (see Loader
Configuration Mode)
ip-address
Displays the OutBand port IP address and subnet mask
(see Displaying and Specifying the OutBand Port IP Address)
mac-address
Displays the device MAC address
(see Displaying and Specifying the MAC Address)
clean startup-config
Sets the startup configuration file to the factory default values
(see Resetting the Startup Configuration File)
clean boot-config
Clears the Loader EEPROM
(see Deleting the Boot Configuration)
clean log-history
Cleans all history records (see Erasing Log History Records)
clean flash all
Cleans the Flash memory (see Cleaning the Flash Memory)
backup
Makes a backup copy of the Flash or EEPROM memory
T-Marc 300 Series User Guide
Page 68
Device Administration (Rev. 11)
Command Description
contents (see Making a Backup Copy)
refresh flash
Rewrites the Flash memory (see Rewriting the Flash Memory)
restore flash
Restores the Flash memory
(see Restoring the Flash Memory)
Table 25: The Boot Parameters Commands
NOTE
Currently these commands are not supported because the OutBound interface is not
available.
Command Description
boot-param device
Displays the current software image location
(see Displaying and Specifying the Software Image Location)
boot-param application
Displays the current boot statement (see Displaying and
Applying the Boot Statement)
boot-param ftp-server
Displays the FTP server IP-address (see Displaying and
Specifying the FTP Server IP-Address)
boot-param ftp-user
Displays the FTP username (see Displaying and Specifying
the FTP Username)
boot-param ftp-password
Displays the FTP connection password (see Specifying the
FTP Access Password)
boot-param startup-config
Specifies which startup configuration file is loaded on startup
(see Specifying the Startup Configuration Name)
boot-param
Displays the current boot statement
(see Displaying Boot Statements)
Table 26: Memory Debug Commands
CAUTION
The commands in the following table can be used only by Telco Systems Technical
Support.
Command Description
memory
Accesses the Loader memory mode
(see Loader Memory Mode)
copy
Copies a block of memory (see Copying a Block of Memory)
check-device
Checks the integrity of the file system and repairs lost clusters
and file structure
(see Checking and Repairing File-system Integrity)
display
Displays a block of memory
(see Displaying a Block of Memory)
fill
Fills a block of memory (see Filling a Block of Memory)
T-Marc 300 Series User Guide
Page 69
Device Administration (Rev. 11)
Command Description
list
Prints a command list (see Printing a Command List)
T-Marc 300 Series User Guide
Page 70
Device Administration (Rev. 11)
Starting the BiNOS Software Image
The start application command exits the loader and starts using the BiNOS software image.
CLI Mode: Loader
Command Syntax
Loader>start application
Example
Loader>start application
aut o- boot i ng. . .
Uncompr essi ng 3994461 byt es. . .
Loadi ng i mage. . . 14284304
BUI LT- I N SELF TEST
- - - - - - - - - - - - - - - - - -
CPU Cor e Test : Passed
Power Suppl y Test : Passed
Fan Test : Passed
/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /
/ / / /
/ / / /
/ / B A T M A d v a n c e d C o mmu n i c a t i o n s / /
/ / / /
/ / T e l c o S y s t e ms / /
/ / / /
/ / Devi ce model : T- Mar c 380 / /
/ / Pr oduct Cat egor y : AccessEt her net ( TM) / /
/ / SWver si on : 10. 1 cr eat ed Mar 17 2010 - 20: 19: 58 / /
/ / / /
/ / / /
/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /
User Access Ver i f i cat i on
Passwor d:
T-Marc 300 Series User Guide
Page 71
Device Administration (Rev. 11)
Downloading the Application Software by using TFTP
The copy application command downloads the software image to the device by using TFTP
server.
CLI Mode: Loader and Privileged (Enable)
Command Syntax
Loader>copy application [[ [ device/] path] file-name [ DESTINATION FILE-NAME]
[ no- val i dat i on]
Argument Description
device/
(Optional) the device to which the file is copied (in format tftp://A.B.C.D)
path
(Optional) the path to the location where the file is copied
file-name
The original name of the file
DESTINATION-FILE-
NAME
The destination file name as it will appear on the local flash system
no-validation
(Optional) skips the image validation check
Example
The following command downloads the new software-version file named VERxxx that is located
in the Root directory on the TFTP server at IP address 192.192.54.1:
Loader>copy application tftp://192.192.54.1/VERxxx.Z
Downloading the BiNOS Application by Using X-modem
The download application command copies the BiNOS application from a source computer to
the device permanent storage memory, through a console connection by X-modem transfer.
CLI Mode: Loader
The role of this command is to provide a rescue solution when the device becomes inoperable and
a new application image cannot be received by the TFTP transfer!
Command Syntax
Loader>download application
Example
Loader>download application
XMODEM appl i cat i on downl oad t o f l ash 0
XMODEM Recei ve: Wai t i ng f or Sender
I mage Si ze = 0xBD552 CRC Val ue = 0x691181F3
Savi ng appl i cat i on code t o FLASH bank 0. . . . Success.
Loader>
T-Marc 300 Series User Guide
Page 72
Device Administration (Rev. 11)
Displaying the Device IP Address and Mask
The ip-address command displays the OutBand port IP interface address and subnet mask.
CLI Mode: Loader
Command Syntax
Loader>ip-address
Example
Loader>ip-address
Loader I P addr ess = 10. 2. 111. 111, subnet mask = f f f f 0000
Displaying the Loader Version
The version command displays the device model type and the loader version.
CLI Mode: Loader
Command Syntax
Loader>version
Example
Loader>version
BATM Tel co Boot Loader
Devi ce model : T- Mar c 380
Loader ver si on : 8. 0. 0 cr eat ed Oct 29 2007 - 21: 59: 11
Displaying Hardware Details
The manufacturing-details command displays detailed hardware information.
CLI Mode: Loader
Command Syntax
Loader>manufacturing-details
Example
Loader>manufacturing-details
Devi ce model : T- Mar c 380
Ser i al number : 8807340077
Assembl y No : AL001350
Par t number : Not Avai l abl e
CLEI : Not Avai l abl e
HWr evi si on : 05
HWsubr evi si on : 02
T-Marc 300 Series User Guide
Page 73
Device Administration (Rev. 11)
Manuf act ur i ng Dat e : Not Avai l abl e
Loader Configuration Mode
The config command enters the Loader Configuration mode.
CLI Mode: Loader
Command Syntax
Loader>config
Loader(config)#
Displaying and Specifying the OutBand Port IP Address
The ip-address command displays the OutBand port IP address and subnet mask. Use one of
the command arguments below to specify a new IP address and subnet mask.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#ip-address [A.B.C.D/M | A1.B1.C1.D1 M1.M2.M3.M4]
Argument Description
A.B.C.D/M
(Optional). Specifies the new IP address with mask by number of bits.
A1.B1.C1.D1
M1.M2.M3.M4
(Optional). Specifies the new IP address with mask in dotted decimal
notation.
Example
The following example displays the Loader current IP address:
Loader(config)#ip-address
Loader I P addr ess = 10. 2. 111. 111, subnet mask = f f f f 0000
Displaying and Specifying the MAC Address
The mac-address command displays the device MAC address. Use the command argument to
specify a new device MAC address.
All LAN devices must have different MAC addresses.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#mac-address [HH:HH:HH:HH:HH:HH]
Argument Description
T-Marc 300 Series User Guide
Page 74
Device Administration (Rev. 11)
HH:HH:HH:HH:HH:HH
(Optional). Specifies the new MAC address
Example 1
The following example displays the device current MAC address:
Loader(config)#mac-address
Cur r ent base MAC Addr ess of devi ce = 00:A0:12: CE: 10: 61
Out Band MAC Addr ess ( base + 1) = 00:A0:12: CE: 10: 62
Example 2
The following example assigns a new MAC address to the device. The response indicates that the
new MAC address is accepted and stored in the device memory.
Loader(config)#mac-address 00:A0:12:07:0f:78
New MAC Addr ess of devi ce = 00:A0:12: 07: 0F: 78
Resetting the Startup Configuration File
The clean startup-config command cleans the startup configuration database in the permanent
storage memory of the device, and sets it to its default values.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#clean startup-config [all]
Argument Description
all
(Optional). Cleans the startup configuration and all system settings like
authentication data and configuration profiles.
Example
Loader(config)#clean startup-configuration all
War ni ng: I P addr ess wi l l be l ost .
Deleting the Boot Configuration
The clean boot-config command clears the Loader EPROM.
CLI Mode: Loader Configuration
CAUTION
This command should be used only by Telco Systems Technical Support.
Command Syntax
Loader(config)#clean boot-config {remove-board-data | remove-all}
T-Marc 300 Series User Guide
Page 75
Device Administration (Rev. 11)
Argument Description
remove-board-
data
Clears the NVRAM board configuration, keeping the management IP
address, boot profile and manufacturing details.
remove-all
Clears all settings in non-volatile memory, including all above.
Erasing Log History Records
The clean log-history command erases all log history records.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#clean log-history
Cleaning the Flash Memory
The clean flash all command erases all Flash memory records.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#clean flash all
Making a Backup Copy
The backup command makes a backup copy of the Flash or EEPROM memory contents.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#backup eeprom A.B.C.D FILE-NAME
Loader(config)#backup flash {1 | 2 | boot} A.B.C.D FILE-NAME
Argument Description
eeprom
Specifies that a backup copy of the EEPROM memory contents is made.
flash
Specifies that a backup copy of the Flash memory contents is made.
A.B.C.D
Specifies the IP address of the TFTP server where the backup copy is
written.
FILE-NAME
Specifies the name of the backup file to be copied.
1
Makes a backup of the primary Flash.
2
Makes a backup of the secondary Flash.
boot
Makes a backup of the boot Flash.
T-Marc 300 Series User Guide
Page 76
Device Administration (Rev. 11)
Rewriting the Flash Memory
The refresh flash command rewrites the Flash memory.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#refresh flash {1 | 2 | all}
Argument Description
1
Rewrites the primary Flash memory.
2
Rewrites the secondary Flash memory.
all
Rewrites all Flash memory.
Restoring the Flash Memory
The restore flash command restores the Flash memory.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#restore flash {1 | 2} A.B.C.D FILE-NAME
Argument Description
1
Restores the primary Flash.
2
Restores the secondary Flash.
A.B.C.D
Specifies the IP address of the TFTP server where the Flash memory will
be restored.
FILE-NAME
The name of the backup file.
Displaying and Specifying the Software Image Location
The boot-param device command displays the current software image location. Use one of the
below command arguments to specify the software image location.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader(config)#boot-param device
Loader(config)#boot-param device [local | network]
T-Marc 300 Series User Guide
Page 77
Device Administration (Rev. 11)
Argument Description
local
(Optional). The device boots from the local software image
network
(Optional). The device boots from a remote software image, using an FTP
server
Displaying and Applying the Boot Statement
The boot-param application command displays the current boot statement.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param application
Loader(config)#boot-param application [FILE-NAME]
Argument Description
FILE-NAME
The name of the image file, a case-sensitive string.
Displaying and Specifying the FTP Server IP-Address
The boot-param ftp-server command displays the FTP server IP-address. Use the command
argument to specify the FTP server IP-address.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param ftp-server
Loader(config)#boot-param ftp-server [A.B.C.D]
Argument Description
A.B.C.D
(Optional) specifies the FTP server IP-address
Displaying and Specifying the FTP Username
The boot-param ftp-user command displays the FTP username. Use the command argument to
specify the FTP username.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param ftp-user
Loader(config)#boot-param ftp-user [NAME]
T-Marc 300 Series User Guide
Page 78
Device Administration (Rev. 11)
Argument Description
NAME
(Optional). The FTP access user name.
Specifying the FTP Access Password
The boot-param ftp-password command specifies the password for FTP server access.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param ftp-password
Loader(config)#boot-param ftp-password [PASSWORD]
Argument Description
PASSWORD
(Optional). The FTP authentication password for the configured FTP user name.
Specifying the Startup Configuration Name
The boot-param startup-config command specifies the name of the startup configuration.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader#boot-param startup-config [binary]
Loader(config)#boot-param startup-config [FILE-NAME | binary [FILE-NAME |
default] | default]
Argument Description
FILE-NAME
(Optional). The name of the startup-configuration
default
(Optional). Sets the default name of the startup configuration
binary
(Optional). Sets the binary startup configuration.
Displaying Boot Statements
The boot-param command displays the current boot statement.
CLI Mode: Loader and Loader Configuration
Command Syntax
Loader>boot-param
Loader(config)#boot-param
T-Marc 300 Series User Guide
Page 79
Device Administration (Rev. 11)
Example
Loader>boot-param
I P addr ess = 10. 0. 0. 1: f f f f f f 00
Devi ce = l ocal
Appl i cat i on = Bi NOS- TMar c_3X0- 9. 4. 3. TMC3- pr e3. Z
St ar t up conf i gur at i on =
St at up bi nar y conf i g =
FTP ser ver =
FTP user =
FTP passwor d =
Boot f l ags =
Loader Memory Mode
The memory command enters the Loader memory mode.
CLI Mode: Loader
Command Syntax
Loader>memory
Loader(memory)#
Copying a Block of Memory
The copy command copies a block of memory that is specified by block-lengthfrom the specified
source address to the specified destination address.
CLI Mode: Loader Memory
Command Syntax
Loader(memory)#copy <src-addr> <dst-addr> <blk-len>
Argument Description
src-addr
Hexadecimal source address (optionally prefixed with 0x).
dst-addr
Hexadecimal destination address (optionally prefixed with 0x).
blk-len
Hexadecimal or decimal block length (use 0x prefix for hexadecimal
number).
T-Marc 300 Series User Guide
Page 80
Device Administration (Rev. 11)
Checking and Repairing File-system Integrity
The check-device command checks the integrity of the file system and repairs lost clusters and file
structure.
CLI Mode: Loader Configuration
Command Syntax
Loader(config)#check-device flash:
Example
Loader(config)#check-device flash:
f l ash: / - di sk check i n pr ogr ess . . .
dosChkLi b : CLOCK_REALTI ME i s bei ng r eset t o THU DEC 27 00: 00: 00 1990
Val ue obt ai ned f r omf i l e syst emvol ume descr i pt or poi nt er : 0xf f f dd38
The ol d set t i ng was THU J AN 01 00: 16: 22 1970
Accept ed syst emdat es ar e gr eat er t han THU DEC 27 00: 00: 00 1990
f l ash: / - Vol ume i s OK
Change vol ume I d f r om0x0 t o 0xe696
t ot al # of cl ust er s: 15, 237
# of f r ee cl ust er s: 12, 042
# of bad cl ust er s: 0
t ot al f r ee space: 24, 084 Kb
max cont i guous f r ee space: 24, 659, 968 byt es
# of f i l es: 8
# of f ol der s: 9
t ot al byt es i n f i l es: 6, 360 Kb
# of l ost chai ns: 0
t ot al byt es i n l ost chai ns: 0
Displaying a Block of Memory
The display command displays a block of memory.
CLI Mode: Loader Memory
Command Syntax
Loader(memory)#display [<st-addr> [<blk-len>]]
Argument Description
st-addr
(Optional). Hexadecimal start address (optionally prefixed with 0x). If only
the start address is specified, the previous or default block length is
repeated.
blk-len
(Optional). Hexadecimal or decimal block length (use 0x prefix for
hexadecimal number).
T-Marc 300 Series User Guide
Page 81
Device Administration (Rev. 11)
Filling a Block of Memory
The fill command fills a block of memory.
CLI Mode: Loader Memory
Command Syntax
Loader(memory)#fill <st-addr> <blk-len> <value>
Argument Description
st-addr
Hexadecimal start address (optionally prefixed with 0x).
blk-len
Hexadecimal or decimal block length (use 0x prefix for hexadecimal
number).
value
Hexadecimal byte value to fill (optionally prefixed with 0x).
Printing a Command List
The list command prints the executed commands in a list format.
CLI Mode: Loader
Command Syntax
Loader(memory)#list
Configuration Example
Updating the Application Software from Loader:
1. Configure boot parameters in profile (to configure any application file as a default one, the file
must be downloaded first):
Loader>config
Loader(config)#boot-param device local
2. Download the application by TFTP (it is stored with the source name. To change the target
name, specify the name as an additional command argument). If an application file with the
specified target name exists, it is overwritten.
Loader(config)#exit
Loader>copy application tftp:10.4.0.4/BiNOS-sfm880.Z
TFTP r ecei vi ng f i l e . . . 3385202
3. Set the default application (when the file is already stored in FS):
Loader>config
Loader(config)#boot-param application BiNOS-sfm880.Z
T-Marc 300 Series User Guide
Page 82
Device Administration (Rev. 11)
System Time and Date
The device internal clock runs from the moment the system starts up and keeps track of the date
and time. It is set from the following sources:
Manual configuration
Daytime Protocol
Time Protocol
Summer Time (Daylight Saving Time)
Network Time Protocol
1588v2 Precision Time Protocol
Daytime Protocol
The Daytime protocol is defined in RFC 867. A host connects to a server that supports the
Daytime protocol, on either TCP or UDP port 13. The server then returns the current date and
time as an ASCII string with an unspecified format.
Time Protocol
The Time protocol is defined in RFC 868. This protocol provides a site-independent, machine
readable date and time.
The Time protocol operates over either TCP or UDP. A host connects to a server that supports
the Time protocol, on port 37. The server then sends the time as a 32-bit unsigned binary number
in network byte order representing a number of seconds since 00:00 (midnight) 1 January, 1900
GMT and closes the connection. The host receives the time and closes the connection.
NOTE
In BiNOS, the Daytime protocol and the Time protocol use TCP.
Summer Time (Daylight saving time)
Daylight saving time (DST) is the practice of temporarily advancing clocks. Computer-based
systems adjust automatically when DST starts and finishes, based on their time zone settings
You can have the device advance the clock one hour at 2:00 a.m. on the first Sunday in April and
move back the clock one hour at 2:00 a.m. on the last Sunday in October. You can explicitly specify
the start and end dates and times and whether or not the time adjustment recurs every year.
T-Marc 300 Series User Guide
Page 83
Device Administration (Rev. 11)
Network Time Protocol
Network Time Protocol (NTP) provides a reliable way of transmitting and receiving the time over
IP networks. NTP is organized as a client-server model. An NTP network usually gets its time from
an authoritative time source, such as a radio clock or an atomic clock connected to a Time server.
NTP then distributes this time across the network.
1588v2 Precision Time Protocol (PTP)
IEEE-1588v2, also known as PTP, provides an Ethernet-based, scalable clock-synchronization
mechanism with various master-clock and quality options.
Precise time synchronization is essential for monitoring performance measurements in order to
ensure a high quality of service.
Enable this protocol for synchronizing the T-Marc 300 Series devices, in order to measure
extremely accurate Service Assurance Application (SAA) one-way delay (for more information,
refer to the ServiceAssuranceApplicationsection of the Operation, Administration, andMaintenance
chapter of this user guide).
The PTP mechanism functions as follows:
One clock in a defined domain within the network serves as the master clock (either a grand-
master clock or one T-Marc 300 Series device configured as a master clock)
The master clock periodically announces itself as the master clock to the slave clocks within
the defined domain
The master clock sends periodical synchronization messages to the slave clocks within the
domain
In case more than one master announces itself within the domain, the master clock with the
highest defined 1588v2 priority and quality remains the master clock while the other master
clock/ s' mode is automatically switched to slave
To configure the PTP feature, refer to 1588v2 PTP ConfigurationFlow.
System Time and Date Default Configuration
Table 27: System Time and Date Default Configuration
Feature Default Value
NTP authentication Disabled
Summer time (Daylight Saving Time) Disabled
1588v2 PTP Default Configuration
Table 28: 1588v2 PTP Default Configuration
Feature Default Value
PTP Disabled
T-Marc 300 Series User Guide
Page 84
Device Administration (Rev. 11)
Feature Default Value
PTP mode Slave
PTP primary priority (priority1) 255
PTP secondary priority (priority2) 255
Domain number 0
Announce interval 16 seconds
Synchronization interval 4 seconds
Static master address (none)
PTP per interface Disabled
Announce-receipt timeout intervals 3
Synchronization-receipt timeout intervals 3
T-Marc 300 Series User Guide
Page 85
Device Administration (Rev. 11)
System Time and Date Configuration Flow
1. Manually configure the system time and date (see ConfiguringSystemTimeandDate)
or
2. Configure the device to synchronize the system time with a specific remote daytime or time
server (see Configuringa Daytimeor TimeServer)
or
3. Configure an NTP server (see ConfiguringanNTP Server)
4. Start the NTP server polling (see ConfiguringtheNTP Server Polling)
5. Optional configurations:
Define an MD5 authentication key (see ConfiguringtheMD5 AuthenticationKey)
Adjust the system time to DST and then back to standard time on pre-set dates (see
Specifyinga One-timeSummer Time(DST) Period)
Adjust the system time and date to an annually-recurring summer time (DST) period (see
Specifyinga Recurrent Summer Time(DST) Period)
6. Remove the NTP server (see RemovinganNTP Server)
7. Display the NTP server configuration (see RemovinganNTP Server)
8. Display the current time server configuration (see DisplayingtheTimeServer Configuration)
9. Display the current time and date (see DisplayingtheCurrent SystemTime)
T-Marc 300 Series User Guide
Page 86
Device Administration (Rev. 11)
System Time and Date Configuration Commands
Table 29: Time and Date Configuration Commands
Command Description
date
Manually configures the system time and date
(see Configuring System Time and Date)
time-server
Configures the device to synchronize the system time with
a specific remote daytime or time server
(see Configuring a Daytime or Time Server)
time-server ntp add
Configures an NTP server
(see Configuring an NTP Server)
time-server ntp start
Configures the NTP server polling
(see Configuring the NTP Server Polling)
Table 30: Time Server Optional Commands
Command Description
time-server ntp key
Configures the MD5 authentication key
(see Configuring the MD5 Authentication Key)
time-server summer-time
date
Adjusts the system time to DST and then back to standard
time on pre-set dates
(see Specifying a One-time Summer Time (DST) Period)
time-server summer-time
recurring
Adjusts the system time and date to an annually-recurring
summer time (DST) period
(see Specifying a Recurrent Summer Time (DST) Period)
Table 31: Commands for Removing the NTP Server
Command Description
time-server ntp delete
Deletes the existing NTP server
(see Removing an NTP Server)
Table 32: Time Servers Display Commands
Command Description
time-server ntp show
Displays defined NTP servers
(see Displaying NTP Servers)
time-server ntp key show
Displays existing NTP keys
(see Displaying the MD5 Authentication Key)
show time-server
Displays the current Time server configuration
(see Displaying the Time Server Configuration)
show date
show clock
Display the current time and date
(see Displaying the Current System Time)
T-Marc 300 Series User Guide
Page 87
Device Administration (Rev. 11)
Configuring System Time and Date
The date command manually configures the system time and date.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#date hh:mm:ss <day> MONTH <year>
Argument Description
hh:mm:ss
Specifies the time (24-hour format) in hours and minutes.
day
Day in month, in the range <131>.
MONTH
Specifies the month: January, February, March, April, May, June, July,
August, September, October, November, and December.
year
Year in four digits, in the range <19932035>.
Example
The following example sets system time to 12:30:00 and date 1 April 2008:
device-name(config)#date 12:30:00 1 april 2008
Configuring a Daytime or Time Server
The time-server command configures the device to synchronize the system time with a specific
remote server.
CLI Mode: Global Configuration
To use this feature, select the remote time synchronization protocol:
The DaytimeProtocol (RFC 867) specifies the date and time as a character string
The TimeProtocol (RFC 868) specifies the time in seconds since midnight, January 01, 1900
The server for remote synchronization can be any PC running Windows NT/ 2000 or the UNIX
operating system.
Command Syntax
device-name(config)#time-server daytime swap
device-name(config)#time-server {daytime | time} A.B.C.D <refresh-time>
[<zone> [timeout <timeout>]] [timeout <timeout>]
device-name(config)#time-server {daytime | time} A.B.C.D <refresh-time>
timezone <zone> {<1-59> timeout <timeout> | timeout <timeout>}
device-name(config)#no time-server [daytime swap]
T-Marc 300 Series User Guide
Page 88
Device Administration (Rev. 11)
NOTE
The old style of this command, wherein the IP address argument precedes the
daytime protocol, is supported for backward compatibility. However, Telco Systems
strongly recommends using only the new style of the command for setting up time
synchronization clients.
Argument Description
time
Specifies Time Protocol (RFC868).
daytime
Specifies Daytime Protocol (RFC867).
swap
Swaps day and month (for daytime format). This would be required if the
positions of day and month are interchanged in the daytime servers
format, to prevent the device from interpreting the day value as the
month and the month value as the day.
A.B.C.D
IP address of the time-server.
refresh-time
Synchronization polling interval, in the range of <1044640>minutes.
timezone
Specifies the time zone.
zone
Shifts of local hour relative to the server (positive East, negative West of
servers time zone). The range is <-1212>.
timeout <timeout>
Specifies the Time server session timeout in seconds. The range is <2
20>seconds.
1-59
Specifies a number of minutes to synchronize accurately the system time
to the time server.
no
Removes the Time server definitions.
Example 1
The following command synchronizes the system time with host 192.168.0.1, using the Time
Protocol. Synchronization is performed every 10 minutes. Local time is two hours behind the GMT
.
device-name(config)#time-server time 192.168.0.1 10 -2
Example 2
The following command synchronizes the system time with host 192.168.0.1, using the Daytime
Protocol. Synchronization is performed every 10 minutes. Local time is two hours ahead of the
GMT.
device-name(config)#time-server daytime 192.168.0.1 10 2
T-Marc 300 Series User Guide
Page 89
Device Administration (Rev. 11)
Configuring an NTP Server
The time-server ntp add command configures an NTP server.
CLI Mode: Global Configuration
You can define up to five NTP servers.
Command Syntax
device-name(config)#time-server ntp add A.B.C.D
Argument Description
A.B.C.D
Specifies the IP address of the Time server to be added.
Example
The following example adds the NTP server with IP address 186.102.20.11:
device-name(config)#time-server ntp add 186.102.20.11
Configuring the NTP Server Polling
The time-server ntp start command configures the NTP server polling interval. The polling
interval is the period of time between polling cycles.
CLI Mode: Global Configuration
NOTE
To end the NTP server polling use the no t i me- ser ver command.
Command Syntax
device-name(config)#time-server ntp start <polling-interval> {<zone> |
timezone <zone> <1-59>}
Argument Description
polling-interval
The synchronization refresh period in minutes, in the range <10
44640>(the upper limit is equivalent to 31 days).
zone
Shift of local hour relative to GMT (positive East, negative West of
Greenwich). The range is <-1212>.
timezone
Specifies the time zone.
1-59
Specifies a number of minutes to synchronize accurately the system
time to the time server.
T-Marc 300 Series User Guide
Page 90
Device Administration (Rev. 11)
Configuring the MD5 Authentication Key
The time-server ntp key command configures the MD5 authentication key.
CLI Mode: Global Configuration
Time synchronization can be authenticated to make sure that the local device obtains its time
services only from known sources.
By default, network time synchronization is unauthenticated.
Command Syntax
device-name(config)#time-server ntp key {add | delete} <key-id> KEY [A.B.C.D]
Argument Description
add
Defines the MD5 authentication key.
delete
Removes the existing MD5 authentication key.
key-id
The key number in the range <165535>.
KEY
String up to 20 non-blank characters. The string is case-sensitive. Some special
characters, such as question marks, are not allowed.
A.B.C.D
(Optional). NTP server address.
Example
The following example adds an MD5 authentication key with key ID of 27 and plain-text key qwerty:
device-name(config)#time-server ntp key add 27 qwerty
Conf i gur at i on changes wi l l t ake ef f ect af t er nt p cl i ent i s r est ar t ed
Specifying a One-time Summer Time (DST) Period
The time-server summer-time date command adjusts the system time to DST and then back to
standard time on pre-set dates.
Adjusts the system time to DST and then back to standard time on pre-set dates
CLI Mode: Global Configuration
By default, the summer time definition is disabled.
Command Syntax
device-name(config)#time-server summer-time date <day> MONTH <year> HH:MM:SS
<day> MONTH <year> HH:MM:SS <shift>
device-name(config)#no time-server summer-time
T-Marc 300 Series User Guide
Page 91
Device Administration (Rev. 11)
Argument Description
day
The start day of the month, in range <131>.
MONTH
The start summer-time month: January, February, March, April, May, June,
July, August, September, October, November and December.
year
The start summer-time year, in range <19932035>.
HH:MM:SS
Specify the start summer-time time.
day
The end day of the month, in range <131>.
MONTH
The end summer-time month: January, February, March, April, May, June,
July, August, September, October, November and December.
year
The end summer-time year, in range <19932035>.
HH:MM:SS
Specify the end summer-time time.
shift
The number of minutes to add during summer time, in range <11440>.
no
Remove the summer time settings.
Example
The following example demonstrates advancing the system time 1 hour on May 1st, 2004, at
02:00:00 and shifting it back on December 3rd, 2004, at 02:00:00:
device-name(config)#time-server summer-time date 1 May 2004 02:00:00 3 Dec
2004 02:00:00 60
Specifying a Recurrent Summer Time (DST) Period
The time-server summer-time recurring command adjusts the system time and date to an
annually-recurring summer time (DST) period.
CLI Mode: Global Configuration
By default, the summer time definition is disabled.
Command Syntax
device-name(config)#time-server summer-time recurring {first | <week> | last}
<day> MONTH HH:MM:SS {first | <week> | last) <day> MONTH HH:MM:SS <shift>
device-name(config)#no time-server summer-time
Argument Description
first
The first week of the month to start.
week
Specify the week of the month to start in, the range <14>.
last
The last week of the month to start.
day
The start summer-time day in the week: Sunday, Monday, Tuesday,
Wednesday, Thursday, Friday and Saturday.
MONTH
The start summer-time month: January, February, March, April, May,
June, July, August, September, October, November, and December.
T-Marc 300 Series User Guide
Page 92
Device Administration (Rev. 11)
HH:MM:SS
Specify the start summer-time time.
first
The first week of the month to end.
week
Specify the week of the month to end, in the range <14>.
last
The last week of the month to end.
day
The end summer-time day in the week: Sunday, Monday, Tuesday,
Wednesday, Thursday, Friday and Saturday.
MONTH
The end summer-time month: January, February, March, April, May,
June, July, August, September, October, November, and December.
HH:MM:SS
Specify the end summer-time time.
shift
The number of minutes to add during summer time, in the range <1
1440>.
no
Remove the summer-time settings.
Example
The following example shows how to advance the system time automatically by one hour every
year, starting on the second Monday of April at 01:00:00 this year and move the system time back
on the second Tuesday of October at 01:00:00:
device-name(config)#time-server summer-time recurring 2 mon apr 01:00:00 2
tue oct 01:00:00 60
Removing an NTP Server
The time-server ntp delete command deletes the existing NTP server.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#time-server ntp delete A.B.C.D
Argument Description
A.B.C.D
Specify the IP address of the Time server to be deleted.
Example
The following example removes the NTP server with IP address 186.102.20.11:
device-name(config)#time-server ntp delete 186.102.20.11
T-Marc 300 Series User Guide
Page 93
Device Administration (Rev. 11)
Displaying NTP Servers
The time-server ntp show command displays defined NTP servers.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#time-server ntp show
Example
The following example displays the three existing NTP servers:
device-name(config)#time-server ntp show
186. 102. 20. 11
182. 21. 2. 31
128. 11. 24. 6
Displaying the MD5 Authentication Key
The time-server ntp key show command displays the existing MD5 authentication key ID and
string.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#time-server ntp key show
Example
device-name(config)#time-server ntp key show
192. 168. 0. 40:
1 key1
2 key2
192. 168. 0. 32:
1 key1
Displaying the Time Server Configuration
The show time-server command displays the current Time server configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show time-server
T-Marc 300 Series User Guide
Page 94
Device Administration (Rev. 11)
Example
device-name#show time-server
Cur r ent syst emt i me MON OCT 13 19: 00: 25 2003
Ti me ser ver pr ot ocol : NTP
Ref r esh : 23 mi n
Ti me zone : 2h: 10m
Displaying the Current System Time
The show date and show clock commands display the current system time and date.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show date
device-name#show clock [detail]
Argument Description
detail
(Optional). The command also displays the type of the currently used
synchronization client and the time zone indication. If detail is not specified, the
command displays the current system time.
Example 1
device-name#show date
Cur r ent syst emt i me TUE APR 10 13: 45: 04 2001
Example 2
The following example displays the date and time:
device-name#show clock
Cur r ent syst emt i me TUE APR 10 13: 45: 04 2008
Example 3
The following example displays the date and time, and the currently used synchronization client (if
available):
device-name#show clock detail
Cur r ent syst emt i me THU J AN 01 00: 01: 02 1998
Ti me cl i ent i s r unni ng wi t h f ol l owi ng peer s:
Ti me ser ver : 192. 168. 0. 4
Ref r esh t i me: 10 mi nut es
Ti me zone shi f t : 2 hour ( s)
T-Marc 300 Series User Guide
Page 95
Device Administration (Rev. 11)
Configuration Example
The following example demonstrates how the device uses an NTP server.
1. Add the NTP server located in IP address 212.90.11.2:
device-name(config)#time-server ntp add 212.90.11.2
2. Add an MD5 authentication key with key ID of 27 and plain-text key qwerty:
device-name(config)#time-server ntp key add 27 qwerty
3. Start the NTP server polling with refresh period of 10 minutes and time zone 2:
device-name(config)#time-server ntp start 10 2
T-Marc 300 Series User Guide
Page 96
Device Administration (Rev. 11)
1588v2 PTP Configuration Flow
To configure the 1588v2 PTP, proceed as follows:
1. Enable 1588v2 PTP on the device (see ConfiguringPTP).
2. Define the device's PTP mode (master or slave, see DefiningtheDevice's PTP Mode).
3. (For master devices only) define the clock's primary 1588v2 priority (see Defininga Master
Clock's 1588v2 Primary Priority).
4. (For master devices only) define the clock's secondary 1588v2 priority (see Defininga Master
Clock's 1588v2 Secondary Priority).
5. Specify the PTP domain (logical grouping) the device belongs to (see AssigningtheDevicetoa
PTP Domain).
6. (For master devices only) define the interval for sending announce messages (see Definingthe
Interval for SendingAnnounceMessages).
7. (For master devices only) define the interval for sending synchronization messages (see
DefiningtheInterval for SendingSynchronization Messages).
8. (Optional, for slaves only) define a static master for the device (see Selectinga StaticMaster
Clock).
9. Enable PTP on the interface/ s (see EnablingPTP ona Port).
10. (For slave devices only) define the announce-receipt timeout from a master clock (see Defining
theAnnounce-Receipt Timeout).
11. (For slave devices only) define the synchronization-receipt timeout from a master clock (see
DefiningtheSynchronization-Receipt Timeout).
12. Display the PTP status (see DisplayingthePTP Status).
T-Marc 300 Series User Guide
Page 97
Device Administration (Rev. 11)
1588v2 PTP Configuration Commands
Table 33: 1588v2 PTP Configuration Commands
Command Description
ptp
Configures PTP on the local device and enters the PTP
Configuration mode (see Configuring PTP)
encapsulation all-ports
Defines the network technology used to transport PTP
messages (see Defining the Packet Encapsulation
Type)
priority1
Defines the 1588v2 primary priority of the master clock
(see Defining a Master Clock's 1588v2 Primary Priority)
priority2
Defines the 1588v2 secondary priority of the master
clock (see Defining a Master Clock's 1588v2 Secondary
Priority)
domain-number
Defines the PTP domain the device belongs to (see
Assigning the Device to a PTP Domain)
ptp-mode
Defines whether the device is a slave or a master (see
Defining the PTP Mode)
master-address
Defines a static master's MAC address for a slave
device (see Selecting a Static Master Clock)
announce-interval
Defines the interval the master sends announce
messages (see Defining the Interval for Sending
Announce Messages)
sync-interval
Defines the interval the master sends announce
messages (see Defining the Interval for Sending
Synchronization Messages)
master-vlan
Defines a VLAN used for sending master clock
messages or sync messages (Defining the Master
VLAN)
ptp enable
Enables PTP on port/s (see Enabling PTP on a Port)
ptp-announce-receipt-timeout
Defines the number of announce intervals to pass
without receiving an announce message before
dropping the current master and selecting a different
one (see Defining the Announce-Receipt Timeout)
ptp-sync-receipt-timeout
Defines the number of synchronization intervals to pass
without receiving a synchronization message before the
slave becomes unsynchronized with the master (see
Defining the Synchronization-Receipt Timeout)
show ptp
Displays the PTP state (see Displaying the PTP Status)
T-Marc 300 Series User Guide
Page 98
Device Administration (Rev. 11)
Configuring PTP
The ptp command configures PTP on the local device and enters the PTP Configuration mode.
Enable this protocol for accurate SAA one-way delay measurement (refer to the ServiceAssurance
Applicationsection of the Operation, Administration, andMaintenancechapter of BiNOS User Guide).
CLI Mode: Global Configuration
PTP is disabled by default.
Command Syntax
device-name(config)#ptp [enable]
device-name(config-ptp)#
device-name(config)#no ptp
Argument Description
enable
Enters the PTP Configuration mode
no
Disables PTP
Defining the Packet Encapsulation Type
The encapsulation all-ports command defines the network technology used to transport PTP
messages.
CLI Mode: PTP Configuration
By default, the encapsulation type is ieee8023.
Command Syntax
device-name(config-ptp)#encapsulation all-ports {ipv4 | ieee8023}
device-name(config-ptp)#no encapsulation all-ports
Argument Description
ipv4
PTP over UDP/IPv4. When carried over UDP, the first byte of the PTP
message immediately follows the final byte of the UDP header.
ieee8023
PTP over IEEE 802.3/ Ethernet. When carried over Ethernet, the first byte
of the PTP message occupies the first byte of the data field of the Ethernet
frame.
Defining the 1588v2 Primary Priority of the Master Clock
The priority1 command defines the 1588v2 primary priority of the master clock.
If there is more than one master device in a PTP domain, the device with the highest priority
(lowest number) remains the master while the other device/ s switch to slave.
T-Marc 300 Series User Guide
Page 99
Device Administration (Rev. 11)
CLI Mode: PTP Configuration
The default priority1 is 255.
Command Syntax
device-name(config-ptp)#priority1 <priority1>
device-name(config-ptp)#no priority1
Argument Description
priority1
The priority1 value, in the range of <0255>
no
Restores to default
Defining the 1588v2 Secondary Priority of the Master Clock
The priority2 command defines a finer grained ordering among otherwise equivalent master
clocks (see above).
CLI Mode: PTP Configuration
The default priority2 is 255.
Command Syntax
device-name(config-ptp)#priority2 <priority2>
device-name(config-ptp)#no priority2
Argument Description
priority2
The priority2 value, in the range of <0255>
no
Restores to default
Assigning the Device to a PTP Domain
The domain-number command specifies the PTP domain the device belongs to.
The PTP domain is the logical grouping of PTP clocks that synchronize to each other.
CLI Mode: PTP Configuration
The default domain number is 0.
Command Syntax
device-name(config-ptp)#domain-number <domain_number>
device-name(config-ptp)#no domain-number
Argument Description
domain-number
The PTP domain number, in the range of <0255>
T-Marc 300 Series User Guide
Page 100
Device Administration (Rev. 11)
no
Restores to default
Defining the PTP Mode
The ptp-mode command switches between slave and master modes.
NOTE
If the master device receives announce messages from a different PTP master device
with a higher 1588v2 priority and quality, it automatically switches to a slave mode
without any warnings.
CLI Mode: PTP Configuration
The default mode is slave.
Command Syntax
device-name(config-ptp)#ptp-mode {master | slave}
Argument Description
master
Defines the device as a master clock
slave
Defines the device as a slave clock
Selecting a Static Master Clock
The master-address command allows you to select a static master manually. In this case the slave
device skips the master election algorithm and ignores announce messages from other maters.
CLI Mode: PTP Configuration
By default, the device has no static master.
Command Syntax
device-name(config-ptp)#master-address <XX:XX:XX:XX:XX:XX>
device-name(config-ptp)#no master-address
Argument Description
XX:XX:XX:XX:XX:XX
The static master's MAC address
no
Restores to default
Defining the Interval for Sending Announce Messages
The announce-interval command defines the interval for a master device to announce itself as
master clock, in seconds.
CLI Mode: PTP Configuration
The default interval is 16 seconds.
T-Marc 300 Series User Guide
Page 101
Device Administration (Rev. 11)
Command Syntax
device-name(config-ptp)#announce-interval <announce interval>
device-name(config-ptp)#no announce-interval
Argument Description
announce interval
The interval between two consecutive announce messages, in
the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128}seconds.
no
Restores to default
Defining the Interval for Sending Synchronization Messages
The sync-interval command defines the interval for a master device to send synchronization
messages, in seconds.
CLI Mode: PTP Configuration
The default interval is 4 seconds.
Command Syntax
device-name(config-ptp)#sync-interval <synch interval>
device-name(config-ptp)#no sync-interval
Argument Description
synch interval
Specifies the interval between two consecutive synchronization
messages, in the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128}
seconds.
no
Restores to default
Defining the Master VLAN
The master-vlan command defines a VLAN used for sending master clock messages or sync
messages.
Command Syntax
device-name(config-ptp)#master-vlan <master-vlan-id>
device-name(config-ptp)#no master-vlan
Argument Description
master-vlan-id
The master VLAN ID, in the range of <14094>.The VLAN must
be already configured (see the Configuring VLANs and Super
VLANs chapter of the current User Guide).
no
Removes the VLAN from being a master VLAN.
T-Marc 300 Series User Guide
Page 102
Device Administration (Rev. 11)
Enabling PTP on a Port
The ptp enable command enables PTP for on a specific port. When you enable PTP on a port,
this port is able to receive and send PTP packets.
CLI Mode: Interface Configuration
By default, PTP is disabled on ports.
Command Syntax
device-name(config-if UU/SS/PP)#ptp {enable | disable}
Argument Description
enable
Enables PTP
disable
Disables PTP
Defining the Announce-Receipt Timeout
The ptp-announce-receipt-timeout command defines the announce-receipt timeout.
This value defines the number of announce-receipt intervals that pass before the slave interface
drops the selected master and initiates an ANNOUNCE_RECEIPT_TIMEOUT_EXPIRES
event.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ptp-announce-receipt-timeout
<announce_receipt_timeout>
device-name(config-if UU/SS/PP)#no ptp-announce-receipt-timeout
The default number of announce-receipt intervals is 3.
Argument Description
announce_receipt
_timeout
The number of announce-receipt intervals, in the range of <2
255>
no
Restores to default
Defining the Synchronization-Receipt Timeout
The ptp-sync-receipt-timeout command defines the synchronization-receipt timeout.
This value defines the number of synchronization-receipt intervals that pass before the slave is no
longer synchronized with the master.
CLI Mode: Interface Configuration
The default number of the synchronization-receipt intervals is 3.
T-Marc 300 Series User Guide
Page 103
Device Administration (Rev. 11)
Command Syntax
device-name(config-if UU/SS/PP)#ptp-sync-receipt-timeout
<sync_receipt_timeout>
device-name(config-if UU/SS/PP)#no ptp-sync-receipt-timeout
Argument Description
synch_receipt
_timeout
The number of the synchronization-receipt intervals, in the range
of <2255>
no
Restores to default
Displaying the PTP Status
The show ptp command displays the PTP configuration details as specified below.
If you do not use the interface argument, the command displays the common device's PTP
settings without interfaces information.
If you use the interface argument without specifying an interface number, the command
displays the enabled PTP interfaces on the device.
If you use the interface argument and specify an interface number, the command displays
the specified interface's PTP state.
Refer to Table 34 for the parameters displayed by this command.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ptp [interface [UU/SS/PP | AG0N]
Argument Description
UU/SS/PP
The interface displayed
AG0N
The aggregated interface displayed
Example 1
device-name#show ptp
PTP Conf i gur at i on ( sl ave) :
Number of PTP enabl ed por t s: 1
Domai n Number : 0
Mast er Addr ess: 00: A0: 12: 27: 0E: 40
Mean pat h del ay : 5 usec
Of f set f r ommast er : 1 usec
Example 2
device-name#show ptp interface 1/1/1
Thi s por t i s PTP Enabl ed
Por t St at e: Mast er
T-Marc 300 Series User Guide
Page 104
Device Administration (Rev. 11)
Announce r ecei pt t i meout : 16
Sync r ecei pt t i meout : 4
Table 34: Parameters displayed by the show pt p command
Parameters Description
Mean Path Delay The average between the delay from the master to slave and the
delay from the slave to master
Offset from Master The offset between the slave and the master calculated by the slave
Configuration Example
Below is an example of configuring a master device.
1. Enable PTP on the device:
device-name(config)#ptp enable
2. Define a device to PTP master mode:
device-name(config-ptp)#ptp-mode master
device-name(config-ptp)#exit
3. Enter the configuration mode for interface 1/ 1/ 1:
device-name(config)#interface 1/1/1
4. Enable PTP on interface 1/ 1/ 1:
device-name(config-if 1/1/1)#ptp enable
device-name(config-if 1/1/1)#end
5. Display the PTP configuration:
device-name#show ptp
PTP Conf i gur at i on ( mast er ) :
Number of PTP enabl ed por t s: 1
Domai n Number : 0
Pr i or i t y 1: 255
Pr i or i t y 2: 255
Announce I nt er val : 16
Sync I nt er val : 4
T-Marc 300 Series User Guide
Page 105
Device Administration (Rev. 11)
DHCP Client
Overview
DHCP (Dynamic Host Configuration Protocol) is a TCP/ IP protocol for dynamicallyassigning IP
addresses to devices on a network. DHCP is built on a client-server model, in which designated
DHCP servers allocate network addresses and deliver configuration parameters to dynamically
configured devices (DHCP clients).
The DHCP client use DHCP to reacquire or verify its IP address and network parameters
whenever the local network parameters may have changed (e.g. at the device boot time or after a
disconnection from the local network), as the local network configuration may change without the
clients or users knowledge.
If a DHCP client has knowledge of a previous network address and is unable to contact a local
DHCP server, the DHCP client may continue to use the previous network address until the lease
for that address expires. If the lease expires before the client can contact a DHCP server, the
DHCP client must immediately discontinue use of the previous network address and may inform
local users of the problem.
DHCP consists of two components:
mechanism for delivering configuration parameters from a DHCP server to a device
mechanism for allocating network addresses to devices
DHCP supports three mechanisms for IP address allocation:
AutomaticallocationDHCP assigns a permanent IP address to the user
DynamicallocationDHCP assigns an IP address to the user for a limited period of time.
Dynamic allocation allows automatic reuse of an address that is no longer needed by the user
to which it is assigned. Thus, dynamic allocation is particularly useful for assigning an address
to the user that connected to the network only temporarily or for sharing a limited pool of IP
addresses among a group of users that do not need permanent IP addresses.
Manual allocationthe system administrator assigns to the user an IP address, and DHCP is
used simply to convey the assigned address. A particular network uses one or more of these
mechanisms, depending on the policies of the network administrator. Manual allocation allows
DHCP to be used to eliminate the error-prone process of manually configuring hosts with IP
addresses in environments where it is desirable to manage IP address assignment outside of
the DHCP mechanisms.
T-Marc 300 Series User Guide
Page 106
Device Administration (Rev. 11)
The DHCP Negotiation Process
As shown in below figure, the parameter negotiation starts with a DHCPDISCOVER broadcast
message from the client seeking a DHCP server. The DHCP Server responds with a
DHCPOFFER unicast message offering configuration parameters (such as an IP address, a MAC
address, a domain name, and a lease for the IP address) to the client. The client returns a
DHCPREQUEST broadcast message requesting the offered IP address from the DHCP Server.
The DHCP Server responds with a DHCPACK unicast message confirming that the IP address
has been allocated to the client.
Figure 1: Obtaining an I P Address from a DHCP Server
The client may suggest values for the IP address and lease time in the DHCPDISCOVER message.
The client may include the requestedIP addressoption to suggest that a particular IP address can be
assigned, and may include the IP addressleasetimeoption to suggest the lease time it would like to
have it. The requestedIP addressoption is filled in a DHCPREQUEST message only when the client
is verifying network parameters obtained previously.
If a server receives a DHCPREQUEST message with an invalid requestedIP address, the server
should respond to the client with a DHCPNAK message and may choose to report the problem to
the system administrator. The server may include an error message in the messageoption.
When Should Clients Use DHCP
A client should use DHCP to reacquire or verify its IP address and network parameters whenever
the local network parameters may have changed (e.g. at the switch boot time or after a
disconnection from the local network), as the local network configuration may change without the
client or user knowledge.
If a client has knowledge of a previous network address and is unable to contact a local DHCP
Server, the client may continue to use the previous network address until the lease for that address
expires. If the lease expires before the client can contact a DHCP Server, the client must
immediately discontinue use of the previous network address and may inform local users of the
problem.
T-Marc 300 Series User Guide
Page 107
Device Administration (Rev. 11)
The DHCP Client Default Configuration
Table 35: DHCP Client Default Configuration
Feature Default Value
DHCP Client Disabled
The DHCPDISCOVER message
retransmission timeout
8 minutes
The DHCP Client Configuration Flow
1. Optional configuration:
Enable the DHCP client security feature
(see EnablingtheDHCP Client Security(AuthenticationOption90))
Permit the DHCP client to receive unauthenticated packets
(see ControllingtheUnauthenticatedPacketsFlow)
Specify DHCP server discover attempts (see SpecifyingDHCP Server Discover Attempts)
Configure the maximum time that the DHCP Client is allowed to be active
(see ChangingtheDHCPDISCOVER MessagesRetransmissionTimeout)
2. Provide the device its IP configuration information dynamically and configures the DHCP
lease period (see ConfiguringtheDHCP Client)
3. Display the DHCP Client status and the DISCOVER message timeout
(see DisplayingtheDHCP Client Configuration)
T-Marc 300 Series User Guide
Page 108
Device Administration (Rev. 11)
DHCP Client Configuration Commands
NOTE
The commands in the following table are applied on demarcation devices in a
topology with proxy management feature started.
Table 36: DHCP Client Security Commands
Command Description
dhcp-client security enable
Enables the DHCP client security feature (see Enabling
the DHCP Client Security (Authentication Option 90))
dhcp-client security accept
Permits the DHCP client to receive unauthenticated
packets
(see Controlling the Unauthenticated Packets Flow)
dhcp-client security attempts
Specifying DHCP server discover attempts (see
Specifying DHCP Server Discover Attempts)
Table 37: DHCP Client Commands
Command Description
dhcp-client discover-rto
Configures the maximum time that the DHCP Client is
allowed to be active (see Changing the
DHCPDISCOVER Messages Retransmission Timeout)
ip address dhcp
Provides the device its IP configuration information
dynamically and configures the DHCP lease period
(see Configuring the DHCP Client)
Table 38: DHCP Client Display Command
Command Description
show dhcp-client
Displays the DHCP Client status and the DISCOVER
message timeout
(see Displaying the DHCP Client Configuration)
T-Marc 300 Series User Guide
Page 109
Device Administration (Rev. 11)
Enabling the DHCP Client Security (Authentication Option 90)
The dhcp-client security enable command enables the DHCP client security feature.
CLI Mode: Global Configuration
By default, the DHCP client security is disabled.
Command Syntax
device-name(config)#dhcp-client security enable
device-name(config)#no dhcp-client security
Argument Description
no
Disables the DHCP client security feature.
Controlling the Unauthenticated Packets Flow
The dhcp-client security accept command permits the DHCP client to receive
unauthenticated packets.
CLI Mode: Global Configuration
By default, the all unauthenticated packets are received.
Command Syntax
device-name(config)#dhcp-client security accept {all | authenticated-only}
Argument Description
all
Permits all unauthenticated packets.
authenticated-only
Permits only authenticated packets.
Specifying DHCP Server Discover Attempts
The dhcp-client security attempts command specifies the number of attempts, which the
DHCP client makes to locate a DHCP server and obtain a configuration from it.
CLI Mode: Global Configuration
By default, the number of attempts is infinitely.
Command Syntax
device-name(config)#dhcp-client security attempts (<1-512> | infinitely)
T-Marc 300 Series User Guide
Page 110
Device Administration (Rev. 11)
Argument Description
1-512
Specifies the number of attempts.
infinitely
Sets the number of attempts to infinitely.
Changing the DHCPDISCOVER Messages Retransmission
Timeout
The dhcp-client discover-rto command configures the maximum time that the DHCP Client
is allowed to be active and to send DHCPDISCOVER frames.
CLI Mode: Global Configuration
The client resends a DHCPDISCOVER frame after 4, 8, 16, 32 and 64 seconds.
By default, the DHCPDISCOVER timeout is 8 minutes.
Command Syntax
device-name(config)#dhcp-client discover-rto <time>
device-name(config)#no dhcp-client discover-rto
Argument Description
time
The DHCPDISCOVER message retransmission timeout, in the range <132>
minutes.
no
Disables the retransmission timeout, i.e. the DHCP client keeps sending requests
until it negotiates an IP address.
Configuring the DHCP Client
The ip address dhcp command provides the device its IP configuration information dynamically
and configures the requested lease period.
CLI Mode: Global Configuration
By default, the dynamic address allocation is disabled.
Command Syntax
device-name(config)#ip address dhcp [A.B.C.D | renew]
device-name(config)#ip address dhcp lease {<1-10080> | infinite} [A.B.C.D |
renew]
device-name(config)#no ip address dhcp
Argument Description
1-10080
Specifies a value for the lease period, in minutes.
infinite
Sets the lease period to be an infinite period. This is the default value.
T-Marc 300 Series User Guide
Page 111
Device Administration (Rev. 11)
A.B.C.D
(Optional). The requested IP address. The DHCP Client is initiated with
DHCP negotiation. If the IP address is specified, the DHCP Client sends a
request for this address, and if the requested IP address is not available the
server returns another IP address. To see the IP address provided by the
DHCP server, use the show ip command in Privileged (Enable) mode (refer
to the Device Setup and Maintenance chapter of the BiNOS User Guide).
renew
(Optional). Restarts the DHCP client, freeing the IP address previously
allocated.
no
Stops the DHCP Client and restores the IP address, subnet mask and IP
gateway to their default values.
Displaying the DHCP Client Configuration
The show dhcp-client command displays the DHCP client status and the DISCOVER message
timeout.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show dhcp-client
Example
device-name(config)#ip address dhcp lease infinite
device-name(config)#exit
device-name#show dhcp-client
DHCP cl i ent i s act i ve
I P addr ess i s acqui r ed by DHCP
DI SCOVER messages r et r ansmi ssi on t i meout - 8 mi nut e( s)
Lease t i me l ef t : 86394
T-Marc 300 Series User Guide
Page 112
Device Administration (Rev. 11)
Controlling the Packet Rate
Overview
To break the correlation between the management device (the CPU), the remaining switching and
routing devices, the device implements four queues for outgoing packets to the CPU, and a
standalone NewAddressmessage queue destined to the CPU. Each queue has a fixed depth. Packet
dropping is enabled when the queues reach their limit.
Two mechanisms are set:
ProtectingAgainst NewAddressAttacks The rate limit mechanism for learning new addresses is
hardware based. It is designed to prevent overloading the CPU when new MAC address
requests arrive at a high pace.
ProtectingAgainst CPU Attacks The rate limiting hardware mechanism is designed to reduce
CPU usage. You can define a rate limit for traffic to the CPU to prevent overloading the CPU
when the pace at which packets are forwarded to it is too high.
Figure2 shows the packet flow through the device when the rate limit mechanism is enabled.
Figure 2: Rate Limit Mechanism
T-Marc 300 Series User Guide
Page 113
Device Administration (Rev. 11)
Packet-Rate Thresholds' Default Configuration
Table 39: Packet-Rate Threshold Default Configuration
Parameter Default Value
Rate limit for learning new addresses for
the entire device
1500 packets per second
Rate limit to the CPU for the entire device 1500 packets per second
Low packet-rate threshold 200 packets per second
High packet-rate threshold 5000 packets per second
The Packet-Rate Thresholds' Commands
Table 40: Packet-Rate Threshold Commands
Command Description
set packets_threshold
Configures packet-rate threshold levels
(see Configuring Packet-Rate Thresholds)
reset packets_threshold
statistics
Clears the CPU packet-rate statistics
(see Clearing the CPU Packet Threshold)
show packets_threshold
Displays the current packet-rate threshold levels
(see Displaying Packet-Rate Thresholds)
Configuring Packet-Rate Thresholds
The set packets_threshold command configures rate threshold levels for packets that load the
CPU.
CLI Mode: Global Configuration mode
Default packet-rate threshold levels are described in Table 39.
Command Syntax
device-name(config)#set packets_threshold <low> <high>
Argument Description
low
Low packet rate threshold in packets per second. The range is <5010000>.
high
High packet rate threshold in packets per second. The range is <100
10000>.
T-Marc 300 Series User Guide
Page 114
Device Administration (Rev. 11)
Example
The following example sets the threshold levels to:
Accept all packets if the rate is less or equal to 300 packets per second
Accept only high-priority packets if the rate is higher than 300 packets per second, but not
more than 4000 packets per second
Reject all packets if the rate exceeds 4000 packets per second
device-name(config)#set packets_threshold 300 4000
Clearing the CPU Packet Threshold
The reset packets_threshold statistics command clears the CPU packet-rate statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#reset packets_threshold statistics
Displaying Packet-Rate Thresholds
The show packets_threshold command displays the current packet-rate threshold levels.
CLI Mode: Privileged (Enable)
Table 41 describes the parameters displayed by the show packets_threshold command.
Command Syntax
device-name#show packets_threshold
Example
device-name#show packets_threshold
Low packet r at e t hr eshol d i s 200 pps
Hi gh packet r at e t hr eshol d i s 5000 pps
Packet s r at e per sec: 6 I n packet s: 1425 Dr op packet s: 0
Table 41: Parameters Displayed by the show packet s_t hr eshol d Command
Parameter Description
Low packet rate threshold Low packet rate threshold in packets per second.
High packet rate threshold High packet rate threshold in packets per second.
In packets The number of packets accepted (within the threshold limits)
in the current session.
Drop packets The number of packets rejected (beyond the threshold
limits) in the current session.
T-Marc 300 Series User Guide
Page 115
Device Administration (Rev. 11)
Parameter Description
Packets rate per sec The current rate of information flows to the CPU, in terms of
packets-per-second.
T-Marc 300 Series User Guide
Page 116
Device Administration (Rev. 11)
Control Plane Priority per Protocol
Table 42: Control Plane Priority per Protocol
Protocol Control Packets Priority
LACP LACPDU 7
MEF8 Ethernet 07
CFM BPDU 6
EFM OAM BPDU 6
DHCP IP 6
ICMP IP 6
ARP Ethernet 6
SNMP UDP 6
Telnet TCP 6
SSH TCP 6
TFTP UDP 6
DHCP Client UDP 6
RADIUS UDP 6
TACAS + TCP 6
SYSLOG messages UDP 6
T-Marc 300 Series User Guide
Page 117
Device Administration (Rev. 11)
Supported Platforms
Features T-Marc 340 T-Marc 380
Managing the MAC Address Table + +
Managing the ARP Table + +
Script Files System + +
Configuring Default Settings + +
Zero Configuration Networking + +
Software Upgrade and Boot Options + +
Boot Loader + +
Managing the System Time and Date + +
DHCP Client + +
CPU Resource Control + +
Supported Standards, MIBs and RFCs
Features Standards MIBs RFCs
Managing the MAC
Address Table
No Standards are
supported by this
feature.
Standard MIB,
8021Q_d6.mib
No RFCs are
supported by this
feature.
Managing the ARP
Table
No standards are
supported by this
feature.
Private MIB,
prvt_switch_ipvaln.mib
RFC 791, Internet
Protocol DARPA
Internet Program
Protocol Specifications
RFC 919,
Broadcasting Internet
Datagrams
RFC 922,
Broadcasting Internet
Datagrams in the
Presence of Subnets
RFC 1042, A Standard
for the Transmission
of IP Datagrams over
IEEE 802 Networks
RFC 1122,
Requirements for
Internet Hosts --
Communication
Layers
RFC 1812,
Requirements for IP
Version 4 Routers
T-Marc 300 Series User Guide
Page 118
Device Administration (Rev. 11)
Features Standards MIBs RFCs
Script Files System No standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature
Configuring Default
Settings
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature
Zero Configuration
Networking
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
RFC 2131, Dynamic
Host Configuration
Protocol
RFC 2132, DHCP
Options and BOOTP
Vendor Extensions
Software Upgrade and
Boot Options
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature.
Boot Loader No Standards are
supported by this
feature.
No MIBs are supported
by this feature.
No RFCs are
supported by this
feature.
Managing the System
Time and Date
No standards are
supported by this
feature.
No MIBs are supported
by this feature.
RFC 867, Daytime
Protocol
RFC 868, Time
Protocol
DHCP Client No standards are
supported by this
feature.
No MIBs are supported
by this feature.
RFC 951, Bootstrap
Protocol (BOOTP)
RFC 1542,
Clarifications and
Extensions for the
Bootstrap Protocol
RFC 2131, Dynamic
Host Configuration
Protocol
RFC 2132, DHCP
Options and BOOTP
Vendor Extensions
CPU Resource
Control
No standards are
supported by this
feature.
Private MIB,
prvt_bist.mib
No RFCs are
supported by this
feature.
Page 1
Configuring Interfaces (Rev. 08)
Configuring Interfaces
Table of Figures 3
Features Included in this Chapter 4
Fast Ethernet and Giga Ethernet Ports 5
Overview 5
Fast and Giga Ethernet Ports Default Configuration 6
Fast and Giga Ethernet Ports Configuration Commands 7
Link Aggregation Control Protocol (LACP)23
LACP Modes23
LACP Parameters23
Link Aggregation Groups (LAGs) 24
LAG Default Configuration26
LAG Configuration Flow26
LAG Configuration Commands27
Configuration Examples34
Resilient Links43
Overview43
Resilient Links Default Configuration43
Resilient Links Configuration Flow44
Resilient Links Configuration Commands 45
Configuration Example50
Port Security Techniques51
Overview51
The Port Security Default Configuration52
The Port Security Configuration Commands52
Configuration Examples57
The Port Limit Feature61
Overview61
Port Limit Default Configuration61
Port Limit Commands 61
T-Marc 300 Series User Guide
Page 2
Configuring Interfaces (Rev. 08)
Interfaces Management65
Overview65
Interfaces Management Commands65
Alarm Propagation Feature67
Overview67
Alarm Propagation Commands 67
Configuration Example69
Supported Platforms72
Supported Standards, MIBs and RFCs72
T-Marc 300 Series User Guide
Page 3
Configuring Interfaces (Rev. 08)
Table of Figures
Figure 1: Four Ports Combined into a Link Aggregation Group24
Figure 2: Example of LAG Containing Two Ports34
Figure 3: Example of Two LAGs Configured on the Same Device35
Figure 4: Example of Two Static LAGs with RSTP40
Figure 5: Example of a Resilient Link Topology50
Figure 6: Alarm Propagation Configuration Example69
T-Marc 300 Series User Guide
Page 4
Configuring Interfaces (Rev. 08)
Features Included in this Chapter
This chapter describes the T-Marc 300 Series device interface types and their configuration. In
addition, the chapter includes port security methods.
The chapter includes the following sections:
Fast Ethernet andGiga Ethernet Ports
This section details the T-Marc 300 Series device interfaces and the commands to
configure them.
Link AggregationControl Protocol (LACP)
This protocol provides increased bandwidth, increased redundancy, and higher
availability.
Resilient Links
Resilient links allow protecting critical links and preventing network downtime.
Port SecurityTechniques
Using port security techniques on T-Marc 300 Series device provides control over every
device plugged into the internal network.
AlarmPropagationFeature
Alarm Propagation is a fault detection feature that identifies faults in network uplinks and
alarms downstream devices.
T-Marc 300 Series User Guide
Page 5
Configuring Interfaces (Rev. 08)
Fast Ethernet and Giga Ethernet Ports
Overview
T-Marc 300 Series device allows service providers to deliver multiple services on separate user
ports. It supports multiple application-flows over a single customer interface, mapping each flow to
a different traffic class.
The device supports:
Flexible Ethernet combo-port interfaces
Dual-speed (100M and 1000M) fiber interfaces
Pluggable optics, including CWDM
Tri-speed (10/ 100/ 1000M) copper interfaces
ASCII/ RJ-45 management ports
T-Marc 300 Series User Guide
Page 6
Configuring Interfaces (Rev. 08)
Fast and Giga Ethernet Ports Default Configuration
Table 1: Fast Ethernet and Giga Ethernet Ports Default Configuration
Parameter Default Value
Interface state Enabled
Port name None
Backpressure mode Disabled
Duplex speed For Fast Ethernet Fiber: Auto-negotiation.
For Giga Ethernet Fiber: Auto-negotiation.
For Fast Ethernet and Giga Ethernet Copper: Auto-
negotiation.
Flow Control mode Disabled
Default VLAN 1
Broadcast rate limit Unlimited
Multicast rate limit Unlimited
Unknown rate limit Unlimited
Packet size limit 1632
Remote fault detect Disabled
Crossover detection Automatic
Learning new address Enabled
T-Marc 300 Series User Guide
Page 7
Configuring Interfaces (Rev. 08)
Fast and Giga Ethernet Ports Configuration
Commands
Table 2: Fast and Giga Ethernet Configuration Commands
Command Description
interface
Enters the configuration mode of a specific physical interface, a
LAG, an interface range, or a LAG range (see Entering the
Interface Configuration Mode)
name
Assigns a name to a physical interface or a group of interfaces
(see Specifying the Interface Name)
speed Specifies the interface speed (see Specifying the Interface
Speed)
duplex Specifies a duplex parameter for the specified interface (see
Specifying the Interface Duplex Mode)
backpressure
Enables/disables the backpressure mode (see Defining the
Backpressure Mode)
flow control
Changes the flow control mode (see Defining the Flow Control
Mode)
default vlan
Specifies a default VLAN for a physical interface or group of
interfaces (see Adding Ports to a Default VLAN)
packet-size-limit
Specifies the jumbo frame size (see Specifying the Jumbo
Frames Size)
remote-fault-detect
Enables remote fault detection on the configured interface that is
connected to a 100Base Fiber pair (see Configuring the Remote
Fault Detection)
shutdown
Disables all functions of a specific port (see Disabling an
Interface)
Table 3: IP Interface Commands
Command Description
interface Enters the IP interface configuration mode (see IP Interface
Configuration Mode)
show ip interface Displays the IP interface configuration and statistics (see
Displaying the IP Interface Configuration)
T-Marc 300 Series User Guide
Page 8
Configuring Interfaces (Rev. 08)
Table 4: Commands for Displaying and Clearing Interface Settings and Statistics
Command Description
show
and
show interface
Display the status and configuration of all interfaces or for the
specified interface (see Displaying Interface Configuration
Settings).
show interface
statistics
Displays interface statistics and packet counters (see Displaying
Interface Statistics)
reset
and
clear interface
statistics
Clear all current statistics from a specific physical interface or a
group of interfaces (see Clearing Interface Statistics)
Entering the Interface Configuration Mode
The interface command enters the configuration mode of a specific physical interface, a LAG, an
interface range, or a LAG range.
When in the Range Configuration mode, all the commands are applied to all ports/ LAGs within
that range, until exiting this mode.
CLI Mode: Global Configuration, Interface Configuration, Interface Range Configuration,
LAG Configuration, and LAG Range Configuration
Command Syntax
device-name(config)#interface {UU/SS/PP | ag0N | range PORT-LIST | range
PORT-AG-LIST}
device-name(config-if UU/SS/PP)#
device-name(config-if AG0N)#
device-name(config-if UU1/SS1/PP1)#interface UU2/SS2/PP2
device-name(config-if UU2/SS2/PP2)#
device-name(config-if-group)#interface {UU/SS/PP | ag0N | range PORT-LIST|
range PORT-AG-LIST}
device-name(config-ag-group)#interface {UU/SS/PP | ag0N | range PORT-LIST|
range PORT-AG-LIST}
device-name(config-if AG0N)#interface {UU/SS/PP | ag0N | range PORT-LIST|
range PORT-AG-LIST}
Argument Description
UU/SS/PP Represents the unit, slot, and port numbers of the configured interface.
ag0N Represents a LAG ID in the range of <17>.
range PORT-
LIST
Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).
T-Marc 300 Series User Guide
Page 9
Configuring Interfaces (Rev. 08)
range PORT-
AG-LIST
Specifies a LAG names list (for example AG01, AG04AG07), in the range
<0107>.
Example 1
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#
Example 2
device-name(config)#interface ag01
device-name(config-if AG01)#interface 1/1/2
device-name(config-if 1/1/2)#
Example 3
device-name(config)#interface range ag01
device-name(config-ag-group)#interface 1/1/1
device-name(config-if 1/1/1)#
Specifying the Interface Name
The name command assigns a name to a physical interface or a group of interfaces.
CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the port has no name.
Command Syntax
device-name(config-if UU/SS/PP)#name NAME
device-name(config-if UU/SS/PP)#no name
device-name(config-if-group)#name NAME
device-name(config-if-group)#no name
Argument Description
NAME An alphanumeric name of up to 256 characters. Spaces are allowed.
no Removes the port name.
T-Marc 300 Series User Guide
Page 10
Configuring Interfaces (Rev. 08)
Specifying the Interface Speed
The speed command defines the duplex speed of a specified interface or interface range.
The Giga copper ports support crossover detection. This feature allows a device port to automatically
detect, transmit, and receive the Ethernet cables polarity (the relevant cable type).
NOTE
To ensure reliable performance, it is essential to configure the same settings for two
Gigabit fiber ports communicating with each other.
Either enable autonegotiation on both interfaces or set the same duplex speed for
both.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the device is configured to use auto-negotiation to determine the port speed and duplex
setting.
Command Syntax
device-name(config-if UU/SS/PP)#speed {auto | 10 | 100 | 1000}
device-name(config-if-group)#speed {auto | 10 | 100 | 1000}
Argument Description
auto The port automatically finds the highest speed supported on the link.
10 Sets the duplex speed type to 10Mbps.
100 Sets the duplex speed type to 100Mbps.
1000 Sets the duplex speed type to 1Gbps.
Specifying the Interface Duplex Mode
The duplex command specifies the duplex mode of a physical interface or a group of interfaces.
CLI Mode:
Interface Configuration and Range Interface Configuration
In full-duplex mode, two devices can send and receive at the same time. Full-duplex
communication is often an effective solution for collisions, which are major constrictions in
Ethernet networks. 10 Mbps ports usually operate in half-duplex mode (the device can either
receive or transmit).
NOTE
To ensure reliable performance, it is essential to configure the same settings for two
Gigabit fiber ports communicating with each other.
Either enable autonegotiation on both interfaces or set the same duplex mode for
both.
By default, the device is configured to use auto-negotiation to determine the port speed and duplex
setting.
T-Marc 300 Series User Guide
Page 11
Configuring Interfaces (Rev. 08)
Command Syntax
device-name(config-if UU/SS/PP)#duplex {auto | full | half}
device-name(config-if-group)#duplex {auto | full | half}
Argument Description
auto Enables the auto detect mode.
full Enables the full duplex mode.
half Enables the half duplex mode.
Defining the Backpressure Mode
The backpressure command enables/ disables the backpressure mode.
CLI Mode:
Interface Configuration and Range Interface Configuration
Backpressure is a technique for ensuring that a transmitting port does not send too much data to a
receiving port at a given time. When the buffer capacity of a receiving port exceeds, it sends a Jam
messageto the transmitting port to halt transmission.
NOTE
Backpressure functions only if the port operates in half-duplex mode.
By default, backpressure is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#backpressure {enable | disable}
device-name(config-if-group)#backpressure {enable | disable}
Argument Description
enable Enables backpressure mode.
disable Disables backpressure mode.
Defining the Flow Control Mode
The flow-control command enables/ disables the flow control mode.
Flow control is a technique for ensuring that a transmitting port does not send too much data to a
receiving port at a given time. When the ports buffer is filled, the port transmits a special packet
requesting remote ports to delay sending packets for a period of time.
NOTE
Valid only in full-duplex mode.
CLI Mode: Interface Configuration and Range Interface Configuration
By default the flow control is disabled.
T-Marc 300 Series User Guide
Page 12
Configuring Interfaces (Rev. 08)
Command Syntax
device-name(config-if UU/SS/PP)#flow-control {enable | disable | autonegotiate}
device-name(config-if-group)#flow-control {enable | disable | autonegotiate}
Argument Description
enable Enables flow control.
disable Disables flow control.
autonegotiate Enables flow control autonegotiation.
Adding Ports to a Default VLAN
The default vlan command specifies a default VLAN for a physical interface or a group of
interfaces.
You can define only one default VLAN per port. For more information regarding VLAN
commands, refer to the ConfiguringVLANsandSuper VLANschapter of this User Guide.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the default VLAN (PVID) for all ports is 1.
Command Syntax
device-name(config-if UU/SS/PP)#default vlan <vlan-id>
device-name(config-if UU/SS/PP)#no default vlan
device-name(config-if-group)#default vlan <vlan-id>
device-name(config-if-group)#no default vlan
Argument Description
vlan-id The interfaces default VLAN, in the range of <14094>.
no Restores the default VLAN to VLAN 1.
Specifying the J umbo Frames Size
The packet-size-limit command specifies the maximum packet size allowed for a specific
physical interface or a group of interfaces.
CLI Modes: Interface Configuration and Range Interface Configuration
The default packet size limit is 1632 bytes.
Command Syntax
device-name(config-if UU/SS/PP)#packet-size-limit {NUMBER | default}
device-name(config-if-group)#packet-size-limit {NUMBER | default}
T-Marc 300 Series User Guide
Page 13
Configuring Interfaces (Rev. 08)
Argument Description
NUMBER Specifies the maximum allowed packet size on the port, <5129216>bytes.
default Restores the default value of the packet size to 1632 bytes.
Example
device-name(config-if 1/1/1)#packet-size-limit 1522
device-name(config-if 1/1/1)#show
. . .
. . .
Maxi mumPacket Si ze ( MTU) = 1522
Configuring the Remote Fault Detection
The remote-fault-detect command enables remote fault detection on the configured interface
that is connected to a 100Base Fiber pair.
CLI Mode:
Interface Configuration and Range Interface Configuration
When enabling remote fault detection on such an interface, the device indicates link down on the
port if the remote peer detects link down.
NOTE
The remote-fault-detect command is available only on 100Base Fiber ports.
Command Syntax
device-name(config-if UU/SS/PP)#remote-fault-detect {on | off}
device-name(config-if-group)#remote-fault-detect {on | off}
Argument Description
on Enables the remote fault detection.
off Disables the remote fault detection.
Disabling an Interface
The shutdown command disables all functions of a specific port (receive, forward, and learn).
CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the port is enabled (active).
Command Syntax
device-name(config-if UU/SS/PP)#shutdown
device-name(config-if UU/SS/PP)#no shutdown
device-name(config-if-group)#shutdown
device-name(config-if-group)#no shutdown
T-Marc 300 Series User Guide
Page 14
Configuring Interfaces (Rev. 08)
Argument Description
no Enables the interface.
IP Interface Configuration Mode
The interface command enters the IP Interface Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#interface sw0
device-name(config-if sw0)#
Displaying the IP Interface Configuration
The show ip interface command displays the IP interface configuration and statistics.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip interface [brief | sw0 | lo0]
Argument Description
brief (Optional). Displays brief information of all the defined IP interfaces.
sw0 (Optional). Specifies the number of the IP interface.
lo0 (Optional). Specifies the loopback interface.
Example 1
device-name#show ip interface sw0
I nt er f ace sw0
i ndex 3 met r i c 1 mt u 1500
di r ect ed- br oadcast di sabl ed
Fl ags : <UP, BROADCAST, NOTRAI LERS, RUNNI NG, SI MPLEX, MULTI CAST>
i net 1. 1. 1. 1/ 8 br oadcast 1. 255. 255. 255
Secondar y i net 2. 1. 1. 1/ 8 br oadcast 2. 255. 255. 255
239538 packet s r ecei ved; 15206 packet s sent
3617 mul t i cast packet s r ecei ved
56 mul t i cast packet s sent
0 i nput er r or s; 0 out put er r or s
0 col l i si ons; 0 dr opped
0 down count
T-Marc 300 Series User Guide
Page 15
Configuring Interfaces (Rev. 08)
Example 2
device-name#show ip interface brief
I nt er f ace l o0
i ndex 2 met r i c 1 mt u 32767
di r ect ed- br oadcast di sabl ed
Fl ags : <UP, LOOPBACK, NOTRAI LERS, RUNNI NG, MULTI CAST>
i net 127. 0. 0. 1/ 8
I nt er f ace sw0
i ndex 3 met r i c 1 mt u 1500
di r ect ed- br oadcast di sabl ed
Fl ags : <UP, BROADCAST, NOTRAI LERS, RUNNI NG, SI MPLEX, MULTI CAST>
i net 1. 1. 1. 1/ 8 br oadcast 1. 255. 255. 255
Secondar y i net 2. 1. 1. 1/ 8 br oadcast 2. 255. 255. 255
Table 5: Parameters Displayed by the show i p i nt er f ace Command
Parameter Description
i ndex The Internal index of the IP interface
met r i c The IP interface metric value
mt u The Maximum Transfer Unit
f l ags UP/DOWNIP interface status
BROADCASTThe broadcast address is valid
NOTRAILERSThe device must avoid using trailers
RUNNINGThe device has successfully allocated needed resources
SIMPLEXThe device cannot hear its own transmissions
MULTICASTThe device supports multicast
ALLMULTIThis port receives all multicast packets
LOOPBACKThis is a loopback net
NOARPThere is no address resolution protocol
POINTOPOINTThe IP interface is a point-to-point link
i net The interface's configured IP address and subnet mask
br oadcast The broadcast address of the IP interface
Et her net addr ess The MAC address of the IP interface
packet s r ecei ved The number of packets received on the IP interface
packet s sent The number of packets sent from the IP interface
mul t i cast packet s
sent
The number of multicast packets sent from the IP interface
i nput er r or s The number of error packets received on the IP interface
out put er r or s The number of error packets sent from the IP interface
col l i si ons (always 0)
dr opped The number of packets dropped on the IP interface
down count The number of times the IP interface went down
T-Marc 300 Series User Guide
Page 16
Configuring Interfaces (Rev. 08)
Displaying Interface Configuration Settings
The commands below display the status and configuration for all ports or for a specified port:
show interface command
CLI Mode: Privileged (Enable)
show command
CLI Mode: Interface Configuration
Command Syntax
device-name#show interface [UU/SS/PP]
device-name(config-if UU/SS/PP)#show
Argument Description
UU/SS/PP
(Optional). Selects a specific port to display.
Example 1
The following example displays the settings of all the device interfaces:
device-name#show interface
==========================================================================
| Por t | Name | Type | St at e | Li nk| Dupl Speed | Fl ow | Backpr es| Def aul t
+- - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - +- - - - - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - -
1/ 1/ 1 DUAL di sabl e down unknown di sabl e di sabl e 0001
1/ 1/ 2 DUAL enabl e up f ul l - 100 di sabl e di sabl e 0001
1/ 2/ 1 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 2 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 3 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 4 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 5 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 6 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 7 DUAL enabl e down unknown di sabl e di sabl e 0001
1/ 2/ 8 DUAL enabl e down unknown di sabl e di sabl e 0001
T-Marc 300 Series User Guide
Page 17
Configuring Interfaces (Rev. 08)
Example 2
The following example displays the settings of a specific interface:
device-name#show interface 1/1/2
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = up ( TX)
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 100
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632
Displaying Interface Statistics
The commands below display the interface statistics and packet counters:
show interface statistics command
CLI Mode: Privileged (Enable)
show statistics command
CLI Mode: Interface Configuration and LAG Interface Configuration
NOTE
The MaxPacketSize refers to the maximum supported packet size depending on the
configuration (512 bytes or 9216 Kbytes).
Command Syntax
device-name#show interface [UU/SS/PP | ag0N] statistics [extended]
device-name(config-if AG0N)#show statistics [extended]
Argument Description
UU/ SS/ PP (Optional). Displays statistics information of a specified interface.
ag0N (Optional). N, the LAG ID number, in the range <17>.
extended (Optional). Displays additional packet counters.
T-Marc 300 Series User Guide
Page 18
Configuring Interfaces (Rev. 08)
Example 1
The following example display various packet counters for 1/ 2/ 1 interface:
device-name#show interface 1/2/1 statistics
Oct et s 24512 I n/ Out Pkt s 64 383
Col l i si ons 0 I n/ Out Pkt s 65- 127 0
Br oadcast 0 I n/ Out Pkt s 128- 255 0
Mul t i cast 0 I n/ Out Pkt s 256- 511 0
CRCAl i gnEr r or s 0 I n/ Out Pkt s 512- 1023 0
Under si ze 0 I n/ Out Pkt s 1024- MaxFr ameSi ze 0
Over si ze 0 Tot al I nPkt s 383
Fr agment s 0 Tot al I n/ Out Pkt s 383
J abber s 0 DownCount 0
Dr opEvent s 0
Last 5secI nPkt s 50 Last 5secI nBps 409
Last 1mi nI nPkt s 353 Last 1mi nI nBps 408
Last 5mi nI nPkt s 353 Last 5mi nI nBps 81
Last 5secOut Pkt s 0 Last 5secOut Bps 0
Last 1mi nOut Pkt s 0 Last 1mi nOut Bps 0
Last 5mi nOut Pkt s 0 Last 5mi nOut Bps 0
Table 6: Counters Displayed by the show i nt er f ace st at i st i cs Command
Counter Description
Oct et s
The number of data octets of all received packets on the line. This
includes data octets of rejected and local packets that are not forwarded
to the switching core for transmission.
In case of oversized packets that exceed the allocated buffer-size, only
buffer-size bytes are counted.
Col l i si ons
The number of received packet when detecting a collision event.
Br oadcast
The number of good Broadcast packet received.
Mul t i cast
The number of good Multicast packet received.
CRCAl i gnEr r or s
The number of received packets that meet all the following conditions:
data-length is between <64MaxFrameSize>bytes inclusive
have an invalid CRC
not detected a collision event
not detected a late collision event
Under si ze
The number of received packets that meet all the following conditions:
data length is less than 64 bytes
not detected a collision event
not detected a late collision event
have a valid CRC
T-Marc 300 Series User Guide
Page 19
Configuring Interfaces (Rev. 08)
Counter Description
Over si ze
The number of received packets that meet all the following conditions:
data length is greater than MRU
have valid CRC
NOTE
When the maximum packet size is below 1632,
oversized packets are counted as FCS errored bytes.
The default MRU size is 1632 bytes.
Fr agment s
The number of received packets that meet all the following conditions:
data length is less than 64 bytes, or the packet does not have a Start
Frame Delimiter (SFD) and is less than 64 bytes
not detected a collision event
not detected a late collision event
have an invalid CRC
J abber s
The number of packets that meet one of the following conditions:
data length is greater than MaxFrameSize and CRC is invalid
packet length is greater than MaxPacketSize
Dr opEvent s
Not supported.
Down Count
The number of port disconnections.
The counter is initialized in the following cases:
When the device starts running (provided that the link to the port is
connected), the counter is zeroed
When the module is inserted at run-time (hot-swapped), the counter
is initialized to one
When the link to the port is connected for the first time during run-
time, the counter is initialized to one
Tot al I nPkt s
The number of received packets received on the line. This includes
rejected and local packets that are not forwarded to the switching core for
transmission.
I n/ Out Pkt s 64
The number of 64 bytes received and transmitted packets including
rejected, received, and transmitted packets.
I n/ Out Pkt s 65- 127
The number of received and transmitted packets in the range of
<65127>bytes including rejected, received, and transmitted packets.
I n/ Out Pkt s 128-
255
The number of received and transmitted packets in the range of
<128255>bytes including rejected, received, and transmitted packets.
I n/ Out Pkt s 256-
511
The number of received and transmitted packets in the range of
<256511>bytes, including rejected, received, and transmitted packets.
I n/ Out Pkt s 512-
1023
The number of received and transmitted packets in the range of
<5121023>bytes including rejected, received, and transmitted packets.
I n/ Out Pkt s 1024-
MaxFr ameSi ze
The number of received and transmitted packets in the range of
<1024MaxFrameSize>bytes including rejected, received, and
transmitted packets. The default MaxFrameSize is 1632 bytes.
Tot al I n/ Out Pkt s
The number of received and transmitted packets in the range of <64
MaxFrameSize>bytes including rejected, received, and transmitted
packets.
T-Marc 300 Series User Guide
Page 20
Configuring Interfaces (Rev. 08)
Counter Description
Last 5secI nPkt s
The number of packets received during the five seconds before executing
the command.
Last 1mi nI nPkt s
The number of packets received during the minute before executing the
command.
Last 5mi nI nPkt s
The number of packets received during the five minutes before executing
the command.
Last 5secOut Pkt s
The number of packets transmitted during the five seconds before
executing the command.
Last 1mi nOut Pkt s
The number of packets transmitted during the minute before executing
the command.
Last 5mi nOut Pkt s
The number of packets transmitted during the five minutes before
executing the command.
Last 5secI nBps
The rate of packets received, in bits per second, during the five seconds
before executing the command.
Last 1mi nI nBps
The rate of packets received, in bits per second, during the minute before
executing the command.
Last 5mi nI nBps
The rate of packets received, in bits per second, during the five minutes
before executing the command.
Last 5secOut Bps
The rate of packets transmitted, in bits per second, during the five
seconds before executing the command.
Last 1mi nOut Bps
The rate of packets transmitted, in bits per second, during the minute
before executing the command.
Last 5mi nOut Bps
The rate of packets transmitted, in bits per second, during the five
minutes before executing the command.
NOTE
The Last5secInBps, Last1minInBps, Last5minInBps, Last5secOutBps,
Last1minOutBps, and Last5minOutBps counters are updated every 5 seconds. After
receiving/ transmitting the packets, you must wait for 10 seconds to pass in order to
receive a correct value of the corresponding statistics.
Example 2
The following example uses the extended keyword to display additional packet counters:
device-name#show interface 1/1/1 statistics extended
I nOct et s 41061272 Out Oct et s 7948538
I nUcast Pkt s 73572 Out Ucast Pkt s 73825
I nNUcast Pkt s 3873 Out NUcast Pkt s 28439
I nDi scar ds 0 Out Di scar ds N/ A
I nEr r or s 1 Out Er r or s N/ A
I nUnknownPr ot os N/ A
T-Marc 300 Series User Guide
Page 21
Configuring Interfaces (Rev. 08)
Table 7: Counters Displayed by the show i nt er f ace st at i st i cs ext ended Command
Counter Description
I nOct et s
The number of data octets of all the received packets on the line. This
includes data octets of rejected and local packets that are not forwarded
to the switching core for transmission.
In case of oversized packets that exceed the allocated buffer-size, only
buffer-size bytes are counted.
I nUcast Pkt s
The number of good unicast packets (not including Multicast and
Broadcast packets) received.
I nNUcast Pkt s
The number of good Broadcast and Multicast packets received.
I nDi scar ds
The number of incoming packets dropped due to lack of receive buffers or
due to exceeding the interfaces Rx buffer threshold.
I nEr r or s
This counter is incremented when any of the following events occurs:
Undersized frames (less than 64 bytes) that are correctly aligned and
well formed without Frame Check Sequence (FCS) Errors
Fragments (less than 64 bytes) that are misaligned and/or with
Frame Check Sequence (FCS) Errors
Oversized frames (frames with size bigger than the MTU value) that
are without FCS errors
J abber frames (frames with size bigger than the MTU value) that
have FCS errors
CRC errors
Fragments and Runtswhen the interface goes down while
receiving traffic
Increment in InDiscards counter
I nUnknownPr ot os
Not supported.
Out Oct et s
The number of data octets of good packets transmitted.
Out Ucast Pkt s
The number of good Unicast packets transmitted (not including Multicast
and Broadcast packets).
Out NUcast Pkt s
The number of good Broadcast and Multicast packets transmitted.
Out Di scar ds
Not supported.
Out Er r or s
Not supported.
Clearing Interface Statistics
The commands below clear all current statistics from a specific physical interface, a group of
interfaces, or LAG interface:
reset command
CLI Mode: Interface Configuration, Range Interface Configuration, and LAG
Interface Configuration
clear interface statistics command
CLI Mode:
Privileged (Enable)
T-Marc 300 Series User Guide
Page 22
Configuring Interfaces (Rev. 08)
Command Syntax
device-name(config-if UU/SS/PP)#reset [all]
device-name(config-if-group)#reset [all]
device-name(config-if AG0N)#reset [all]
device-name#clear interface statistics
Argument Description
all (Optional). Clear the statistics of all ports.
T-Marc 300 Series User Guide
Page 23
Configuring Interfaces (Rev. 08)
Link Aggregation Control Protocol (LACP)
LACP, defined in IEEE 802.3ad, dynamically groups similarly configured ports into a single logical
link (aggregate port). This protocol provides increased bandwidth, increased redundancy, and
higher availability. You can group ports based on hardware, administrative, and port parameter
constraints.
The device exchanges LACP frames for synchronizing the databases of the LACP-enabled ports.
Due to hardware limitations, you can group up to eight compatible ports in a LAG.
LACP Modes
There are two LACP operation modes:
Activean interface in active mode can start LACP negotiation and thus form a link with
another device (whether active or passive).
Passivedoes not start LACP negotiation; thus cannot form a link with another device.
LACP Parameters
A ports ability to aggregate with other ports is determined by the following factors:
The port physical characteristics such as, data transfer rate, duplex capability, and medium type
User defined configuration constraints
To use LACP, you need to define the following parameters:
1. SystemID: the ID identifying an LACP system negotiating with other LACP systems. The
device uses its MAC address as a unique system ID.
2. Systempriority: the system priority along with the port priority allows connected LACP ports to
determine their exchange policy dynamically.
3. Administrativekey: define the ports ability to aggregate with other ports.
4. Port priority: the port priority and the system priority allow connected LACP ports to determine
their exchange policy dynamically.
When enabled, LACP attempts to group the maximum of eight compatible ports in a LAG.
However, if LACP is unable to aggregate compatible ports (for example, due to limitations of the
remote device), it leaves these ports in a hot standby state and uses them when one of the
channeled ports fails.
T-Marc 300 Series User Guide
Page 24
Configuring Interfaces (Rev. 08)
Link Aggregation Groups (LAGs)
LAGs, also known as trunks, provide increased bandwidth and high reliability while saving the cost
of upgrading the hardware.
By combining several interfaces in one logical link, LAGs fill the gaps between 10 Mbps, 100 Mbps,
and 1 Gbps with intermediate bandwidth values.
LAGs also enable bandwidths beyond 1 Gbps by aggregating multiple Giga ports (as shown in the
below figure).
NOTE
The LAGs are numbered from 1to 7.
Each LAG can consist of up to eight compatibly configured interfaces.
Figure 1: Four Ports Combined into a Link Aggregation Group
There are two LAG types:
StaticLAGsconsist of individual Gigabit Ethernet links bundled into a single logical link. They
provide the ability to treat multiple device ports as one device port. These port groups act as a
single logical port for high-bandwidth connections between two network devices. A static
LAG balances the traffic load across the links in the channel. If a physical link within the static
LAG fails, traffic previously carried over the failed link is moved to the remaining links.
Most protocols operate over either single ports or aggregated device-ports and do not
recognize the physical interface within the port group.
DynamicLAGsdynamically adapt aggregated links to changes in traffic conditions. This allows
load sharing and automatic readjustments in case of LAG link-failures and recovery.
T-Marc 300 Series User Guide
Page 25
Configuring Interfaces (Rev. 08)
You can configure both static and dynamic LAGs simultaneously, assuming the following
restrictions:
LAG IDs of both static and dynamic LAGs occupy the same available LAG IDs space
You cannot define a static LAG and a dynamic LAG with the same LAG ID number
You can include each port in a single LAG that is either static or dynamic
Prerequisites
Follow the below guidelines for LAG configuration:
You do not need to modify existing higher-layer protocols or applications in order to use
LACP
Some links cannot participate in LAGs due to inherent capabilities, capabilities of the devices
they are connected to, or management configuration. These links operate as individual links.
LACP supports only point-to-point full-duplex links. You cannot aggregate links among more
than two devices (multipoint aggregations) and half-duplex operation.
When the device is connected to a LAN and Spanning Tree protocol (STP) is not active, you
need to physically attach the aggregated ports only after completing the LAG configuration.
T-Marc 300 Series User Guide
Page 26
Configuring Interfaces (Rev. 08)
LAG Default Configuration
Table 8: LAG Default Configuration
Parameter Default Value
Static Link Aggregation Disabled
Global Link Aggregation Control Protocol (LACP) Disabled
Per port Link Aggregation Control Protocol (LACP) Disabled
LACP system priority 32768
LACP port mode Active
LACP port priority 32768
LACP administrative key 1
LAG distribution MAC address
The marker PDU responder per port Disabled
LAG Configuration Flow
To create a static LAG, proceed as follows:
1. Add a specific interface to a static LAG (see Configuringa StaticLAG)
2. Optional configuration: Assign a user-defined name for a specific static LAG (see Naminga
StaticLAG)
To create a dynamic LAG, proceed as follows:
1. Configure LACP (see EnablingLACP)
2. Assign a physical interface(s) to a LAG (see AssigningInterfacestoa DynamicLAG)
3. Optional configuration:
Specify the LACP system priority (see SpecifyingtheLACP SystemPriority)
Specify the LACP administrative key (see SpecifyingtheLACP AdministrativeKey)
Configure the processing of LACP PDU marker (see ConfiguringtheLACP Marker)
Specify the LAG packet distribution between the ports (see SpecifyingtheLAG Distribution)
T-Marc 300 Series User Guide
Page 27
Configuring Interfaces (Rev. 08)
LAG Configuration Commands
Table 9: Static LAG Configuration Commands
Command Description
link-aggregation static id
Adds a physical interface or a group of interfaces to a
static LAG (see Configuring a Static LAG)
link-aggregation static id
name
Assigns a user-defined name for a specific static LAG
(see Naming a Static LAG)
Table 10: Dynamic LAG Configuration Commands
Command Description
link-aggregation lacp
enable/disable
Configures LACP (see Enabling LACP)
link-aggregation lacp
Assigns a physical interface or group of interfaces to a
LAG, and specifies LACP parameters (see Assigning
Interfaces to a Dynamic LAG)
link-aggregation lacp
system-priority
Specifies the LACP system priority (see Specifying the
LACP System Priority)
link-aggregation lacp key
Specifies the LACP administrative key (see Specifying the
LACP Administrative Key)
link-aggregation lacp
marker
Configures the processing of LACP PDU marker (see
Configuring the LACP Marker)
link-aggregation distribute
Specifies the LAG packet distribution between the ports
(see Specifying the LAG Distribution)
Table 11: Commands for Displaying the Static LAG and LACP Configuration
Command Description
show interface link-
aggregation
Displays all static and dynamic LAGs (see Displaying
LAGs)
show link-aggregation lacp
Displays a list of all LACP enabled interfaces (see
Displaying LACP Interfaces)
show link-aggregation
distribute
Displays the LAG packet distribution configuration (see
Displaying the LAG Distribution)
T-Marc 300 Series User Guide
Page 28
Configuring Interfaces (Rev. 08)
Configuring a Static LAG
The link-aggregation static id command adds a physical interface or a group of interfaces to
a static LAG.
CLI Mode: Interface Configuration and Range Interface Configuration
NOTE
The l i nk- aggr egat i on st at i c command replaces the trunk command.
By default, static LAG is disabled
Command Syntax
device-name(config-if UU/SS/PP)#link-aggregation static id <id-number>
device-name(config-if UU/SS/PP)#no link-aggregation
device-name(config-if-group)#link-aggregation static id <id-number>
device-name(config-if-group)#no link-aggregation
Argument Description
id <id-number> LAG ID in the range <17>.
no Removes the configured interface or a group of interface from the static
LAG.
Naming a Static LAG
The link-aggregation static id name command assigns a user-defined name for a specific
static LAG.
CLI Mode: Global Configuration
By default, the static LAG is not named.
Command Syntax
device-name(config)#link-aggregation static id <id-number> name NAME
device-name(config)#no link-aggregation static id <id-number> name
Argument Description
id-number LAG ID in the range <17>.
NAME Alphanumeric string up to 32 characters.
no Removes the user-defined name.
T-Marc 300 Series User Guide
Page 29
Configuring Interfaces (Rev. 08)
Enabling LACP
The link-aggregation lacp enable/disable command enables LACP.
CLI Mode: Protocol Configuration
By default, LACP is disabled.
Command Syntax
device-name(cfg protocol)#link-aggregation lacp {enable | disable}
Argument Description
enable Enables LACP.
disable Disables LACP.
Assigning Interfaces to a Dynamic LAG
The link-aggregation lacp command enables LACP on a physical interface or group of
interfaces, assigns them to a dynamic LAG, and specifies the LACP parameters.
If you do not specify optional arguments and you do not enable LACP on the interface, the
interface is configured with default argument values.
If you enable LACP on the interface, only explicitly defined optional arguments take effect.
CLI Mode: Interface Configuration and Range Interface Configuration
By default, the LACP port is in active LACP mode with priority 32768.
Command Syntax
device-name(config-if UU/SS/PP)#link-aggregation lacp [active | passive] [port-
priority [<priority>] key <number>]]
device-name(config-if UU/SS/PP)#no link-aggregation lacp port-priority
device-name(config-if UU/SS/PP)#no link-aggregation
device-name(config-if-group)#link-aggregation lacp [active | passive] [port-
priority [<priority>] key <number>]]
device-name(config-if-group)#no link-aggregation lacp port-priority
device-name(config-if-group)#no link-aggregation
Argument Description
active (Optional). Enables LACP in active mode.
passive (Optional). Enables LACP in passive mode.
port-priority
<priority>
The port priority value, in the range <165535>.
key <number> (Optional). Number of the LACP administrative key, in the range <1
65535>.
T-Marc 300 Series User Guide
Page 30
Configuring Interfaces (Rev. 08)
no Disables LACP and restores to defaults.
Specifying the LACP System Priority
The link-aggregation lacp system-priority command specifies the LACP system priority.
CLI Mode: Protocol Configuration
By default, the LACP system priority is 32768.
Command Syntax
device-name(cfg protocol)#link-aggregation lacp system-priority [<priority>]
device-name(cfg protocol)#no link-aggregation lacp system-priority
Argument Description
priority (Optional). Priority value, in the range of 1 (highest priority) to 65535 (lowest
priority).
no Restores to default.
Specifying the LACP Administrative Key
The link-aggregation lacp key command specifies the LACP administrative key, determining
the ability of the port to aggregate with other ports.
CLI Mode:
Interface Configuration, Range Interface Configuration
By default, the LACP administrative key is 1.
Command Syntax
device-name(configif UU/SS/PP)#link-aggregation lacp key <number>
device-name(configif-group)#link-aggregation lacp key <number>
Argument Description
number LACP administrative key in the range <165535>.
T-Marc 300 Series User Guide
Page 31
Configuring Interfaces (Rev. 08)
Example
The following example shows how to set the LACP key to 65535:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation lacp
device-name(configif 1/1/1)#link-aggregation lacp key 65535
Value is displayed in the output issued by the show link-aggregation lacp command:
device-name#show link-aggregation lacp
Syst emI D = 00 a0 12 17 01 00
Syst empr i or i t y = 32768
========+========+=======+=========
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - - - +
1/ 1/ 1 | act i ve | 65535| 32768 |
========+========+=======+=========
Configuring the LACP Marker
The link-aggregation lacp marker command configures the processing of the LACP PDU
marker on a specific port.
CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the marker PDU responder per port is disabled.
Command Syntax
device-name(configif UU/SS/PP)#link-aggregation lacp marker {enable | disable}
device-name(configif-group)#link-aggregation lacp marker {enable | disable}
Argument Description
enable Enables the processing of LACP PDU marker.
disable Disables the processing of LACP PDU marker.
Example
device-name(config-if 1/1/1)#link-aggregation lacp marker enable
T-Marc 300 Series User Guide
Page 32
Configuring Interfaces (Rev. 08)
Specifying the LAG Distribution
The link-aggregation distribute command specifies the LAG packet-distribution between
the ports.
You can define the packet distribution based on:
the source and destination MAC addresses (Layer 2)
the source and destination IP addresses (Layer3)
CLI Mode: Protocol Configuration
By default, the traffic on the LAG is distributed by Layer 2 (MAC addresses).
Command Syntax
device-name(cfg protocol)#link-aggregation distribute {layer3 | layer4}
device-name(cfg protocol)#no link-aggregation distribute
Argument Description
layer3
Distributes packets based on the packets source and destination IP addresses.
layer4 Distributes packets based on the TCP/UDP ports and the source and destination IP
addresses for the TCP and UDP packets.
no
Restores to the default settings.
Displaying LAGs
The show interface link-aggregation command displays all static and dynamic LAGs.
CLI Mode: Privileged (Enable)
NOTE
The show l i nk aggr egat i on command replaces the show t r unk command.
The show t r unk command is also supported.
Command Syntax
device-name#show interface link-aggregation [static | dynamic | id <id-number>]
Argument Description
static
(Optional) displays static LAGs only.
dynamic
(Optional) displays dynamic LAGs only.
id <id-number>
(Optional) displays the LAG specified.
T-Marc 300 Series User Guide
Page 33
Configuring Interfaces (Rev. 08)
Example
device-name#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG01 | st at i c | TRUNK1 | 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 5 |
| =========+========+=================+=====================
Displaying LACP Interfaces
The show link-aggregation lacp command displays a list of all LACP enabled interfaces.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show link-aggregation lacp
Example
device-name#show link-aggregation lacp
Syst emI D = 00 a0 12 02 02 02
Syst empr i or i t y = 32768
========+========+=======+=======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - - +
1/ 2/ 1 | act i ve | 1 | 32768 |
1/ 2/ 2 | act i ve | 1 | 32768 |
========+========+=======+=======+
Displaying the LAG Distribution
The show link-aggregation distribute command displays the LAG packet-distribution
configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show link-aggregation distribute
Example
device-name#show link-aggregation distribute
Li nk aggr egat i on di st r i but i on mode i s Layer 2
T-Marc 300 Series User Guide
Page 34
Configuring Interfaces (Rev. 08)
Configuration Examples
Simple LACP Configuration
The following example establishes dynamic link aggregation between two devices, as shown in
Figure 2.
Figure 2: Example of LAG Containing Two Ports
On each of the two devices, LACP is enabled in active mode on interfaces 1/ 1/ 1 and 1/ 1/ 2 as an
aggregated link. The configuration of Device2 is identical to that of Device1.
4. Display the LACP status:
device-name#show link-aggregation lacp
LACP di sabl ed on t he syst em
5. Enable the LACP:
device-name#configure terminal
device-name(config)#protocol
device-name(cfg protocol)#link-aggregation lacp enable
device-name(cfg protocol)#end
6. Display the LACP configuration:
device-name#show link-aggregation lacp
Syst emI D = 00 A0 12 03 04 05
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
7. Enable LACP on interface 1/ 1/ 1:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation lacp
8. Enable LACP on interface 1/ 1/ 2:
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#link-aggregation lacp
device-name(config-if 1/1/2)#end
T-Marc 300 Series User Guide
Page 35
Configuring Interfaces (Rev. 08)
9. Display the LACP configuration:
device-name#show link-aggregation lacp
Syst emI D = 00 A0 12 03 04 05
Syst empr i or i t y = 32768
========+========+=======+======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - +
1/ 1/ 1 | act i ve | 1 | 32768 |
1/ 1/ 2 | act i ve | 1 | 32768 |
========+========+=======+======+
10. If there is a link between the devices, the following results on each device are displayed:
device-name#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG01 | LACP | LACP1 | 1/ 1/ 1, 1/ 1/ 2 |
==========+========+=================+=====================
Complex LACP Configuration
The following example establishes two dynamic link aggregation groups between Device 1,
Devices2 and 3, as shown in Figure 3.
Figure 3: Example of Two LAGs Configured on the Same Device
T-Marc 300 Series User Guide
Page 36
Configuring Interfaces (Rev. 08)
Configuring Device 1:
On Device1, LACP is enabled in active mode on the following interfaces:
1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1 and 1/ 2/ 2, as an aggregated link to Device2
1/ 2/ 3 and 1/ 2/ 4, as an aggregated link to Device3
1. Enter Protocol Configuration mode and enable the LACP on Device1:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#link-aggregation lacp enable
Device1(cfg protocol)#end
2. Display the LACP configuration:
Device1#show link-aggregation lacp
Syst emI D = 00 00 02 03 04 05
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
3. Enable LACP on interfaces 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1, 1/ 2/ 2, 1/ 2/ 3 and 1/ 2/ 5:
Device1(config)#interface range 1/1/1-1/2/5
Device1(config-if-group)#link-aggregation lacp
Device1(config-if-group)#end
4. Display the LACP configuration:
Device1#show link-aggregation lacp
Syst emI D = 00 00 02 03 04 05
Syst empr i or i t y = 32768
========+========+=======+======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - +
1/ 1/ 1 | act i ve | 1 | 32768 |
1/ 1/ 2 | act i ve | 1 | 32768 |
1/ 2/ 1 | act i ve | 1 | 32768 |
1/ 2/ 2 | act i ve | 1 | 32768 |
1/ 2/ 3 | act i ve | 1 | 32768 |
1/ 2/ 5 | act i ve | 1 | 32768 |
========+========+=======+======+
T-Marc 300 Series User Guide
Page 37
Configuring Interfaces (Rev. 08)
Configuring Device 2:
On Device2, LACP is enabled in active mode on interfaces 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1 and 1/ 2/ 2, as an
aggregated link to Device1.
1. Enter Protocol Configuration mode and enable the LACP on Device2:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#link-aggregation lacp enable
Device2(cfg protocol)#end
2. Display the LACP configuration:
Device2#show link-aggregation lacp
Syst emI D = 00 a0 12 05 3a 80
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
3. Enable LACP on interfaces 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1 and 1/ 2/ 2:
Device2#configure terminal
Device2(config)#interface range 1/1/1-1/2/2
Device2(config-if-group)#link-aggregation lacp
Device2(config-if-group)#end
4. Display the LACP configuration:
Device2#show link-aggregation lacp
Syst emI D = 00 a0 12 05 3a 80
Syst empr i or i t y = 32768
========+========+=======+======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - +
1/ 1/ 1 | act i ve | 1 | 32768 |
1/ 1/ 2 | act i ve | 1 | 32768 |
1/ 2/ 1 | act i ve | 1 | 32768 |
1/ 2/ 2 | act i ve | 1 | 32768 |
========+========+======+======+
T-Marc 300 Series User Guide
Page 38
Configuring Interfaces (Rev. 08)
Configuring Device 3:
On Device3, LACP is enabled in active mode on interfaces 1/ 2/ 3 and 1/ 2/ 4, as an aggregated link
to Device 1.
1. Enter Protocol Configuration mode and enable the LACP on Device3:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#link-aggregation lacp enable
Device3(cfg protocol)#end
2. Display the LACP configuration:
Device3#show link-aggregation lacp
Syst emI D = 00 a0 12 10 94 c0
Syst empr i or i t y = 32768
No LAC por t s conf i gur ed
3. Enable LACP on interfaces 1/ 2/ 3 and 1/ 2/ 4:
Device3#configure terminal
Device3(config)#interface 1/2/3
Device3(config-if 1/2/3)#link-aggregation lacp
Device3(config-if 1/2/3)#interface 1/2/4
Device3(config-if 1/2/4)#link-aggregation lacp
Device3(config-if 1/2/4)#end
4. Display the LACP configuration:
Device3#show link-aggregation lacp
Syst emI D = 00 a0 12 10 94 c0
Syst empr i or i t y = 32768
========+========+=======+=======+
Por t | Mode | Key | Pr t y |
- - - - - - - - +- - - - - - - - +- - - - - - - +- - - - - - - +
1/ 2/ 3 | act i ve | 1 | 32768 |
1/ 2/ 4 | act i ve | 1 | 32768 |
========+========+=======+=======+
T-Marc 300 Series User Guide
Page 39
Configuring Interfaces (Rev. 08)
After the LACP operation the following results on each device are displayed:
Displaying Device 1 Configuration:
Device3#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG01 | LACP | LACP1 | 1/ 1/ 1, 1/ 1/ 2 |
AG02 | LACP | LACP2 | 1/ 2/ 3, 1/ 2/ 5 |
==========+========+=================+=====================
Displaying Device 2 Configuration:
Device2#show interface link-aggregation
==========+========+=================+=========================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - +
AG01 | LACP | LACP1 | 1/ 1/ 1, 1/ 1/ 2, 1/ 2/ 1, 1/ 2/ 2|
==========+========+=================+=========================
Displaying Device 3 Configuration:
Device3#show interface link-aggregation
==========+========+=================+=====================
Agg# | Type | Management Name | Por t s |
- - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +
AG02 | LACP | LACP2 | 1/ 2/ 3, 1/ 2/ 4 |
==========+========+=================+=====================
T-Marc 300 Series User Guide
Page 40
Configuring Interfaces (Rev. 08)
Static LAG with RSTP
The following example shows how to establish two static LAGs between two devices.
This setup requires a mechanism such as RSTP to prevent the two LAGs from forming a loop. For
more information, refer to the ConfiguringRapidSpanningTreeProtocol (RSTP) chapter of this User
Guide.
The configuration of Device2 is identical to that of Device1. However, there are differences in the
RSTP configuration parameters, since RSTP automatically selects one device (Device 1 in our case)
as the root bridge and the other device (Device 2) as the designated bridge.
Figure 4: Example of Two Static LAGs with RSTP
Configuring Device 1:
1. Enable RSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#rapid-spanning-tree enable
Device1(cfg protocol)#end
2. Enable static LAG on interfaces 1/ 1/ 1 and 1/ 2/ 4:
Device1#configure terminal
Device1(config)#interface 1/1/1
Device1(config-if 1/1/1)#link-aggregation static id 1
Device1(config-if 1/1/1)#interface 1/2/4
Device1(config-if 1/2/4)#link-aggregation static id 1
3. Enable Static LAG on interfaces 1/ 2/ 7 and 1/ 2/ 8:
Device1(config-if 1/2/4)#interface 1/2/7
Device1(config-if 1/2/7)#link-aggregation static id 2
Device1(config-if 1/2/7)#interface 1/2/8
Device1(config-if 1/2/8)#link-aggregation static id 2
Device1(config-if 1/2/8)#end
NOTE
Repeat the above steps on device 2
T-Marc 300 Series User Guide
Page 41
Configuring Interfaces (Rev. 08)
Displaying Device 1 Configuration:
1. Display the static LAG configuration:
Device1#show interface link-aggregation static
=========+======+=======================+=======================
Agg# | Type | Management Name | Por t s
- - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - -
AG01 | STATI C| TRUNK1 | 1/ 1/ 1, 1/ 2/ 4
AG02 | STATI C| TRUNK2 | 1/ 2/ 7, 1/ 2/ 8
2. Display the RSTP parameters and Rapid Spanning-Tree topology:
Device1#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 41 ( Sec)
TopChanges = 2
Desi gnat edRoot = Thi s br i dge i s t he r oot
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
===============================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - -
AG01 128 Desi gnat f r wr d 10000 0 32768. 00A0121102A3 128. 88 1
AG02 128 Desi gnat f r wr d 10000 0 32768. 00A0121102A3 128. 90 1
Displaying Device 2 Configuration:
1. Display the static LAG configuration:
Device2#show interface link-aggregation static
=========+======+=======================+=======================
Agg# | Type | Management Name | Por t s
- - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - -
AG01 | STATI C| TRUNK1 | 1/ 1/ 1, 1/ 2/ 4
AG02 | STATI C| TRUNK2 | 1/ 2/ 7, 1/ 2/ 8
T-Marc 300 Series User Guide
Page 42
Configuring Interfaces (Rev. 08)
2. Display the RSTP parameter settings and Rapid Spanning-Tree topology:
Device2#show rapid-spanning-tree
Rapi d spanni ng t r ee = enabl ed
Pr ot ocol Speci f i cat i on = i eee8021w
Pr i or i t y = 32768
Ti meSi nceTopol ogyChange = 4 ( Sec)
TopChanges = 1
Desi gnat edRoot = 32768. 00: A0: 12: 11: 02: A3
Root Por t = AG01
Root Cost = 10
MaxAge = 20 ( Sec)
Hel l oTi me = 2 ( Sec)
For war dDel ay = 15 ( Sec)
Br i dgeMaxAge = 20 ( Sec)
Br i dgeHel l oTi me = 2 ( Sec)
Br i dgeFor war dDel ay = 15 ( Sec)
TxHol dCount = 3
Mi gr at i onTi mer = 3 ( Sec)
Det ect Li neCRCReconf i g = di sabl ed
Det ect Li neFl appi ng = di sabl ed
SpanI gmpFast Recover y = di sabl ed
===============================================================================
Por t | Pr i | Pr t r ol e| St at e| PCost | DCost | Desi gnat ed br i dge | DPr t | Fwr dT
- - - - - - - - +- - - +- - - - - - - - +- - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - +- - - - -
AG01 128 Root f r wr d 10000 0 32768. 00A0121102A3 128. 88 1
AG02 128 Al t er n di scr 10000 0 32768. 00A0121102A3 128. 90 1
T-Marc 300 Series User Guide
Page 43
Configuring Interfaces (Rev. 08)
Resilient Links
Overview
Resilient links allows protecting critical links and preventing network downtime. A resilient link
consists of a main link and a standby (backup) link together forming a resilient-link pair. Under
normal network conditions, the main link carries network traffic. In case of signal loss, the device
immediately enables the standby link which takes over the main links task. Since the switchover
time to the standby link is less than 1 second, there is no session timeout.
If the main link has a higher bandwidth than its standby or if the main link is configured as a
preferred one, traffic is switched back to the main link as soon as its connection is recovered.
Otherwise, you must manually switch traffic back to the main link.
Resilient Links Default Configuration
Table 12: Resilient Link Default Configuration
Parameter Default Value
Preferred port The port with the higher bandwidth.
Active port The port with the higher bandwidth, if both ports are up. If both
ports have the same bandwidth, the active port is the port with
the lower port number (for example, for ports 1/2/3 and 1/2/6 the
active port is 1/2/3).
Backup port status Power-on enabled.
T-Marc 300 Series User Guide
Page 44
Configuring Interfaces (Rev. 08)
Resilient Links Configuration Flow
Configuration Notes
When configuring resilient links, note the following:
You should define a resilient-link pair only on one end of the link. This provides the ability for
a full redundant network, even when connecting the device to other devices, such as routers
and servers.
If using the shutdown mode, configure it on one device (either local or remote).
If you configure a VLAN, the resilient link ports must belong to the same VLAN.
Adding a new port to an existing resilient link, synchronizes the ports VLAN to the resilient
links VLAN
If the ports do not use the same VLAN tagging system (802.1Q tagging), the VLAN tagging
of the first port is applied to the second port added.
You can configure a resilient link pair only if:
the ports have the same PVID
neither of the ports is part of a LAG
neither of the ports belongs to another resilient-link pair
Step by Step Configuration
To configure a resilient link, proceed as follows:
1. Enter the Resilient-link Configuration mode (see EnteringtheResilient Link ConfigurationMode)
2. Add a port pair as a resilient link (see AssigningPortstoa Resilient Link)
3. Optional Configuration:
Specify one of the ports of the resilient link as preferred (see Selectinga PreferredPort)
Switch the active port of the currently edited resilient link (see SwitchingtheActivePort)
Specify the backup link behavior (see SpecifyingtheBackupLink Behavior)
T-Marc 300 Series User Guide
Page 45
Configuring Interfaces (Rev. 08)
Resilient Links Configuration Commands
Table 13: Resilient Link Configuration Commands
Command Description
resilient-link Enters the Resilient-link Configuration mode (see Entering the
Resilient Link Configuration Mode)
ports Adds a port pair as a resilient link (see Assigning Ports to a Resilient
Link)
Table 14: Resilient Link Optional Commands
Command Description
prefer port Specifies one of the ports of the resilient link as preferred (see
Selecting a Preferred Port)
active port Changes the active port of the selected resilient link (see Switching
the Active Port)
backup-link shut-
down
Specifies the backup link behavior (see Specifying the Backup Link
Behavior)
Table 15: Resilient Link Display Commands
Command Description
show Displays a table of the configured resilient links (see Displaying
the Resilient Link Configuration)
show resilient-links Displays a table of the configured resilient links (see Displaying
the Resilient Link Configuration)
show counter Displays how many swaps each resilient link has undergone in
the current session (see Displaying Resilient Link Counters)
show resilient-links
counter
Displays how many swaps each resilient link has undergone in
the current session (see Displaying Resilient Link Counters)
T-Marc 300 Series User Guide
Page 46
Configuring Interfaces (Rev. 08)
Entering the Resilient Link Configuration Mode
The resilient-link command enables the resilient link feature and enters the Resilient-link
Configuration mode.
You can use this command within one resilient-links configuration mode to enter a different
resilient link configuration.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#resilient-link <N>
device-name(config-resil-link N)#
device-name(config-resil-link N1)#resilient-link <N2>
device-name(config)#no resilient-link <N>
Argument Description
N The resilient links number in the range of <132>.
no Removes the specified resilient link.
Example
device-name(config)#resilient-link 1
device-name(config-resil-link 1)#
Assigning Ports to a Resilient Link
The ports command assigns a pair of ports to a resilient link.
CLI Mode: Resilient-link Configuration
Command Syntax
device-name(config-resil-link N)#ports UU1/SS1/PP1 UU2/SS2/PP2
Argument Description
UU1/SS1/PP1 The first resilient link port number.
UU2/SS2/PP2 The second resilient link port number.
T-Marc 300 Series User Guide
Page 47
Configuring Interfaces (Rev. 08)
Selecting a Preferred Port
The prefer port command specifies one port as the preferred resilient-link port.
The preferred port is the active port as long as it has a link and traffic is switched back to this port
when its connection is recovered.
CLI Mode: Resilient-link Configuration
By default, the port with the higher bandwidth (operational speed). If both ports have the same
bandwidth, no port is the preferred one.
Command Syntax
device-name(config-resil-link N)#prefer port UU/SS/PP
device-name(config-resil-link N)#no prefer port
Argument Description
UU/SS/PP The preferred port number.
no Cancels the port preference.
Switching the Active Port
The active port command changes the current active port (the port currently carrying traffic) of
the selected resilient link.
NOTE
You can use this command only if you did not define a preferred port.
CLI Mode: Resilient-link Configuration
By default, (in case the two ports have the same bandwidth capacity and no preferred port was
defined) the first port added to the resilient link using the ports command.
Command Syntax
device-name(config-resil-link N)#active port UU/SS/PP
Argument Description
UU/SS/PP The active port number.
T-Marc 300 Series User Guide
Page 48
Configuring Interfaces (Rev. 08)
Specifying the Backup Link Behavior
The backup-link shut-down command specifies the standby link behavior:
4. The port is powered off (the ports LED is off). Use this option when transmitting to a non-
resilient link device.
5. The port is powered on (the ports LED is on). Use this option when transmitting to a resilient
link on a remote device.
CLI Mode: Resilient-link Configuration
Command Syntax
device-name(config-resil-link N)#backup-link shut-down
device-name(config-resil-link N)#no backup-link shut-down
Argument Description
no Powers on the standby port.
Displaying the Resilient Link Configuration
The show and show resilient-links commands display the list of configured resilient links.
The command output displays the resilient-link ID, the resilient links ports, the preferred port (if
defined), the standby link behavior, and the current active link.
CLI Mode: Resilient-link Configuration and Privileged (Enable)
Command Syntax
device-name(config-resil-link N)#show [N1 | N1 N2]
device-name#show resilient-links [N1 | N1 N2]
Argument Description
N1
(Optional). The resilient links ID number.
N1 N2
(Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links:
device-name(config-resil-link 1)#show
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 1 | 1/ 2/ 1 | 1/ 2/ 2 | 1/ 2/ 1 | shut down| 1/ 2/ 1 |
| 2 | 1/ 2/ 3 | 1/ 2/ 4 | | st andby | 1/ 2/ 4 |
=====================================================
T-Marc 300 Series User Guide
Page 49
Configuring Interfaces (Rev. 08)
Displaying Resilient Link Counters
The show counter command and the show resilient-links counter command display how
many swaps each resilient link has undergone in the current session.
CLI Mode: Resilient-link Configuration and Privileged (Enable)
Command Syntax
device-name(config-resil-link N)#show counter [N1 | N1 N2]
device-name#show resilient-link counter [N1 | N1 N2]
Argument Description
N1
(Optional). The resilient links ID number.
N1 N2
(Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links:
device-name(config-resil-link 1)#show
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 1 | 1/ 1/ 1 | 1/ 1/ 2 | 1/ 1/ 1 | shut down| 1/ 1/ 1 |
| 2 | 1/ 2/ 5 | 1/ 2/ 6 | | st andby | 1/ 2/ 5 |
| 3 | 1/ 2/ 3 | 1/ 2/ 4 | | st andby | 1/ 2/ 3 |
=====================================================
Example 2
Displaying information on specific resilient link #3:
device-name(config-resil-link 1)#show 3
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 3 | 1/ 2/ 3 | 1/ 2/ 4 | | st andby | |
=====================================================
Example 3
Displaying information on the configured resilient links in the range #1 to #2:
device-name#show resilient-links 1 2
=====================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - +- - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - +
| 1 | 1/ 1/ 1 | 1/ 1/ 2 | 1/ 1/ 1 | st andby | 1/ 1/ 1 |
| 2 | 1/ 2/ 5 | 1/ 2/ 6 | | st andby | 1/ 2/ 5 |
=====================================================
T-Marc 300 Series User Guide
Page 50
Configuring Interfaces (Rev. 08)
Configuration Example
The following figure shows a simple network diagram of the resilient link on an Ethernet LAN.
Figure 5: Example of a Resilient Link Topology
1. Enter Resilient-link Configuration mode:
device-name(config)#resilient-link 2
2. Set ports 1/ 1/ 1 and 1/ 2/ 1 as Resilient Links:
device-name(config-resil-link 2)#ports 1/1/1 1/2/1
3. Set the port 1/ 2/ 1 to be preferred:
device-name(config-resil-link 2)#prefer port 1/2/1
4. Display the Resilient Link configuration:
device-name(config-resil-link 2)#show
=======================================================
| RLi nk | Por t 1 | Por t 2 | Pr ef er | Backup | Act i ve |
+- - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - |
| 2 | 1/ 1/ 1 | 1/ 2/ 1 | 1/ 2/ 1 | st andby | 1/ 2/ 1 |
T-Marc 300 Series User Guide
Page 51
Configuring Interfaces (Rev. 08)
Port Security Techniques
Overview
The Port Securityfeature restricts an interface or VLAN input by limiting and identifying MAC
addresses of devices allowed to access the interface/ VLAN.
When a secured port receives a packet, it compares the packets source MAC address to the secured
MAC address list.
If the packets source MAC address is in the list, the incoming packet is forwarded.
If the packets source MAC address is not in the secured list, the port does not forward the
packet. In this case, the port either shuts down permanently or drops incoming packets from
the unauthorized device, generating an SNMP trap.
You can configure two types of secured MAC addresses:
Static secured MAC addresses created manually by the mac-address-table command (for
more information, refer to the DeviceAdministrationchapter of this User Guide). These
addresses are stored in the address table and added to the devices running configuration
Dynamic secured MAC addresses that are learned dynamically learned. These addresses are
stored in the address table but are removed when the device restarts.
NOTE
Secured MAC addresses do not age.
T-Marc 300 Series User Guide
Page 52
Configuring Interfaces (Rev. 08)
The Port Security Default Configuration
Table 16: Port Security Default Configuration
Parameter Default Value
Port security Disabled
Port security action Trap
Learning the filtered MAC addresses Disabled
The Port Security Configuration Commands
Table 17: Port Security Configuration Commands
Command Description
port security Configures port security (see Configuring Port Security)
port security enable-
shutdown-port
Re-enables a port that shuts down due to a security violation
(see Re-Enabling a Shut Down Port)
Table 18: Port Security Display Commands
Command Description
show port security Displays the security status of a specific port (see Displaying the
Port Security Configuration)
T-Marc 300 Series User Guide
Page 53
Configuring Interfaces (Rev. 08)
Configuring Port Security
The port security command configures port security on a specific interface or interface range.
NOTE
When configuring port security on a port, the initial frame is lost since the first
packet received from any source is used solely for learning its MAC address.
NOTE
When a packet with a secured source MAC address matches more than one port
security setting, the port security per port and VLAN has precedence over the port
security per port.
By default:
filtered MAC addresses are learned in the MAC address table
SNMP trap and a log message are generated when a security violation occurs
all MAC addresses are learned as secured
Command Syntax
device-name(config-if UU/SS/PP)#port security [max-mac-count <number-of-
addresses> [filter-learn-disable]] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port security [max-mac-count [filter-learn-
disable]] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port security all
device-name(config-if UU/SS/PP)#port security action {shutdown | trap} [vlan
<vlan-id>]
device-name(config-if UU/SS/PP)#no port security action {shutdown | trap} [vlan
<vlan-id>]
device-name(config-if-group)#port security [max-mac-count <number-of-addresses>
[filter-learn-disable]] [vlan <vlan-id>]
device-name(config-if-group)#no port security [max-mac-count [filter-learn-
disable]] [vlan <vlan-id>]
device-name(config-if-group)#no port security all
device-name(config-if-group)#port security action {shutdown | trap} [vlan
<vlan-id>]
device-name(config-if-group)#no port security action {shutdown | trap} [vlan
<vlan-id>]
T-Marc 300 Series User Guide
Page 54
Configuring Interfaces (Rev. 08)
Argument Description
The argumentsare mutually exclusive. You can specify an action (shutdown or trap) in one port
security command and specify the maximum number of secured MAC addresses (max-mac-
count) in a second port security command for the same port. Both settings are effective.
action {shutdown |
trap}
Defines the port reaction upon a security violation:
The port shuts down
An SNMP trap and log message are generated
max-mac-count
<number-of-
addresses>
(Optional). The maximum numbers of secured MAC addresses the
port supports, in the range of <12048>.
In this case, an attempt to exceed the maximum-allowed secured
MAC addresses on the port produces an address violation event.
NOTE
Enable new MAC address learning prior to using this
argument to ensure its proper function (see the
Device Administration chapter of this User Guide).
When MAC address learning is not enabled the
following warning message is displayed: Warning!
Port security may not work correctly since
learning is disabled on the port.
filter-learn-
disable
(Optional). The filtered MAC addresses are not learned in the MAC
address table.
vlan <vlan-id> (Optional). Enables port security on the specified VLAN the port is a
member of. The VLAN ID number is in the range of <24094>.
no Restores to default.
NOTE
Using the no por t secur i t y act i on t r ap command
stops the SNMP trap generation when a security violation
occurs.
Example 1
The following example disables learning of the violating MAC address in the MAC address table:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 15 filter-learn-
disable
Example 2
The following example displays how to secure port 1/ 2/ 3 for VLAN 5 with a maximum of 5
secured MAC addresses:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 5 vlan 5
T-Marc 300 Series User Guide
Page 55
Configuring Interfaces (Rev. 08)
Re-Enabling a Shut Down Port
The port security enable-shutdown-port command re-enables a port shut down due to a
security violation.
CLI Mode:
Interface Configuration and Range Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#port security enable-shutdown-port [vlan <vlan-
id>]
device-name(config-if-group)#port security enable-shutdown-port [vlan <vlan-
id>]
Argument Description
vlan <vlan-id>
(Optional). Re-enables the port also on the VLAN this port is a member of.
The VLAN ID number is in the range of <14094>.
Displaying the Port Security Configuration
The show port security command displays the port security configuration for all device ports.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show port security [UU/SS/PP] [vlan <vlan-id>]
Argument Description
UU/SS/PP (Optional). Displays the port security configuration of a specified port.
vlan <vlan-id>
(Optional). Displays the port security configuration of a specified VLAN.
Example 1
The following example shows the port security configuration on port 1/ 1/ 1 and VLAN 5 when
the allowed numbers of secured MAC addresses is 5:
device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5
device-name(config-if 1/1/1)#end
device-name#show port security
| ===================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - +- - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 1/ 1 | 5 | t r ap | 5 | 0 | 0 | enabl ed|
T-Marc 300 Series User Guide
Page 56
Configuring Interfaces (Rev. 08)
Example 2
The following example details how to enable port security on port 1/ 1/ 1 per VLAN 5, set a
maximum of 5 MAC addresses, and set the action to shutdown:
device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5
device-name(config-if 1/1/1)#port security action shutdown vlan 5
device-name(config-if 1/1/1)#end
device-name#show port security
| ===================================================================|
| por t # | vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - +- - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 1/ 1 | 5 | shut down| 5 | 0 | 0 | enabl ed|
After sending traffic with tag 5 on port 1/ 1/ 1 with more than 5 source MAC addresses, only 5
MAC addresses are learned and the port is disabled:
device-name#show port security
| ===================================================================|
| por t # | vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - +- - - - - - - - +- - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - |
| 1/ 1/ 1 | 5 | shut down| 5 | 5 | 0 | di sabl ed|
Example 3
The following example details how to set the port security on port 1/ 2/ 4 with a maximum of 20
secured MAC addresses. The example also details how to set a maximum of 10 secured MAC
addresses per port and VLAN:
device-name(config-if 1/2/4)#port security max-mac-count 20
device-name(config-if 1/2/4)#port security max-mac-count 10 vlan 100
device-name(config-if 1/2/4)#end
device-name#show port security
| ===================================================================|
| por t # | vi d | act i on| max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - - - +- - - - - - - - - +- - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 2/ 4 | al l vl ans| t r ap | 20 | 0 | 0 | enabl ed|
| 1/ 2/ 4 | 100 | t r ap | 10 | 0 | 0 | enabl ed|
device-name#show port security 1/2/4 vlan 100
VLAN 100:
The por t / vl an i s : secur ed
St at e : enabl ed
Act i on : send a t r ap
Li mi t Type: : l ear n as f i l t er ed
Max secur ed addr esses = 10
Cur r ent secur ed addr esses = 0
Cur r ent f i l t er ed addr esses = 0
T-Marc 300 Series User Guide
Page 57
Configuring Interfaces (Rev. 08)
Configuration Examples
Defining Port Security with Dynamic Learned MAC Addresses
The following example configures various port security settings for ports 1/ 1/ 2, 1/ 1/ 3, and 1/ 1/ 4
for all VLANs.
1. Enable port security with default settings on port 1/ 2/ 2. All the MAC addresses are learned as
secure.
device-name#configure terminal
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#port security
2. Enable port security on port 1/ 2/ 3 with action shutdown and a maximum of six MAC
addresses. After six MAC addresses are learned as secure, any additional MAC address sent to
this interface causes the interface to shut down:
device-name(config-if 1/2/2)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 6
device-name(config-if 1/2/3)#port security action shutdown
3. Enable port security on port 1/ 2/ 4 with a maximum of six MAC addresses. After six MAC
addresses are learned as secure, the following MAC addresses are learned as filtered and a
security violation trap is generated:
device-name(config-if 1/2/3)#interface 1/2/4
device-name(config-if 1/2/4)#port security max-mac-count 6
device-name(config-if 1/2/4)#end
4. The configured settings are displayed by the show command in Privileged mode as follows:
device-name#show port security
| ======================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - | - - - - - - - |
| 1/ 2/ 2| al l vl ans| t r ap | unl i mi t ed | 0 | 0 | enabl ed|
| 1/ 2/ 3| al l vl ans| shut down| 6 | 0 | 0 | enabl ed|
| 1/ 2/ 4| al l vl ans| t r ap | 6 | 0 | 0 | enabl ed|
T-Marc 300 Series User Guide
Page 58
Configuring Interfaces (Rev. 08)
Defining Port Security with Static MAC Addresses
The following example sets a maximum three addresses and sends SNMP traps in the event of
over-learning.
1. Configure the SNMP trap host to receive traps:
device-name#configure terminal
device-name(config)#snmp-server enable
device-name(config)#snmp-server view viewAll 1.3 included
device-name(config)#snmp-server group notify_only v1 read none write none
notify viewAll
device-name(config)#snmp-server user notify_user group notify_only v1
device-name(config)#snmp-server target-param MyParam notify_user v1
device-name(config)#snmp-server target-addr blaaddr1 10.2.3.44 162 MyParam
tag_1
device-name(config)#snmp-server notify portSecurityViolation tag_1
2. Configure the port 1/ 2/ 2 to learn a maximum of three MAC addresses.
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#port security max-mac-count 3
device-name(config-if 1/2/2)#exit
3. Return to Global Configuration mode and define three MAC addresses to be learned:
device-name(config)#mac-address-table secure 00:02:4b:82:60:e2 interface
1/2/2 vlan 2
device-name(config)#mac-address-table secure 00:02:55:58:0d:8c interface
1/2/2 vlan 2
device-name(config)#mac-address-table secure 00:02:55:98:52:f4 interface
1/2/2 vlan 2
4. In Privileged (Enable) mode, check that the MAC addresses are learned:
device-name(config)#exit
device-name#show mac-address-table
+===========+===================+=========+===========+==========
| vi d | mac | por t | st at us | pr i or i t y
+- - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - -
| 0000 | 00: a0: 12: 07: 13: 29| | sel f | 0
| 0001 | 00: a0: 12: 07: 13: 29| | sel f | 0
| 0002 | 00: 02: 4b: 82: 60: e2| 1/ 2/ 2 | secur e | 0
| 0002 | 00: 02: 55: 58: 0d: 8c| 1/ 2/ 2 | secur e | 0
| 0002 | 00: 02: 55: 98: 52: f 4| 1/ 2/ 2 | secur e | 0
| 0002 | 00: 40: 95: 30: 0b: f 8| 1/ 2/ 3 | dynami c | 0
T-Marc 300 Series User Guide
Page 59
Configuring Interfaces (Rev. 08)
5. Check the port security definitions:
device-name#show port security 1/2/2
ALL VLANS:
The por t i s : secur ed
St at e : enabl ed
Act i on : send a t r ap
Li mi t Type: : l ear n as f i l t er ed
Max secur ed addr esses = 3
Cur r ent secur ed addr esses = 3
Cur r ent f i l t er ed addr esses = 0
Re-Enabling Shut-down Ports
The following example sets the maximum number of secure addresses to five. The example details
how to re-enable a port that is shut down due to a security violation.
1. Configure port 1/ 2/ 4 as secured, learning maximum 5 secure addresses, and shutting down in
case of a security violation:
device-name#configure terminal
device-name(config)#interface 1/2/4
device-name(config-if 1/2/4)#port security max-mac-count 5
device-name(config-if 1/2/4)#port security action shutdown
device-name(config-if 1/ 2/ 4)#end
device-name#show port security
| ===================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 2/ 4| al l vl ans| shut down| 5 | 1 | 0 | enabl ed|
2. Allow the port to learn 10 addresses and inspect what show port security displays. The
port has learned 5 addresses as secure and the rest as filtered. The ports current state is
disabled (shut down):
device-name#show port security
| ====================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - - |
| 1/ 2/ 4| al l vl ans| shut down| 5 | 5 | 5 | di sabl ed|
T-Marc 300 Series User Guide
Page 60
Configuring Interfaces (Rev. 08)
3. Re-enable the port:
device-name#configure terminal
device-name(config)#interface 1/2/4
device-name(config-if 1/2/4)#port security enable-shutdown-port
device-name(config-if 1/2/4)#end
device-name#show port security
| ===================================================================|
| por t #| vi d | act i on | max addr | secur e addr | f i l t er ed addr | st at us |
| - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - - - - +- - - - - - - |
| 1/ 2/ 4| al l vl ans| shut down| 5 | 5 | 5 | enabl ed|
device-name#show port security 1/2/4
Al l Vl ans:
The por t i s : secur ed
St at e : enabl ed
Act i on : shut down
Max secur ed addr esses = 5
Cur r ent secur ed addr esses = 5
Cur r ent f i l t er ed addr esses = 5
T-Marc 300 Series User Guide
Page 61
Configuring Interfaces (Rev. 08)
The Port Limit Feature
Overview
The Port Limit feature limits the number of MAC addresses learned by a port. When enabling this
feature:
MAC addresses within the limit are learned as dynamic
MAC addresses that exceed the limit are learned as filtered MAC addresses.
Port Limit Default Configuration
Table 19: Port Limit Default Configuration
Parameter Default Value
Port limit Disabled
Port Limit Commands
Table 20: Port Limit Configuration Commands
Command Description
port limit Configures a limit on the number of learned MAC addresses on
a physical interface or a group of interfaces (see Limiting MAC
Addresses a Port)
Table 21: Port Limit Display Commands
Command Description
show port limit Displays the port limit configuration for all device ports (see
Displaying the Port Limit Configuration)
T-Marc 300 Series User Guide
Page 62
Configuring Interfaces (Rev. 08)
Limiting MAC Addresses a Port
The port limit command limits the number of learned MAC addresses on a physical interface or
a group of interfaces.
CLI Mode: Interface Configuration and Range Interface Configuration
NOTE
When configuring port limit on a port, the initial frame is lost since the first packet
received from any source is used solely for learning its MAC address.
NOTE
A secured port does not support the port limit functionality.
By default, the port limit feature is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#port limit max-mac-count <max-count> [filter-
learn-disable] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port limit [max-mac-count filter-learn-
disable] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port limit all
device-name(config-if UU/SS/PP)#port limit forward-unknown
device-name(config-if UU/SS/PP)#no port limit forward-unknown
device-name(config-if-group)#port limit max-mac-count <max-count> [filter-
learn-disable] [vlan <vlan-id>]
device-name(config-if-group)#no port limit [max-mac-count filter-learn-disable]
[vlan <vlan-id>]
device-name(config-if-group)#port limit forward-unknown
device-name(config-if-group)#no port limit forward-unknown
device-name(config-if-group)#no port limit all
Argument Description
max-mac-count <max-
count>
The number of MAC addresses the port is allowed to learn, in the
range of <12048>.
NOTE
Enable new MAC address learning prior to using this
argument to ensure its proper function (see the
Device Administration chapter of this User Guide).
When MAC address learning is not enabled the
following warning message is displayed: Warning!
Port limit may not work correctly since
learning is disabled on the port.
filter-learn-
disable
(Optional). The filtered MAC addresses are not learned in the MAC
address table.
T-Marc 300 Series User Guide
Page 63
Configuring Interfaces (Rev. 08)
MAC addresses are learned in the MAC address table
vlan <vlan-id>
(Optional). Enables port limit on the specified VLAN the port is a
member of. The VLAN ID number is in the range of <14094>.
forward-unknown
Forwards unknown egress traffic on a port when this port is
secured/limited. This command can be used together with the
port security command to allow egress flooding.
no
Restores to default.
NOTE
Using the no por t l i mi t al l command removes port
limit on a port per all VLANs.
Example
The following example disables learning of the violating MAC address in the MAC address table.
The filtered MAC addresses corresponding to VLAN 20 are not learned on port 1/ 2/ 3.
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port limit max-mac-count 15 filter-learn-disable
vlan 20
Displaying the Port Limit Configuration
The show port limit command displays the port limit configuration for all device ports.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show port limit [UU/SS/PP] [vlan <vlan-id>]
Argument Description
UU/SS/PP
(Optional). Displays the port limit configuration of a specified port.
vlan <vlan-id>
(Optional). Displays the port limit configuration of a specified VLAN.
Example 1
device-name#show port limit
===========================================================
| por t num | vl an | max- mac- count | cur r ent mac- count
- - - - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - -
1/ 2/ 3 20 15 0
Example 2
device-name#show port limit 1/2/3
VLAN 20:
The por t / vl an i s : l i mi t ed
Li mi t t ype : l ear n as f i l t er ed
Max l i mi t ed addr esses = 15
T-Marc 300 Series User Guide
Page 64
Configuring Interfaces (Rev. 08)
Cur r ent l i mi t ed addr esses = 0
T-Marc 300 Series User Guide
Page 65
Configuring Interfaces (Rev. 08)
Interfaces Management
Overview
The interface management feature allows system administrators to isolate the devices management
traffic from the normal data traffic. This way they can eliminate unauthorized users and malicious
attacks to the device.
Disabling port management disallows:
Telnet to the device
SSH to the device
SNMP management
SNMP traps and informs
Ping to the device
TFTP download or upload
Outgoing Syslog messages
Interfaces Management Commands
Table 22: Interface management Commands
Command Description
port management Limits the device management access only to ports that you
specify in the PORT LIST (see Setting Management Ports)
show port management Displays which ports provide management access (see Displaying
Management Ports)
Setting Management Ports
The port management command limits the device management access only to specified ports.
NOTE
Ensure that your PC is connected to a management enabled port prior to disabling
management on ports.
NOTE
You can also disable management on a VLAN (refer to the Configuring VLANs and
Super VLANs chapter of this User Guide). Management traffic on a VLAN is
allowed on a member port only if management is enabled both on the port and the
VLAN.
CLI Mode: Global Configuration
By default, management of the device is accessible on all ports.
T-Marc 300 Series User Guide
Page 66
Configuring Interfaces (Rev. 08)
Command Syntax
device-name(config)#port management PORT-LIST
device-name(config)#no port management PORT-LIST
Argument Description
PORT-LIST
Specifies one or more port numbers. Use commas as separators and hyphens
to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).
no
Specifies a list of ports prohibited from management access.
Displaying Management Ports
The show port management command displays the ports that provide management access to the
device.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show port management
Example
device-name#show port management
Management por t s: 1/ 2/ 1, 1/ 2/ 2
T-Marc 300 Series User Guide
Page 67
Configuring Interfaces (Rev. 08)
Alarm Propagation Feature
Overview
Alarm Propagation is a fault detection feature that identifies faults in network uplinks and
alarms downstream devices. When the uplink interface goes down, the user interfaces are also shut
down and the customer device stops sending traffic over the original route, until the authorized
person becomes aware of the alarm.
The customer device can attempt to forward traffic over another available (alternative) route.
Alarm Propagation Commands
Table 23: Alarm Propagation Commands
Command Description
alarm-status-
inherit source-port
Enables the alarm propagation process on a group of interfaces or a
group of aggregated interfaces (see Enabling Alarm Propagation )
show alarm-inherit Displays the alarm propagation configuration (see Displaying the
Alarm Propagation)
Enabling Alarm Propagation
The alarm-status-inherit source-port command enables the alarm propagation process on a
group of interfaces or a group of aggregated interfaces that will be shut down when the network
uplink goes down.
CLI Mode: Interface Configuration
NOTE
Notes and limitations:
If all alarm-inherit configurations on a port are either a user (downlink) or
uplink, for example a port cannot be uplink in part of the configurations and
user in the rest of them.
An alarm-inheriting (user) port cannot be part of a resilient link nor can port
security with shutdown-violation-action be configured on it.
Command Syntax
device-name(config-if UU/SS/PP)#alarm-status-inherit source-port {PORT-LIST |
PORT-AG-LIST}
device-name(config-if UU/SS/PP)#no alarm-inherit
T-Marc 300 Series User Guide
Page 68
Configuring Interfaces (Rev. 08)
Argument Description
PORT-LIST Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).
PORT-AG-LIST Specifies the list of LAG names (for example AG01, AG04AG06).
The LAG ID is in the range <17>.
no Disables the Alarm Propagation.
Displaying the Alarm Propagation
The show alarm-inherit command displays the alarm propagation configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show alarm-inherit
Example
device-name#show alarm-inherit
| ==================================================|
| por t # | pr opagat i ng al ar mf or upl i nk por t s |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 1/ 2/ 1 | 1/ 1/ 2
T-Marc 300 Series User Guide
Page 69
Configuring Interfaces (Rev. 08)
Configuration Example
The following example (Figure6) shows how to the set alarm propagation feature:
Figure 6: Alarm Propagation Configuration Example
1. Set user port 1/ 2/ 1 link state to be dependent upon the state of uplink port 1/ 1/ 2 (inherit
alarm on the uplink port):
DeviceC#configure terminal
DeviceC(config)#interface 1/2/1
DeviceC(config-if 1/2/1)#alarm-status-inherit source-port 1/1/2
DeviceC(config-if 1/2/1)#end
DeviceC#show alarm-inherit
| ==================================================|
| por t # | pr opagat i ng al ar mf or upl i nk por t s |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 1/ 2/ 1 | 1/ 1/ 2
T-Marc 300 Series User Guide
Page 70
Configuring Interfaces (Rev. 08)
2. Verify the port states and configuration. Port 1/ 2/ 1 inherits on the state of port 1/ 1/ 2.Initially
the two ports are up:
DeviceC#show interface 1/1/2
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = up
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 10000
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632
DeviceC#show interface 1/2/1
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = up
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 10000
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632
T-Marc 300 Series User Guide
Page 71
Configuring Interfaces (Rev. 08)
3. Disconnect port 1/ 1/ 2 forces port link state 1/ 2/ 1 to go also down:
DeviceC#show interface 1/1/2
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = down
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = unknown
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632
DeviceC#show interface 1/2/1
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = down
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = unknown
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = No
Lear ni ng new addr ess = Enabl ed
Max Packet Si ze ( MRU) = 1632
T-Marc 300 Series User Guide
Page 72
Configuring Interfaces (Rev. 08)
Supported Platforms
Features T-Marc 340 T-Marc 380
Fast Ethernet and Giga Ethernet Port + +
Link Aggregation Groups (LAGs) + +
Resilience Links + +
Port Security Techniques + +
Alarm Propagation + +
Supported Standards, MIBs, and RFCs
Features Standards MIBs RFCs
Fast Ethernet
and Giga
Ethernet Port
IEEE 802.3 Ethernet
IEEE 802.3u Fast
Ethernet
IEEE 802.3x Flow
Control
IEEE 802.3z Gigabit
Ethernet
Public MIBs:
RFC 1213, Management
Information Base for
Network Management of
TCP/IP-based
internets:MIB-II
(qwerinterface table and
onfigL2IfaceTable)
RMON MIB
Private MIB, prvt_switch.mib
RFC 2863 The
Interfaces Group
MIB
(configL2IfaceTable
and interface table)
Link Aggregation
Groups (LAGs)
IEEE 802.3ad Private MIB,
prvt_Ports_Aggregation.mib
No RFCs are
supported by this
feature.
Resilience Links No standards are
supported by this
feature.
Private MIB,
prvt_resilient_link.mib
No RFCs are
supported by this
feature.
Port Security
Techniques
No standards are
supported by this
feature.
No MIBs are supported by
this feature.
No RFCs are
supported by this
feature.
Alarm
Propagation
IEEE 802.3 Ethernet
IEEE 802.3u Fast
Ethernet
IEEE 802.3x Flow
Control
IEEE 802.3z Gigabit
Ethernet
Public MIBs:
RFC 1213, Management
Information Base for
Network Management of
TCP/IP-based
internets:MIB-II
(qwerinterface table and
onfigL2IfaceTable)
RMON MIB
Private MIB, prvt_switch.mib
RFC 2863 The
Interfaces Group
MIB
(configL2IfaceTable
and interface table)
Page 1
Configuring VLANs and Super VLANs (Rev. 07)
Configuring VLANs and Super VLANs
Table of Figures 3
Features Included in this Chapter 4
Virtual LANs 5
Overview 5
The VLAN Tagging Benefits 5
VLAN Traffic Behavior 6
VLAN Tagging and Ingress Traffic 6
VLAN Tagging and Egress Traffic 7
VLAN Default Configuration 8
VLAN Configuration Flow 9
VLAN Configuration Commands 10
Entering the VLAN Configuration Mode12
Creating a New VLAN12
Entering an Existing VLAN Configuration Mode12
Adding Ports to a VLAN13
Adding Ports to a Default VLAN14
Creating a Range of VLANs 14
Securing Management Access Based on VLAN ID15
Modifying the CPU Port Membership16
Removing the CPU Port16
Deleting a VLAN (by VLAN Name) 17
Deleting a VLAN (by VLAN ID) 17
Deleting a Range of VLANs18
Removing Ports from a VLAN19
Removing Ports from a Default VLAN20
Displaying the VLAN Configuration20
Displaying VLAN Management Information20
T-Marc 300 Series User Guide
Page 2
Configuring VLANs and Super VLANs (Rev. 08)
Configuration Examples21
VLAN Configuration Example21
Management VLAN Configuration Example31
Super VLANs33
Overview33
Super VLAN Types 34
The Super VLAN Default Configuration35
The Super VLAN Configuration Commands35
Defining a Super VLAN35
Configuring the Super VLAN Ring Topology36
Displaying the Super VLAN Configuration36
Configuration Examples37
Super VLAN Configuration Example37
Super VLAN with Aggregated Uplink Configuration Example39
Super VLAN Ring Topology Configuration41
Supported Platforms44
Supported Standards, MIBs and RFCs44
T-Marc 300 Series User Guide
Page 3
Configuring VLANs and Super VLANs (Rev. 08)
Table of Figures
Figure 1: IEEE 802.1Q Frame Tag Structure 6
Figure 2: VLANs in Ingress Traffic 7
Figure 3: VLANs in Egress Traffic 7
Figure 4: VLAN Configuration Flow 9
Figure 5: VLAN Configuration Example21
Figure 6: Management VLAN Configuration Example31
Figure 7: Switching Decisions without the Super VLAN Agent 33
Figure 8: Switching Decisions with the Super VLAN Agent33
Figure 9: Super VLAN Ring Mode Configuration Example34
Figure 10: Super VLAN Configuration37
Figure 11: Super VLAN Configuration with LAG Uplink39
Figure 12: Super VLAN Ring Topology Example41
T-Marc 300 Series User Guide
Page 4
Configuring VLANs and Super VLANs (Rev. 08)
Features Included in this Chapter
This chapter provides an overall understanding of Virtual Local Area Network (VLAN) concepts,
including different configuration examples.
The chapter contains the following sections:
Virtual LANs
VLANs are used to group users traffic with common requirements, as if they were on the
same LAN although they may be in separate physical locations. The key benefit of
VLANs is its flexibility in allowing any logical LAN to be implemented on any physical
infrastructure.
Super VLANs
The Super VLAN is a mechanism for aggregating VLANs that share the same default
router address and subnet mask, but remain isolated from one another's network traffic.
T-Marc 300 Series User Guide
Page 5
Configuring VLANs and Super VLANs (Rev. 08)
Virtual LANs
Overview
VLAN tagging is a standard designed for grouping hosts with common requirements, allowing
them to communicate as if they were on the same LAN regardless of their physical location. This
allows a logical partition of a physical LAN into different broadcast domains.
This standard also ensures that VLAN traffic is isolated from hosts that are not members of the
VLAN.
This technology is based on tagging Ethernet frames with VLAN IDs, assigning each user to a
specific VLAN. This prohibits Layer 2 mutual access between workgroups with different VLAN
IDs.
The VLAN Tagging Benefits
Implementing VLANs on the network has the following advantages:
Flexibilitywhen a user moves to a different broadcast domain, the system administrator only
has to reconfigure the port the user is connected to.
SecurityVLANs provide a greater degree of security than a traditional LAN since data
packets of one VLAN are not transmitted to a different VLAN.
ScalabilityVLANs are not limited to a single device, spanning over an enterprise
organization or a WAN link.
Service per VLANyou can use separate VLANs for different services and features
corresponding to each VLAN.
T-Marc 300 Series User Guide
Page 6
Configuring VLANs and Super VLANs (Rev. 08)
VLAN Traffic Behavior
VLAN tagging inserts a VLAN ID into the Ethernet frame header, associating each frame with a
specific VLAN. Using this method, the port that interconnects devices can carry traffic for multiple
VLANs over the same physical connection.
Figure 1: I EEE 802.1Q Frame Tag Structure
A port can be a member of one or more VLANs. However, only one of these VLANs can be the
ports default VLAN. Initially all the device ports are members of a VLAN named Default (VLAN
ID 1).
Ports assigned to different VLANs can communicate only through routing (and not on Layer 2).
VLAN Tagging and Ingress Traffic
The VLAN membership and the ports default VLAN affect the incoming (ingress) traffic process
as follows:
When the traffic has a VLAN tagging:
if the port is a member of the VLAN, it processes the traffic
otherwise, the port drops this traffic
If the traffic has no VLAN tagging, the port adds its default VLAN ID to the frames and
processes them accordingly.
T-Marc 300 Series User Guide
Page 7
Configuring VLANs and Super VLANs (Rev. 08)
Figure 2: VLANs in I ngress Traffic
VLAN Tagging and Egress Traffic
In addition to the VLANs a port is assigned to, the system administrator defines whether the port is
a tagged or an untagged member of a specified VLAN. This affects the outgoing (egress) traffic
process:
If the port is an untagged member of a VLAN, it removes the VLAN ID tagging from these
VLANs frames before forwarding them
If the port is a tagged member of a VLAN, it forwards these VLANs frames with their
VLAN ID (without changing the frames)
Figure 3: VLANs in Egress Traffic
T-Marc 300 Series User Guide
Page 8
Configuring VLANs and Super VLANs (Rev. 08)
VLAN Default Configuration
Table 1: VLAN Default Configuration
Parameter Default Value
All ports VLAN VLAN 1
PVID of all ports VLAN 1
VLAN management Enabled
T-Marc 300 Series User Guide
Page 9
Configuring VLANs and Super VLANs (Rev. 08)
VLAN Configuration Flow
Figure 4: VLAN Configuration Flow
Start
Yes
No
End
Remove the CPU port
Modify the CPU
port membership
Enter a specific VLAN
Configuration mode
Add port(s) as tagged or untagged
members
Enter VLAN Configuration mode
Create a VLAN
Yes
No
Secure management access
Remove CPU from VLAN
Modify
Management
VLANs
Yes
No
Add ports to a default VLAN
Configure a
Default VLAN
T-Marc 300 Series User Guide
Page 10
Configuring VLANs and Super VLANs (Rev. 08)
VLAN Configuration Commands
Table 2: VLAN Configuration Commands
Command Description
vlan
Enters the VLAN Configuration mode (see Entering the VLAN
Configuration Mode)
create
Creates a VLAN with a specific name and ID number (see Creating
a New VLAN)
config
Enters a specific VLAN Configuration mode (see Entering an
Existing VLAN Configuration Mode)
add ports
Adds specified ports as either tagged or untagged ports (see Adding
Ports to a Default VLAN)
add ports default
Specifies a default VLAN for a group of ports (see Adding Ports to a
Default VLAN)
create range
Creates a range of VLANs (see Creating a Range of VLANs)
Table 3: VLAN Optional Commands
Command Description
management Limits the device management access to VLANs that you specify by
a list of VLAN ID numbers (see Securing Management Access
Based on VLAN ID)
add cpu-port
Enables the device to receive broadcast and multicast traffic in the
specified VLAN (see Modifying the CPU Port Membership)
remove cpu-port
Protects the device from receiving broadcast and multicast traffic in
the specified VLAN (see Removing the CPU Port)
Table 4: Commands for Removing VLANs
Command Description
delete
Deletes a VLAN, specified by its name (see Deleting a VLAN (by
VLAN Name))
delete id
Deletes a VLAN, specified by its VLAN ID (see Deleting a VLAN (by
VLAN ID))
delete range
Deletes a range of VLANs (see Deleting a Range of VLANs)
Table 5: Commands for Removing Ports from a VLAN
Command Description
remove ports
Removes ports from a VLAN (see Removing Ports from a VLAN)
remove ports default
Removes ports from the default VLAN (see Removing Ports from a
Default VLAN)
T-Marc 300 Series User Guide
Page 11
Configuring VLANs and Super VLANs (Rev. 08)
Table 6: VLAN Display Commands
Command Description
show, show vlan
Displays the static VLAN configuration (see Displaying the VLAN
Configuration)
show vlan
management
Display VLAN management access information (see Displaying
VLAN Management Information)
T-Marc 300 Series User Guide
Page 12
Configuring VLANs and Super VLANs (Rev. 08)
Entering the VLAN Configuration Mode
The vlan command enters the VLAN Configuration mode.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#vlan
device-name(config vlan)#
Creating a New VLAN
The create command creates a VLAN with the specified name and ID (VLAN tag).
CLI Mode: VLAN Configuration
NOTE
vlan_ and default are reserved names and you cannot use them as VLAN names.
Attempting to do so generates the following message (vlan-id represents the VLAN
ID that the user is attempting to create): % VLAN <vlan-id> system name
Command Syntax
device-name(config vlan)#create NAME <vlan-id>
Argument Description
NAME The VLAN name.
vlan-id The VLAN tag number, in the range <24094>.
Example
Use the following example to create a VLAN named accountingwith tag number 2:
device-name(config vlan)#create accounting 2
Entering an Existing VLAN Configuration Mode
The config command enters the configuration mode for a specific VLAN.
Use this command in a Specific VLAN Configuration mode to switch to a different VLANs
Configuration mode.
CLI Mode: VLAN Configuration and Specific VLAN Configuration
T-Marc 300 Series User Guide
Page 13
Configuring VLANs and Super VLANs (Rev. 08)
Command Syntax
device-name(config vlan)#config NAME1
device-name(config-vlan NAME1)#
device-name(config-vlan NAME1)#config NAME2
device-name(config-vlan NAME2)#
Argument Description
NAME1, NAME2 The names of existing VLANs.
Examples
Access vlan_52 configuration from Global VLAN Configuration mode, as indicated by the
prompt-line:
device-name(config vlan)#config vlan_52
device-name(config-vlan vlan_52)#
Switch from vlan_52 Configuration mode to XYZ Configuration mode, as indicated by the
prompt-line:
device-name(config-vlan vlan_52)#config XYZ
device-name(config-vlan XYZ)#
Adding Ports to a VLAN
The add ports command assigns ports to a VLAN. Ports drop ingress packets tagged with a
different VLAN-tag than the one they belong to.
In egress traffic tagged ports send tagged packets while untagged ports send these packets without a
VLAN tag.
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#add ports PORT-LIST {tagged | untagged}
Argument Description
PORT-LIST
(Optional) specifies one or more port numbers. Use commas as separators
and hyphens to indicate sub-ranges (for example, 1/2/11/2/8, 1/1/2).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
tagged
(Optional) the specified ports are tagged.
untagged
(Optional) the specified ports are untagged
T-Marc 300 Series User Guide
Page 14
Configuring VLANs and Super VLANs (Rev. 08)
Adding Ports to a Default VLAN
The add ports default command specifies a default VLAN for a group of ports.
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#add ports default PORT-LIST
Argument Description
See the Argument Description table above.
Creating a Range of VLANs
The create range command creates a range of VLANs and automatically assigns VLAN names
that match the tag-numbers.
The VLAN name format is Vlan_dddd, where ddddrepresents the matching VLAN ID. For
example, VLAN ID 123 is named Vlan_123.
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#create range <vlan-id1> <vlan-id2> [PORT-LIST tagged
[PORT-LIST untagged]] [remove cpu-port]
device-name(config vlan)#create range <vlan-id1> <vlan-id2> [PORT-LIST untagged
[PORT-LIST tagged]] [remove cpu-port]
Argument Description
vlan-id1 The first VLAN ID, in the range of <24094>
vlan-id2 The last VLAN ID, in the range of <24094>
PORT-LIST (Optional) one or more port numbers, specified by the following options:
UU/SS/PPa single port specified by unit, slot, and port number
UUall ports on the specified unit
UU/SSall ports on the specified slot that
A hyphenated range of ports
(for example: 1/2/11/2/8 or 1/11/2)
Several port numbers and/or ranges, separated by commas (for
example: 1/1/1, 1/1/2, 1/2/11/2/8).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
tagged (Optional) the specified ports are tagged
untagged (Optional) the specified ports are untagged
T-Marc 300 Series User Guide
Page 15
Configuring VLANs and Super VLANs (Rev. 08)
remove cpu-
port
(Optional) prevents the device from receiving broadcast and multicast traffic
in the specified VLAN (see the remove cpu-port command)
Example
Use the following example to create a sequence of VLANs and then to display the results:
device-name(config vlan)#create range 15 21 1/1/1-1/1/2 untagged 1/2/2 tagged
device-name(config vlan)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
Vl an_15 | 15 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_16 | 16 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_17 | 17 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_18 | 18 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_19 | 19 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_20 | 20 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_21 | 21 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Securing Management Access Based on VLAN ID
The management command limits the device management access only to VLANs that you specify
by a list of VLAN ID numbers. You may include VLANs that have not been created yet.
The management VLAN isolates the devices management IP address from data traffic, preventing
unauthorized access and malicious attacks.
When using this feature, you can manage the device though a PCconnected to a port assigned to
a management VLANvia Telnet or SNMP.
When management VLAN is disabled, you are not allowed to perform the following tasks:
Telnet to the device
SSH to the device
SNMP management
Ping the device
TFTP download or upload
Receive outgoing Syslog messages
You cannot delete the management VLAN 1.
By default, management of the device is accessible on all VLANs.
NOTE
You can also disable management on a port by the por t management command in
Global Configuration mode (refer to the Configuring Interfaces chapter of this User
Guide).
Management traffic on a VLAN is allowed on a port that is a member of that VLAN
only if management is enabled both on the port and on the VLAN.
T-Marc 300 Series User Guide
Page 16
Configuring VLANs and Super VLANs (Rev. 08)
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#management VLAN-LIST
device-name(config vlan)#no management VLAN-LIST
Argument Description
VLAN-LIST A list of VLAN IDs in the below format:
A hyphenated range of VLANs (for example: 832)
Several VLAN numbers and/or ranges, separated by commas (for example:
2,4,832)
no The list of VLANs with no management access.
Modifying the CPU Port Membership
The add cpu-port command enables the device to receive broadcast and multicast traffic in the
specified VLAN.
CLI Mode: Specific VLAN Configuration
By default, the CPU port is a member of all VLANs.
Command Syntax
device-name(config-vlan VLAN-NAME)#add cpu-port
Removing the CPU Port
The remove cpu-port command protects the device's CPU from receiving broadcast and
multicast traffic on the specified VLAN.
NOTE
The device performs switching even if its CPU is not a member of the VLAN.
Enabling this feature does not block unicast traffic to the CPU.
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#remove cpu-port
T-Marc 300 Series User Guide
Page 17
Configuring VLANs and Super VLANs (Rev. 08)
Deleting a VLAN (by VLAN Name)
The delete command deletes an existing VLAN by its VLAN name.
NOTE
The VLAN named default (VLAN ID 1) is part of the default configuration and you
cannot delete it.
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#delete NAME
Argument Description
NAME The name of an existing VLAN
Example
The following example deletes the VLAN named accounting:
device-name(config vlan)#delete accounting
Deleting a VLAN (by VLAN ID)
The delete id command deletes an existing VLAN by its VLAN ID.
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#delete id <vlan-id>
Argument Description
vlan-id An existing VLAN ID
Example
This following example deletes the VLAN with ID 10:
device-name(config vlan)#delete id 10
T-Marc 300 Series User Guide
Page 18
Configuring VLANs and Super VLANs (Rev. 08)
Deleting a Range of VLANs
The delete range command deletes a range of VLANs.
CLI Mode: VLAN Configuration
Command Syntax
device-name(config vlan)#delete range <vlan-id1> <vlan-id2>
Argument Description
vlan-id1 The first VLAN ID in the range (must be smaller than vlan-id2).
The valid range is <24094>.
vlan-id2 The last VLAN ID (must be greater than vlan-id1).
The valid range is <24094>.
Example
device-name(config vlan)#show
===================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
Vl an_15 | 15 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_16 | 16 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_17 | 17 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_18 | 18 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_19 | 19 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_20 | 20 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_21 | 21 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
device-name(config vlan)#delete range 15 19
device-name(config vlan)#show
===================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
Vl an_20 | 20 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
Vl an_21 | 21 | | 1/ 2/ 2 | 1/ 1/ 1, 1/ 1/ 2
T-Marc 300 Series User Guide
Page 19
Configuring VLANs and Super VLANs (Rev. 08)
Removing Ports from a VLAN
The remove ports command removes the specified port(s).
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#remove ports PORT-LIST
Argument Description
PORT-
LIST
(Optional) one or more port numbers assigned to the VLANs, specified by the
following options:
UU/SS/PPa single port specified by unit, slot, and port number
UUall ports on the specified unit
UU/SSall ports on the specified slot that
A hyphenated range of ports
(for example: 1/2/11/2/8 or 1/11/2)
Several port numbers and/or ranges, separated by commas (for example: 1/1/1,
1/1/2, 1/2/11/2/8).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
Example
The example shows how to remove ports from the VLAN named xxx. The result displayed by the
show command that can be applied in any Specific or Global VLAN Configuration mode:
device-name(config-vlan xxx)#remove ports 1/2/2-1/2/4
device-name(config-vlan xxx)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
xxx | 9 | | 1/ 1/ 1, 1/ 2/ 1, | 1/ 2/ 1, 1/ 2/ 5
| | | 1/ 2/ 5- 1/ 2/ 7 |
T-Marc 300 Series User Guide
Page 20
Configuring VLANs and Super VLANs (Rev. 08)
Removing Ports from a Default VLAN
The remove ports default command removes ports from the default VLAN.
CLI Mode: Specific VLAN Configuration
Command Syntax
device-name(config-vlan VLAN-NAME)#remove ports default PORT-LIST
Argument Description
See the argument table above.
Displaying the VLAN Configuration
The commands below display VLAN configuration information:
show command
CLI Mode: VLAN Configuration and Specific VLAN Configuration
show vlan command
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show vlan
device-name(config vlan)#show
device-name(config-vlan VLAN-NAME)#show
Displaying VLAN Management Information
The show vlan management command displays VLAN management access information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show vlan management
Example
The following example shows that by default, management is accessible on all VLANs.
device-name#show vlan management
Management VLANs: 1- 4094
T-Marc 300 Series User Guide
Page 21
Configuring VLANs and Super VLANs (Rev. 08)
Configuration Examples
VLAN Configuration Example
The figure below represents an example of a simple VLAN configuration.
Figure 5: VLAN Configuration Example
Configuring Device 1:
1. Create VLAN user_100 with VLAN ID 100:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_100 100
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to
VLAN user_100 and add VLAN user_100 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_100
device-name(config-vlan user_100)#add ports 1/1/1 untagged
device-name(config-vlan user_100)#add ports default 1/1/1
device-name(config-vlan user_100)#add ports 1/2/1 tagged
device-name(config-vlan user_100)#exit
T-Marc 300 Series User Guide
Page 22
Configuring VLANs and Super VLANs (Rev. 08)
3. Create VLAN user_101 with VLAN ID 101:
device-name(config vlan)#create user_101 101
4. Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to
VLAN user_101, and add VLAN user_101 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_101
device-name(config-vlan user_101)#add ports 1/1/2 untagged
device-name(config-vlan user_101)#add ports default 1/1/2
device-name(config-vlan user_101)#add ports 1/2/1 tagged
device-name(config-vlan user_101)#exit
5. Create the VLAN user_102 with VLAN ID 102:
device-name(config vlan)#create user_102 102
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_102, and add VLAN user_102 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_102
device-name(config-vlan user_102)#add ports 1/2/3 untagged
device-name(config-vlan user_102)#add ports default 1/2/3
device-name(config-vlan user_102)#add ports 1/2/1 tagged
7. Display the configured VLANs:
device-name(config-vlan user_102)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _100 | 100 | | 1/ 2/ 1 | 1/ 1/ 1
user _101 | 101 | | 1/ 2/ 1 | 1/ 1/ 2
user _102 | 102 | | 1/ 2/ 1 | 1/ 2/ 3
device-name(config-vlan user_102)#end
device-name#show running-config port
. . .
! Por t conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
def aul t vl an 100
!
i nt er f ace 1/ 1/ 2
def aul t vl an 101
!
T-Marc 300 Series User Guide
Page 23
Configuring VLANs and Super VLANs (Rev. 08)
i nt er f ace 1/ 2/ 3
def aul t vl an 102
!
. . .
! VLAN conf i gur at i on:
!
vl an
cr eat e user _100 100
conf i g user _100
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 1 unt agged
!
vl an
cr eat e user _101 101
conf i g user _101
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 2 unt agged
!
vl an
cr eat e user _102 102
conf i g user _102
add por t s 1/ 2/ 1 t agged
add por t s 1/ 2/ 3 unt agged
!
. . .
Configuring Device 2:
1. Create VLAN user_200 with VLAN ID 200:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_200 200
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user)
to VLAN user_200, and add VLAN user_200 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_200
device-name(config-vlan user_200)#add ports 1/1/1 untagged
device-name(config-vlan user_200)#add ports default 1/1/1
device-name(config-vlan user_200)#add ports 1/2/1 tagged
device-name(config-vlan user_200)#exit
3. Create VLAN user_201 with VLAN ID 201:
device-name(config vlan)#create user_201 201
T-Marc 300 Series User Guide
Page 24
Configuring VLANs and Super VLANs (Rev. 08)
4. Remove port 1/1/2 from Default VLAN add port 1/1/2 as untagged (connected to a user) to
VLAN user_201 and add VLAN user_201 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_201
device-name(config-vlan user_201)#add ports 1/1/2 untagged
device-name(config-vlan user_201)#add ports default 1/1/2
device-name(config-vlan user_201)#add ports 1/2/1 tagged
device-name(config-vlan user_201)#exit
5. Create the VLAN user_202 with VLAN ID 202:
device-name(config vlan)#create user_202 202
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_202, and add VLAN user_202 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4)
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_202
device-name(config-vlan user_202)#add ports 1/2/3 untagged
device-name(config-vlan user_202)#add ports default 1/2/3
device-name(config-vlan user_202)#add ports 1/2/1 tagged
device-name(config-vlan user_202)#exit
7. Display the configured VLANs:
device-name(config-vlan user_202)#show
=================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _200 | 200 | | 1/ 2/ 1 | 1/ 1/ 1
user _201 | 201 | | 1/ 2/ 1 | 1/ 1/ 2
user _202 | 202 | | 1/ 2/ 1 | 1/ 2/ 3
device-name(config-vlan user_202)#end
device-name#show running-config port
. . .
! Por t conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
def aul t vl an 200
!
i nt er f ace 1/ 1/ 2
def aul t vl an 201
!
i nt er f ace 1/ 2/ 3
def aul t vl an 202
!
T-Marc 300 Series User Guide
Page 25
Configuring VLANs and Super VLANs (Rev. 08)
. . .
! VLAN conf i gur at i on:
!
vl an
cr eat e user _200 200
conf i g user _200
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 1 unt agged
!
vl an
cr eat e user _201 201
conf i g user _201
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 2 unt agged
!
vl an
cr eat e user _202 202
conf i g user _202
add por t s 1/ 2/ 1 t agged
add por t s 1/ 2/ 3 unt agged
!
. . .
Configuring Device 3:
1. Create VLAN user_300 with VLAN ID 300:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_300 300
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to
VLAN user_300, and add VLAN user_300 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_300
device-name(config-vlan user_300)#add ports 1/1/1 untagged
device-name(config-vlan user_300)#add ports default 1/1/1
device-name(config-vlan user_300)#add ports 1/2/1 tagged
device-name(config-vlan user_300)#exit
3. Create VLAN user_301 with VLAN ID 301:
device-name(config vlan)#create user_301 301
T-Marc 300 Series User Guide
Page 26
Configuring VLANs and Super VLANs (Rev. 08)
4. Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to
VLAN user_301 and add VLAN user_301 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_301
device-name(config-vlan user_301)#add ports 1/1/2 untagged
device-name(config-vlan user_301)#add ports default 1/1/2
device-name(config-vlan user_301)#add ports 1/2/1 tagged
device-name(config-vlan user_301)#exit
5. Create VLAN user_302 with VLAN ID 302:
device-name(config vlan)#create user_302 302
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_302, and add VLAN user_302 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4)
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_302
device-name(config-vlan user_302)#add ports 1/2/3 untagged
device-name(config-vlan user_302)#add ports default 1/2/3
device-name(config-vlan user_302)#add ports 1/2/1 tagged
device-name(config-vlan user_302)#exit
7. Display the configured VLANs:
device-name(config-vlan user_302)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _300 | 300 | | 1/ 2/ 1 | 1/ 1/ 1
user _301 | 301 | | 1/ 2/ 1 | 1/ 1/ 2
user _302 | 302 | | 1/ 2/ 1 | 1/ 2/ 3
device-name(config-vlan user_302)#end
device-name#show running-config port
. . .
! Por t conf i gur at i on:
!
i nt er f ace 1/ 1/ 1
def aul t vl an 300
!
i nt er f ace 1/ 1/ 2
def aul t vl an 301
!
i nt er f ace 1/ 2/ 3
def aul t vl an 302
!
T-Marc 300 Series User Guide
Page 27
Configuring VLANs and Super VLANs (Rev. 08)
. . .
! VLAN conf i gur at i on:
!
vl an
cr eat e user _300 300
conf i g user _300
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 1 unt agged
!
vl an
cr eat e user _301 301
conf i g user _301
add por t s 1/ 2/ 1 t agged
add por t s 1/ 1/ 2 unt agged
!
vl an
cr eat e user _302 302
conf i g user _302
add por t s 1/ 2/ 1 t agged
add por t s 1/ 2/ 3 unt agged
!
. . .
Configuring Device 4:
1. Create VLAN user_100 with VLAN ID 100:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_100 100
2. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1 is
connected to the router) to VLAN user_100:
device-name(config vlan)#config user_100
device-name(config-vlan user_100)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_100)#exit
3. Create the VLAN user_101 with VLAN ID 101:
device-name(config vlan)#create user_101 101
4. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1
is connected to the router) to VLAN user_101:
device-name(config vlan)#config user_101
device-name(config-vlan user_101)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_101)#exit
5. Create the VLAN user_102 with VLAN ID 102:
device-name(config vlan)#create user_102 102
T-Marc 300 Series User Guide
Page 28
Configuring VLANs and Super VLANs (Rev. 08)
6. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1
is connected to the router) to VLAN user_102:
device-name(config vlan)#config user_102
device-name(config-vlan user_102)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_102)#exit
7. Create the VLAN user_200 with VLAN ID 200:
device-name(config vlan)#create user_200 200
8. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_200:
device-name(config vlan)#config user_200
device-name(config-vlan user_200)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_200)#exit
9. Create the VLAN user_201 with VLAN ID 201:
device-name(config vlan)#create user_201 201
10. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_201:
device-name(config vlan)#config user_201
device-name(config-vlan user_201)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_201)#exit
11. Create the VLAN user_202 with VLAN ID 202:
device-name(config vlan)#create user_202 202
12. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_202:
device-name(config vlan)#config user_202
device-name(config-vlan user_202)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_202)#exit
13. Create the VLAN user_300 with VLAN ID 300:
device-name(config vlan)#create user_300 300
14. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_300:
device-name(config vlan)#config user_300
device-name(config-vlan user_300)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_300)#exit
15. Create the VLAN user_301 with VLAN ID 301:
device-name(config vlan)#create user_301 301
16. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_301:
device-name(config vlan)#config user_301
device-name(config-vlan user_301)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_301)#exit
T-Marc 300 Series User Guide
Page 29
Configuring VLANs and Super VLANs (Rev. 08)
17. Create the VLAN user_302 with VLAN ID 302:
device-name(config vlan)#create user_302 302
18. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_302:
device-name(config vlan)#config user_302
device-name(config-vlan user_302)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_302)#exit
19. Display the configured VLANs:
device-name(config-vlan user_302)#show
==================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1- 1/ 2/ 8
user _100 | 100 | | 1/ 1/ 1, 1/ 2/ 1 |
user _101 | 101 | | 1/ 1/ 1, 1/ 2/ 1 |
user _102 | 102 | | 1/ 1/ 1, 1/ 2/ 1 |
user _200 | 200 | | 1/ 1/ 2, 1/ 2/ 1 |
user _201 | 201 | | 1/ 1/ 2, 1/ 2/ 1 |
user _202 | 202 | | 1/ 1/ 2, 1/ 2/ 1 |
user _300 | 300 | | 1/ 2/ 3, 1/ 2/ 1 |
user _301 | 301 | | 1/ 2/ 3, 1/ 2/ 1 |
user _302 | 302 | | 1/ 2/ 3, 1/ 2/ 1 |
device-name(config-vlan user_302)#end
device-name#show running-config vlan
. . .
! VLAN conf i gur at i on:
!
vl an
cr eat e user _100 100
conf i g user _100
add por t s 1/ 1/ 1, 1/ 2/ 1 t agged
!
vl an
cr eat e user _101 101
conf i g user _101
add por t s 1/ 1/ 1, 1/ 2/ 1 t agged
!
vl an
cr eat e user _102 102
conf i g user _102
add por t s 1/ 1/ 1, 1/ 2/ 1 t agged
!
vl an
cr eat e user _200 200
conf i g user _200
add por t s 1/ 1/ 2, 1/ 2/ 1 t agged
!
vl an
T-Marc 300 Series User Guide
Page 30
Configuring VLANs and Super VLANs (Rev. 08)
cr eat e user _201 201
conf i g user _201
add por t s 1/ 1/ 2, 1/ 2/ 1 t agged
!
vl an
cr eat e user _202 202
conf i g user _202
add por t s 1/ 1/ 2, 1/ 2/ 1 t agged
!
vl an
cr eat e user _300 300
conf i g user _300
add por t s 1/ 2/ 3, 1/ 2/ 1 t agged
!
vl an
cr eat e user _301 301
conf i g user _301
add por t s 1/ 2/ 3, 1/ 2/ 1 t agged
!
vl an
cr eat e user _302 302
conf i g user _302
add por t s 1/ 2/ 3, 1/ 2/ 1 t agged
! . . .
T-Marc 300 Series User Guide
Page 31
Configuring VLANs and Super VLANs (Rev. 08)
Management VLAN Configuration Example
This is an example for the management VLAN configuration. The device can be managed only by
VLAN 2. VLANs 100, 101 and 102 are created but the device cannot be managed from the
workstations, only from the management station.
Figure 6: Management VLAN Configuration Example
1. Enter VLAN Configuration mode:
device-name#configure terminal
device-name(config)#vlan
2. Remove management from VLANs 1, 34094 (only ports configured with VLAN ID 2 can
be use to manage the device):
device-name(config vlan)#no management 1,3-4094
3. Create the VLAN manage with VLAN ID 2:
device-name(config vlan)#create manage 2
4. Add port 1/1/2 as untagged to VLAN manage and add VLAN manage as PVID to port
1/1/2:
device-name(config vlan)#config manage
device-name(config-vlan manage)#add ports 1/1/2 untagged
device-name(config-vlan manage)#add ports default 1/1/2
device-name(config-vlan manage)#exit
5. Create the VLAN v100 with VLAN ID 100:
device-name(config vlan)#create v100 100
T-Marc 300 Series User Guide
Page 32
Configuring VLANs and Super VLANs (Rev. 08)
6. Add port 1/2/3 as untagged to VLAN v100 and add VLAN v100 as PVID to port 1/2/3.
Add port 1/2/7 as tagged to VLAN v100:
device-name(config vlan)#config v100
device-name(config-vlan v100)#add ports 1/2/3 untagged
device-name(config-vlan v100)#add ports default 1/2/3
device-name(config-vlan v100)#add ports 1/2/7 tagged
device-name(config-vlan v100)#exit
7. Create the VLAN v101 with VLAN ID 101:
device-name(config vlan)#create v101 101
8. Add port 1/2/4 as untagged to VLAN v101 and set VLAN v101 as PVID. Add port 1/2/7
as tagged to VLAN v101:
device-name(config vlan)#config v101
device-name(config-vlan v101)#add ports 1/2/4 untagged
device-name(config-vlan v101)#add ports default 1/2/4
device-name(config-vlan v101)#add ports 1/2/7 tagged
device-name(config-vlan v101)#exit
9. Create the VLAN v102 with VLAN ID 102:
device-name(config vlan)#create v102 102
10. Add port 1/2/5 as untagged to VLAN v102 and set VLAN v102 as PVID. Add port 1/2/7 as
tagged to VLAN v102:
device-name(config vlan)#config v102
device-name(config-vlan v102)#add ports 1/2/5 untagged
device-name(config-vlan v102)#add ports default 1/2/5
device-name(config-vlan v102)#add ports 1/2/7 tagged
device-name(config-vlan v102)#exit
11. Remove ports 1/1/21/2/5 from VLAN default:
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2-1/2/5
device-name(config-vlan default)#end
12. Display the management VLANs:
device-name#show vlan management
Management VLANs: 2
13. Display the VLAN configuration:
device-name#show vlan
===================================================================
Name | VTag| Rout I f | Tagged por t s | Unt agged por t s
- - - - - - - - - - - +- - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - -
def aul t | 1 | sw0 | | 1/ 1/ 1, 1/ 2/ 6- 1/ 2/ 8
manage | 2 | | | 1/ 1/ 2
v100 | 100 | | 1/ 2/ 7 | 1/ 2/ 3
v101 | 101 | | 1/ 2/ 7 | 1/ 2/ 4
v102 | 102 | | 1/ 2/ 7 | 1/ 2/ 5
T-Marc 300 Series User Guide
Page 33
Configuring VLANs and Super VLANs (Rev. 08)
Super VLANs
Overview
Super VLAN is a mechanism used to separate users which reside in the same VLAN into multiple
virtual broadcast domains.
With Super VLAN, systems administrators can use the same IPv4 subnet and default gateway IP
address for users residing in the same switched infrastructure. This helps in decreasing IPv4 address
consumption and the need for dedicated IP subnet for each VLAN.
VLANs that are members of a Super VLAN are called sub-VLANs. Each sub-VLAN is a
broadcast domain isolated at Layer 2. When users in different sub-VLANs need to communicate
with each other, they use the IP address of the virtual interface of the Super VLAN as the IP
address of the gateway. The virtual interface IP address is shared by multiple VLANs. This
minimizes the number of required IP addresses.
In case a sub VLAN needs to communicate with a sub VLAN in a different sub VLAN at Layer 3,
or in case a sub-VLAN communicates with other networks, you need to enable ARP proxy (for
more information, refer to the DeviceAdministrationchapter of this User Guide).
The below example illustrates the traffic flow in case Super VLAN is not configured: traffic
entering the user device port is not restricted to the uplink port; therefore, all the broadcast,
unknown, and multicast packets are spread over the entire device VLANs.
Figure 7: Switching Decisions without the Super VLAN Agent
As oppose to the above, the below example illustrates the traffic flow in case Super VLAN is
configured: once switching decisions are done, the Super VLAN agent overrules these decisions
and directs the traffic to the Super VLAN uplink port.
Figure 8: Switching Decisions with the Super VLAN Agent
T-Marc 300 Series User Guide
Page 34
Configuring VLANs and Super VLANs (Rev. 08)
Super VLAN Types
There are two types of Super VLAN:
Super VLAN layer 2Suitable for a Layer-2 switching environment, where the sub-VLANs
and Super VLAN share the same IP subnet mask. The Super VLAN provides enhanced
security between the customers, by disallowing communication between the sub-VLANs,
whether or not they are located in the same LAN.
Super VLAN ringtopologySuitable for ring topology networks using the Multiple Spanning
Tree Protocol (MSTP). In these cases traffic can flow either clockwise or counterclockwise.
Both ports connected to the ring are referred to as uplink ports, while the rest of the ports are
referred to as user ports. In this case the Super VLAN uplink has to be one of the two ports
that are connected to the rest of the ring.
Use this topology when the Super VLAN port has to be the root port of the bridge. In
this topology, the Super VLAN uplink-port is selected dynamically by the bridge between
the two uplink ports. If a topology change occurs, the Super VLAN uplink changes
automatically and the new Root port is selected as a Super VLAN uplink port.
In the figure below, one of the clients connected to device D sends broadcast traffic. The
traffic travels counterclockwise only, since the Super VLAN active uplink-port is the root
port. If the link between device B and A is disconnected, a topology change occurs and
Device D selects a new Super VLAN uplink-port. As a result traffic flows clockwise only.
Dynamic Super VLAN takes affect on all the bridges, except for the root bridge since it
does not have a root port (only designated ports).
Figure 9: Super VLAN Ring Mode Configuration Example
T-Marc 300 Series User Guide
Page 35
Configuring VLANs and Super VLANs (Rev. 08)
The Super VLAN Default Configuration
Table 7: Super VLAN Default Configuration
Parameter Default Value
Super VLAN Disabled
Residential user Disabled
Super VLAN ring mode Disabled
The Super VLAN Configuration Commands
Table 8: Super VLAN Commands
Command Description
super-vlan
Configures Super VLAN (see Defining a Super VLAN)
super-vlan ring-topology
Configures Super VLAN for networks with a ring topology
(see Configuring the Super VLAN Ring Topology)
show super-vlan
Displays the Super VLAN configuration (see Displaying
the Super VLAN Configuration)
Defining a Super VLAN
The super-vlan command configures Super VLAN on a physical port or a group of ports.
CLI Mode: Interface Configuration, Range Interface Configuration, LAG Range Interface
Configuration, and LAG Interface Configuration
Command Syntax
device-name(config-if UU1/SS1/PP1)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if UU1/SS1/PP1)#no super-vlan
device-name(config-if-group)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if-group)#no super-vlan
device-name(config-ag-group)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-ag-group)#no super-vlan
device-name(config-if AG0N)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if AG0N)#no super-vlan
Argument Description
UU2/SS2/PP2 The Unit, slot, and port number of the uplink port.
ag0N The LAG interface name, where N represents the LAG ID number in the range of
<0107>.
For detailed information, refer to the Configuring Interfaces chapter of this User
Guide.
T-Marc 300 Series User Guide
Page 36
Configuring VLANs and Super VLANs (Rev. 08)
no
Removes the Super VLAN from the port.
Configuring the Super VLAN Ring Topology
The super-vlan ring-topology command configures Super VLAN for networks with a ring
topology.
NOTE
You can enable the Super VLAN for a ring topology only if the MSTP (Multiple
Spanning Tree Protocol) is enabled.
By default, the Super VLAN ring topology is disabled.
CLI Mode:: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#super-vlan ring-topology UU1/SS1/PP1
UU2/SS2/PP2 [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no super-vlan
Argument Description
UU1/SS1/PP1 The first ring-port of the Super VLAN.
UU2/SS2/PP2 The second ring-port of the Super VLAN.
vlan <vlan-id> (Optional) an existing VLAN ID in the range <24094>. When you
specify this argument, only the corresponding MSTP instance root
decision is taken. If you do not use this argument, the MSTP instance
zero root decision is taken.
no
Removes Super VLAN from the configured user port.
Displaying the Super VLAN Configuration
The show super-vlan command displays the Super VLAN configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show super-vlan
Example
device-name#show super-vlan
===========================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - -
1/ 1/ 1 | r egul ar | 1/ 2/ 2
1/ 2/ 2 | r egul ar | 1/ 2/ 4
T-Marc 300 Series User Guide
Page 37
Configuring VLANs and Super VLANs (Rev. 08)
Configuration Examples
Super VLAN Configuration Example
In the figure below three users are connected to one uplink port. The users can connect only to this
uplink port.
Figure 10: Super VLAN Configuration
1. Enable Super VLAN on port 1/1/1 with the uplink 1/2/1:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#super-vlan 1/2/1
2. Enable Super VLAN on port 1/1/2 with the uplink 1/2/1:
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#super-vlan 1/2/1
3. Enable Super VLAN on port 1/2/3 with the uplink 1/2/1:
device-name(config-if 1/1/2)#interface 1/2/3
device-name(config-if 1/2/3)#super-vlan 1/2/1
device-name(config-if 1/2/3)#end
T-Marc 300 Series User Guide
Page 38
Configuring VLANs and Super VLANs (Rev. 08)
4. Display the port 1/1/1 configuration:
device-name#show interface 1/1/1
Name =
Type = DUAL ( 10/ 100/ 1000BaseT, MEDI A not i nst al l ed)
Enabl eSt at e = enabl e
Li nk = down
Dupl ex mode = aut onegot i at e
Speed = aut onegot i at e
Dupl ex speed st at us = f ul l - 100
Fl ow cont r ol mode = di sabl e
Fl ow cont r ol st at us = di sabl e
Backpr essur e = di sabl e
Br oadcast l i mi t = unl i mi t ed
Def aul t VLAN = 1
Super VLAN Por t = 1/ 2/ 1
Lear ni ng new addr ess = Enabl ed
5. Display the Super VLAN configuration:
device-name#show super-vlan
==================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - -
1/ 1/ 1 | r egul ar | 1/ 2/ 1
1/ 1/ 2 | r egul ar | 1/ 2/ 1
1/ 2/ 3 | r egul ar | 1/ 2/ 1
T-Marc 300 Series User Guide
Page 39
Configuring VLANs and Super VLANs (Rev. 08)
Super VLAN with Aggregated Uplink Configuration Example
In the following example, two users are connected to one uplink LAG (Link Aggregation Group)
port.
Figure 11: Super VLAN Configuration with LAG Uplink
Configuring Device 1:
Configure static link aggregation on ports 1/1/1 and 1/1/2:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation static id 1
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#link-aggregation static id 1
T-Marc 300 Series User Guide
Page 40
Configuring VLANs and Super VLANs (Rev. 08)
Configuring Device 2:
1. Configure static link aggregation on ports 1/2/1 and 1/2/2:
device-name#configure terminal
device-name(config)#interface 1/2/1
device-name(config-if 1/2/1)#link-aggregation static id 7
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#link-aggregation static id 7
2. Enable Super VLAN on ports 1/1/1 and 1/1/2 with uplink ag07:
device-name(config-if 1/2/2)#interface 1/1/1
device-name(config-if 1/1/1)#super-vlan ag07
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#super-vlan ag07
device-name(config-if 1/1/2)#end
3. Display the Super VLAN configuration:
device-name#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 1/ 1 | r egul ar | AG07
1/ 1/ 2 | r egul ar | AG07
T-Marc 300 Series User Guide
Page 41
Configuring VLANs and Super VLANs (Rev. 08)
Super VLAN Ring Topology Configuration
The figure below shows a ring topology with an entry point. Devices 2, 3 and 4 are configured with
Super VLAN in ring mode and MSTP is enabled. Device 1 is the MSTP Root and port 1/2/8 of
Device 4 is blocked.
For more information regarding the MSTP, refer to the ConfiguringMultipleSpanningTreeProtocol
(MSTP) chapter of this User Guide.
Figure 12: Super VLAN Ring Topology Example
Configuring Device 1
1. Configure Device 1 as MSTP Root and the bridge priority 0 for MST instance 0:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp 0 priority 0
Device1(cfg protocol)#exit
2. Configure the ring ports as Super VLAN ports:
Device1(config)#interface 1/2/6
Device1(config-if 1/2/6)#super-vlan ring-topology 1/1/1 1/1/2
Device1(config-if 1/2/6)#end
T-Marc 300 Series User Guide
Page 42
Configuring VLANs and Super VLANs (Rev. 08)
3. Display the Super VLAN configuration:
Device1#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 6 | r i ng- t opol ogy | 1/ 1/ 1 ( act i ve) , 1/ 1/ 2
Configuring Device 2
1. Enable MSTP and MSTP fast ring:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#mstp fast-ring enable
2. Configure the ring ports as Super VLAN ports:
Device2(config)#interface 1/2/6
Device2(config-if 1/2/6)#super-vlan ring-topology 1/1/1 1/1/2
Device2(config-if 1/2/6)#end
3. Display the Super VLAN configuration:
Device2#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 6 | r i ng- t opol ogy | 1/ 1/ 1 ( act i ve) , 1/ 1/ 2
Configuring Device 3
1. Enable MSTP and MSTP fast ring:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#mstp fast-ring enable
Device3(cfg protocol)#mstp fast-ring ring-ports 1/1/1 1/1/2
2. Configure Super VLAN on the user port 1/2/2:
Device3(config)#interface 1/2/2
Device3(config-if 1/2/2)#super-vlan ring-topology 1/1/1 1/1/2
Device3(config-if 1/2/2)#end
3. Display the Super VLAN configuration:
Device3#show super-vlan
=====================================================================
User I nt er f ace | Super VLAN Type | Upl i nk
- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1/ 2/ 2 | r i ng- t opol ogy | 1/ 1/ 1, 1/ 1/ 2 ( act i ve)
T-Marc 300 Series User Guide
Page 43
Configuring VLANs and Super VLANs (Rev. 08)
Configuring Device 4
1. Enable MSTP and MSTP fast ring:
Device4#configure terminal
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
Device4(cfg protocol)#mstp fast-ring enable
Device4(cfg protocol)#mstp fast-ring ring-ports 1/2/7 1/2/8
Device3(cfg protocol)#end
2. Configure Super VLAN on the user port 1/2/2:
Device4(config)#interface 1/2/2
Device4(config-if 1/2/2)#super-vlan ring-topology 1/2/7 1/2/8
Device4(config-if 1/2/2)#end
3. Display port 1/2/2 configuration:
Device4#show interface 1/2/2
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 61 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 62 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 63 | nc | gr een |
+-----------+--------+-------------+
Configuring Rate Limit with Priority Remarking
The following example configures a single rate limit on the device and remark the VPT on egress
packets. Any packet with source MAC 00:00:10:02:00:00 on port 1/1/2 is rate limited to 1
Mbps.
1. Create an ACL:
device-name(config)#access-list 401 permit host 00:00:10:02:00:00 any
2. Set the priority remarking policy:
device-name(config)#qos
device-name(config qos)#remark fc be drop-level green priority 5
device-name(config qos)#exit
3. Set the rate limit and apply statistics on port 1/ 1/ 2 :
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#mac access-group 401 option
device-name(config-if 1/1/2 acg 401)#rate-limit single-rate 1M 500K
[ War ni ng] Rat e can be r ounded t o t he next suppor t ed val ue!
device-name(config-if 1/1/2 acg 401)#statistics
device-name(config-if 1/1/2 acg 401)#apply
device-name(config-if 1/1/2)#end
T-Marc 300 Series User Guide
Page 45
Configuring Access Control Lists (ACLs) (Rev 09)
4. Display the priority remarking policy:
device-name#show qos egress remark
+- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - +
| QoS Par amet er s | Tx Remar k |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| FC | Dr op Level | Pr i or i t y |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| be | gr een | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| be | yel l ow | 0 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 2 | gr een | 1 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 2 | yel l ow | 1 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| af | gr een | 2 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| af | yel l ow | 2 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 1 | gr een | 3 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 1 | yel l ow | 3 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h2 | gr een | 4 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h2 | yel l ow | 4 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| ef | gr een | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| ef | yel l ow | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h1 | gr een | 6 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h1 | yel l ow | 6 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| nc | gr een | 7 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| nc | yel l ow | 7 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
5. Display configured MAC ACG:
device-name#show mac access-groups
i nt er f ace 1/ 1/ 2
mac access- gr oup 401 opt i on
r at e- l i mi t si ngl e- r at e 1000K 500K
6. Display configured MAC ACG statistics per port:
device-name#show mac access-groups 401 statistics interface 1/1/2
Access Li st 401 st at i st i cs:
i nt er f ace 1/ 1/ 2
Mat ch St at i st i cs:
Cl assi f i ed packet s: 0
T-Marc 300 Series User Guide
Page 46
Configuring Access Control Lists (ACLs) (Rev 09)
Supported Platforms
Feature T-Marc 340 T-Marc 380
Access Control Lists (ACLs) + +
Supported Standards, MIBs, and RFCs
Feature Standards MIBs RFCs
Access Control Lists
(ACLs)
No standards are
supported by this
feature.
Private MIB,
prvt_switch_access_list.mib
RFC 2697, A Single
Rate Three Color
Marker
RFC 2698, A Two
Rate Three Color
Marker
Page 1
Dhcp Snooping (Rev. 01)
DHCP Snooping
Table of Contents
Table of Figures 3
DHCP Snooping 4
Overview 4
The DHCP Snooping Command Hierarchy 5
Enabling/Disabling DHCP Snooping 7
Enabling DHCP Snooping on Ports 7
Enabling/Disabling DHCP Snooping on Trusted/Untrusted Ports 8
Configuring DHCP Snooping 9
Enabling/Disabling the DHCP-Snooping Binding Table 9
Adding Entries to the DHCP-Snooping Binding Table 10
Defining the Number of DHCP-Snooping Binding Table Entries 10
Copying the DHCP-Snooping Binding Table 11
Immediately Copying the DHCP-Snooping Binding Table 11
Configuring the DHCP-Snooping Port Security12
Enabling/Disabling the MAC-Address Match-Option 12
Enabling the DHCP-Snooping Chain Mode13
Enabling the Option-82 on a Port 14
Defining the Option-82 Circuit-ID14
Defining the Option-82 Fields Format 14
Filling the Relay Agent Field15
Defining the DHCP Option-82 Tag 16
Clearing the DHCP-Snooping Binding Table16
Clearing DHCP-Snooping Binding Entries 17
Displaying the DHCP-Snooping Binding Table 17
Displaying the DHCP Snooping Configuration Information 18
Displaying the DHCP Snooping Port Configuration Information 19
Displaying the DHCP-Snooping Option-82 Configuration 20
T-Marc 300 Series User Guide
Page 2
Dhcp Snooping (Rev. 01)
Displaying the GiaddrField Information 20
Configuration Example 21
Supported Standards, MIBs, and RFCs24
T-Marc 300 Series User Guide
Page 3
Dhcp Snooping (Rev. 01)
Table of Figures
Figure 1: DHCP Snooping in Action 4
Figure 2: DHCP Snooping Configuration Example21
T-Marc 300 Series User Guide
Page 4
Dhcp Snooping (Rev. 01)
DHCP Snooping
Overview
DHCP Snooping provides network security by filtering untrusted DHCP messages, (received from
outside the network and causing traffic attacks), and by building and maintaining a DHCP-
snooping binding table (see Enabling/ DisablingtheDHCP-SnoopingBindingTable).
DHCP Snooping works with information from a DHCP server to:
Track the physical location of hosts (DHCP clients)
Ensure that hosts only use the IP addresses assigned to them
Ensure that only authorized DHCP servers are accessible
DHCP Snooping acts like a firewall between untrusted hosts (DHCP clients) and DHCP servers.
Figure 1: DHCP Snooping in Action
T-Marc 300 Series User Guide
Page 5
Dhcp Snooping (Rev. 01)
The DHCP Snooping Command Hierarchy
+ enable
+ configure terminal
- ip dhcp snooping {enable | disable}
- [no] ip dhcp snooping interface-mode interface {PORT-LIST | PORT-
AG-LIST} [vlan VLAN-LIST]
- ip dhcp snooping interface {PORT-LIST | PORT-AG-LIST} {trusted |
untrusted}
- [no] ip dhcp snooping force-broadcast-request
- ip dhcp snooping binding-table {enable | disable}
- [no] ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH vlan
<vlan-id> interface UU/SS/PP
- ip dhcp snooping binding-table max-entries <binding-entries>
- [no] ip dhcp snooping binding-table tftp A.B.C.D file name FILE-
NAME write-delay <time period>
- ip dhcp snooping binding-table upload tftp A.B.C.D filename FILE-
NAME
- [no] ip dhcp snooping port-security interface PORT-LIST [vlan-id
<vlan-id>]
- ip dhcp snooping match-mac {enable | disable}
- ip dhcp snooping information option chain-mode
- [no] ip dhcp snooping information option circuit-id WORD port
UU/SS/PP vlan-id <vlan-id>
- ip dhcp snooping set-relay-agent-address
- ip dhcp snooping information option chain-mode set-relay-agent-
address
+ interface UU/SS/PP
- [no] ip dhcp snooping information option
- [no] ip dhcp snooping information option format binary
[remote-id]
- ip dhcp snooping information option tag <1-65535>
- no ip dhcp snooping information option tag
- ip dhcp snooping interface {trusted | untrusted}
- clear ip dhcp snooping binding-table [static | learned | all]
- clear ip dhcp snooping binding-table ip A.B.C.D vlan <vlan-id>
- clear ip dhcp snooping binding-table mac HH:HH:HH:HH:HH:HH vlan <vlan-
id>
- show ip dhcp snooping binding {interface UU/SS/PP | vlan <vlan-id>}
- show ip dhcp snooping configuration
- show ip dhcp snooping interface {UU/SS/PP | aggregations | all}
- show ip dhcp snooping option82
T-Marc 300 Series User Guide
Page 6
Dhcp Snooping (Rev. 01)
- show ip dhcp snooping set-relay-agent-address
T-Marc 300 Series User Guide
Page 7
Dhcp Snooping (Rev. 01)
Enabling/Disabling DHCP Snooping
Caution
Do not enable DHCP Snooping while DHCP Relay is enabled. DHCP Snooping
and DHCP Relay cannot operate concurrently on a device.
The ip dhcp snooping command enables/disables the DHCP Snooping globally.
NOTE
For DHCP Snooping to function properly, all DHCP servers must be connected to
the device through trusted interfaces.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping {enable | disable}
Argument Description
enable
Enables DHCP Snooping
disable
Disables DCHP Snooping
Disabled
Enabling DHCP Snooping on Ports
The ip dhcp snooping interface-mode command enables DHCP Snooping on ports and
optionally defines VLANs to which the ports belong.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping interface-mode interface {PORT-LIST |
PORT-AG-LIST} [vlan VLAN-LIST]
device-name(config)#no ip dhcp snooping interface-mode interface {PORT-LIST |
PORT-AG-LIST} [vlan VLAN-LIST]
Argument Description
PORT-LIST
List of ports. Use commas as separators and hyphens to indicate sub-
ranges (for example: 1/2/11/2/8, 1/1/2)
PORT-AG-LIST
LAG names list (for example, ag01, ag04ag07), in the range of <17>
T-Marc 300 Series User Guide
Page 8
Dhcp Snooping (Rev. 01)
VLAN-LIST
(Optional) a list of VLAN IDs to which the ports belong, in the following
format:
A hyphenated range of VLANs (for example: 832)
Several VLAN numbers and/or ranges, separated by commas (for
example: 2,4,832)
no
Restores to default
Enabling/Disabling DHCP Snooping on
Trusted/Untrusted Ports
The ip dhcp snooping interface command enables/disables DHCP Snooping on
trusted/untrusted ports.
CLI Mode: Global Configuration and Interface Configuration
Command Syntax
device-name(config)#ip dhcp snooping interface {PORT-LIST | PORT-AG-LIST}
{trusted | untrusted}
device-name(config-if UU/SS/PP)#ip dhcp snooping interface {trusted |
untrusted}
Argument Description
PORT-LIST
List of ports. Use commas as separators and hyphens to indicate sub-
ranges (for example: 1/2/11/2/8, 1/1/2)
PORT-AG-LIST
LAG names list (for example, ag01, ag04ag07), in the range of <17>
trusted
Enables DHCP Snooping on trusted port(s). Trusted ports receive only
packets from within the network, the outside-coming packets are simply
forwarded.
The trusted ports are used to reach a DHCP server or relay agent, and
DHCP information from them is not logged in the DHCP-snooping
binding table.
untrusted
Enables DHCP Snooping on untrusted port(s). Untrusted ports receive
messages from outside the network.
Untrusted
T-Marc 300 Series User Guide
Page 9
Dhcp Snooping (Rev. 01)
Configuring DHCP Snooping
The ip dhcp snooping force-broadcast-request command invokes DHCP Snooping when
intercepting a unicast RENEWING request. The renewing packet is rewritten with a full broadcast
destination address.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping force-broadcast-request
device-name(config)#no ip dhcp snooping force-broadcast-request
Argument Description
no
Disables the force-broadcast-request option
Enabling/Disabling the DHCP-Snooping Binding Table
The ip dhcp snooping binding-table command enables/disables the DHCP-snooping
binding table.
The DHCP-snooping binding table contains the MAC address, the IP address, the lease time, the
binding type, the VLAN number, and the ports information that corresponds to the local
untrusted ports.
The DHCP-snooping binding table does not contain information about hosts that are connected to
trusted ports.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table {enable | disable}
Argument Description
enable
Enables the DHCP-snooping binding table.
disable
Disables the DHCP-snooping binding table
Disabled
T-Marc 300 Series User Guide
Page 10
Dhcp Snooping (Rev. 01)
Adding Entries to the DHCP-Snooping Binding Table
The ip dhcp snooping binding command adds staticentries to the DHCP-snooping binding
table.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH vlan
<vlan-id> interface UU/SS/PP
device-name(config)#no ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH
vlan <vlan-id> interface UU/SS/PP
Argument Description
A.B.C.D
The binding entrys IP address
HH:HH:HH:HH:HH:HH
The binding entrys MAC address
vlan <vlan-id>
The VLAN to which the port belongs, in the range of <14094>
UU/SS/PP
An untrusted port for which to add/delete a binding entry
no
Deletes entries from the binding table
Defining the Number of DHCP-Snooping Binding Table
Entries
The ip dhcp snooping binding-table max-entries command defines the maximum number
of entries of the DHCP-snooping binding table.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table max-entries <binding-
entries>
Argument Description
binding-entries
The maximum number of the table entries, in the range of <10010000>
T-Marc 300 Series User Guide
Page 11
Dhcp Snooping (Rev. 01)
Copying the DHCP-Snooping Binding Table
The ip dhcp snooping binding-table tftp command periodically copies the DHCP-
snooping binding table to a TFTP server. Upon reload, the device reads the file to build the
database for the bindings.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table tftp A.B.C.D file name
FILE-NAME write-delay <time period>
device-name(config)#no ip dhcp snooping binding-table tftp
Argument Description
A.B.C.D
The TFTP servers IP address
FILE-NAME
The name of the copied file
write-delay
<time period>
The time at which the file is uploaded to the TFTP server, in the range of
<6086400>seconds
300 seconds
no
Disables the coping
Immediately Copying the DHCP-Snooping Binding
Table
The ip dhcp snooping binding-table upload tftp command immediately copies the
DHCP-snooping binding table to a TFTP server.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping binding-table upload tftp A.B.C.D
filename FILE-NAME
Argument Description
A.B.C.D
The TFTP servers IP address
FILE-NAME
The name of the copied file
T-Marc 300 Series User Guide
Page 12
Dhcp Snooping (Rev. 01)
Configuring the DHCP-Snooping Port Security
The ip dhcp snooping port-security interface command enables DHCP-snooping port
security (see chapter ConfiguringInterfacesof this User Guide) on an untrusted port(s). This feature
blocks the network traffic to DHCP clients that have not obtained their IP addresses from DHCP
servers connected to trusted ports. To communicate, the DHCP clients have to renew their IP
addresses.
Each time, when the DHCP client is plugged into an untrusted port on which DHCP-snooping
port security option is enabled, the DHCP clients have to renew their IP addresses.
NOTE
When the DHCP clients IP address is statically changed, the combination of Port
Security and Dynamic ARP Inspection features ensure blocking of the Layer-3 traffic
on untrusted ports of the DHCP-snooping-enabled device.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping port-security interface PORT-LIST [vlan-
id <vlan-id>]
device-name(config)#no ip dhcp snooping port-security interface PORT-LIST
[vlan-id <vlan-id>]
Argument Description
PORT-LIST
List of ports. Use commas as separators and hyphens to indicate sub-ranges
(for example: 1/2/11/2/8, 1/1/2).
vlan-id
<vlan-id>
(Optional) defines a VLAN ID in the range of <14094>to which the ports
belong.
no
Restores to default
Disabled
Enabling/Disabling the MAC-Address Match-Option
The ip dhcp snooping match-mac command enables/disables the MAC-address match-option.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping match-mac {enable | disable}
T-Marc 300 Series User Guide
Page 13
Dhcp Snooping (Rev. 01)
Argument Description
enable
Enables the MAC address match-option: the source MAC address in the
Ethernet header is compared to the chaddr field in the DHCP payload (within
the DHCP packet):
If the address does not match the chaddr field, the DHCP packet is
dropped
If the address matches the chaddr field, the deviceon which DHCP
Snooping is enabledforwards the packet
This comparison procedure is not performed for trusted ports.
disable
Disables the MAC address match-option
Disabled
Enabling the DHCP-Snooping Chain Mode
The ip dhcp snooping information option chain-mode command enables the DHCP-
snooping chain mode i.e. DHCP Snooping is enabled on more than one device on the providers
network. This feature allows DHCP packets to be exchanged between the DHCP client and
DHCP server without being dropped by the DHCP-snooping devices located between the DHCP
client and DHCP server.
Enabling the DHCP-snooping chain mode is also required when the DHCP server and the DHCP
client are located on different Layer-2 networks, and a DHCP-relay device exits between these
networks.
In the DHCP-snooping chain mode, DHCP Snooping requires all DHCP packets to contain
Option-82 data. Option 82 allows a DHCP-relay device to insert specific information into a request
forwarded to a DHCP server (see RFC 3046).
DHCP Snooping defines the DHCP packets destination by checking Option-82 fields. When a
DHCP-Snooping-enabled device receives a packet that is not destined for it, the device forwards
the packet to all trusted ports.
DHCP servers that do not support Option-82, strip the Option-82 field from the replies.
NOTE
Configure Option-82 on all devices in the ring topology.
Each device must have a unique Option-82 value. The unique Option-82 value
can be a remote-ID (MAC), a unique TAG, or a unique circuit-id.
In the ring topology, when the DHCP-snooping chain mode is enabled, all
Option-82-enabled devices and the DHCP servers must be in the same subnet.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#[no] ip dhcp snooping information option chain-mode
Argument Description
no
Disables the chain mode
T-Marc 300 Series User Guide
Page 14
Dhcp Snooping (Rev. 01)
Defining the Option-82 Circuit-ID
The ip dhcp snooping information option circuit-id command defines the circuit-ID. The
circuit-ID describes the port originating the packet.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping information option circuit-id WORD port
UU/SS/PP vlan-id <vlan-id>
device-name(config)#no ip dhcp snooping information option circuit-id port
UU/SS/PP vlan-id <vlan-id>
Argument Description
WORD
Circuit-ID, a text string of 256 characters. The circuit-ID string cannot be
configured to 8, 15, 18, or 20 characters. Otherwise, a warning message
appears:
[ War ni ng] The speci f i ed ci r cui t I D mi ght not wor k pr oper l y
i f combi ned wi t h ot her conf i gur ed i nf or mat i on opt i ons.
More than one circuit-ID can be defined per port. If a port is a member of
several VLANs, only one circuit-id can be defined for a port-VLAN
combination.
UU/SS/PP
The related port
vlan-id
VLAN ID, in the range of <14094>
no
Removes the defined circuit-ID: the information contained in the Option-82
field is used to define the packet retransmit path
Enabling the Option-82 on a Port
The ip dhcp snooping information option command enables the Option-82 on a port.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#[no] ip dhcp snooping information option
Argument Description
no
Disables the Option-82
Disabled
T-Marc 300 Series User Guide
Page 15
Dhcp Snooping (Rev. 01)
Defining the Option-82 Fields Format
The ip dhcp snooping information option format binary command determines the format
of Option-82 field contained in packets coming from the DHCP client.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ip dhcp snooping information option format
binary [remote-id]
device-name(config-if UU/SS/PP)#no ip dhcp snooping information option format
binary
Argument Description
remote-id
(Optional) inserts the MAC address of the relay agent at the end of the Option-
82 field
no
Restores to default
ASCII format
Filling the Relay Agent Field
The ip dhcp snooping set-relay-agent-address and ip dhcp snooping information
option chain-mode set-relay-agent-address commands fill in the giaddr field (IP address of
a DHCP-relay device) of the DHCP clients packet. As a result, the DHCP server includes Option-
82 when returns DHCP packets to the DHCP clients.
DHCP servers do not echo Option-82 when a DHCP packet with giaddr field of 0 is received.
NOTE
To fill in the giaddr field using the i p dhcp snoopi ng set - r el ay- agent - addr ess
command in chain mode, first execute the i p dhcp snoopi ng i nf or mat i on
opt i on chai n- mode set - r el ay- agent - addr ess command.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#ip dhcp snooping set-relay-agent-address
device-name(config)#ip dhcp snooping information option chain-mode set-relay-
agent-address
T-Marc 300 Series User Guide
Page 16
Dhcp Snooping (Rev. 01)
Defining the DHCP Option-82 Tag
The ip dhcp snooping information option tag command defines the DHCP Option-82 tag
value.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ip dhcp snooping information option tag <1-
65535>
device-name(config-if UU/SS/PP)#no ip dhcp snooping information option tag
Argument Description
tag <1-65535>
Option-82 tag value, in the range of <165535>
no
Removes the Option-82 tag
Clearing the DHCP-Snooping Binding Table
The clear ip dhcp snooping binding-table command clears all entries from the DHCP-
snooping binding table.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear ip dhcp snooping binding-table [static | learned | all]
Argument Description
static
(Optional) only static entries are cleared.
learned
(Optional) only dynamically learned entries are cleared.
all
(Optional) all entries are cleared.
T-Marc 300 Series User Guide
Page 17
Dhcp Snooping (Rev. 01)
Clearing DHCP-Snooping Binding Entries
The clear ip dhcp snooping binding-table ip command clears a DHCP-snooping binding
entry specified by the DHCP clients IP address.
The clear ip dhcp snooping binding-table mac command clears a DHCP-snooping binding
entry specified by the DHCP clients MAC address.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#clear ip dhcp snooping binding-table ip A.B.C.D vlan <vlan-id>
device-name#clear ip dhcp snooping binding-table mac HH:HH:HH:HH:HH:HH vlan
<vlan-id>
Argument Description
A.B.C.D
The DHCP clients IP address
HH:HH:HH:HH:HH:HH
The DHCP clients MAC address
vlan <vlan-id>
The VLAN ID, in the range of <14094>
Displaying the DHCP-Snooping Binding Table
The show ip dhcp snooping binding command displays DHCP-snooping binding table entries
learned from DHCP Snooping. If no argument is specified, all entries are displayed.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping binding {interface UU/SS/PP | vlan <vlan-
id>}
Argument Description
UU/SS/PP
Displays table entries for the selected untrusted port
vlan <vlan-id>
Displays table entries for the selected VLAN ID, in the range of <1
4094>
T-Marc 300 Series User Guide
Page 18
Dhcp Snooping (Rev. 01)
Example
Display the DHCP-snooping binding entries for a specified VLAN:
device-name#show ip dhcp snooping binding vlan 1
Fl ags : V - val i d, P - per m. l ease, I - i ncompl et e, L - l ear ned, S - st at i c
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| I P addr ess | VLAN | MAC addr ess | I nt er f ace | Fl ags | Lease |
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| 1. 1. 1. 2| 1| 00: FF: 00: 00: 00: 01 | 1/ 1/ 2| V L | 43187|
| 1. 1. 1. 3| 1| 00: FF: 00: 00: 00: 02 | 1/ 1/ 2| V L | 43199|
| 1. 1. 1. 1| 1| 00: FF: 00: 00: 00: 00 | 1/ 1/ 2| V L | 43175|
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
Table 1: Parameters Displayed by the show i p dhcp snoopi ng bi ndi ng Command
Field Description
IP Address DHCP clients IP address
VLAN VLAN ID of the DHCP clients port
MAC Address DHCP clients MAC address
Interface Port connected to the DHCP client
Type Binding type; statically configured from CLI or dynamically learned
Lease (seconds) IP address lease time
Displaying the DHCP Snooping Configuration
Information
The show ip dhcp snooping configuration command displays DHCP Snooping
configuration.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping configuration
Example
device-name#show ip dhcp snooping configuration
=====================================================================
| DHCP SNOOPI NG - CONFI GURATI ON SUMMARY |
=====================================================================
DHCP Snoopi ng modul e cur r ent st at e : ENABLE
Cur r ent Mode : RI NG MODE
Mat ch MAC addr ess : DI SABLE
DHCP Snoopi ng Dat abase Use : ENABLE
DHCP Snoopi ng Dat abase Max Ent r i es Val ue : 10000
TFTP Ser ver I P addr ess : 192. 168. 0. 34
T-Marc 300 Series User Guide
Page 19
Dhcp Snooping (Rev. 01)
The f i l ename of Upl oaded DB : snoop_db. 4. 134. t xt
The i nt er val of per i odi c upl oads i n seconds : 180
set - r el ay- agent - addr ess opt i on : conf i gur ed
DHCP Snoopi ng debug messages : DI SABLE
===========================================================
| DHCP Snoopi ng I nt er f aces St at es |
===========================================================
TRUSTED 1/ 2/ 2
UNTRUSTED 1/ 2/ 1 | 1/ 2/ 3 - 1/ 2/ 8
===========================================================
| DHCP Snoopi ng Vl ans - I nt er f ace mode |
===========================================================
VLAN I D | 1
===========================================================
| DHCP Snoopi ng Aggr egat i ons - I nt er f ace mode |
===========================================================
AGGREGATI ON TRUSTED
AGGREGATI ON UNTRUSTED AG01
=====================================================================
| DHCP Snoopi ng Opt i on 82 Conf i gur at i on |
| I nt er f ace | Opt i on For mat | Tag | Opt i on Pol i cy |
=====================================================================
on vl an: 1 asci i 00001 dr op
Displaying the DHCP-Snooping Port Information
The show ip dhcp snooping interface command displays DHCP-snooping configuration
information for port(s).
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping interface {UU/SS/PP | aggregations | all}
Argument Description
UU/SS/PP
Displays information for a specific port
aggregations
Displays information for all trusted and untrusted LAGs
all
Displays information for all trusted and untrusted ports
Example
device-name#show ip dhcp snooping interface 1/1/1
| 1/ 1/ 1 | TRUSTED
T-Marc 300 Series User Guide
Page 20
Dhcp Snooping (Rev. 01)
Displaying the DHCP-Snooping Option-82 Information
The show ip dhcp snooping option82 command displays the DHCP-snooping Option-82
configuration information.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping option82
Example
device-name#show ip dhcp snooping option82
ON PORT: 1/ 1/ 2
FORMAT: ASCI I
TAG: 1
POLI CY: DROP
Displaying the Giaddr Field Information
The show ip dhcp snooping set-relay-agent-address command displays whether the giaddr
field is inserted in the DHCP packet.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show ip dhcp snooping set-relay-agent-address
Example
device-name#show ip dhcp snooping set-relay-agent-address
set - r el ay- agent - addr ess i s enabl ed
T-Marc 300 Series User Guide
Page 21
Dhcp Snooping (Rev. 01)
Configuration Example
The following example is based on Figure 2 and shows how to configure DHCP Snooping on the
devices.
Figure 2: DHCP Snooping Configuration Example
Configuring Device A:
1. Enter the VLAN Configuration mode and select the default VLAN:
DeviceA(config)#vlan
DeviceA(config vlan)#config default
2. Remove ports 1/2/1 to 1/2/8 from the default VLAN:
DeviceA(config-vlan default)#remove ports 1/2/11/2/8
DeviceA(config-vlan default)#exit
3. Configure a VLAN named V9 with VLAN ID 9 and add to it a port list 1/2/11/2/8 as
untagged:
DeviceA(config vlan)#create v9 9
DeviceA(config vlan)#config v9
DeviceA(config-vlan v9)#add ports 1/2/11/2/8 untagged
DeviceA(config-vlan v9)#add ports default 1/2/11/2/8
DeviceA(config-vlan v9)#exit
DeviceA(config-vlan)#exit
4. Enable DHCP Snooping:
DeviceA(config)#ip dhcp snooping enable
5. Enable DHCP-snooping binding table:
DeviceA(config)#ip dhcp snooping binding-table enable
6. Enable DHCP-snooping on a port list 1/2/11/2/8:
DeviceA(config)#ip dhcp snooping interface-mode interface 1/2/11/2/8 vlan
9
7. Define port 1/2/3 as trusted:
DeviceA(config)#ip dhcp snooping interface 1/2/3 trusted
T-Marc 300 Series User Guide
Page 22
Dhcp Snooping (Rev. 01)
Configuring DHCP server:
1. Define a subnet number:
DHCPS(config)#service dhcp
DHCPS(config-dhcp)#subnet 9.0.0.0/8
2. Define a IP address range for clients to 9.20.1.10 up to 9.20.1.100:
DHCPS(config-dhcp-subnet)#range 9.20.1.10 9.20.1.100
DHCPS(config-dhcp-subnet)#exit
3. Enable the DHCP server:
DHCPS(config)#service dhcp enable
Configuring Host1 as DHCP client:
Restart the DHCP client:
Host1(config)#ip address dhcp renew
Checking the DHCP-Snooping database:
DeviceA#show ip dhcp snooping binding interface 1/2/5
Fl ags : V - val i d, P - per m. l ease, I - i ncompl et e, L - l ear ned, S - st at i c
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| I P addr ess | VLAN | MAC addr ess | I nt er f ace | Fl ags | Lease |
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
| 9. 20. 1. 99| 9| 00: 0B: 2B: 01: 56: 86 | 1/ 2/ 5| V L | 120|
+- - - - - - - - - - - - - - - - - +- - - - - - +- - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - - +
Display configuration information for all ports on Device A:
DeviceA#show ip dhcp snooping configuration
=====================================================================
| DHCP SNOOPI NG - CONFI GURATI ON SUMMARY |
=====================================================================
DHCP Snoopi ng modul e cur r ent st at e : ENABLE
Cur r ent Mode : I NTERFACE MODE
Mat ch MAC addr ess : DI SABLE
DHCP Snoopi ng Dat abase Use : ENABLE
DHCP Snoopi ng Dat abase Max Ent r i es Val ue : 10000
TFTP Ser ver I P addr ess : NOT CONFI GURED
The f i l ename of Upl oaded DB : NOT CONFI GURED
The i nt er val of per i odi c upl oads i n seconds : 180
set - r el ay- agent - addr ess opt i on : conf i gur ed
DHCP Snoopi ng debug messages : DI SABLE
===========================================================
| DHCP Snoopi ng I nt er f aces St at es |
===========================================================
TRUSTED 1/ 2/ 3
UNTRUSTED 1/ 2/ 5
T-Marc 300 Series User Guide
Page 23
Dhcp Snooping (Rev. 01)
===========================================================
| DHCP Snoopi ng Vl ans - I nt er f ace mode |
===========================================================
VLAN I D | 9
===========================================================
| DHCP Snoopi ng Aggr egat i ons - I nt er f ace mode |
===========================================================
AGGREGATI ON TRUSTED
AGGREGATI ON UNTRUSTED AG01
=====================================================================
| DHCP Snoopi ng Opt i on 82 Conf i gur at i on |
| I nt er f ace | Opt i on For mat | Tag | Opt i on Pol i cy |
=====================================================================
i p dhcp snoopi ng i nf or mat i on opt i on not set
T-Marc 300 Series User Guide
Page 24
Dhcp Snooping (Rev. 01)
Supported Standards, MIBs, and RFCs
Features Standards MIBs RFCs
DHCP Snooping No standards are
supported by this
feature.
Private MIB,
prvt_dhcp.mib
RFC 951, Bootstrap
Protocol (BOOTP)
RFC 1542, Clarifications
and Extensions for the
Bootstrap Protocol
RFC 2131, Dynamic Host
Configuration Protocol
RFC 2132, DHCP Options
and BOOTP Vendor
Extensions
RFC 3046, DHCP Relay
Agent Information Option
Page 1
Configuring Quality of Service (QoS) (Rev. 11)
Configuring Quality of Service (QoS)
Table of Figures 4
Overview 5
Implementation 5
Traffic Analysis 5
Basic QoS Architecture 7
The Packets QoS Attributes 8
QoS Profile 8
Sorting Packets for QoS 9
Traffic Scheduling10
Strict Priority (SP) 10
Weighted Round Robin (WRR) 11
Hybrid Scheduling12
Egress Traffic Shaping12
Storm Control12
QoS Default Configuration13
QoS Mappings Default Configuration14
Scheduler Profile Default Configuration16
Shaper Default Configuration16
Port Default Configuration16
QoS Configuration Flow17
QoS Configuration Commands18
Configuring QoS22
Configuring the Network Policy22
Applying the Network Policy per Port 23
Adding the Description for Network Policy23
Configuring the Network Ingress Policy24
Enabling/ Disabling the Trusted Mode DSCP24
Enabling/ Disabling the Trusted Mode Priority24
T-Marc 300 Series User Guide
Page 2
Configuring Quality of Service (QoS) (Rev. 11)
Applying the QoS Default Mapping on Port 25
Configuring the Network Egress Remarking25
Defining Tail-Drop Profiles26
Configuring the Network Egress Policy27
Configuring the Queue on Egress Network27
Applying Tail-Drop Profiles28
Applying the Shaping Profile28
Applying Scheduling Profile on Egress Policy29
Configuring the DSCP to FC and Color Mapping29
Configuring the Dot1p to FC and Color Mapping30
Configuring the Service Policy31
Adding the Description for the Service Policy31
Configuring the Service Ingress Policy32
Configuring the Service Queues32
Applying Tail-Drop Profiles32
Applying the Service Policy Shaping Profile33
Applying the Service Scheduling Profile33
Binding the Service Policy on a TLS Service34
Applying the Service Policy on a SAP35
Configuring the Shaper Profile36
Configuring Scheduling SP Profile37
Configuring the Scheduling WRR Profile37
Configuring the Scheduling Hybrid-1 Profile38
Configuring the Scheduling Hybrid-2 Profile38
Configuring the Scheduling Hybrid-3 Profile39
Configuring the Scheduling Hybrid-4 Profile39
Configuring the Scheduling Hybrid-5 Profile40
Configuring the Scheduling Hybrid-6 Profile40
Displaying the Network Policy Configuration41
Displaying the QoS Port Configuration43
Displaying the Scheduler Profile Configuration43
Displaying the Shaper Profile Configuration44
Displaying the Tail-Drop Profile Information45
Displaying the SAP Service Information46
Displaying the Service Policy Information47
Displaying the Dot1p to FC Mapping48
T-Marc 300 Series User Guide
Page 3
Configuring Quality of Service (QoS) (Rev. 11)
Displaying the DSCP to FC Mapping48
Displaying the Egress Mapping and Remarking50
Configuring the Traffic Type51
Displaying the Storm Control Settings 52
Filtering Egress Broadcast Packets53
Filtering Egress Unknown-Unicast Packets53
Filtering Egress Multicast Packets54
Configuration Examples55
Mapping Priority55
Configuring the DSCP-to-FC Mapping56
Configuring the Traffic Shaping Per-port57
Configuring QoS Service Policy58
Supported Platforms60
Supported Standards, MIBs, and RFCs60
T-Marc 300 Series User Guide
Page 4
Configuring Quality of Service (QoS) (Rev. 11)
Table of Figures
Figure 1: Basic QoS Architecture 7
Figure 2: 802.1p Priority Header Fields 9
Figure 3: Type of Service (ToS) Header Fields 9
Figure 4: Strict Priority Queuing11
Figure 5: Weighted Round Robin Queuing12
Figure 6: QoS Configuration Flow17
T-Marc 300 Series User Guide
Page 5
Configuring Quality of Service (QoS) (Rev. 11)
Overview
QoS refers to the mechanisms used for controlling and reserving network resources in order to
provide different priority to specific applications/ data flows and to guarantee their level of
performance. This preferential treatment might be at the expense of other traffic flows.
Implementing QoS in a network makes its performance more predictable and bandwidth utilization
more effective.
QoS policies have little effect during periods of light traffic since packets are transmitted as soon as
they arrive. They are effective at times of congestion, when a port cannot transmit all packets
simultaneously and there is a need for defining the order in which the queued packets are
transmitted.
Implementation
The typical QoS model is based on the following:
At the network edge (ingress), the packet is assigned to a QoS service. The service is assigned
based on the packet header information (if the packet is trusted) or on the ingress port
configuration (in cases where the packet is untrusted).
The QoS service defines the packet internal QoS handling (Class of ServiceCoS and drop
precedenceColor) and optionally the packet external QoS marking, through either the
802.1p User Priority and/ or the IP header DSCP field.
Subsequent devices within the network core provide consistent QoS treatment to traffic, based
on the packet 802.1p or DSCP marking. As a result, an end-to-end QoS solution is provided.
A device may modify the assigned CoS if a packet stream exceeds the configured profile. In
this case, the packet may be dropped or reassigned to a lower CoS.
The device incorporates the required QoS features to implement network-edge as well as network-
core devices:
The device provides flexible mechanisms to classify packets into as many as 128 different
services.
Up to 256 Traffic Policers may be used to control the maximum rate of specific traffic flows,
each of them can be bound to a flow or a flow aggregate.
The packet header may have its User Priority and/ or DSCP set to reflect the CoS assignment.
Service application mechanism is based on eight egress priority queues per port (including the
CPU port), on which congestion-avoidance and congestion-resolution policies are applied.
Traffic Analysis
To effectively configure QoS, analyze the types of traffic using the port and determine their relative
bandwidth demands. Also evaluate the supported applications sensitivity to:
Delay/ latencythe time a packet takes before it reaches its destination.
T-Marc 300 Series User Guide
Page 6
Configuring Quality of Service (QoS) (Rev. 11)
Jitterthe variation of delay/ latency that can seriously affect the quality of streaming audio
and/ or video.
Packet lossthe routers may fail to deliver some packets if they arrive when their buffers are
already full. Some, none, or all of the packets may be dropped, depending on the state of the
network. The receiving application might ask for this information to be retransmitted, possibly
causing severe delays in the overall transmission.
The below table details general guidelines for classifying traffic types:
Table 1: Traffic Types
Traffic Type Description
Voice Demands small amounts of bandwidth. However, the bandwidth must be
constant and predictable because voice applications are sensitive to latency
(inter-packet delay) and jitter.
Video Similar to voice application but requires larger bandwidth, depending on the
encoding.
Some applications can transmit large amounts of data for multiple streams in
one spike or burst, causing the device to buffer significant amounts of sent
video-stream data. This might cause difficulties at the network infrastructure
level, since it must be able to buffer the transmitted spikes when they occur
especially where there are line rate differences (for example, going from
Gigabit Ethernet to Fast Ethernet).
Database Does not demand significant bandwidth and is tolerant to delay. Therefore it
requires minimum bandwidth and can be set to use lower priority than the
more delay-sensitive applications.
Web browsing Cannot be generalized into a single category. You can distinguish casual and
application-oriented traffic from each other by their server source and
destinations.
Most browser-based applications have an asymmetric dataflow (small
dataflow from the clients browser and large dataflow from the server to the
client). An exception to this pattern might be created by some J ava-based
applications.
Web-based applications are generally tolerant of latency, jitter, and some
packet loss. However even a small amount of packet-loss m might have a
large impact on perceived performance, due to the nature of TCP.
File server Has the greatest demand on bandwidth, although it is tolerant to latency,
jitter, and some packet loss, depending on the network operating system and
the use of TCP or UDP.
T-Marc 300 Series User Guide
Page 7
Configuring Quality of Service (QoS) (Rev. 11)
Basic QoS Architecture
The following figure illustrates QoS processing, divided in ingress and egress pipe units.
Figure 1: Basic QoS Architecture
Table 2: Ingress & Egress Pipes
Ingress & Egress Pipes Description
(Ingress) QoS Initial
Marking
QoS initial marking associates every packet classified as data with a
set of QoS attributes that determine the QoS processing by
subsequent stages. The sequence of the markers is important and is
as shown in the above figure.
(Ingress) Traffic Policing
and QoS Remarking
If enabled on a policy-based traffic flow, and if the packet is
classified as data, the policer meters the given flow according to a
configurable rate profile and classifies packets as either in-profile or
out-of-profile. Out-of-profile packets may be discarded or have their
QoS attributes remarked.
(Egress) QoS
Enforcement
QoS enforcement utilizes eight egress queue-priorities per port.
Congestion avoidance and congestion resolution techniques are
used to provide the required service.
(Egress) QoS Initial
Marking
QoS initial marking associates every packet with a set of QoS
attributes that determine QoS processing by subsequent stages.
Potentially, all types of packetsdata, control, and mirrored to
analyzer portare subject to egress QoS initial marking.
(Egress) Setting the
Packet Headers QoS
Fields
The packet header 802.1p User Priority and/or IP-DSCP is defined
or modified.
T-Marc 300 Series User Guide
Page 8
Configuring Quality of Service (QoS) (Rev. 11)
The Packets QoS Attributes
Every packet classified as data has an assigned set of QoS attributes that can be modified by each
ingress pipeline engine.
Each of the ingress pipeline engines contains several Initial QoS Markers that assign the packet
initial QoS attribute, as described in the next section.
The ingress pipeline engine also contains a QoS Remarker that can modify the initial QoS
attributes, as described in next section. The packet QoS attributes are:
QoS Precedencethe device incorporates multiple QoS markers operating in sequence. As a
result, a later marker overrides an earlier QoS attribute assignment. By setting the QoS
Precedence flag to HARD, a QoS marker can prevent modification of packet QoS attributes
by subsequent QoS markers.
QoS Profile Indexis used as a direct index, ranging from 0 to 127, into the global QoS
Profile table.
Modify DSCPenables Packet DSCP field when the packet egresses the device.
0=Packet DSCP field is not modified when the packet egresses the device
1=Packet DSCP field is modified to the DSCP value of the QoS Profile entry for the
packet QoS Profile index.
Modify User Priorityenables packet 802.1p-User Priority field modification.
0=Packet User Priority is preserved when the packet egresses the device
1=Packet User Priority field is modified to the <UP> value of the QoS Profile entry for
the packet QoS Profile index, when the packet egresses the device.
Default User Priorityis assigned by the ingress port configuration, only when the <Modify
UP> is cleared and the packet are received untagged.
QoS Profile
The device supports up to 128 QoS Profiles (for default profile values, refer to Table4).
Every packet classified as data has assigned the QoS attribute <QoS Profile index> that is used by
the egress pipeline to apply the QoS service.
The QoS Profile index is used as a direct index, ranging from 0 to 127, into the global QoS Profile
table.
Each entry in the QoS Profile table contains the set of attributes:
TCTraffic class queue assigned to the packet.
DPDrop precedence assigned to the packet.
UPIf the packet QoS attribute <Modify UP> is set and the packet is received untagged, this
field is the value used in the packet 802.1p User Priority field and packet is transmitted tagged.
If receive the packet tagged, the existing User Priority is modified with this value.
DSCPIf setting the packet QoS attribute <Modify DSCP>, and the packet is IPv4 or IPv6,
this field is the value used to modify the packet IP-DSCP field.
QoS profiles 015 are used for all types of services. Indexes 015 are referred to as traffic
classes, where indexes 07 are duplicated to indexes 815 with DP being set to Yellow.
T-Marc 300 Series User Guide
Page 9
Configuring Quality of Service (QoS) (Rev. 11)
Sorting Packets for QoS
Sorting Packets by 802.1p Priority Values
The devices support standard 802.1p priority bits (VLAN Priority Tag, VPT) that are part of tagged
Ethernet packets. The below figure illustrates the 802.1p priority header fields.
Figure 2: 802.1p Priority Header Fields
The device examines the 802.1p priority of ingressing packets. Based on this priority, it maps the
packets to various hardware queues of egress ports.
NOTE
The device does not change the VPT of switched packets with an 802.1Q tag,
assuming that the sender of the packet has already determined the VPT.
You can define the VPT of packets received without a tag using the map pr i or i t y
command.
Sorting Packets by the IP Type of Service (ToS, DiffServ)
Each IP packet header contains a field for the IP ToS.
The below figure illustrates the ToS fields in the IP packet header.
Figure 3: Type of Service ( ToS) Header Fields
T-Marc 300 Series User Guide
Page 10
Configuring Quality of Service (QoS) (Rev. 11)
BiNOS can use ToS values for sorting packets into QoS queues. Individual ToS values, or ranges
of values, are mapped to 802.1p priority values. Based on 802.1p priority, the packets are sorted
into QoS queues.
When a packet arrives at the device on an ingress port, the device examines the first six of eight
ToS bits, called the codepoint. The device can assign the QoS priority to subsequently transmit the
packet based on the code point. The QoS priority controls a hardware queue used when
transmitting the packet out of the device, and determines the forwarding characteristics of a
particular code point. Each hardware queue represents a specific Class of Service (CoS). The Class
of Service is the priority level afforded each packet.
You can use one of the following traffic classes: be (Best-Effort), 12(Low-2), af (Assured), 11
(Low-1), h2(High-2), ef (Expedited), h1(High-1), nc (Network Control).
To map the DSCP values to traffic classes you can use ACL. For more information using ACL for
implementing QoS, refer to the ConfiguringAccessControl Lists(ACLs) chapter.
Traffic Scheduling
Traffic Scheduling allows you to control the packet transmission, based on priorities assigned to
packets and the queuing mechanism configured on the port.
Strict Priority (SP)
SP provides preferential treatment to high priority traffic, making sure that mission-critical traffic
gets priority treatment. It handles queues by their order: the highest ranking queue, txq8, is serviced
first until it is empty. Then the lower queue, txq7, is serviced and so on, down to txq1.
In addition, SP provides a faster response time for high priority traffic than other methods of
queuing.
Use the SP mechanism to guarantee a fixed portion of available bandwidth to an application (for
example, interactive multimedia applications), possibly at the expense of less critical traffic.
When selecting SP, consider that lower priority traffic is often denied in favor of higher priority
traffic. In the worst case, lower priority traffic is never transmitted. However, you can avoid these
scenarios by using rate-limit to control higher-priority traffic rate.
The below figure illustrates the SP process in a four-queue architecture.
T-Marc 300 Series User Guide
Page 11
Configuring Quality of Service (QoS) (Rev. 11)
Figure 4: Strict Priority Queuing
Weighted Round Robin (WRR)
WRR is a scheduling mechanism that cycles through the queues. A weighting factor determines
how many bytes of data the system delivers from each queue before moving to the next queue.
Using this mechanism, packets in the queue are sent until the number of bytes transmitted exceeds
the bandwidth determined by the queues weighting factor, or until the queue is empty. Then WRR
moves to the next queue. If a queue is empty, the device sends packets from the next queue that
has packets to send.
If a packets length exceeds the queues allowed bandwidth, the packet is still transmitted during its
time slot, but its quota is overdrawn so next time it receives a smaller allocation. This mechanism
guarantees a minimum bandwidth for each queue, but allows the minimum to be exceeded if one
or more of the ports other queues are idle. However, when loading all the queues, each is limited to
its maximum bandwidth according to its assigned weight.
Relative percentages are calculated by byte counts rather than by packets, thus providing a greater
degree of bandwidth fairness.
The below figure illustrates the WRR queuing in four-queue architecture:
T-Marc 300 Series User Guide
Page 12
Configuring Quality of Service (QoS) (Rev. 11)
Figure 5: Weighted Round Robin Queuing
Hybrid Scheduling
This scheduling method combines SP and WRR scheduling. Queues with higher priority are
serviced with SP while the remaining queues are serviced in accordance with WRR, after the higher
priority queues are empty.
Hybrid queuing guarantees immediate delivery of packets from high-ranking queues while avoiding
lowest-ranking queues starvation.
Egress Traffic Shaping
When congestion occurs, the device transmits the packets on the outgoing port and the assigned
queues. Traffic shaping allows you to shape output traffic (egress traffic) on a per-port and per-
queue basis.
Storm Control
The storm control mechanism prevents broadcast, multicast, and unicast storms from
overwhelming a network. Traffic storm control (also called traffic suppression) occurs when
packets flood the LAN, creating excessive traffic and degrading network performance. The traffic
storm control feature prevents LAN ports from being disrupted by a broadcast, multicast, or
unicast traffic storm on physical ports. This mechanism regulates the rate at which devices forward
broadcast, multicast and unicast traffic.
Each port has a single traffic storm control level that is used for all types of traffic (broadcast,
multicast, and unicast).
With the storm control feature, you can configure the ingress line rate limit per port or group ports.
T-Marc 300 Series User Guide
Page 13
Configuring Quality of Service (QoS) (Rev. 11)
QoS Default Configuration
Table 3: Default QoS Configuration
Parameter Default Value
Priority-to-queue assignment 0
Priority remark 0
QoS scheduling algorithm Strict Priority
Port profile ID
See Table 4
DSCP priority 0
DSCP-to-profile assignment
See Table 5
Traffic shaping Disabled
Trust mode Untrusted
SP scheduling Applied for all ports
Table 4: QoS Profile Default Configuration
Profile ID TC DP UP DSCP
0 0 Green 0 0
1 1 Green 1 0
2 2 Green 2 0
3 3 Green 3 0
4 4 Green 4 0
5 5 Green 5 0
6 6 Green 6 0
7 7 Green 7 0
8 0 Yellow 0 0
9 1 Yellow 1 0
10 2 Yellow 2 0
11 3 Yellow 3 0
12 4 Yellow 4 0
13 5 Yellow 5 0
14 6 Yellow 6 0
15 7 Yellow 7 0
16127 Not Used Not Used Not Used Not Used
T-Marc 300 Series User Guide
Page 14
Configuring Quality of Service (QoS) (Rev. 11)
Table 5: DSCP-to-QoS Profile Index Mapping
Parameter Default Value
07 0
815 1
1623 2
2431 3
3239 4
4047 5
4855 6
5663 7
Table 6: Default Storm Control Values
Parameter Default Value
Traffic storm control Disabled
Table 7: Default Egress Filtering Values
Parameter Default Value
Broadcast, unknown unicast, and multicast
packets
Disabled
Table 8: Default Tail-drop Values
ID Yellow Thershold
1 50
2 25
QoS Mappings Default Configuration
Table 9: CoS to FC and Color Mapping
Priority Txq Drop Level
0 1 green
1 2 green
2 3 green
3 4 green
4 5 green
5 6 green
6 7 green
7 8 green
T-Marc 300 Series User Guide
Page 15
Configuring Quality of Service (QoS) (Rev. 11)
Table 10: DSCP to FC and Color Mapping
DSCP Txq Drop Level
07 1 green
815 2 green
1623 3 green
2431 4 green
3239 5 green
4047 6 green
4855 7 green
5663 8 green
Table 11: Egress Remarking with Dot1p
Dot1p Drop Level Priority FC
0 green 0 be
1 green 1 l2
2 green 2 af
3 green 3 l1
4 green 4 h2
5 green 5 ef
6 green 6 h1
7 green 7 nc
0 yellow 0 be
1 yellow 1 l2
2 yellow 2 af
3 yellow 3 l1
4 yellow 4 h2
5 yellow 5 ef
6 yellow 6 h1
7 yellow 7 nc
T-Marc 300 Series User Guide
Page 16
Configuring Quality of Service (QoS) (Rev. 11)
Scheduler Profile Default Configuration
All the ports in the system are bound to profile 1, which is SP scheduling.
Shaper Default Configuration
By default, per-port and per-queue shaper is disabled.
Port Default Configuration
All ports in the system are:
Bound to a SP scheduling profile 1
Untrusted (port default) with default policy
Default mapping to TC=be and color green
Default port settings are applied in the following cases:
Untrusted modeall packets
L2 trust modeL2 packets only
L3 trust modeL3 packets only
L2+L3 trust modeDSCP mapping is used for all IP packets.
T-Marc 300 Series User Guide
Page 17
Configuring Quality of Service (QoS) (Rev. 11)
QoS Configuration Flow
Figure 6: QoS Configuration Flow
Egress Ingress
Start
Configure priority remark
Apply traffic shaping
Configure trusted priority
Apply scheduling profile
Configure trusted DSCP
End
Network
Policy
Configure priority mapping to profile index (FC, DP pair)
Create and configure the QoS service policy
Apply tail-drop
Configure DSCP mapping to profile index (FC, DP pair)
Configure scheduling profile and shaper profile
Define remarking of dot1p field (FC, DP pair)
T-Marc 300 Series User Guide
Page 18
Configuring Quality of Service (QoS) (Rev. 11)
QoS Configuration Commands
Table 12: Configuring Network Policy
Command Description
qos Configures the QoS configuration and enters QoS Configuration mode
(see Configuring QoS)
network-policy Creates a network QoS policy and enters QoS Network Configuration
mode (see Configuring the Network Policy)
qos-network-policy Applies per port the created network QoS policy (see Applying the
Network Policy per Port)
description Adds a description strings to the network policy (see Adding the
Description for Network Policy)
Table 13: Configuring QoS Ingress Classification
Command Description
ingress Configures the ingress network policy and enters QoS Ingress
Network Configuration mode (see Configuring the Network Ingress
Policy)
trust-dscp Enables/disables L3 trusted mode DSCP per ingress network policy
(see Enabling/Disabling the Trusted Mode DSCP)
trust-priority Enables/disables L2 trusted mode priority per ingress network policy
(see Enabling/Disabling the Trusted Mode Priority)
fc Defines default mapping of port to FC and color (see Applying the QoS
Default Mapping on Port)
Table 14: Configuring QoS Egress Classification
Command Description
remark fc priority Configures dot1p egress global remarking (see Configuring the
Network Egress Remarking)
congestion-
avoidance-profile
tail-drop
Configures the profile parameters to be used in the tail-drop
calculations (see Defining Tail-Drop Profile)
egress Configures service egress QOS policy and enters QoS Egress
Network Configuration mode (see Configuring the Network Egress
Policy)
queue Configures queue on egress network and enters QoS Egress Queue
Network Configuration mode (see Configuring the Queue on Egress
Network).
congestion-
avoidance-profile
tail-drop
Applies the profile of the tail-drop congestion avoidance mechanism
on a queue in an egress network policy or directly on the egress
network policy (see Applying Tail-Drop Profile)
shaper-profile Applies the shaper profile on a queue in an egress network policy or
directly on the egress policy (see Applying the Shaping Profile)
T-Marc 300 Series User Guide
Page 19
Configuring Quality of Service (QoS) (Rev. 11)
Command Description
scheduling-profile Applies scheduling profile on egress policy (see Applying Scheduling
Profile on Egress Policy)
Table 15: Configuring Service QoS Mapping Classification
Command Description
map dscp fc Defines a DSCP to forwarding class (FC) mapping and colors traffic to
a specified value (see Configuring the DSCP to FC and Color
Mapping)
map priority fc Defines a dot1p to FC mapping and colors traffic to a specified value
(see Configuring the Dot1p to FC and Color Mapping)
Table 16: Configuring QoS Service Policy
Command Description
service-policy Creates a QoS service policy (see Configuring the Service Policy)
description Adds a description string to the created QoS service policy (see
Adding the Description for the Service Policy)
ingress Configures the QoS service ingress policy (see Configuring the
Service Ingress Policy)
queue Creates a QoS service ingress queue (see Configuring the Service
Queues)
congestion-
avoidance-profile
tail-drop
Applies a tail-drop profile on a service ingress queue (Applying Tail-
Drop Profiles)
shaper-profile Applies the already created service shaper profile on the service policy
or on the queue (see Applying the Shaping Profile)
scheduling-profile Applies the already created service scheduling profile on the service
policy (see Applying the Service Scheduling Profile)
qos-service-policy Binds the already created QoS service policy on the TLS service (see
Binding the Service Policy on a TLS Service)
apply-qos-service-
policy
Applies the already created QoS service policy on the specified SAP
(see Applying the Service Policy on a SAP)
Table 17: Configuring Shaper Profile and Scheduling Profile
Command Description
shaper-profile Configures the shaper profile for network policy, service policy, and
queues (see Configuring the Shaper Profile)
scheduling-profile
sp
Configures SP (Strict Priority) scheduling (see Configuring Scheduling
SP Profile)
scheduling-profile
wrr
Applies and configures Weighted Round-Robin (WRR) scheduling
(see Configuring the Scheduling WRR Profile)
scheduling-profile
hybrid-1
Applies and configures the first hybrid QoS algorithm (see Configuring
the Scheduling Hybrid-1 Profile)
T-Marc 300 Series User Guide
Page 20
Configuring Quality of Service (QoS) (Rev. 11)
Command Description
scheduling-profile
hybrid-2
Applies and configures the second hybrid QoS algorithm (see
Configuring the Scheduling Hybrid-2 Profile)
scheduling-profile
hybrid-3
Applies and configures the third hybrid QoS algorithm (see Configuring
the Scheduling Hybrid-3 Profile)
scheduling-profile
hybrid-4
Applies and configures the forth hybrid QoS algorithm (see
Configuring the Scheduling Hybrid-4 Profile)
scheduling-profile
hybrid-5
Applies and configures the fifth hybrid QoS algorithm (see Configuring
the Scheduling Hybrid-5 Profile)
scheduling-profile
hybrid-6
Applies and configures the sixth hybrid QoS algorithm (see
Configuring the Scheduling Hybrid-6 Profile)
Table 18: Display Commands
Command Description
show qos network-
policy
Displays the information for all configured network policies or for the
specified policy (see Displaying the Network Policy Configuration)
show qos
interface
Displays the configuration for all ports or for the specified port (see
Displaying the QoS Port Configuration)
show qos
scheduler-profile
Displays the scheduler profile configuration for all profiles or for the
specified scheduler profile ID (see Displaying the Scheduler Profile
Configuration)
show qos shaper-
profile
Displays the shaper profile configuration for all network and service
profiles or for the specified shaper profile ID (see Displaying the Shaper
Profile Configuration)
show qos
congestion-
avoidance-profile
tail-drop
Displays information for all configured tail-drop profiles or for the
specified tail-drop profile (see Displaying the Tail-Drop Profile
Information)
show qos service Displays information for the SAP service (see Displaying the SAP
Service Information)
show qos service-
policy
Displays information for all configured service policies or for the
specified service policy (see Displaying the Service Policy Information)
show qos ingress
priority-map
Displays dot1p to FC Mapping (see Displaying the Dot1p to FC
Mapping)
show qos ingress
dscp-map
Displays DSCP to FC mapping (see Displaying the DSCP to FC
Mapping)
show qos egress
remark
Displays egress mapping and remarking (see Displaying the Egress
Mapping and Remarking)
Table 19: Storm Control Commands
Command Description
storm-control Configures the storm-control threshold rate of the incoming traffic and
blocks forwarding of unnecessary flooded traffic (see Configuring the
Traffic Type)
T-Marc 300 Series User Guide
Page 21
Configuring Quality of Service (QoS) (Rev. 11)
Command Description
show storm-control Displays the storm control levels configured on a port or for all ports
(see Displaying the Storm Control Settings)
Table 20: Egress Filtering Commands
Command Description
tx-drop-broadcast
Enables egress filtering of broadcast packets (see Filtering Egress
Broadcast Packets)
tx-drop-unknown
Enables egress filtering of multicast packets (see Filtering Egress
Unknown-Unicast Packets)
tx-drop-multicast
Enables egress filtering of unknown unicast packets (see Filtering
Egress Multicast Packets)
T-Marc 300 Series User Guide
Page 22
Configuring Quality of Service (QoS) (Rev. 11)
Configuring QoS
The qos command configures the QoS configuration. The command enters the QoS Configuration
mode, see the Examplebelow.
CLI Mode: Global Configuration
Command Syntax
device-name(config)#qos
Example
device-name(config)#qos
device-name(config qos)#
Configuring the Network Policy
The network-policy command creates a network QoS policy. The command enters the QoS
Network Configuration mode, see the Examplebelow.
CLI Mode: QoS Configuration (see ConfiguringQoS)
Command Syntax
device-name(config qos)#network-policy <network-policy-name>
device-name(config qos-net policy_name)#
device-name(config qos)#no network-policy <network-policy-name>
Argument Description
network-policy-
name
Sets the policy name up to 6 characters. The default is the name of
the default policy.
no Removes the network policy
Example
device-name(config qos)#network-policy batm
device-name(config qos-net batm)#
T-Marc 300 Series User Guide
Page 23
Configuring Quality of Service (QoS) (Rev. 11)
Applying the Network Policy per Port
The qos-network-policy command applies per port the created network QoS policy.
CLI Mode: Interface Configuration
Command Syntax
device-name(config UU/SS/PP)#qos-network-policy <network-policy-name>
device-name(config UU/SS/PP)#no qos-network-policy
Argument Description
network-policy-
name
The policy name to be applied on a port. The name has up to 6
characters
no Removes the network policy from the port
Example
device-name(config 1/1/1)#qos-network-policy batm
Adding the Description for Network Policy
The description command adds a description string to the created network policy.
CLI Mode: QoS Network Configuration (see ConfiguringtheNetwork Policy)
Command Syntax
device-name(config qos-net policy_name)#description <description-string>
device-name(config qos-net policy_name)#no description
Argument Description
description-string
A string up to 30 characters
no Removes the description
T-Marc 300 Series User Guide
Page 24
Configuring Quality of Service (QoS) (Rev. 11)
Configuring the Network Ingress Policy
The ingress command configures the ingress network policy. The command enters the QoS
Ingress Network Configuration mode, see the Examplebelow.
CLI Mode: QoS Network Configuration (see ConfiguringtheNetwork Policy)
Command Syntax
device-name(config qos-net policy_name)#ingress
device-name(config qos-net-in policy_name)#
Example
device-name(config qos-net batm)#ingress
device-name(config qos-net-in batm)#
Enabling/Disabling the Trusted Mode DSCP
The trust-dscp command enables L3 trusted mode DSCP per ingress network policy.
CLI Mode: QOS Ingress Network Configuration (see ConfiguringtheNetwork Ingress Policy)
Command Syntax
device-name(config qos-net-in policy_name)#trust-dscp
device-name(config qos-net-in policy_name)#no trust-dscp
Argument Description
no Enables untrusted mode, or disables the trusted mode
Enabling/Disabling the Trusted Mode Priority
The trust-priority command enables L2 trusted mode priority per ingress network policy.
CLI Mode: QOS Ingress Network Configuration (see ConfiguringtheNetwork Ingress Policy)
Command Syntax
device-name(config qos-net-in policy_name)#trust-priority [preserve-priority]
device-name(config qos-net-in policy_name)#no trust-priority
Argument Description
preserve-priority Disables L2 remarking
no Enables untrusted mode, or disables the trusted mode
T-Marc 300 Series User Guide
Page 25
Configuring Quality of Service (QoS) (Rev. 11)
Applying the QoS Default Mapping on Port
The fc command defines default mapping of port to FC and color. Traffic that enters the port
applies these settings.
CLI Mode: QOS Ingress Network Configuration (see ConfiguringtheNetwork Ingress Policy)
By default, the default mapping of the port is fc be green.
Command Syntax
device-name(config qos-net-in policy_name)#fc {be | l2 | af | 11 | h2 | ef |
h1 | nc} {green | yellow}
Argument Description
be
The forwarding class to be mapped is the Best-Effort Forwarding Class
12
The forwarding class to be mapped is the Low-2 Forwarding Class
af
The forwarding class to be mapped is the Assured Forwarding Class
11
The forwarding class to be mapped is the Low-1 Forwarding Class
h2
The forwarding class to be mapped is the High-2 Forwarding Class
ef
The forwarding class to be mapped is the Expedited Forwarding Class
h1
The forwarding class to be mapped is the High-1 Forwarding Class
nc
The forwarding class to be mapped is the Network Control Forwarding Class
green
The traffic with the above VPT or DSCP value is marked as green
yellow
The traffic with the above VPT or DSCP value is marked as yellow
Configuring the Network Egress Remarking
The remark fc priority command configures dot1p egress global remarking.
By default, the remark priority is 0.
CLI Mode: QoS Configuration (see ConfiguringQoS)
Command Syntax
device-name(config qos)#remark fc {be | l2 | af | 11 | h2 | ef | h1 | nc} drop-
level (green | yellow) priority <0-7>
T-Marc 300 Series User Guide
Page 26
Configuring Quality of Service (QoS) (Rev. 11)
Argument Description
be
12
af
11
h2
ef
h1
nc
Refer to the Argument Description above.
drop-level
The drop level.
green
yellow
Refer to the Argument Description above.
priority
<07>
The mapping of packets according to DSCP fields, in the valid range of <07>.
Defining Tail-Drop Profiles
The congestion-avoidance-profile tail-drop command defines a tail-drop profile for queue
congestion-avoidance.
Only egress network queues use the tail-drop congestion-avoidance mechanism.
CLI Mode: QoS Configuration (see ConfiguringQoS)
Command Syntax
device-name(config qos)#congestion-avoidance-profile tail-drop
<tail_drop_profile_id> <yellow-threshold>
device-name(config qos)#no congestion-avoidance-profile tail-drop
<tail_drop_profile_id>
Argument Description
tail_drop_profile_id
The tail-drop profile ID (corresponding to a specific threshold level),
in the range of <15>. Profile ID 1 and profile ID 2 are default and
cannot be modified.
By default:
ID 1 uses 50% of the queue's memory (queuing up to 500
frames)
ID 2 uses 25% of the queue's memory (queuing up to 250)
yellow-threshold
The allocated memory threshold value for yellow packets, in the
range of <0-100>%.
Permitted values are: 25%, 50%, 75% and 100%.
The red threshold has to be less than or equal to the yellow
threshold.
T-Marc 300 Series User Guide
Page 27
Configuring Quality of Service (QoS) (Rev. 11)
no
Restores to default
Example
device-name(config qos)#congestion-avoidance-profile tail-drop 4 75
device-name(config qos)#congestion-avoidance-profile tail-drop 3 100
Configuring the Network Egress Policy
The egress command configures service egress QoS policy. The command enters the QoS Egress
Network Configuration mode, see the Examplebelow.
CLI Mode: QoS Network Configuration (see ConfiguringtheNetwork Policy)
Command Syntax
device-name(config qos-net policy_name)#egress
device-name(config qos-net-eg policy_name)#
Example
device-name(config qos-net batm)#egress
device-name(config qos-net-eg batm)#
Configuring the Queue on Egress Network
The queue command configures the queue on the egress network. The command enters the QoS
Egress Queue Network Configuration mode, see the Examplebelow.
CLI Mode: QoS Egress Network Configuration (see ConfiguringtheNetwork Egress Policy)
Command Syntax
device-name(config qos-net-eg policy_name)#queue <queue_id>
device-name(config qos-net-queue queue_id)#
Argument Description
queue_id
The queue ID, in the valid range of <18>
Example
device-name(config qos-net-eg batm)#queue 3
device-name(config qos-net-queue 3)#
T-Marc 300 Series User Guide
Page 28
Configuring Quality of Service (QoS) (Rev. 11)
Applying Tail-Drop Profiles
The congestion-avoidance-profile tail-drop command applies a tail-drop profile on a queue
of the egress network policy or directly on an egress network policy.
CLI Mode:
QoS Egress Queue Network Configuration (see ConfiguringtheQueueon Egress
Network) and QoS Egress Network Configuration (see ConfiguringtheNetwork Egress
Policy)
Command Syntax
device-name(config qos-net-queue queue_id)#congestion-avoidance-profile tail-
drop <tail_drop_profile_id>
device-name(config qos-net-queue queue_id)#no congestion-avoidance-profile
tail-drop
device-name(config qos-net-eg policy_name)#congestion-avoidance-profile tail-
drop <tail_drop_profile_id>
device-nam(config qos-net-eg policy_name)#no congestion-avoidance-profile
tail-drop
Argument Description
tail_drop_profile_id
The tail-drop profile ID, in the range of <15>.
Profile ID 1 and profile ID 2 are default (see Defining Tail-Drop
Profiles)
no Restores to default
Applying the Shaping Profile
The shaper-profile command applies the shaper profile on queue in an egress network policy or
directly on the egress network policy.
CLI Mode:
QoS Egress Queue Network Configuration (see ConfiguringtheQueueon Egress
Network) and QoS Egress Network Configuration (see ConfiguringtheNetwork Egress
Policy)
Command Syntax
device-name(config qos-net-queue queue_id)#shaper-profile <shaper_profile_id>
device-name(config qos-net-queue queue_id)#no shaper-profile
device-name(config qos-net-eg policy_name)#shaper-profile <shaper_profile_id>
device-name(config qos-net-eg policy_name)#no shaper-profile
T-Marc 300 Series User Guide
Page 29
Configuring Quality of Service (QoS) (Rev. 11)
Argument Description
shaper_profile_id
The shaper profile ID to be applied on the egress policy or queue. The
valid range is <18>.
no Removes the shaper profile from the configured egress policy or
queue.
Applying Scheduling Profile on Egress Policy
The scheduling-profile command applies the scheduler profile on the egress policy.
CLI Mode: QOS Egress Network Configuration (see ConfiguringtheNetwork Egress Policy)
Command Syntax
device-name(config qos-net-eg policy_name)#scheduling-profile
<profile_number>
device-name(config qos-net-eg policy_name)#no scheduling-profile
Argument Description
profile_number
The scheduling profile ID to be applied on the egress policy. The valid
range is <18>.
no Removes the scheduler profile.
Configuring the DSCP to FC and Color Mapping
The map dscp fc command defines a DSCP to FC mapping and colors traffic to a specified
value.
CLI Mode: QoS Configuration (see ConfiguringQoS)
Command Syntax
device-name(config qos)#map dscp <0-63> fc {be | l2 | af | 11 | h2 | ef | h1 |
nc} drop-level {green | yellow}
Argument Description
dscp <0-63> The mapping of packets according to DSCP fields, in the valid range of <0
63>.
be
12
af
11
h2
ef
Refer to the Argument Description above.
T-Marc 300 Series User Guide
Page 30
Configuring Quality of Service (QoS) (Rev. 11)
h1
nc
drop-level
The drop level.
green
yellow
Refer to the Argument Description above.
Example
device-name(config qos)#map dscp 1 fc nc drop-level green
Configuring the Dot1p to FC and Color Mapping
The map priority fc command defines a dot1p to FC mapping and colors traffic to a specified
value.
CLI Mode: QoS Configuration (see ConfiguringQoS)
By default, 802.1p priority information is not replaced or manipulated, and the information
observed on ingress is preserved when the packet is transmitted. This behavior is not affected by
the switching or routing configuration of the device. However, the device is capable of inserting
and/ or overwriting 802.1p priority information when it transmits an 802.1Q tagged frame. The
802.1p priority information that is transmitted is determined by the hardware queue used when
transmitting the packet.
Command Syntax
device-name(config qos)#map priority <0-7> fc {be | l2 | af | 11 | h2 | ef |
h1 | nc} drop-level {green | yellow}
Argument Description
priority
<0-7>
The mapping of packets according to dot1p fields, in the valid range of <07>.
be
12
af
11
h2
ef
h1
nc
Refer to the Argument Description above.
drop-level
The drop level.
green
yellow
Refer to the Argument Description above.
T-Marc 300 Series User Guide
Page 31
Configuring Quality of Service (QoS) (Rev. 11)
Example
device-name(config qos)#map priority 2 fc l2 drop-level yellow
Configuring the Service Policy
The service-policy command creates a service QoS policy. The command enters the QoS
Service Configuration mode, see the Examplebelow.
CLI Mode: QoS Configuration (see ConfiguringQoS)
Command Syntax
device-name(config qos)#service-policy <qos-service-policy-name>
device-name(config qos)#no service-policy <qos-service-policy-name>
Argument Description
qos-service-
policy-name
The policy name up to 6 characters. The maximum number of network
policies is 64.
no Removes the service Policy
Example
device-name(config)#qos
device-name(config qos)#service-policy batm
device-name(config qos-serv batm)#
Adding the Description for the Service Policy
The description command adds a description string to the created QoS service policy.
CLI Mode: QoS Service Configuration (see ConfiguringtheServicePolicy)
Command Syntax
device-name(config qos-serv policy_name)#description <description_string>
device-name(config qos-serv policy_name)#no description
Argument Description
description_string
Adds a description to the service policy. It is a string up to 30 characters.
no Removes the description
T-Marc 300 Series User Guide
Page 32
Configuring Quality of Service (QoS) (Rev. 11)
Configuring the Service Ingress Policy
The ingress command configures the QoS service ingress policy. The command enters the QoS
Ingress Service Configuration mode, see the Examplebelow.
CLI Mode: QoS Service Configuration (see ConfiguringtheServicePolicy)
Command Syntax
device-name(config qos-serv policy_name)#ingress
Example
device-name(config qos-serv batm)#ingress
device-name(config qos-serv-in batm)#
Configuring the Service Queues
The queue command creates the QoS service ingress queue. The command enters the QoS Ingress
Queue Service Configuration mode, see the Examplebelow.
CLI Mode: QoS Ingress Service Configuration ( see ConfiguringtheServiceIngress Policy)
Command Syntax
device-name(config qos-serv-in policy_name)#queue <queue_id>
Argument Description
queue_id
Queue ID in the valid range of <18>
Example
device-name(config qos-serv-in batm)#queue 3
device-name(config qos-queue 3)
Applying Tail-Drop Profiles
The congestion-avoidance-profile tail-drop command applies a tail-drop profile on a
service ingress queue.
CLI Mode: QoS Ingress Service Configuration ( see ConfiguringtheServiceIngress Policy)
Command Syntax
device-name(config qos-serv-in policy_name)#congestion-avoidance-profile tail-
drop <tail_drop_profile_id>
T-Marc 300 Series User Guide
Page 33
Configuring Quality of Service (QoS) (Rev. 11)
device-name(config qos-serv-in policy_name)#no congestion-avoidance-profile
tail-drop
Argument Description
tail_drop_profile_id
The tail-drop profile ID, in the range of <15>.
Profile ID 1 and profile ID 2 are default (see Defining Tail-Drop
Profiles)
no Restores to default
Applying the Service Policy Shaping Profile
The shaper-profile command applies the already created service shaper profile on the service
policy or on the queue.
NOTE
Use the shaper - pr of i l e <ser vi ce_shaper _pr of i l e_i d> command to configure
the service shaper profile ID.
CLI Mode:
QoS Ingress Service Configuration ( see ConfiguringtheServiceIngress Policy) and
QoS Ingress Queue Service Configuration (see ConfiguringtheServiceQueues)
Command Syntax
device-name(config qos-serv-in policy_name)#shaper-profile
<service_shaper_profile_id>
device-name(config qos-serv-in policy_name)#no shaper-profile
device-name(config qos-queue queue_id)#shaper-profile
<service_shaper_profile_id>
device-name(config qos-queue queue_id)#no shaper-profile
Argument Description
service_shaper_profile_id
The service shaper profile ID to be applied on the policy or on
the queue. The valid range is <957>.
no Removes the shaper profile.
Applying the Service Scheduling Profile
The scheduling-profile command applies the already created service scheduling profile on the
service policy.
NOTE
Use the schedul i ng- pr of i l e sp command to configure the service scheduling
profile ID.
CLI Mode: QoS Ingress Service Configuration ( see ConfiguringtheServiceIngress Policy)
T-Marc 300 Series User Guide
Page 34
Configuring Quality of Service (QoS) (Rev. 11)
Command Syntax
device-name(config qos-serv-in policy_name)#scheduling-profile
<profile_number>
device-name(config qos-serv-in policy_name)#no scheduling-profile
Argument Description
profile_number
The service scheduling profile ID to be applied on the policy. The valid range
is <18>.
no Removes the scheduling profiles
Binding the Service Policy on a TLS Service
The qos-service-policy command binds the already created QoS service policy on the TLS
service.
CLI Mode: TLS Service Configuration
To enter the above mode, refer to the Configuringa TLS Servicesection of the ConfiguringTransparent
LAN Services(TLS) chapter.
NOTE
To execute this command (see Example below):
1. Create the QoS service policy with the ser vi ce- pol i cy command.
2. Create the TLS service with correct SDPs and SAPs. Configure the SDPs
before the SAPs.
3. Apply the created policy on the TLS service, and on desired SAP ports.
Command Syntax
device-name(config-tls SERVICE-NAME)#qos-service-policy <qos-service-policy-
name>
device-name(config-tls SERVICE-NAME)#no qos-service-policy <qos-service-
policy-name>
Argument Description
qos-service-
policy-name
The policy name up to 6 characters. The maximum number of network
policies is 64.
no Removes the service Policy.
Example
device-name(config)#qos
device-name(config qos)#service-policy batm
device-name(config qos)#shaper-profile 10 10m 1m
[ War ni ng] Shaper CI R and CBS can be changed t o t he near est suppor t ed val ue
device-name(config qos-serv batm)#ingress
device-name(config qos-serv-in batm)#shaper-profile 10
T-Marc 300 Series User Guide
Page 35
Configuring Quality of Service (QoS) (Rev. 11)
device-name(config qos-serv-in batm)#exit
device-name(config qos)#exit
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 10
device-name(config-tls serv)#sap 1/2/2 c-vlans 100
device-name(config-tls serv)#sap 1/2/3 c-vlans 100
device-name(config-tls serv)#qos-service-policy batm
Applying the Service Policy on a SAP
The apply-qos-service-policy command applies the already created QoS service policy on the
specified SAP.
CLI Mode: SAP Service Configuration
To enter the above mode, refer to the ConfiguringTLS ServiceAccessPoint (SAP) section of the
ConfiguringTransparent LAN Services(TLS) chapter.
NOTE
To execute this command (see Example below):
1. Create the QoS service policy with the ser vi ce- pol i cy command.
2. Create the TLS service with correct SDPs and SAPs. Configure the SDPs
before the SAPs.
3. Apply the created policy on the TLS service, and on desired SAP ports.
Command Syntax
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#apply-qos-service-policy
Example
device-name(config)#qos
device-name(config qos)#service-policy batm
device-name(config qos)#shaper-profile 10 10m 1m
[ War ni ng] Shaper CI R and CBS can be changed t o t he near est suppor t ed val ue
device-name(config qos-serv batm)#ingress
device-name(config qos-serv-in batm)#shaper-profile 10
device-name(config qos-serv-in batm)#end
device-name#configure terminal
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 10
device-name(config-tls serv)#sap 1/2/2 c-vlans 100
device-name(config-tls serv)#qos-service-policy batm
device-name(config-tls serv)#sap 1/2/2 c-vlans 100 option
device-name(config-tls-sap 1/2/2:100:)#apply-qos-service-policy
T-Marc 300 Series User Guide
Page 36
Configuring Quality of Service (QoS) (Rev. 11)
Configuring the Shaper Profile
The shaper-profile command configures shaper profile for network policy, service policy, and
queue.
CLI Mode: QoS Configuration (see ConfiguringQoS)
Command Syntax
device-name(config qos)#shaper-profile {<shaper_profile_id> |
<service_shaper_profile_id>} <cir> <cbs>
device-name(config qos)#no shaper-profile {<shaper_profile_id> |
<service_shaper_profile_id>}
NOTE
If you specify cir or cbs without K, M or G, the CLI assumes a default of K.
NOTE
The real shaper values for CIR and CBS may be different than the configured ones, due
to granularity limitations. After configuring these values, a warning message appears:
[ War ni ng] Shaper CI R and CBS can be changed t o t he near est suppor t ed
val ue
Argument Description
shaper_profile_id
The shaper profile ID for network policy and queue, in the
valid range of <18>.
service_shaper_profile_id
The service shaper profile ID to be applied on the policy or on
the queue. The valid range is <957>.
cir
The committed information rate (CIR) value, in the valid range
of <64 Kbps1 Gbps>in K, M or G.
NOTE
The real shaper value may be different than the
configured one, due to granularity limitations.
cbs
The committed burst size (CBS) value, in the valid range of
<12 K16 M>in K or M (granularity of 4K).
no Removes the scheduler profile.
T-Marc 300 Series User Guide
Page 37
Configuring Quality of Service (QoS) (Rev. 11)
Configuring Scheduling SP Profile
The scheduling-profile sp command configures SP (Strict Priority) scheduling.
CLI Mode: QoS Configuration (see ConfiguringQoS)
By default, SP scheduling is applied for all ports.
Command Syntax
device-name(config qos)#scheduling-profile sp <profile_number>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
sp The SP scheduling profile
profile_number The scheduling profile ID, in the range of <18>. The default SP scheduling
is with profile number 1.
no Clears the specified profile ID.
Configuring the Scheduling WRR Profile
The scheduling-profile wrr command applies and configures Weighted Round-Robin (WRR)
scheduling.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In WRR scheduling, bandwidth is allocated proportionally for each queue. Network resources are
shared among all of the applications the user services, each having the specific bandwidth
requirements that you can identify.
Command Syntax
device-name(config qos)#scheduling-profile wrr <profile_number> <txq1-weight>
<txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight> <txq6-weight>
<txq7-weight> <txq8-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
wrr The WRR profile.
profile_number The scheduling profile ID, in the range of <18>.
<txq1-weight>
<txq8-weight>
The weight of queue <txq1txq8>. The valid range is <1255>.
T-Marc 300 Series User Guide
Page 38
Configuring Quality of Service (QoS) (Rev. 11)
no Clears the specified profile ID.
NOTE
When you use the no schedul i ng- pr of i l e command, the
range of profile_number is limited to <28> because
profile_number 1 is the default SP scheduling and, thus,
you cannot clear it.
Configuring the Scheduling Hybrid-1 Profile
The scheduling-profile hybrid-1 command applies and configures the first hybrid QoS
algorithm.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In the first hybrid algorithm, txq8 is assigned to strict priority scheduling, and the remaining queues
are assigned to Weighted Round Robin (WRR) scheduling.
Command Syntax
device-name(config qos)#scheduling-profile hybrid-1 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight>
<txq6-weight> <txq7-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
hybrid-1 Creates hybrid profile type 1 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight>
<txq7-weight>
The weight of queue <txq1txq7>.
Weight value is in the range of <1255>.
no Refer to Argument Description above.
Configuring the Scheduling Hybrid-2 Profile
The scheduling-profile hybrid-2 command applies and configures the second hybrid QoS
algorithm.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In the second hybrid algorithm, txq7 and txq8 behave according to strict priority scheduling and the
rest of the queues behave according to Weighted Round Robin (WRR).
Command Syntax
device-name(config qos)#scheduling-profile hybrid-2 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight>
<txq6-weight>
device-name(config qos)#no scheduling-profile <profile_number>
T-Marc 300 Series User Guide
Page 39
Configuring Quality of Service (QoS) (Rev. 11)
Argument Description
hybrid-2 Creates hybrid profile type 2 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight>
<txq6-weight>
The weight of queue <txq1txq6>.
Weight value is in the range of <1255>.
no Refer to Argument Description above.
Configuring the Scheduling Hybrid-3 Profile
The scheduling-profile hybrid-3 command applies and configures the third hybrid QoS
algorithm.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In the third hybrid algorithm, txq6txq8 behave according to strict priority scheduling and the rest
of the queues behave according to Weighted Round Robin (WRR).
Command Syntax
device-name(config qos)#scheduling-profile hybrid-3 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
hybrid-3 Creates hybrid profile type 3 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight>
<txq5-weight>
The weight of queue <txq1txq5>.
Weight value is in the range of <1255>.
no Refer to Argument Description above.
Configuring the Scheduling Hybrid-4 Profile
The scheduling-profile hybrid-4 command applies and configures the forth hybrid QoS
algorithm.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In the forth hybrid algorithm, txq5txq8 behave according to strict priority scheduling, and the rest
of the queues behave according to Weighted Round Robin (WRR).
Command Syntax
device-name(config qos)#scheduling-profile hybrid-4 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight>
device-name(config qos)#no scheduling-profile <profile_number>
T-Marc 300 Series User Guide
Page 40
Configuring Quality of Service (QoS) (Rev. 11)
Argument Description
hybrid-4 Creates hybrid profile type 4 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight>
<txq4-weight>
The weight of queue <txq1txq4>.
Weight value is in the range of <1255>.
no Refer to Argument Description above.
Configuring the Scheduling Hybrid-5 Profile
The scheduling-profile hybrid-5 command applies and configures the fifth hybrid QoS
algorithm.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In the fifth hybrid algorithm, txq4txq8 behave according to strict priority scheduling, and the rest
of the queues behave according to Weighted Round Robin (WRR).
Command Syntax
device-name(config qos)#scheduling-profile hybrid-5 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
hybrid-5 Creates hybrid profile type 5 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight>
<txq3-weight>
The weight of queue <txq1txq3>.
Weight value is in the range of <1255>.
no Refer to Argument Description above.
Configuring the Scheduling Hybrid-6 Profile
The scheduling-profile hybrid-6 command applies and configures the sixth hybrid QoS
algorithm.
CLI Mode: QoS Configuration (see ConfiguringQoS)
In the sixth hybrid algorithm, txq3txq8 behave according to strict priority scheduling, and the rest
of the queues behave according to Weighted Round Robin (WRR)
Command Syntax
device-name(config qos)#scheduling-profile hybrid-6 <profile_number>
<txq1-weight> <txq2-weight>
device-name(config qos)#no scheduling-profile <profile_number>
T-Marc 300 Series User Guide
Page 41
Configuring Quality of Service (QoS) (Rev. 11)
Argument Description
hybrid-6 Creates hybrid profile type 6 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight>
<txq2-weight>
The weight of queue txq1 and txq2.
Weight value is in the range of <1255>.
no Refer to Argument Description above.
Displaying the Network Policy Configuration
The show qos network-policy command displays the information for all configured network
policies or for the specified network policy.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos network-policy [<policy_name>]
Argument Description
policy_name (Optional) the name of the network policy to be displayed, up to 6 characters.
Example 1
Display the information for all configured network policies:
device-name#show qos network-policy
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Net wor k Pol i cy |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Pol i cy Name | Descr i pt i on |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Def Pol | Def aul t net wor k pol i cy |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| User | |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Test | Thi s i s a t est pol i cy |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
T-Marc 300 Series User Guide
Page 42
Configuring Quality of Service (QoS) (Rev. 11)
Example 2
Display the information for Test network policy:
device-name#show qos network-policy Test
Pol i cy Name: Test
Descr i pt i on: Thi s i s a t est pol i cy
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| I ngr ess Pol i cy Conf i gur at i on |
+- - - - - - - - - - - - - - +- - - - - +- - - - - - - - - - - - +
| Tr ust Mode | FC | Dr op Level |
+- - - - - - - - - - - - - - +- - - - - +- - - - - - - - - - - - +
| unt r ust | be | gr een |
+- - - - - - - - - - - - - - +- - - - - +- - - - - - - - - - - - +
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Egr ess Pol i cy Conf i gur at i on |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Schedul er Pr of | Shaper Pr of i l e |
+- - - - - +- - - - - - - - - - +- - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I D | Type | I D | CI R | CBS |
+- - - - - +- - - - - - - - - - +- - - - - +- - - - - - - - - - +- - - - - - - - - - +
| - | - | - | - | - |
+- - - - - +- - - - - - - - - - +- - - - - +- - - - - - - - - - +- - - - - - - - - - +
Egr ess Congest i on Avoi dance Conf i gur at i on
+- - - - - - - - - - - - - - - - - - - - - +
| Tai l - dr op Pr of |
+- - - - - +- - - - - - - +- - - - - - - +
| I D | Yel T | Red T |
+- - - - - +- - - - - - - +- - - - - - - +
| 1 | 50 | NA |
+- - - - - +- - - - - - - +- - - - - - - +
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +
| Queue I d | Shaper I d | CI R | CBS | Tai l - dr op |
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +
| 2 | 2 | 1000 | 2048 | |
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - - +
Pol i cy i s appl i ed on t he f ol l owi ng por t ( s) :
1/ 2/ 7 1/ 2/ 8
T-Marc 300 Series User Guide
Page 43
Configuring Quality of Service (QoS) (Rev. 11)
Displaying the QoS Port Configuration
The show qos interface command displays the configuration for all ports or for the specified
port.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos interface [UU/SS/PP]
Argument Description
UU/SS/PP (Optional) the physical port (Unit/Slot/Port). If you do not specify the port, the
configuration of all ports is displayed.
Example
device-name#show qos interface 1/1/1
+- - - - - - - - - - - +- - - - - - - - - - - - - - - - - +
| I nt er f ace | Net wor k Pol i cy |
+- - - - - - - - - - - +- - - - - - - - - - - - - - - - - +
| 1/ 1/ 1 | Def Pol |
+- - - - - - - - - - - +- - - - - - - - - - - - - - - - - +
Displaying the Scheduler Profile Configuration
The show qos scheduler-profile command displays the scheduler profile configuration for all
profiles or for the specified scheduler profile ID.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos scheduler-profile [<profile_number>]
Argument Description
profile_number (Optional) the scheduler profile ID, in the range <18>. If you do not
specify the scheduler profile ID, all scheduler profiles are displayed.
T-Marc 300 Series User Guide
Page 44
Configuring Quality of Service (QoS) (Rev. 11)
Example 1
device-name#show qos scheduler-profile
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
| I d | Type | Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 |
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
| 1 | sp | - | - | - | - | - | - | - | - |
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
| 2 | hybr i d- 6 | 7 | 7 | - | - | - | - | - | - |
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
Example 2
device-name#show qos scheduler-profile 2
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
| I d | Type | Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 |
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
| 2 | hybr i d- 6 | 7 | 7 | - | - | - | - | - | - |
+- - - - - - +- - - - - - - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +- - - - - +
Displaying the Shaper Profile Configuration
The show qos shaper-profile command displays the shaper profile configuration for all
network and service profiles or for the specified shaper profile ID.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos shaper-profile [<shaper_profile_id> |
<service_shaper_profile_id>]
Argument Description
shaper_profile_id (Optional) the shaper profile ID, in the range of <18>. If you
do not specify the shaper profile ID, all shaper profiles are
displayed.
service_shaper_profile_id (Optional) the service shaper profile ID, in the valid range of
<957>. If you do not specify the service shaper profile ID, all
shaper profiles are displayed.
T-Marc 300 Series User Guide
Page 45
Configuring Quality of Service (QoS) (Rev. 11)
Example 1
device-name#show qos shaper-profile
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I d | CI R | CBS |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 1 | 500 | 100 |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 2 | 100 | 100 |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 50 | 1000 | 2048 |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
Example 2
device-name#show qos shaper-profile 1
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I d | CI R | CBS |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 1 | 500 | 100 |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
Displaying the Tail-Drop Profile Information
The show qos congestion-avoidanceprofile tail-drop command displays information for
all configured tail-drop profiles or for the specified tail-drop profile.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos congestion-avoidanceprofile tail-drop
[<tail_drop_profile_id>]
Argument Description
tail_drop_profile_id (Optional) the tail-drop profile ID for which information is displayed.
The valid range is <15>. ID 1 and ID 2 are default and cannot be
modified.
T-Marc 300 Series User Guide
Page 46
Configuring Quality of Service (QoS) (Rev. 11)
Example
device-name#show qos congestion-avoidance-profile tail-drop
+- - - - - - +- - - - - - - - +- - - - - - - - +
| I d | Yel l ow | Red |
+- - - - - - +- - - - - - - - +- - - - - - - - +
| 1 | 50 %| NA |
+- - - - - - +- - - - - - - - +- - - - - - - - +
| 2 | 25 %| NA |
+- - - - - - +- - - - - - - - +- - - - - - - - +
| 3 | 75 %| NA |
+- - - - - - +- - - - - - - - +- - - - - - - - +
device-name#show qos congestion-avoidance-profile tail-drop 1
+- - - - - - +- - - - - - - - +- - - - - - - - +
| I d | Yel l ow | Red |
+- - - - - - +- - - - - - - - +- - - - - - - - +
| 1 | 50 %| NA |
+- - - - - - +- - - - - - - - +- - - - - - - - +
Displaying the SAP Service Information
The show qos service command displays information for the SAP service.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos service
Example
device-name#show qos service
Ser vi ce: 4 Ser vi ce pol i cy: pol i cy
Enabl ed on SAPs: 1/ 2/ 3: 10:
T-Marc 300 Series User Guide
Page 47
Configuring Quality of Service (QoS) (Rev. 11)
Displaying the Service Policy Information
The show qos service-policy command displays information for all configured service policies
or for the specified service policy.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos service-policy [<qos-service-policy-name>]
Argument Description
qos-service-policy-name (Optional) the service policy name for which information is
displayed. It is up to 6 characters.
Example
device-name#show qos service-policy policy
Pol i cy Name: pol i cy
Descr i pt i on: t hi s i s t he ser vi ce pol i cy
+- - - - - - - - - - - - - - - - +- - - - - - - - - - +
| Shaper Pr of i l e |
+- - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I D | CI R | CBS |
+- - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 10 | 10000 | 200 |
+- - - - - +- - - - - - - - - - +- - - - - - - - - - +
+- - - - - - - - - - - - - - - - +
| Schedul er Pr of |
+- - - - - +- - - - - - - - - - +
| I D | Type |
+- - - - - +- - - - - - - - - - +
| 1 | sp |
+- - - - - +- - - - - - - - - - +
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| Queue I d | Shaper I d | CI R | CBS |
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 1 | 11 | 1000 | 200 |
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
device-name#show qos service-policy
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Ser vi ce Pol i cy |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Pol i cy Name | Descr i pt i on |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| pol i cy | t hi s i s t he ser vi ce pol i cy |
+- - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
T-Marc 300 Series User Guide
Page 48
Configuring Quality of Service (QoS) (Rev. 11)
Displaying the Dot1p to FC Mapping
The show qos ingress priority-map command displays the dot1p priority to FC mapping
(default mapping).
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos ingress priority-map
Example
device-name#show qos ingress priority-map
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| Pr i or i t y | FC | Dr op Level |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 0 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 1 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 2 | af | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 3 | l 1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 4 | h2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 5 | ef | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 6 | h1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 7 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
Displaying the DSCP to FC Mapping
The show qos ingress dscp-map command displays the DSCP to FC mapping (not default).
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos ingress dscp-map
T-Marc 300 Series User Guide
Page 49
Configuring Quality of Service (QoS) (Rev. 11)
Example
device-name#show qos ingress dscp-map
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| DSCP | FC | Dr op Level |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 0 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 7 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 8 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 15 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 16 | af | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 23 | af | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 24 | l 1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 31 | l 1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 32 | h2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 39 | h2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 40 | ef | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 47 | ef | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 48 | h1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 55 | h1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 56 | nc | gr een |
| 63 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
T-Marc 300 Series User Guide
Page 50
Configuring Quality of Service (QoS) (Rev. 11)
Displaying the Egress Mapping and Remarking
The show qos egress remark command displays the egress mapping and remarking.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show qos egress remark
Example
device-name#show qos egress remark
+- - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - +
| QoS Par amet er s | Tx Remar k |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| FC | Dr op Level | Pr i or i t y |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| be | gr een | 0 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| be | yel l ow | 0 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 2 | gr een | 1 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 2 | yel l ow | 1 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| af | gr een | 2 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| af | yel l ow | 2 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 1 | gr een | 3 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| l 1 | yel l ow | 3 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h2 | gr een | 4 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h2 | yel l ow | 4 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| ef | gr een | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| ef | yel l ow | 5 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h1 | gr een | 6 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| h1 | yel l ow | 6 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| nc | gr een | 7 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
| nc | yel l ow | 7 |
+- - - - - - - - +- - - - - - - - - - - - +- - - - - - - - - - - - +
T-Marc 300 Series User Guide
Page 51
Configuring Quality of Service (QoS) (Rev. 11)
Configuring the Traffic Type
The storm-control command configures the storm-control threshold rate of the incoming traffic
and blocks forwarding of unnecessary flooded traffic. All traffic that exceeds that rate is dropped.
CLI Mode:
Interface Configuration, Range Interface Configuration, LAG Interface
Configuration, and LAG Range Interface Configuration
Per ports, the ingress rate limit granularity is as follows:
from 64 Kbps to 1 Mbps in increments of 64 Kbps
from 1 Mbps to 1 Gbps in increments of 62,5 Kbps
By default, traffic storm control is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#storm-control {broadcast | multicast |
unknown} <rate>
device-name(config-if UU/SS/PP)#no storm-control
device-name(config-if-group)#storm-control {broadcast | multicast | unknown}
<rate>
device-name(config-if-group)#no storm-control
device-name(config-if AG0N)#storm-control {broadcast | multicast | unknown}
<rate>
device-name(config-if AG0N)#no storm-control
device-name(config-ag-group)#storm-control {broadcast | multicast | unknown}
<rate>
device-name(config-ag-group)#no storm-control
Argument Description
broadcast Rate limits broadcast input traffic only.
multicast Rate limits known multicast traffic only.
unknown Rate limits unknown-unicast and unknown-multicast traffic only.
rate The desired ingress rate limit. Must be a number between 64 Kbps and 1 Gbps.
The number must be specified with K, M or G at the end.
NOTE
If the actual ingress line rate is different from your desired ingress
line rate, a relevant message appears, see the Example below.
no Disables storm control.
T-Marc 300 Series User Guide
Page 52
Configuring Quality of Service (QoS) (Rev. 11)
Example
If you limit the ingress line rate to 250 Kbps, the actual rate is set to 256 Kbps. If you limit the
ingress line rate to 400 Kbps, the actual rate is set to 384 Kbps:
device-name(config-if 1/1/1)#storm-control broadcast 250K
Act ual l i ne r at e was set t o 256kbps due t o gr anul ar i t y l i mi t at i on
device-name(config-if 1/1/1)#interface ag01
device-name(config-if AG01)#storm-control unknown multicast 400K
Act ual r at e i s set t o 384Kbps due t o gr anul ar i t y l i mi t at i on.
Displaying the Storm Control Settings
The show storm-control command displays the storm control levels configured on a port or on
all ports.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show storm-control {all | interface UU/SS/PP | interface ag0N}
Argument Description
all Displays the storm-control settings for all ports on the device.
interface Displays the storm-control settings for the specified port or aggregation port.
UU/SS/PP The desired port where you previously configured the ingress-rate limit.
ag0N The aggregation port where you previously configured the ingress-rate limit.
LAG ID is in the valid range of <17>.
Examples
Display the storm control levels for port 1/ 1/ 1:
device-name#show storm-control interface 1/1/1
Tr af f i c t ype = br oadcast
I ngr ess l i ne r at e l i mi t = 320Kbps
Display the storm control levels configured for all ports:
device-name#show storm-control all
I nt er f ace 1/ 1/ 1
Tr af f i c t ype = br oadcast
I ngr ess r at e l i mi t = 256Kbps
I nt er f ace ag01
Tr af f i c t ype = unknown, mul t i cast
I ngr ess r at e l i mi t = 384Kbps
T-Marc 300 Series User Guide
Page 53
Configuring Quality of Service (QoS) (Rev. 11)
Filtering Egress Broadcast Packets
The tx-drop-broadcast command filters egress broadcast packets on a specified port, blocking
unregistered broadcast traffic on the port.
CLI Mode: Interface Configuration, Range Interface Configuration
By default, egress broadcast packets filtering is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#tx-drop-broadcast
device-name(config-if UU/SS/PP)#no tx-drop-broadcast
device-name(config-if-group)#tx-drop-broadcast
device-name(config-if-group)#no tx-drop-broadcast
Argument Description
no Disables egress broadcast packets filtering
Filtering Egress Unknown-Unicast Packets
The tx-drop-unknown command filters egress unknown-unicast packets on a specified port,
blocking unregistered unknown unicast traffic on the port.
CLI Mode: Interface Configuration, Range Interface Configuration
By default, egress unknown-unicast packets filtering is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#tx-drop-unknown
device-name(config-if UU/SS/PP)#no tx-drop-unknown
device-name(config-if-group)#tx-drop-unknown
device-name(config-if-group)#no tx-drop-unknown
Argument Description
no Disables egress unknown-unicast packets filtering
T-Marc 300 Series User Guide
Page 54
Configuring Quality of Service (QoS) (Rev. 11)
Filtering Egress Multicast Packets
The tx-drop-multicast command filters egress multicast packets on a specified port, blocking
unregistered multicast traffic on the port.
CLI Mode: Interface Configuration, Range Interface Configuration
By default, egress multicast packets filtering is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#tx-drop-multicast
device-name(config-if UU/SS/PP)#no tx-drop-multicast
device-name(config-if-group)#tx-drop-multicast
device-name(config-if-group)#no tx-drop-multicast
Argument Description
no Disables egress multicast packets filtering
T-Marc 300 Series User Guide
Page 55
Configuring Quality of Service (QoS) (Rev. 11)
Configuration Examples
Mapping Priority
Change the mapping of the FC priority levels to the following:
Priority 0 and 1FC l2, drop-level green
Priority 2 and 3FC l1, drop-level yellow
Priority 4 and 5FC ef, drop-level green
Priority 6 and 7FC nc, drop-level yellow
1. Display the default priority of the FC levels:
device-name#show qos ingress priority-map
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| Pr i or i t y | FC | Dr op Level |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 0 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 1 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 2 | af | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 3 | l 1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 4 | h2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 5 | ef | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 6 | h1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 7 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
2. Change the mapping of the FC priority levels:
device-name#configure terminal
device-name(config)#qos
device-name(config qos)#map priority 0 fc l2 drop-level green
device-name(config qos)#map priority 2 fc l1 drop-level yellow
device-name(config qos)#map priority 3 fc l1 drop-level yellow
device-name(config qos)#map priority 4 fc ef drop-level green
device-name(config qos)#map priority 6 fc nc drop-level yellow
device-name(config qos)#map priority 7 fc nc drop-level yellow
device-name(config qos)#end
T-Marc 300 Series User Guide
Page 56
Configuring Quality of Service (QoS) (Rev. 11)
3. Display the new priority of the FC levels:
device-name#show qos ingress priority-map
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| Pr i or i t y | FC | Dr op Level |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 0 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 1 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 2 | l 1 | yel l ow |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 3 | l 1 | yel l ow |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 4 | ef | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 5 | ef | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 6 | nc | yel l ow |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 7 | nc | yel l ow |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
Configuring the DSCP-to-FC Mapping
Configure the mapping of DSCP 2 and 4 with FC priorities l1 and h2, respectively:
1. Configure DSCP 2 with FC priority l1 and mark it as green:
device-name#configure terminal
device-name(config)#qos
device-name(config qos)#map dscp 2 fc l1 drop-level green
2. Configure DSCP 4 with FC priority h2 and mark it as yellow:
device-name(config qos)#map dscp 4 fc h2 drop-level yellow
device-name(config qos)#end
3. Display the DSCP-to-CoS configuration:
device-name#show qos ingress dscp-map
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| DSCP | FC | Dr op Level |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 0 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 1 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 2 | l 1 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 3 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 4 | h2 | yel l ow |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
T-Marc 300 Series User Guide
Page 57
Configuring Quality of Service (QoS) (Rev. 11)
| 5 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 5 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 7 | be | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 8 | l 2 | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
| 63 | nc | gr een |
+- - - - - - - - - - - +- - - - - - - - +- - - - - - - - - - - - - +
Configuring the Traffic Shaping Per-port
The shaper boundaries are:
Min Burst size 4KB Resolution: 4KB
Max Burst size 16MB Resolution: 4KB
Min shaper rate limit 64Kbps Using slow rate
Max shaper rate limit 1Gbps
To assign a transmission rate of 800K:
1. Configure the traffic shaping:
device-name#configure terminal
device-name(config)#qos
device-name(config qos)#shaper-profile 2 800k 1m
[ War ni ng] Shaper CI R and CBS can be changed t o t he near est suppor t ed val ue
device-name(config qos)#end
2. Display the traffic shaping configuration:
device-name#show qos shaper-profile
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I d | CI R | CBS |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 2 | 800 | 1024 |
+- - - - - - +- - - - - - - - - - +- - - - - - - - - - +
T-Marc 300 Series User Guide
Page 58
Configuring Quality of Service (QoS) (Rev. 11)
Configuring QoS Service Policy
To configure the QoS service policy:
1. Configure the shaper profile:
device-name#configure terminal
device-name(config)#qos
device-name(config qos)#shaper-profile 10 10000K 200K
[ War ni ng] Shaper CI R and CBS can be changed t o t he near est suppor t ed val ue
device-name(config qos)#shaper-profile 11 5000K 200K
[ War ni ng] Shaper CI R and CBS can be changed t o t he near est suppor t ed val ue
2. Create the service QoS policy named policy:
device-name(config qos)#service-policy policy
3. Add description for the QoS policy:
device-name(config qos-serv policy)#description This is an ingress policy
4. Configure the QoS service ingress policy:
device-name(config qos-serv policy)#ingress
5. Apply the created shaper profile on the service policy:
device-name(config qos-serv-in policy)#shaper-profile 10
6. Create the QoS service ingress queue:
device-name(config qos-serv-in policy)#queue 3
7. Apply the created shaper profile on the queue.
device-name(config qos-serv-queue 3)#shaper-profile 11
device-name(config qos-serv-queue 3)#end
8. Create the VLAN vl10 with ID 10 and add to it port 1/ 2/ 1 (SDP port) as tagged and port
1/ 2/ 2 (SAP port) as untagged:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create vl10 10
device-name(config vlan)#config vl10
device-name(config-vlan vl10)#add ports 1/2/1 tagged
device-name(config-vlan vl10)#add ports 1/2/2 untagged
device-name(config-vlan vl10)#exit
device-name(config vlan)#exit
T-Marc 300 Series User Guide
Page 59
Configuring Quality of Service (QoS) (Rev. 11)
9. Configure the SDP and SAP for TLS service:
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 10
device-name(config-tls serv)#sap 1/2/2 c-vlans 100
10. Apply the created QoS service policy on the TLS service:
device-name(config-tls serv)#qos-service-policy policy
11. Enable the QoS policy for the specified SAP:
device-name(config-tls serv)#sap 1/2/2 c-vlans 100 option
device-name(config-tls-sap 1/2/2:100:)#apply-qos-service-policy
device-name(config-tls-sap 1/2/2:100:)#end
12. Display the QoS service policy:
device-name#show qos service-policy policy
Pol i cy Name: policy
Descr i pt i on: This is an ingress policy
++- - - - - - - - - - - - - - - - +- - - - - - - - - - +
| Shaper Pr of i l e |
+- - - - - +- - - - - - - - - - +- - - - - - - - - - +
| I D | CI R | CBS |
+- - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 10 | 10000 | 200 |
+- - - - - +- - - - - - - - - - +- - - - - - - - - - +
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| Queue I d | Shaper I d | CI R | CBS |
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
| 3 | 11 | 5000 | 200 |
+- - - - - - - - - - +- - - - - - - - - - - +- - - - - - - - - - +- - - - - - - - - - +
13. Display the SAP service policy:
device-name#show qos service
Ser vi ce: 5 Ser vi ce pol i cy: pol i cy
Enabl ed on SAPs: 1/ 2/ 2: 100:
T-Marc 300 Series User Guide
Page 60
Configuring Quality of Service (QoS) (Rev. 11)
Supported Platforms
Feature T-Marc 340 T-Marc 380
Quality of Service (QoS) + +
Supported Standards, MIBs, and RFCs
Feature Standards MIBs RFCs
Quality of Service (QoS) IEEE 802.1p
Priority Queuing
IEEE 802.1ad
Describes port-
based service
Private MIB,
prvt_qos.mib
RFC 2474, Definition
of the Differentiated
Services Field (DS
Field) in the IPv4 and
IPv6 Headers
RFC 2475, An
Architecture for
Differentiated
Services
RFC 2597, Assured
Forwarding PHB
Group
RFC 2598, An
Expedited
Forwarding PHB
RFC 2697, A Single
Rate Three Color
Marker
RFC 2698, A Two
Rate Three Color
Marker
RFC 3140, Per Hop
Behavior
Identification Codes
Page 1
Operations, Administration & Maintenance (OAM) (Rev.13)
Operations, Administration & Maintenance (OAM)
Table of Figures 8
Features Included in this Chapter 9
802.3ah Ethernet in the First Mile (EFM-OAM)10
Overview10
Potential Applications11
Installation Configurations11
EFM-OAM Protocol Functionality12
Discovery13
Timers13
Flags14
Process Overview14
Rules for Active Mode14
Rules for Passive Mode15
Link Monitoring Process15
Remote Failure Indication16
Remote Loopback16
EFM-OAM Configuration Flow17
Configuring EFM-OAM18
Enabling/ Disabling EFM-OAM18
Specifying the Number of OAMPDUs19
Enabling/ Disabling Sending of Local Event Notifications to Remote Device19
Enabling/ Disabling Sending of Event Notifications to Local Syslog Daemon20
Defining OAMPDUs Priority20
Defining the Keep-Alive Interval21
Defining the Hello Interval22
Setting the EFM-OAM History limit22
EFM-OAM Interface Configuration Commands23
Enabling/ Disabling the EFM-OAM State on the Specified Interface23
Forcing the EFM-OAM Local/ Remote Loopback Configuration24
T-Marc 300 Series User Guide
Page 2
Operations, Administration & Maintenance (OAM) (Rev. 13)
Enabling/ Disabling the EFM-OAM Enhancements on the Specified Interface25
Defining the EFM-OAM Thresholds for Bit Error Monitoring on the Specified
Interface26
Defining the EFM-OAM Thresholds for Frame Error Monitoring on the Specified
Interface27
Defining Event Monitoring on a Specific Interface28
Enabling Event Return29
EFM-OAM Monitoring and Network Testing Commands30
Enabling EFM-OAM Non-intrusive Monitoring31
Enabling EFM-OAM Monitoring32
Enabling/ Disabling Loopback Commands' Processing35
Enabling EFM-OAM Get Variable35
Clearing EFM-OAM History36
EFM-OAM Display Commands37
Displaying EFM-OAM Status and Configuration37
Displaying EFM-OAM History on a Specified Interface39
Displaying the EFM-OAM History Count for a Specific Port40
Displaying EFM-OAM History41
Displaying EFM-OAM Local and Remote Interface Statistics41
Log Messages 43
EFM-OAM Configuration Example45
802.1ag Connectivity Fault Management (CFM)50
Overview50
CFM-OAM Protocol Functionality50
CFM Purpose50
Mechanisms of Ethernet 802.1ag OAM51
Discovery and Connectivity51
Fault Verification (Loopback Messages)53
Fault Isolation (Linktrace Messages)53
Fault Notification and Alarm Suppression (Fault Alarms)55
CFM-OAM Configuration Flow56
Configuring 802.1ag CFM in Protocol Configuration Mode59
Enabling/ Disabling the CFM Protocol 59
Creating and Accessing a Maintenance Domains 60
T-Marc 300 Series User Guide
Page 3
Operations, Administration & Maintenance (OAM) (Rev. 13)
Restoring the Version 6.161
Displaying the Current Version61
The CFM Maintenance Domain Commands62
Creating Maintenance Associations62
Specifying MIP Creation Policy (in Maintenance Domain) 64
Defining the Identification Data Sent to the Remote MEPs64
CFM Maintenance Association Commands66
Defining the Hello Interval67
Adding/ Removing MEPs68
Configuring CCM Priority69
Specifying MIP Creation Policy (in Maintenance Association) 69
Defining the Identification Data Sent to the Remote MEPs71
Defining the Defect Priority72
Updating the Remote MEPs List 73
Defining the Fault Notification Reset Time74
Defining the Fault Notification Alarm Time74
Enabling the AIS/ LCK75
Configuring the AIS/ LCK Level 75
Configuring the AIS/ LCK Priority76
Configuring the AIS/ LCK Sending Interval77
Enabling a MEP in an Active State77
Enabling a MEP to Send CCMs78
CFM Performance Monitoring Commands79
Performance Monitoring Profile Creation79
Configuring Two-way Monitoring Process80
Configuring Time between Performance Parameters Update81
CFM Profile Configuration82
Specifying the 802.1p Class-of-Service Setting83
Specifying the Number of Loopback Request Packets83
Specifying the Size of Loopback Request Packets 83
Specifying One-Way Jitter Error Monitoring84
Specifying One-Way Jitter Warning Monitoring84
Specifying Two-Way Jitter Error Monitoring84
T-Marc 300 Series User Guide
Page 4
Operations, Administration & Maintenance (OAM) (Rev. 13)
Specifying Two-Way Jitter Warning Monitoring85
Specifying Two-Way Frame-Loss Error Monitoring85
Specifying Two-Way Frame-Loss Warning Monitoring86
Specifying Two-Way Latency Error Monitoring86
Specifying Two-Way Latency Warning Monitoring87
Defining the CFM OAM Process Result Bucket Size87
802.1ag CFM Monitoring and Statistics Commands88
Displaying the CFM Configuration88
Displaying Connectivity Statistics92
Displaying Monitoring Parameters 94
Displaying Performance Statistics95
Displaying the Update Interval96
Sending Linktrace Messages97
Sending Loopback Messages98
CFM Configuration Example 100
Configuring two Devices in CFM Protocol 100
Using the clear connectivity Command 105
SAA Throughput Test 109
Overview 109
Unidirectional Throughput Test 109
Bi-Directional Throughput Test 110
The SAA Throughput Test Configuration Flow 112
SAA Throughput Test Configuration Commands 113
Creating a Throughput Test 114
Defining the Throughput Test Type 115
Defining the Source for Throughput Test 116
Defining the C-VLAN 117
Defining the Throughput Test Target 118
Defining the Maximum Test Rate 119
Defining the Burst Size for the Unidirectional Test 119
Defining the Test Duration 120
Defining the Test Packet Pattern 121
Defining the Frame Loss Ratio Threshold 121
T-Marc 300 Series User Guide
Page 5
Operations, Administration & Maintenance (OAM) (Rev. 13)
Defining the Test's Data-Size List 122
Defining the Test Timeout 123
Defining the Result Acknowledge Timeout 123
Defining the Loopback Type 124
Starting/ Stoping the Throughput Test 124
Displaying the Throughput Test Results 126
Throughput Test Configuration Example 127
Service Assurance Application (SAA) 131
Overview 131
SAA Configuration Flow 132
SAA Configuration Commands 133
Creating an SAA Profile 135
Configuring the Near Delay Thresholds 135
Configuring the Far Delay Thresholds 136
Configuring the Near Jitter Thresholds 137
Configuring the Far Jitter Thresholds 137
Configuring the Near Frame-Loss Ratio Thresholds 138
Configuring the Far Frame-Loss Ratio Thresholds 138
Defining the Maximum Number of Concurrent SAA Tests 139
Creating an SAA Test 139
Configuring the SAA Service Test Type 140
Configuring the SAA VLAN Test Type 141
Enabling/ Disabling the Current SAA Test 142
Attaching a Threshold Profile and Enabling Alarms 142
Configuring the Repeat Frequency 143
Configuring Probe Statistics 143
Configuring Probe Timeout 144
Configuring the Test Sending Interval 144
Configuring the Monitored Interval 145
Configuring the Test Priority 145
Configuring the Test's Metric Types 146
Configuring the Test Delay Calculation Method 147
Configuring the Test Jitter Calculation Method 148
T-Marc 300 Series User Guide
Page 6
Operations, Administration & Maintenance (OAM) (Rev. 13)
Defining the Current Service Loopback Functionality 148
Defining the Current VLAN Loopback Functionality 149
Displaying the SAA Tests Results 150
Displaying the SAA Threshold Profile 151
Displaying the SAA Loopback Service 152
Displaying the SAA Loopback VLAN 152
SAA Configuration Example 153
ITU-T G.8031Ethernet Protection Switching (EPS) 158
Overview 158
Switchover Options 158
EPS Configuration Flow 159
EPS Configuration Commands 160
Enabling/ Disabling EPS 161
Selecting the CFM Level 161
Selecting the Primary Paths MEPs 162
Selecting the Backup Link MEPs 162
Activating EPS 163
Defining the Hold Off Timer 163
Manual Traffic Switchover 163
Locking the Active Path 164
Blocking the Service Protection 164
Enabling/ Disabling Revertive Protection 164
Defining Wait-to-Restore Timer 165
Configuring Signal Degrade Test 165
Enabling/ Disabling Signal Degrade Events 166
Clearing Local Commands 166
Displaying the EPS Service Status 166
EPS Configuration Example 167
Event Propagation 172
Event Propagation Configuration Flow 173
Event Propagation Configuration Commands 174
Creating an Event Propagation Profile 174
Configuring Remote Fault Detection and Propagation 175
T-Marc 300 Series User Guide
Page 7
Operations, Administration & Maintenance (OAM) (Rev. 13)
Configuring Local Alarm Propagation 176
Applying a Profile to a SAP or a Port 176
Displaying the Configured Event Propagation Profiles 177
Displaying the Running Sessions 178
Event Propagation Configuration Example 180
Ethernet Local Management Interface (E-LMI, MEF 16) 183
E-LMI Configuration Flow 184
E-LMI Configuration Commands 185
Enabling/ Disabling E-LMI on the Device 186
Enabling/ Disabling E-LMI per Port 186
Defining the E-LMI Mode 186
Configuring the E-LMI Polling Timer 187
Configuring the E-LMI Polling Verification Timer 188
Configuring the E-LMI Polling Counters 188
Configuring the E-LMI Status Counters 189
Displaying the E-LMI Status 189
Displaying the E-LMI VLAN 190
Displaying the E-LMI Statistics 191
Clearing the E-LMI Port Statistics 192
E-LMI Configuration Example 193
Diagnosing Connectivity Problems 195
Ping 195
Trace Route 195
Supported Platforms 196
Supported Standards, MIBs and RFCs 197
T-Marc 300 Series User Guide
Page 8
Operations, Administration & Maintenance (OAM) (Rev. 13)
Table of Figures
Figure 1: End-to-End OAM Configuration10
Figure 2: Managing Provider Devices using the EFM 802.3ah Standard11
Figure 3: Managing Customer Devices (passive) using the EFM 802.3ah Standard12
Figure 4: EFM-OAM Configuration Flow17
Figure 5: Example for Configuring Two Devices in EFM-OAM Protocol45
Figure 6: OAM Ethernet Tools51
Figure 7: MEP1 and MEP3 Send a Multicast CC Frame52
Figure 8: MEP4 and MEP2 Send a Multicast CC Frame52
Figure 9: Loopback Operation53
Figure 10: Link Trace Operation54
Figure 11: CFM-OAM Configuration Flow56
Figure 12: CFM-OAM Performance Monitoring Flow57
Figure 13: CFM-OAM on-demand Tools Flow58
Figure 14: Example for Configuring Two Devices in CFM Protocol 100
Figure 15: Example for using the clear connectivity Command 105
Figure 16: Unidirectional Test 109
Figure 17: End-to-End Unicast Loopback Test 110
Figure 18: Configuring Two Devices in Throughput Test Configuration Mode 127
Figure 19: Example for Configuring Two Devices in SAA Test Configuration Mode 153
Figure 20: Protecting Services Using EPS. 158
Figure 21: EPF Configuration Flow 159
Figure 22: Event Propagation Configuration Flow 173
Figure 23: E-LMI Configuration Flow 184
T-Marc 300 Series User Guide
Page 9
Operations, Administration & Maintenance (OAM) (Rev. 13)
Features Included in this Chapter
OAM is a family of standards providing reliable remotely-managed service-assurance (SA)
mechanisms for both the provider and customer networks, offering the ability to perform
automatic periodic network-wide service assurance and quality verifications.
This chapter includes the configuration instructions for the following OAM standards:
802.3ah Ethernet in the First Mile (EFM-OAM)
This standard specifies the protocols and Ethernet interfaces for using Ethernet over
access links as a first-mile technology and transforming it into a highly reliable
technology.
For more information, refer to 802.3ah Ethernet in theFirst Mile(EFM-OAM)
802.1ag Connectivity Fault Management (CFM)
This standard refers to the ability of a network to monitor the health of an end-to-end
service delivered to customers (as oppose to just links or individual bridges).
For more information, refer to 802.1agConnectivity Fault Management (CFM)
SAA Throughput Test
This section describes the steps for configuring and executing unidirectional and
bi-directional throughput tests.
For more information, refer to SAA Throughput Test
Service Assurance Application (SAA)
SAA is a software feature that allows you to monitor the performance of network-hosted
applications by emulating the traffic of these applications.
For more information, refer to ServiceAssuranceApplication (SAA)
ITU-T G.8031 Ethernet Protection Switching (EPS)
EPS is a method of protecting point-to-point Ethernet service connection over VLAN
transport networks, assuring traffic transport between the two service ends.
For more information, refer to ITU-T G.8031 Ethernet Protection Switching(EPS).
Event Propagation
The Event Propagation feature allows users to configure automatic actions executed
upon the occurrence of specific events. For more information, refer to Event Propagation.
Ethernet Local Management Interface (E-LMI)
E-LMI, an OAM protocol, enables the CE to auto-configure its support of Metro
Ethernet services.
For more information, refer to Ethernet Local Management Interface(E-LMI,
MEF 16).
T-Marc 300 Series User Guide
Page 10
Operations, Administration & Maintenance (OAM) (Rev. 13)
802.3ah Ethernet in the First Mile (EFM-OAM)
Overview
The IEEE 802.3ah Ethernet in the First Mile (EFM) standard specifies the protocols and Ethernet
interfaces for using Ethernet over access links as a first-mile technology and transforming it into a
highly reliable technology.
Using the Ethernet in the First Mile solution, you gain broadcast Internet access in addition to
services (such as Layer 2 transparent LAN services, Voice services over Ethernet Access networks,
Video, and multicast applications) reinforced by security and Quality of Service (QoS) control to
build a scalable network.
The in-band management specified by this standard defines the operations, administration, and
maintenance (OAM) mechanism needed for the advanced monitoring and maintenance of
Ethernet links in the first mile. The OAM capabilities facilitate network operation and
troubleshooting for both the provider and the customer networks.
Basic 802.3 packets convey OAM data between two ends of a physical link. The 802.3ah (Clause
57) provides the single-link OAM capabilities.
When enabled, two connected OAM devices exchange Protocol Data Units (OAMPDUs).
OAMPDUs are standard-size frames, including information such as the destination MAC address,
EtherType and subtype, sent at a predefined rate (a limitation necessary for reducing the impact on
the usable bandwidth).
EFM OAM is an optional and you can enable or disable it per physical port.
Figure 1: End- to- End OAM Configuration
T-Marc 300 Series User Guide
Page 11
Operations, Administration & Maintenance (OAM) (Rev. 13)
Potential Applications
Service providers use the link layer EFM for demarcation point OAM services.
Using the Ethernet demarcation service, providers can manage remote devices (defined as passive
devices) without utilizing an IP layer. Instead they can utilize link-layer SNMP counters request and
reply, loopback testing, and other techniques that are controlled remotely.
Installation Configurations
The following configuration shows how to manage the provider device (CPE passive device) using
802.3ah standard.
Figure 2: Managing Provider Devices using the EFM 802.3ah Standard
T-Marc 300 Series User Guide
Page 12
Operations, Administration & Maintenance (OAM) (Rev. 13)
The configuration below illustrates how to manage the customer devices using EFM 802.3ah.
Figure 3: Managing Customer Devices ( passive) using the EFM 802.3ah Standard
EFM-OAM Protocol Functionality
EFM-OAM supports the following basis functionalities:
Discovery: a local Data Terminating Entity's (DTE) ability to discover other EFM-OAM
enabled DTEs and exchanging information about OAM entities, capabilities, and
configuration.
Link monitoring: this process is used to detect and indicate link faults to its peer.
Remotefailuredetection: a mechanism for an OAM device to convey error conditions to its peer
via a flag in the OAMPDUs.
Remoteloopback: this mechanism is used to troubleshoot problematic segments by sending
Loopback Control OAMPDUs to the peer.
MIB variableretrieval: used for retrieving information from a management information base.
Organizingspecificenhancements: provides vendor-specific enhancements to the protocol.
T-Marc 300 Series User Guide
Page 13
Operations, Administration & Maintenance (OAM) (Rev. 13)
Discovery
At the first phase EFM-OAM enabled DTEs identify other DTEs along with their OAM
capabilities using Information OAMPDUs, advertising the following information:
OAM configuration(capabilities)the local DTE's OAM capabilities. Using this information, a
peer can determine what functions are supported and accessible (for example, loopback
capability).
OAM modethe DTE's OAM mode, also used to determine the DTE's functionality:
Activemode: the DTE instigates OAM communications and can issue queries and
commands to the remote device.
Passivemode: the DTE generally waits for the peer DTE to instigate OAM
communications and responds to them. It does not instigate commands and queries.
For more information about the rules for active and passive mode DTEs, refer to Rules
for ActiveModeand Rules for PassiveModebelow.
The mode combinations are:
One active and one passive OAM DTE
Two active OAM DTEs
OAMPDU configurationincluding the maximum size of OAMPDUs delivered (This
information, in combination with a limited rate of ten frames per second, is used to limit the
bandwidth allocated to OAM traffic)
Platformidentitythe platform identity is a combination of an Organization Unique Identifier
(OUI, the first three bytes of the MAC address) and 32-bits of vendor-specific information.
OUI allocation is controlled by the IEEE.
Once OAM support is detected and the OAM expectations are met, both ends of the link
exchange the above information, enabling OAM on the link. However, the loss of a link or a failure
to receive OAMPDUs for a predefined interval causes the discovery process the start over again.
Timers
Two configurable timers control the protocol:
The Hellotimer, determining the rate for sending OAMPDUs
The Keep-alivetimer, determining the time interval for expecting OAMPDUs from the peer
An additional 1-second non-configurable timer is used for error aggregation necessary for the Link
Monitoring Process to generate link quality events.
T-Marc 300 Series User Guide
Page 14
Operations, Administration & Maintenance (OAM) (Rev. 13)
Flags
Each OAMPDU includes a Flagsfield that includes the discovery process status. There are three
possible status values:
Discoveringthe discovery process is in progress
Stablediscovery is completed and the remote device can start sending any type of OAMPDU
Unsatisfiedwhen there are mismatches in the OAM configuration that prevent OAM from
completing the discovery process
Process Overview
The discovery process allows a local Data Terminating Entity (DTE) to detect OAM on a remote
DTE. Once OAM support is detected, both ends of the link exchange state and configuration
information (such as mode, PDU size, loopback support, etc.). If both DTEs are satisfied with the
settings, OAM is enabled on the link. However, the loss of a link or a failure to receive OAMPDUs
for five seconds may cause the discovery process the start over again.
DTEs may either be in active or passive mode. Active mode DTEs instigate OAM
communications and can issue queries and commands to a remote device. Passive mode DTEs
generally wait for the peer device to instigate OAM communications and respond to, but do not
instigate, commands and queries. Rules of what DTEs in active or passive mode can do are
discussed in the following sections.
Rules for Active Mode
The Active mode DTE:
initiates the OAM Discovery process
sends Information PDUs
can send Event Notification PDUs
can send Variable Request/ Response PDUs
can send Loopback Control PDUs
doesnot respond to Variable Request PDUs from devices in Passive mode
doesnot react to Loopback Control PDUs from devices in Passive mode
T-Marc 300 Series User Guide
Page 15
Operations, Administration & Maintenance (OAM) (Rev. 13)
Rules for Passive Mode
The Passive mode DTE:
waits for the remote device to initiate the Discovery process
sends Information PDUs
can send Event Notification PDUs
can respond to Variable Request PDUs
can react to received Loopback Control PDUs
cannot send Variable Request or Loopback Control OAMPDUs
Link Monitoring Process
The Link Monitoring process is used for monitoring the link for occurrences where defined
thresholds are crossed and notifying the remote device by sending Event Notification OAMPDUs.
The events the Link Monitoring process indicates:
ErroredSymbol per secondif the number of symbol errors that occurred during a specified
period exceeded a threshold. These are coding symbol errors (for example, a violation of
4B/ 5B coding).
ErroredFrameper secondif the number of frame errors detected during a specified period
exceeded a threshold.
ErroredFrameper N framesif the number of frame errors within the last N frames exceeded a
threshold.
ErroredSecondsSummary(erroredsecondsper M seconds)if the number of errored seconds (one
second intervals with at least one frame error) per M seconds exceeded a threshold.
Since 802.3ah OAM does not guarantee the delivery of OAMPDUs, the Event Notification
OAMPDU can be sent multiple times to reduce the probability of losing these notifications using a
sequence number in order to recognize duplicate events.
The Link Monitoring process operates on all enabled EFM OAM links.
T-Marc 300 Series User Guide
Page 16
Operations, Administration & Maintenance (OAM) (Rev. 13)
Remote Failure Indication
Faults in Ethernet that are caused by slowly deteriorating quality are more difficult to detect than
completely disconnected links. A flag in the OAMPDU allows an OAM entity to send failure
conditions to its peer. The failure conditions are defined as follows:
Link FaultThe Link Fault condition is detected when the receiver loses the signal. This
condition is sent once per second in the Information OAMPDU.
DyingGaspThis condition is detected when the receiver goes down. The DyingGasp
condition is considered as unrecoverable. Conditions for dying gasp:
Management of the reload command
Device power down (incidental / deliberate).
Critical EventWhen a critical event occurs, the device is unavailable as a result of malfunction,
and it is to be restarted by you. The critical events can be sent immediately and continually.
Conditions for critical events:
Fatal error mess any task on the device (suspend)
When a link receives no signal from its peer at the physical layer (for example, if the peers laser is
malfunctioning), the local entity sets this flag to let the peer know that its transmit path is
inoperable.
Since these conditions are severe, the OAMPDUs updated with these flags are not subject to
normal rate limiting policy.
Remote Loopback
In order to verify the quality of links, estimating whether a network segment satisfies an SLA, and
when troubleshooting, the active device can enable the remote peer's loopback mode, using
Loopback Control OAMPDUs.
When in a loopback mode, the peer loops back all the traffic (except for OAMPDU traffic and
pause frames) without changing it. The remote peer acknowledges the loopback by responding
with an Information OAMPDU, indicating the loopback status in the Statefield.
CAUTION
Initiating this mode drops all traffic from the remote peer device.
There are two kinds of loopback tests:
Loopback using multiple ping packets (1 to 200 packets). This tests and displays also the local
and remote peer's counters.
Loopback using hardware-created frames at wire-speed, allowing the testing of the link under
extreme high-load conditions. (These frames are discarded on the active device when they get
back from the remote peer.) This tests and displays also the local and remote peer's counters.
T-Marc 300 Series User Guide
Page 17
Operations, Administration & Maintenance (OAM) (Rev. 13)
EFM-OAM Configuration Flow
Figure 4: EFM- OAM Configuration Flow
Start
End
Configure protocol parameters priority, hello-interval,
keepalive-interval, multiple-pdu-count, propagate-events.
Enable protocol
Configure EFM-OAM per port
Configure EFM-OAM monitoring and
network testing
Start/Stop EFM-OAM local/remote
loopback configuration
Built-in test tools
Set network monitoring
Non-intrusive Intrusive
T-Marc 300 Series User Guide
Page 18
Operations, Administration & Maintenance (OAM) (Rev. 13)
Configuring EFM-OAM
Table 1: EFM-OAM Protocol Configuration Commands
Command Description
efm-oam
Enables/disables the EFM-OAM protocol (see Enabling/Disabling
EFM-OAM)
efm-oam multiple-pdu-
count
Specifies the number of OAMPDUs that are sent when the
protocol sends multiple successive messages (Event Notification
OAMPDU) (see Specifying the Number of OAMPDUs).
efm-oam propagate-
events
Enables the sending of local event notifications to the remote
device (see Enabling/Disabling Sending of Local Event
Notifications to Remote Device)
efm-oam log-events
Enables/disables sending of event notification OAMPDUs to the
local Syslog daemon (see Enabling/Disabling Sending of Event
Notifications to Local Syslog Daemon)
efm-oam priority
Defines priority for the sent OAMPDUs (see Setting OAMPDUs
Priority)
efm-oam keepalive-
interval
Defines the aging interval in seconds for the neighboring device
that last sent packets (see Setting the Keep-Alive Interval)
efm-oam hello-
interval
Defines the time interval between two PDUs in milliseconds (see
Setting the Hello Interval)
efm-oam history limit Defines the EFM-OAM history limit (see Setting the EFM-OAM
History limit)
Enabling/Disabling EFM-OAM
The efm-oam command enables/ disables the EFM-OAM protocol on the devices.
The efm-oam disable/enable command configures all EFM-OAM parameters to their default
values. To disable the protocol and keep the current configuration, disable the protocol on a
specified port or port range.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#efm-oam {enable | disable}
Argument Description
enable
Enables EFM-OAM protocol.
Enabled
disable Disables EFM-OAM protocol.
T-Marc 300 Series User Guide
Page 19
Operations, Administration & Maintenance (OAM) (Rev. 13)
Example
device-name(cfg protocol)#efm-oam enable
Specifying the Number of OAMPDUs
The efm-oam multiple-pdu-count command specifies the number of OAMPDUs that are sent
when the protocol sends multiple successive messages (Event Notification OAMPDU).
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#efm-oam multiple-pdu-count <pdu-count>
device-name(cfg protocol)#no efm-oam multiple-pdu-count
Argument Description
pdu-count
Defines the number of identical PDUs, in the range of <110>. These
PDUs are sent when the local event occurs and requires propagation to
the remote device.
5 OAMPDU
no
Restores to default.
Example
device-name(cfg protocol)#efm-oam multiple-pdu-count 3
Enabling/Disabling Sending of Local Event Notifications to
Remote Device
The efm-oam propagate-events command enables the sending of local event notifications to the
remote device.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#[no] efm-oam propagate-events
Argument Description
no
Disables the event propagation.
the event propagation is enabled
T-Marc 300 Series User Guide
Page 20
Operations, Administration & Maintenance (OAM) (Rev. 13)
Example
device-name(cfg protocol)#efm-oam propagate-events
Enabling/Disabling Sending of Event Notifications to Local Syslog
Daemon
The efm-oam log-events command enables/ disables sending of event notification OAM PDUs
to the local Syslog daemon. Thus, the logging of the local activity is disabled.
When you enable the event notification, all the EFM messages are logged. When you disable this
function, EFM threshold messages are not logged.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#[no] efm-oam log-events
Argument Description
no
Disables the local Syslog daemon's event propagation.
the sending of the event notification OAMPDUs is enabled
Example
device-name(cfg protocol)#no efm-oam log-events
Defining OAMPDUs Priority
The efm-oam priority command sets priority for the sent OAMPDUs.
CLI Mode: Protocol Configuration
NOTE
This command takes affect only if the port is a tagged member of the default
VLAN.
Command Syntax
device-name(cfg protocol)#efm-oam priority <priority>
device-name(cfg protocol)#no efm-oam priority
T-Marc 300 Series User Guide
Page 21
Operations, Administration & Maintenance (OAM) (Rev. 13)
Argument Description
priority Defines 802.1p priority value for the outgoing and incoming EFM-OAM PDUs,
in the range of <07>.
the priority is undefined
no
Restores to default.
Example
device-name(cfg protocol)#efm-oam priority 3
Defining the Keep-Alive Interval
The efm-oam keepalive-interval command sets the aging interval in seconds for the
neighboring device that last sent packets. When the neighboring device does not send a PDU
within the defined keep-alive interval, it is considered inoperative.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#efm-oam keepalive-interval <interval>
device-name(cfg protocol)#no efm-oam keepalive-interval
Argument Description
interval Defines the aging interval, in the range of <10015000>milliseconds.
5000 milliseconds
no
Restores to default.
Example
device-name(cfg protocol)#efm-oam keepalive-interval 3000
T-Marc 300 Series User Guide
Page 22
Operations, Administration & Maintenance (OAM) (Rev. 13)
Defining the Hello Interval
The efm-oam hello-interval command sets the time interval between two PDUs in
milliseconds. This mechanism is used to inform the neighboring device that the local device is
operative. When the local device receives no PDU within the defined keep-alive interval, the
neighboring device is considered inoperative.
CLI Mode: Protocol Configuration
NOTE
The standard hello interval is 1second. However, to reduce overload in some
cases, it is possible to set the range to up to 5 seconds even though it violates the
standard.
NOTE
The keepalive-interval must be 2 times bigger than the hello-interval.
Command Syntax
device-name(cfg protocol)#efm-oam hello-interval <interval>
device-name(cfg protocol)#no efm-oam hello-interval
Argument Description
interval Defines the repetition interval of sending Hello packets. The range is <100
5000>milliseconds.
1000 milliseconds
no
Restores to default.
Setting the EFM-OAM History limit
The efm-oam history limit command sets the EFM-OAM history limit.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#efm-oam history limit <1000-10000>
device-name(cfg protocol)#no efm-oam history limit
Argument Description
1000-10000 Defines the maximum number of entries in the EFM-OAM history.
5000 entries
no
Restores to default.
T-Marc 300 Series User Guide
Page 23
Operations, Administration & Maintenance (OAM) (Rev. 13)
EFM-OAM Interface Configuration Commands
Table 2: EFM-OAM Interface Configuration Commands
Command Description
efm-oam
Enables/disables EFM-OAM on the specified interface and sets its
mode to active or passive (see Enabling/Disabling the EFM-OAM
State on the Specified Interface)
efm-oam force-
loopback
Forces permanent loopback on the local or remote device (see
Forcing the EFM-OAM Local/Remote Loopback Configuration)
efm-oam mode
Enables/disables the organization-specific EFM-OAM
enhancements on the specified interface (see Enabling/Disabling
the EFM-OAM Enhancements on the Specified Interface)
efm-oam threshold
bit-errors
Defines thresholds for bit error testing and reporting on the
specified interface (see Setting the EFM-OAM Thresholds for Bit
Error Monitoring on the Specified Interface)
efm-oam threshold
frame-errors
Defines a threshold for frame error testing and reporting on the
specified interface (see Setting the EFM-OAM Thresholds for
Frame Error Monitoring on the Specified Interface)
efm-oam event-forward
Defines an action that is performed when the link status of the
configured interface is changed (see Setting Event Monitoring on a
Specific Interface)
efm-oam event-return
shutdown
Enables the Event Return feature (see Enabling Event Return)
Enabling/Disabling the EFM-OAM State on the Specified Interface
The efm-oam command enables/ disables EFM-OAM on the specified interface and sets its mode
to active or passive.
When both peers are in passive mode (abnormal configuration) the information from 'Remote
Status' is not updated anymore and it may be inaccurate.
CLI Mode: Interface Configuration and Range Interface Configuration
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisablederror is generated.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam {active | passive}
device-name(config-if UU/SS/PP)#no efm-oam
device-name(config-if-group)#efm-oam {active | passive}
device-name(config-if-group)#no efm-oam
T-Marc 300 Series User Guide
Page 24
Operations, Administration & Maintenance (OAM) (Rev. 13)
Argument Description
active When specifying the active mode, the device can send hello packets over this
port to initiate an EFM-OAM discovery process. To initiate the discovery
process, enable first the EFM-OAM protocol.
passive When specifying the passive mode, the device cannot use this port to send
hello packets.
port state is passive for uplink ports and disabled for user ports
no Disables 802.3ah EFM-OAM.
Example 1
device-name(config-if 1/1/1)#efm-oam passive
Example 2
device-name(config)#interface range 1/1/1
device-name(config-if-group)#efm-oam passive
Forcing the EFM-OAM Local/Remote Loopback Configuration
The efm-oam force-loopback command forces loopback on local or remote devices. This is
useful for long-term loopback traffic analysis.
CLI Mode: Interface Configuration and Range Interface Configuration
For this command to take effect on a local device you do not have to enable EFM-OAM in the
Protocol Configuration mode.
If the port is in a loopback state and either EFM is disabled globally or per this port, or the port's
mode is changed to Passive mode, the force loopback state is removed from the port, generating
the remoteloopback isremovedfromthedeviceonport UU/ SS/ PP message. This message, along with an
error severity is sent to the Syslog server.
For this command to take effect on a remote device:
1. first enable EFM-OAM in the Protocol Configuration mode (see Enabling/ DisablingEFM-
OAM), otherwise the %EFM-OAM isdisablederror is generated.
2. configure this interface to be in an Active mode.
NOTE
The loopback is always forced on the remote port, when EFM is enabled on
the remote device.
CLI Mode: Interface Configuration and Interface Range Configuration
T-Marc 300 Series User Guide
Page 25
Operations, Administration & Maintenance (OAM) (Rev. 13)
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam force-loopback {local | remote}
device-name(config-if UU/SS/PP)#no efm-oam force-loopback
device-name(config-if-group)#efm-oam force-loopback {local | remote}
device-name(config-if-group)#no efm-oam force-loopback Argument Description
Argument Description
local Forces the port loopback on the local device.
Disabled
remote Forces the port loopback on the remote device.
Disabled
no Removes the forced loopback on local or remote devices.
Example
device-name(config-if 1/1/1)#efm-oam force-loopback remote
Enabling/Disabling the EFM-OAM Enhancements on the
Specified Interface
The efm-oam mode command enables/ disables the organization-specific EFM-OAM
enhancements on the specified interface or interface range.
You can use this command with one of the below variables:
Basic: do not use organization-specific extensions
Enhanced: allows defining and retrieving all the SNMP variables on the remote device.
If the remote device is not an organization device, Basic mode is used, even if Enhanced
mode is configured.
Configure both devices with Enhanced mode for the devices to exchange their hostname.
CLI Mode: Interface Configuration and Range Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam mode {enhanced | basic}
device-name(config-if UU/SS/PP)#no efm-oam mode
device-name(config-if-group)#efm-oam mode {enhanced | basic}
device-name(config-if-group)#no efm-oam mode
Argument Description
enhanced Enables enhanced mode.
Enhanced mode
basic Enables basic mode.
T-Marc 300 Series User Guide
Page 26
Operations, Administration & Maintenance (OAM) (Rev. 13)
no Disables the organization-specific EFM-OAM enhancements.
Example
device-name(config-if 1/1/1)#efm-oam mode enhanced
Defining the EFM-OAM Thresholds for Bit Error Monitoring on the
Specified Interface
The efm-oam threshold bit-errors command defines a threshold for bit error testing and
reporting for a specific interface or an interface range.
When the threshold is exceeded, the device generates an ErroredSymbol PeriodEvent message and
sends it to the remote peer. The message is written to the Syslog and in the feature history.
Additionally, the event counters are updated.
CLI Mode: Interface Configuration and Range Interface Configuration
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisablederror is generated.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam threshold bit-errors seconds <seconds>
error-count <error-count>
device-name(config-if UU/SS/PP)#no efm-oam threshold bit-errors
device-name(config-if-group)#efm-oam threshold bit-errors seconds <seconds>
error-count <error-count>
device-name(config-if-group)#no efm-oam threshold bit-errors
Argument Description
seconds The number of seconds required for monitoring the bit error-count, in the
range of <160>.
error-count The errors bit errors threshold in the range of <11000000000>.
no
Disables the bit errors monitoring.
bit errors threshold is disabled
Example
device-name(config-if 1/1/1)#efm-oam threshold bit-errors seconds 20 error-
count 100
In this example, the device generates the ErroredSymbol PeriodEvent message in case of 100 bit errors
in a 20 seconds time frame.
T-Marc 300 Series User Guide
Page 27
Operations, Administration & Maintenance (OAM) (Rev. 13)
Defining the EFM-OAM Thresholds for Frame Error Monitoring on
the Specified Interface
The efm-oam threshold frame-errors command defines a threshold for frame error testing and
reporting a specific interface or an interface range.
When the threshold is exceeded, the device generates an ErroredFrameEvent message and sends it to
the remote peer. The message is written to the Syslog and in the feature history. Additionally, the
event counters are updated.
CLI Mode: Interface Configuration and Range Interface Configuration
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisablederror is generated.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam threshold frame-errors [seconds
<seconds> error-count <error-count>]
device-name(config-if UU/SS/PP)#no efm-oam threshold frame-errors
device-name(config-if-group)#efm-oam threshold frame-errors seconds <seconds>
error-count <error-count>
device-name(config-if-group)#no efm-oam threshold frame-errors
Argument Description
seconds The number of seconds required to monitor the frame error-count, in the
range of <160>.
error-count The errors frame errors threshold in the range of <11488000>.
no
Disables the frame errors monitoring.
256 errors during 20 seconds
Example
device-name(config-if 1/1/1)#efm-oam threshold frame-errors seconds 20 error-
count 100
In this example, the device generates the ErroredFrameEvent message in case of 100 frame errors in
a 20 seconds time frame.
T-Marc 300 Series User Guide
Page 28
Operations, Administration & Maintenance (OAM) (Rev. 13)
Defining Event Monitoring on a Specific Interface
Event monitoring is the ability to perform an action on a target interface whenever a source
interface's link status changes. There are two possible actions:
shutdown the target interface
send a Link Event Notification from the target interface to its EFM peer
The efm-oam event-forward command on the source port to enable and an Event Monitoring
action.
CLI Mode: Interface Configuration and Range Interface Configuration
For this command to take effect on the local interface, first enable EFM-OAM in the Protocol
Configuration mode (see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisabled
error is generated. You do not have to enable this option on the remote peer.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam event-forward {shutdown | status}
UU/SS/PP
device-name(config-if UU/SS/PP)#no efm-oam event-forward
device-name(config-if-group)#efm-oam event-forward {shutdown | status}
UU/SS/PP
device-name(config-if-group)#no efm-oam event-forward
Argument Description
shutdown Shuts down the target interface.
status Forwards a Link Event Notification from the target interface.
UU/SS/PP The target interface (on which the action is performed).
no
Disables event monitoring.
event monitoring is disabled
Example
device-name(config-if 1/1/1)#efm-oam event-forward status 1/2/3
T-Marc 300 Series User Guide
Page 29
Operations, Administration & Maintenance (OAM) (Rev. 13)
Enabling Event Return
The efm-oam event-return shutdown command is used to enable the Event Return feature. This
feature is used to determine the number of discovery attempts prior to administratively shutting
down the port.
You have to enable EFM-OAM on the port prior to enabling this command.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#[no] efm-oam event-return shutdown <attempts>
Argument Description
attempts
The number of discovery attempts before shutting down the port, in the range
of <110>.
5 discovery attempts when Event Return feature is enabled
no
Disables this feature.
Event Return feature is disabled
Example
device-name(config-if 1/1/1)#efm-oam event-return shutdown 3
T-Marc 300 Series User Guide
Page 30
Operations, Administration & Maintenance (OAM) (Rev. 13)
EFM-OAM Monitoring and Network Testing
Commands
Table 3: EFM-OAM Monitoring and Network Testing Commands
Command Description
efm-oam ping
Enables the EFM-OAM non-intrusive monitoring on the specific
interface (see Enabling EFM-OAM Non-intrusive Monitoring)
efm-oam loopback
Enables the EFM-OAM monitoring on the specific interface, using
the loopback service (see Enabling EFM-OAM Monitoring)
efm-oam accept-
remote-loopback
Enables reaction to loopback control OAMPDUs from peers (see
Enabling/Disabling Loopback Commands' Processing)
efm-oam get
Enables the EFM-OAM get variable operations for the interface
specific counters, as defined by the relevant standard (see
Enabling EFM-OAM Get Variable)
efm-oam history clear
Clears the EFM-OAM buffer history contents (see Clearing EFM-
OAM History)
T-Marc 300 Series User Guide
Page 31
Operations, Administration & Maintenance (OAM) (Rev. 13)
Enabling EFM-OAM Non-intrusive Monitoring
The efm-oam ping command enables the EFM-OAM non-intrusive monitoring of a specific
interface.
CLI Mode: Privileged (Enable)
By default, 5 requests are sent on the specified interface.
Command Syntax
device-name#efm-oam ping UU/SS/PP [number <number>] [delay <delay>] [timeout
<timeout>] [counter <branch> <leaf>] [extended]
Argument Description
UU/SS/PP The interface for EFM-OAM non-intrusive monitoring.
number <number> (Optional) defines the number of echo packets to send, in the range of
<110>
5 packets
delay <delay> (Optional) defines the delay between packets, in seconds, in the range
of <0600>
there is no delay
timeout <timeout> (Optional) define the reply timeout in the range of <160>seconds
2 seconds
counter (Optional) defines a different counter for the ping-like operation, from
the options displayed in the below table
aFramesTransmittedOK, branch 7 leaf 2
branch (Optional) selects the branch (see table below).
leaf (Optional) selects the leaf (see table below).
extended (Optional) displays the replay time for every packet.
Table 4: Leaf Values
Branch Leaf Port Statistics
7
2 aFramesTransmittedOK
7
5 aFramesReceivedOK
7
8 aOctetsTransmittedOK
7
14 aOctetsReceivedOK
7
21 aMulticastFramesReceivedOK
7
22 aBroadcastFramesReceivedOK
T-Marc 300 Series User Guide
Page 32
Operations, Administration & Maintenance (OAM) (Rev. 13)
Enabling EFM-OAM Monitoring
The efm-oam loopback command enables EFM-OAM monitoring of a specific interface, by
setting the remote device into a loopback mode and generating test traffic.
CAUTION
Initiating this mode drops all traffic from the remote peer interface.
You can enable one of the two loopback versions available:
Storm: sets the remote peer interface into a loopback mode, stops the local data flow to this
interface, and the local CPU generates a packet burst. When the remote peer sends the burst
back, the local device validates it and displays the burst statistics.
Burst: sets the remote peer interface into a loopback mode, stops the local data flow on this
interface, and the local hardware generates a test packet burst (a single packet, generated by
local CPU, is repetitively sent by the hardware). When the remote peer sends the burst back,
the local device ignores it and displays only counters.
NOTE
The Burst option is only supported with external traffic generator.
You can perform this test only if both devices support EFM-OAM Loopback.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#efm-oam loopback UU/SS/PP storm [count <burst-count>] [delay
<delay>] [packet-size <packet-size>] [no-remote-loopback] [timeout
<timeout>]
device-name#efm-oam loopback UU/SS/PP burst [duration <duration>] [packet-
size <packet-size>] [no-remote-loopback]
Argument Description
UU/SS/PP The interface for EFM-OAM non-intrusive monitoring.
Storm Selects a Storm loopback.
count <burst-
count>
(Optional) defines the number of packets sent in the Storm loopback, in
the range of <12147483646>.
100 packets
delay <delay>
(Optional) defines the delay between packets, in seconds, in the range
of <1600>
there is no delay
packet-size
<packet-size>
(Optional) defines the test-packets' size, in the range of <641512>
bytes
64 bytes
no-remote-
loopback
(Optional) does not define a remote loopback for this operation (set the
loopback manually).
timeout
<timeout>
(Optional) the reply timeout, in the range of <1600>seconds
2 seconds
T-Marc 300 Series User Guide
Page 33
Operations, Administration & Maintenance (OAM) (Rev. 13)
burst Selects a Burst loopback.
duration
<duration>
(Optional) defines the burst loopback duration, in the range of <1600>
seconds
10 seconds
Example 1
device-name#efm-oam loopback 1/1/1 storm count 1000 packet-size 64
Set t i ng Loopback . . . . . St ar t ed . . . . Compl et ed
Gener at i ng Test Tr af f i c . . . . . St ar t ed . . . . Compl et ed
Sent : 1000 packet s / 6400 oct et s
Recei ved Successf ul l y: 999 packet s / 6336 oct et s
Local Remot e
I nOct et s 636728 I nOct et s 1005096
Out Oct et s 613104 Out Oct et s 1136751
I nUcast Pkt s 7500 I nUcast Pkt s 7700
I nNUcast Pkt s 2250 I nNUcast Pkt s 7983
Out Ucast Pkt s 7400
Out NUcast Pkt s 2176
I nDi scar ds 0
Out Di scar ds 0
I nEr r or s 0
Out Er r or s 0
device-name#efm-oam loopback 1/1/1 burst duration 10 packet-size 64
Set t i ng Loopback . . . . . St ar t ed . . . . . Compl et ed
St oppi ng l oopback . . . . . St ar t ed . . . . . Compl et ed
Sent : 1488000 packet s / 611328816 oct et s
Recei ved Successf ul l y: 1485675 packet s / 611303112 oct et s
That out put does not cor r espond t o t he l oopback bur st
Local Remot e
I nOct et s 1669371083 I nOct et s 3910908339
Out Oct et s 632358980 Out Oct et s 1669699696
I nUcast Pkt s 565339720 I nUcast Pkt s 3223506341
I nNUcast Pkt s 26540 I nNUcast Pkt s 1086852153
Out Ucast Pkt s 402271
Out NUcast Pkt s 290145
I nDi scar ds 0
Out Di scar ds 0
I nEr r or s 0
Out Er r or s 0
T-Marc 300 Series User Guide
Page 34
Operations, Administration & Maintenance (OAM) (Rev. 13)
Example 2
device-name#efm-oam loopback 1/2/1 burst no-remote-loopback
Set t i ng Loopback . . . . . St ar t ed . . . . . Compl et ed
St oppi ng l oopback . . . . . St ar t ed . . . . . Compl et ed
Sent : 816701 packet s / 1234851912 oct et s
Recei ved Successf ul l y: 816701 packet s / 1234851912 oct et s
Maxi mumachi eved r at e: 94. 12%
Local Remot e
I nOct et s 3341384836 I nOct et s 3341374388
Out Oct et s 3341374388 Out Oct et s 3341384767
I nUcast Pkt s 10703329 I nUcast Pkt s 10703329
I nNUcast Pkt s 513 I nNUcast Pkt s 434
Out Ucast Pkt s 10703329
Out NUcast Pkt s 434
I nDi scar ds 0
Out Di scar ds 0
I nEr r or s 0
Out Er r or s 0
device-name#efm-oam loopback 1/ 2/ 1 storm no-remote-loopback
Gener at i ng Test Tr af f i c . . . . . St ar t ed . . . . . Compl et ed
Sent : 100 packet s / 6400 oct et s
Recei ved Successf ul l y: 100 packet s / 6400 oct et s
Local Remot e
I nOct et s 3341404898 I nOct et s 3341394516
Out Oct et s 3341394516 Out Oct et s 3341404829
I nUcast Pkt s 10703531 I nUcast Pkt s 10703531
I nNUcast Pkt s 606 I nNUcast Pkt s 528
Out Ucast Pkt s 10703531
Out NUcast Pkt s 528
I nDi scar ds 0
Out Di scar ds 0
I nEr r or s 0
Out Er r or s 0
T-Marc 300 Series User Guide
Page 35
Operations, Administration & Maintenance (OAM) (Rev. 13)
Enabling/Disabling Loopback Commands' Processing
The efm-oam accept-remote-loopback command enables the processing of loopback control
OAMPDUs from peers.
CLI Mode: Interface Configuration
Command Syntax
device-name(config-if UU/SS/PP)#[no] efm-oam accept-remote-loopback
Argument Description
no Disables reaction to loopback control OAMPDUs.
Disabled
Example
device-name(config-if 1/1/1)#efm-oam accept-remote-loopback
Enabling EFM-OAM Get Variable
The efm-oam get command gets specified counter variables for a specific interface.
Using this command with no parameters displays the identical information as the show efm-oam
statistics command (for more information, refer to DisplayingEFM-OAM Local andRemote
InterfaceStatistics).
CLI Mode: Privileged (Enable)
Command Syntax
device-name#efm-oam get UU/SS/PP [counter <branch> <leaf>]
Argument Description
UU/SS/PP The interface to get counters from.
counter (Optional) performs a standard get variable operation, from the options
displayed in the below table.
branch (Optional) selects the branch for the get variable operation (see Table 4).
leaf (Optional) selects the leaf for the get variable operation (see Table 4).
T-Marc 300 Series User Guide
Page 36
Operations, Administration & Maintenance (OAM) (Rev. 13)
Example
device-name#efm-oam get 1/1/1
Wai t i ng t o r ecei ve r emot e st at i st i cs val ues
. . . . . . . . . . . . . . . . . . . .
Remot e I nt er f ace St at us St abl e
Remot e I f St at us St abl e
Remot e MAC 00: A0: 12: 27: 14: 23
I nOct et s 363254
Out Oct et s 181663
I nUcast Pkt s 0
I nNUcast Pkt s 2757
device-name#efm-oam get 1/1/1 counter 7 2
Wai t i ng t o r ecei ve
Pr ess Esc f or br eak
. . . . . . . . .
aFr amesTr ansmi t t edOK = 3007
Clearing EFM-OAM History
The efm-oam history clear command clears the EFM-OAM buffer history contents.
CLI Mode: Privileged (Enable)
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisablederror is generated.
Command Syntax
device-name#efm-oam history clear
T-Marc 300 Series User Guide
Page 37
Operations, Administration & Maintenance (OAM) (Rev. 13)
EFM-OAM Display Commands
Table 5: EFM-OAM Display Commands
Command Description
show efm-oam
Displays the current EFM-OAM configuration and status for a
specific interface or for all interfaces(see Displaying the EFM-
OAM Status and Configuration)
show efm-oam history
Displays the history of the events from the remote device for a
specific interface or for all interfaces (see Displaying EFM-OAM
History on a Specified Interface)
show efm-oam history
count
Displays the number of entries in EFM-OAM history for a specific
port (see Displaying the EFM-OAM History Count for a Specific
Port)
efm-oam history show
Displays EFM-OAM history contents (see Displaying EFM-OAM
History)
show efm-oam
statistics
Displays the local and remote counters and accumulated statistics
for EFM-OAM on a specified interface (see Displaying the EFM-
OAM Local and Remote Interface Statistics)
Displaying EFM-OAM Status and Configuration
The show efm-oam command displays the current EFM-OAM configuration and status for a
specific interface or for all interfaces.
CLI Mode: Privileged (Enable)
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisablederror is generated.
Command Syntax
device-name#show efm-oam [extended | UU/SS/PP]
Argument Description
extended (Optional) displays additional details.
UU/SS/PP Selects the interface to display the EFM-OAM configuration and status.
T-Marc 300 Series User Guide
Page 38
Operations, Administration & Maintenance (OAM) (Rev. 13)
Example 1
device-name#show efm-oam extended
Event s sendi ng st at us: Loggi ng Enabl ed, Pr opagat i on Enabl ed
Event Not i f i cat i on Dupl i cat i on Count : 5
I nt er val s: Keep- Al i ve i s 5000 mi l i seconds, Hel l o i s 1000 mi l l i seconds
Hi st or y l i mi t : 24 hour s or 5000 ent r i es
Local MAC: 00: A0: 12: 27: 12: 40
Ef m- OamPkt s count er : sent = 106680 , r ecei ved = 377329
Por t | Local | Remot e MAC | Remot e | Remot e | Remot e
| St at e | | St at e | Por t | Host name
- - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - - -
1/ 1/ 1 | Act i ve | 00: A0: 12: 27: 14: 23| Passi ve | 1/ 1/ 1 | T- Mar c 2
1/ 1/ 2 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 1 | Act i ve | 00: A0: 12: 27: 01: 29| Act i ve | 1/ 2/ 1 | T- Mar c
1/ 2/ 2 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 3 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 4 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 5 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 6 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 7 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
1/ 2/ 8 | Di sabl ed | Unknown | Unknown | UU/ SS/ PP| Unknown
Example 2
device-name#show efm-oam
Event s sendi ng st at us: Loggi ng Enabl ed, Pr opagat i on Enabl ed
Event Not i f i cat i on Dupl i cat i on Count : 5
I nt er val s: Keep- Al i ve i s 5000 mi l i seconds, Hel l o i s 1000 mi l l i seconds
Hi st or y l i mi t : 24 hour s or 5000 ent r i es
Local MAC: 00: A0: 12: 27: 12: 40
Ef m- OamPkt s count er : sent = 106776 , r ecei ved = 377734
Por t | Local | Remot e MAC | Remot e | Remot e | Local
| St at e | | St at e | St at us | St at us
- - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - +- - - - - - - -
1/ 1/ 1 | Act i ve | 00: A0: 12: 27: 14: 23| Passi ve | St abl e | St abl e
1/ 1/ 2 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 1 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 2 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 3 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 4 | Act i ve | 00: A0: 12: 27: 01: 29| Act i ve | St abl e | St abl e
1/ 2/ 5 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 6 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 7 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
1/ 2/ 8 | Di sabl ed | Unknown | Unknown | Unknown | Unknown
T-Marc 300 Series User Guide
Page 39
Operations, Administration & Maintenance (OAM) (Rev. 13)
Example 3
device-name#show efm-oam 1/2/1
I nt er f ace Mode: Enhancement s Enabl ed
Loopback St at us: Local
Local St at e: Act i ve
Remot e St at e: Act i ve
Remot e MAC: 00: A0: 12: 27: 14: 23
Remot e Host name: T- Mar c
Remot e St at us: St abl e
Local St at us: Loopback
Remot e OI D/ Vendor Speci f i c: 00: A0: 12 / 0x00000000
OAM Ver si on: 1. 0
Loopback Capabl e? Yes Event s Capabl e? Yes
Var i abl es Ret r i eve Capabl e? Yes Uni - Di r ect i onal Mode Capabl e? Yes
Pr i vat e Ext ensi ons Capabl e?
Act i ve Remot e Fl ags: ( Local St abl e, Remot e St abl e )
Act i ve Local Fl ags : ( Local St abl e, Remot e St abl e )
Local Thr eshol ds:
Bi t Er r or s: Di sabl ed
Fr ame Er r or s: 256 Wi ndow: 20
Li nk down act i ons:
Shut down: None.
For war d st at us t o: None.
Displaying EFM-OAM History on a Specified Interface
The show efm-oam history command displays the Link Events' history for a specified interface
or for all interfaces.
You can view the last 24 hours' historyif the device is not reloaded. To get this history, enable the
Syslog.
CLI Mode: Privileged (Enable)
To execute this command, first enable:
EFM-OAM in the Protocol Configuration mode (see Enabling/ DisablingEFM-OAM),
otherwise the %EFM-OAM isdisablederror is generated
Syslog (holds a log with the same detail level. For more information, refer to the Configuring
SystemMessageLoggingchapter of this User Guide)
Command Syntax
device-name#show efm-oam [UU/SS/PP] history
T-Marc 300 Series User Guide
Page 40
Operations, Administration & Maintenance (OAM) (Rev. 13)
Argument Description
UU/SS/PP (Optional) specifies the interface number for which the EFM-OAM history
is displayed.
Example
device-name#show efm-oam history
3/ 1/ 2008 19: 20: Por t 1/ 1/ 1: Remot e Li nk Faul t Bi t Recei ved
3/ 1/ 2008 19: 21: Por t 1/ 1/ 1: Remot e Er r or ed Fr ame Event Recei ved
Ti mest amp: 12323445 Wi ndow: 30 sec
Thr eshol d: 50 Er r or s: 55
Tot al Er r or s: 78654
Tot al Event s: 9943
3/ 2/ 2008 19: 21: Por t 1/ 1/ 1: Remot e Li nk Faul t Bi t Cl ear ed
4/ 2/ 2008 22: 30, Por t 1/ 2/ 2: Remot e Er r or ed Fr ame Event Sent
Ti mest amp: 24523445 Wi ndow: 45 sec
Thr eshol d: 10 Er r or s: 15
Tot al Er r or s: 32654
Tot al Event s: 5943
3/ 4/ 2008 13: 25, Por t 1/ 1/ 1: Dyi ng Gasp Recei ved
3/ 4/ 2008 13: 26, Por t 1/ 1/ 1: Renegot i at i on Compl et ed.
3/ 4/ 2008 13: 27, Por t 1/ 1/ 1: Unknown Or gani zat i on Speci f i c Event
Displaying the EFM-OAM History Count for a Specific Port
The show efm-oam history count command displays the number of entries in EFM-OAM
history for a specific port.
CLI Mode: Privileged (Enable)
Command Syntax
device-name#show efm-oam history [count | count UU/SS/PP]]
Argument Description
count
(Optional) counts EFM-OAM history
UU/SS/PP
The interface to display EFM-OAM statistics for
Example
device-name#show efm-oam history count 1/1/1
Ef m- oamhi st or y count on i nt er f ace 1/ 1/ 1 i s 1
T-Marc 300 Series User Guide
Page 41
Operations, Administration & Maintenance (OAM) (Rev. 13)
Displaying EFM-OAM History
The efm-oam history show command displays the EFM-OAM history contents.
CLI Mode: Privileged (Enable)
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/ DisablingEFM-OAM), otherwise the %EFM-OAM isdisablederror is generated.
Command Syntax
device-name#efm-oam history show count [UU/SS/PP]
Argument Description
count Counts EFM-OAM history.
UU/SS/PP (Optional) the port on which to display EFM-OAM history.
Example 1
device-name#efm-oam history show
%Ef m- Oamhi st or y empt y
Example 2
device-name#efm-oam history show count
Ef m- oamhi st or y count i s 1
Example 3
device-name#efm-oam history show count 1/1/1
Ef m- oamhi st or y count on i nt er f ace 1/ 1/ 1 i s 1
Displaying EFM-OAM Local and Remote Interface Statistics
The show efm-oam statistics command displays the local and remote counters and all EFM-
OAM accumulated statistics for a specific interface.
CLI Mode: Privileged (Enable)
To execute this command, first enable:
EFM-OAM in the Protocol Configuration mode (see Enabling/ DisablingEFM-OAM),
otherwise the %EFM-OAM isdisablederror is generated.
EFM-OAM for the specific interface (see Enabling/ DisablingtheEFM-OAM Stateon a
SpecificInterfaceor InterfaceRange), otherwise the %EFM-OAM isdisabledonport UU/ SS/ PP
error is generated.
T-Marc 300 Series User Guide
Page 42
Operations, Administration & Maintenance (OAM) (Rev. 13)
Command Syntax
device-name#show efm-oam UU/SS/PP statistics
Argument Description
UU/SS/PP The interface to display EFM-OAM statistics for.
Example
device-name#show efm-oam 1/1/1 statistics
Wai t i ng t o r ecei ve r emot e st at i st i cs val ues
Local I nt er f ace St at us St abl e Remot e I nt er f ace St at us St abl e
Local St at e: Passi ve Remot e St at e: Act i ve
Local MAC 00: A0: 12: 22: 5B: A0 Remot e MAC 00: A0: 12: 22: 13: 36
I nOct et s 1223665096 I nOct et s 143824
Out Oct et s 91536 Out Oct et s 1582574144
I nUcast Pkt s 2408626 I nUcast Pkt s 378
I nNUcast Pkt s 1292 I nNUcast Pkt s 1736
Out Ucast Pkt s 0
Out NUcast Pkt s 1351
I nDi scar ds 0
Out Di scar ds 0
I nEr r or s 0
Out Er r or s 0
OamPkt s Sent 1285
OamPkt s Recei ved 1286
EFMOAMPDU max si ze : 1518
T-Marc 300 Series User Guide
Page 43
Operations, Administration & Maintenance (OAM) (Rev. 13)
Log Messages
The following table displays the log messages implemented by the EFM-OAM.
Table 6: Log messages implemented by the EFM-OAM
Message Severity Description
EFM-OAM-Remote-
CriticalEvent
Error An event generated on interface UU/SS/PP
NOTE
This error requires special attention
EFM-OAM-Remote-
DyingGasp
Error A Dying Gasp event generated on interface
UU/SS/PP
EFM-OAM-Remote-
LinkFault
Warning A fault event generated on interface UU/SS/PP
EFM-OAM-Remote-
SpecificEvent
Notification An organization specific event generated on
interface UU/SS/PP
EFM-OAM-Remote-
RateExceeded
Warning The PDU quantity exceeded the allowed rate on
interface UU/SS/PP
EFM-OAM-Remote-
Errored-Symbol-Event
Warning Port UU/SS/PP: Remote Errored Frame Symbol
Period Event Received:
Timestamp: 0x24523445
Window: 452341 bytes
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
EFM-OAM-Remote-
Errored-Frame-Event
Warning Port UU/SS/PP: Remote Errored Frame Frame
Event Received
Timestamp: 0x24523445
Window: 45.1 sec
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
EFM-OAM-Remote-
Errored-Period-Event
Warning Port UU/SS/PP: Remote Errored Frame Period
Event Received:
Timestamp: 0x24523445
Window: 454341frames
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
T-Marc 300 Series User Guide
Page 44
Operations, Administration & Maintenance (OAM) (Rev. 13)
Message Severity Description
EFM-OAM-Remote-
Errored-Seconds-
Event
Warning Port UU/SS/PP: Remote Errored Frame Seconds
Event Received:
Timestamp: 0x24523445
Window: 45.1 sec
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
EFM-OAM-Local-
DyingGasp
Fatal EFM-OAM detected a local Dying Gasp event
EFM-OAM-Local-
LinkFault
Error Link Fault occurred on the local device, on interface
UU/SS/PP
EFM-OAM-Local-
Errored-Symbol-Event
Warning Port UU/SS/PP: Local Errored Frame Symbol Period
Event sent:
Timestamp: 0x24523445
Window: 45 seconds
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
EFM-OAM-Local-
Errored-Frame-Event
Warning Port UU/SS/PP: Local Errored Frame Frame Event
sent:
Timestamp: 0x24523445
Window: 45 sec
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
EFM-OAM-Remote-
Errored-Seconds-
Event
Warning Port UU/SS/PP: Local Errored Frame Seconds
Event sent:
Timestamp: 0x24523445
Window: 45 sec
Threshold: 10
Errors: 15
Total Errors: 32654
Total Events: 5943
T-Marc 300 Series User Guide
Page 45
Operations, Administration & Maintenance (OAM) (Rev. 13)
EFM-OAM Configuration Example
The following example is based on Figure5 and shows how to configure an Ethernet network using
a EFM-OAM protocol.
Figure 5: Example for Configuring Two Devices in EFM- OAM Protocol
Configuring Device1:
1. Verify if the EFM-OAM protocol is enabled on the device:
Device1#show efm-oam
%EFM- OAM i s di sabl ed
2. If EFM-OAM protocol is disabled, enable it:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#efm-oam enable
3. Specify the number of OAMPDU:
Device1(cfg protocol)#efm-oam multiple-pdu-count 3
4. Enable sending of local event notifications to remote device:
Device1(cfg protocol)#efm-oam propagate-events
5. Define the OAMPDUs Priority:
Device1(cfg protocol)#efm-oam priority 3
T-Marc 300 Series User Guide
Page 46
Operations, Administration & Maintenance (OAM) (Rev. 13)
6. Define the aging interval in seconds for the neighboring device that last sent packets:
Device1(cfg protocol)#efm-oam keepalive-interval 3000
Device1(cfg protocol)#exit
7. Enable EFM-OAM on the specified interface and set its mode to active:
Device1(config)#interface 1/1/1
Device1(config-if 1/1/1)#efm-oam active
Configuring Device2:
1. Verify if the EFM-OAM protocol is enabled on the device:
Device2#show efm-oam
%EFM- OAM i s di sabl ed
2. If EFM-OAM protocol is disabled, enable it:
Device2#configure terminal
Device2(config)#protocol
Device1(cfg protocol)#efm-oam enable
3. Specify the number of OAMPDU:
Device2(cfg protocol)#efm-oam multiple-pdu-count 5
4. Enable sending of local event notifications to remote device
Device2(cfg protocol)#efm-oam propagate-events
5. Set OAMPDUs Priority:
Device2(cfg protocol)#efm-oam priority 5
Device2(cfg protocol)#end
Forcing loopback on remote device (Device2):
Device1(config-if 1/1/1)#efm-oam force-loopback remote
Device1(config-if 1/1/1)#end
Configuring the remote peer interface into a loopback mode:
Device2#efm-oam loopback 1/1/1 storm
T-Marc 300 Series User Guide
Page 47
Operations, Administration & Maintenance (OAM) (Rev. 13)
Displaying EFM-OAM Configuration on both Devices:
Device1#show efm-oam
Event s sendi ng st at us: Loggi ng Enabl ed, Pr opagat i on Enabl ed
Event Not i f i cat i on Dupl i cat i on Count : 3
I nt er val s: Keep- Al i ve i s 3000 mi l i seconds, Hel l o i s 1000 mi l l i seconds
Hi st or y l i mi t : 24 hour s or 5000 ent r i es
Local Pr i or i t y i s 3
Local MAC: 00: A0: 12: 22: 41: 60
Ef m- OamPkt s count er : sent = 311 , r ecei ved = 253
=================================================================
Por t | Local | Remot e MAC | Remot e | Remot e | Local
| St at e | | St at e | St at us | St at us
- - - - - - +- - - - - - - - - +- - - - - - - - - - - - - - - - - +- - - - - - - - - +- - - - - - - - - +- - - - - - - - - -
1/ 1/ 1 | Act i ve | 00: A0: 12: 4B: 06: C3| Passi ve | Loopback | St abl e
1/ 1/ 2 | Act i ve | Unknown | Unknown | Unknown | Di scover y
1/ 2/ 1 | Act i ve | Unknown | Unknown | Unknown | Li nk- Down