Professional Documents
Culture Documents
V300R003
Configuration Guide
Issue 04
Date 2007-11-30
Part Number 31500234
Website: http://www.huawei.com
Email: support@huawei.com
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Contents
6 Managing Users..........................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2
6.2 Adding a User Profile......................................................................................................................................6-2
6.3 Adding a User..................................................................................................................................................6-5
13 Configuring MSTP.................................................................................................................13-1
13.1 Overview.....................................................................................................................................................13-3
13.2 Enabling the MSTP Function......................................................................................................................13-3
13.3 Setting the Working Mode of MSTP..........................................................................................................13-5
13.4 Setting the MST Region Parameters...........................................................................................................13-6
13.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region............13-7
13.4.2 Configuring the MST Region Name..................................................................................................13-8
13.4.3 Mapping the Specified VLAN to the Specified MSTP Instance........................................................13-9
13.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic............................................13-10
13.4.5 Setting the MSTP Revision Level....................................................................................................13-11
13.4.6 Restoring the Default Settings for All Parameters of the MST Region...........................................13-13
13.5 Activating the Configuration of the MST Region.....................................................................................13-13
13.6 Specifying the Device as a Root Bridge or a Backup Root Bridge...........................................................13-14
13.7 Setting the Priority of the Device in the Specified Spanning Tree Instance.............................................13-15
13.8 Setting the Maximum Hop of the MST Region........................................................................................13-17
13.9 Setting the Diameter of the Switching Fabric...........................................................................................13-18
13.10 Setting the Calculation Standard for the Path Cost.................................................................................13-19
13.11 Setting the Time Parameters of the Specified Network Bridge..............................................................13-20
13.11.1 Setting the Forward Delay of the Specified Network Bridge........................................................13-21
13.11.2 Setting the Hello Time of the Specified Network Bridge..............................................................13-22
13.11.3 Setting the Max Age of the Specified Network Bridge..................................................................13-23
13.11.4 Setting the Timeout Time Factor of the Specified Network Bridge..............................................13-25
14 Configuring NTP....................................................................................................................14-1
14.1 Overview.....................................................................................................................................................14-3
14.2 Configuration Example of NTP Broadcast Mode.......................................................................................14-3
14.3 Configuration Example of NTP Multicast Mode........................................................................................14-6
14.4 Configuration Example of NTP Server/Client Mode..................................................................................14-9
14.5 Configuration Example of NTP Peer Mode..............................................................................................14-13
14.6 Configuring the NTP ID Authentication...................................................................................................14-16
14.7 Configuring the NTP Master Clock..........................................................................................................14-18
14.8 Configuring NTP Broadcast Mode...........................................................................................................14-19
14.8.1 Configuring NTP Broadcast Server Mode.......................................................................................14-19
14.8.2 Configuring NTP Broadcast Client Mode........................................................................................14-20
14.9 Configuring the NTP Multicast Mode......................................................................................................14-21
14.10 Configuring NTP Server/Client Mode....................................................................................................14-23
14.11 Configuring NTP Peer Mode..................................................................................................................14-24
14.12 Configuring the Authority of Access to a Local Device's NTP Service.................................................14-25
14.13 Configuring an Interface for Transmitting/Receiving NTP Packets.......................................................14-26
17 Configuring ACL....................................................................................................................17-1
17.1 Overview.....................................................................................................................................................17-3
17.2 Related Concepts.........................................................................................................................................17-6
17.3 Configuring the Basic ACL.......................................................................................................................17-10
17.4 Configuring the Advanced ACL...............................................................................................................17-11
17.5 Configuring the Layer 2 ACL...................................................................................................................17-13
17.6 Configuration Example of the Customized ACL......................................................................................17-15
17.7 Creating an ACL.......................................................................................................................................17-16
17.8 Configuring a Time Range........................................................................................................................17-18
17.9 Setting the Step..........................................................................................................................................17-19
17.10 Creating a Basic ACL Rule.....................................................................................................................17-20
17.11 Creating an Advanced ACL Rule............................................................................................................17-21
17.12 Creating a Layer 2 ACL Rule.................................................................................................................17-22
17.13 Creating a Customized ACL Rule...........................................................................................................17-23
17.14 Activating an ACL..................................................................................................................................17-25
28.1 Overview.....................................................................................................................................................28-2
28.2 Configuration Example for Establishing an MPLS TE Tunnel by Using RSVP-TE..................................28-2
28.3 Configuring Basic MPLS TE Capability....................................................................................................28-5
28.3.1 Enabling MPLS TE Feature...............................................................................................................28-6
28.3.2 Creating an MPLS TE Tunnel............................................................................................................28-7
28.4 Configuring an MPLS TE Tunnel by Using Dynamic Signaling...............................................................28-8
28.4.1 Configuring Bandwidth of Links.......................................................................................................28-9
28.4.2 Enabling OSPF TE...........................................................................................................................28-10
28.4.3 Configuring the MPLS TE Explicit Path.........................................................................................28-11
28.4.4 Configuring Constraints of an MPLS TE Tunnel............................................................................28-12
28.4.5 Configuring CSPF............................................................................................................................28-13
28.4.6 Establishing an MPLS TE Tunnel by Using RSVP-TE...................................................................28-15
28.5 Configuring Advanced RSVP-TE Features..............................................................................................28-16
28.5.1 Configuring RSVP Hello Extension................................................................................................28-16
28.5.2 Configuring RSVP Resource Reservation Style..............................................................................28-18
28.5.3 Configuring RSVP Timers...............................................................................................................28-19
28.5.4 Enabling RSVP Message Transmission Reliability.........................................................................28-21
28.5.5 Enabling RSVP-TE Srefresh Function.............................................................................................28-22
28.5.6 Enabling RSVP-TE Reservation Confirmation Mechanism............................................................28-23
28.5.7 Enabling RSVP Authentication........................................................................................................28-24
28.6 Tuning the Establishment of CR-LSP.......................................................................................................28-25
28.6.1 Configuring Tie-Breaking of CSPF.................................................................................................28-26
28.6.2 Configuring Route Pinning of CSPF................................................................................................28-27
28.6.3 Configuring Administrative Group and Affinity Property...............................................................28-28
28.6.4 Configuring Reoptimization for CR-LSP........................................................................................28-30
28.7 Tuning the Establishment of an MPLS TE Tunnel...................................................................................28-31
28.7.1 Configuring Loop Detection............................................................................................................28-32
28.7.2 Configuring the Route Record and the Label Record......................................................................28-33
28.7.3 Configuring Parameters of Tunnel Reestablishment.......................................................................28-34
28.7.4 Configuring Tunnel Priority.............................................................................................................28-35
Figures
Figure 27-1 Sample network for configuring the MPLS based on binding the PVC with the PW profile........27-3
Figure 27-2 Flowchart for configuring the MPLS based binding the PVC with the PW profile.......................27-4
Figure 27-3 Sample network of the MPLS based on binding the VLAN with the PW template......................27-6
Figure 27-4 Flowchart for configuring the MPLS based on binding the VLAN with the PW profile..............27-8
Figure 28-1 Sample network for establishing an MPLS TE tunnel by using RSVP-TE...................................28-3
Figure 28-2 Flowchart for establishing an MPLS TE tunnel.............................................................................28-4
Figure 29-1 Sample network for configuring the wholesale service..................................................................29-3
Figure 29-2 Flowchart for configuring the wholesale service............................................................................29-5
Figure 30-1 Sample network for configuring the QinQ VLAN leased line service...........................................30-3
Figure 30-2 Flowchart for configuring the QinQ VLAN leased line service.....................................................30-4
Figure 31-1 Sample network of the IGMP proxy application............................................................................31-4
Figure 31-2 Flowchart for configuring IGMP proxy.........................................................................................31-5
Figure 31-3 Sample network for configuring the IGMP snooping....................................................................31-7
Figure 31-4 Flowchart for configuring the IGMP snooping..............................................................................31-9
Figure 31-5 Sample network for configuring the subtended multicast service................................................31-11
Figure 31-6 Flowchart for configuring multicast service in subtending mode (MA5600_A).........................31-13
Figure 31-7 Flowchart for configuring multicast service in subtending mode (MA5600_B).........................31-13
Figure 31-8 Sample network of the multicast service in MSTP networking...................................................31-16
Figure 31-9 Flowchart for configuring multicast service in MSTP networking on MA5600_A, MA5600_B and
MA5600_C........................................................................................................................................................31-19
Figure 31-10 Flowchart for configuring multicast service in MSTP networking on MA5600_D...................31-19
Figure 32-1 Sample network for configuring the triple play service -multiple PVCs for multiple services.....32-4
Figure 32-2 Flowchart for configuring the triple play service-multiple PVCs for multiple services................32-6
Figure 32-3 Sample network for configuring the triple play service - single PVC for multiple services........32-10
Figure 32-4 Flowchart for configuring the triple play service - single PVC for multiple services..................32-12
Figure 32-5 Sample network for configuring the triple play service by means of single PVC for multiple services
...........................................................................................................................................................................32-15
Figure 32-6 Flowchart for configuring the triple play service-single-PVC for multi-service.........................32-17
Figure 32-7 Sample network for configuring the triple play service - single PVC for multiple services (based on
the service encapsulation type)..........................................................................................................................32-21
Figure 32-8 Flowchart for configuring the triple play service - single PVC for multiple services (based on the
service encapsulation type)...............................................................................................................................32-23
Figure 33-1 Sample network for configuring Ethernet OAM............................................................................33-3
Figure 33-2 Flowchart for configuring Ethernet OAM......................................................................................33-5
Figure 34-1 Sample network of detection of MPLS OAM for static LSP connectivity....................................34-2
Figure 34-2 Flowchart for detection of MPLS OAM for static LSP connectivity.............................................34-4
Figure 34-3 Sample network of MPLS OAM protection switchover................................................................34-6
Figure 34-4 Flowchart for configuring MPLS OAM protection switchover.....................................................34-8
Figure 35-1 Flowchart for configuring an EMU................................................................................................35-5
Figure 36-1 Sample MSTP network of the MA5600.........................................................................................36-3
Figure 37-1 Sample subtended network of the MA5600...................................................................................37-3
Tables
Table 12-15 Related operation for configuring the route filtering policy........................................................12-28
Table 12-16 Related operation for verifying the source IP address of a RIP route update..............................12-29
Table 12-17 Related operation for disabling RIP packet transmission on an interface....................................12-31
Table 12-18 Related operation for configuring the IP Address of a Peer router..............................................12-32
Table 12-19 Related operation for configuring a summary route IP address...................................................12-32
Table 12-20 Related operation for enabling an interface to receive and transmit RIP packets........................12-33
Table 12-21 Related operation for enabling the split horizon function............................................................12-34
Table 12-22 Related operation for enabling the poison reverse function.........................................................12-34
Table 12-23 Related operation for configuring the RIP-2 authentication mode..............................................12-35
Table 12-24 Related operation for configuring the additional metric of a route..............................................12-36
Table 12-25 Related operation for configuring the RIP timer..........................................................................12-37
Table 12-26 Related operation for enabling OSPF.......................................................................................... 12-39
Table 12-27 Related operation for setting an OSPF router ID.........................................................................12-41
Table 12-28 Related operation for entering OSPF area config mode.............................................................. 12-42
Table 12-29 Related operation for configuring subnets for an area.................................................................12-43
Table 12-30 Related operations for configuring a Stub area............................................................................12-43
Table 12-31 Related operation for configuring an NBMA adjacent router......................................................12-44
Table 12-32 Related operation for setting OSPF preference............................................................................12-45
Table 12-33 Related operation for prohibiting an interface from transmitting OSPF packets.........................12-46
Table 12-34 Related operation for configuring the maximum OSPF route count........................................... 12-46
Table 12-35 Related operation for enabling the OSPF logging function.........................................................12-47
Table 12-36 Description of the network types................................................................................................. 12-48
Table 12-37 Related operation for configuring the network type on an OSPF interface.................................12-49
Table 12-38 Related operation for configuring OSPF cost..............................................................................12-50
Table 12-39 Related operation for configuring OSPF packet authentication...................................................12-50
Table 12-40 Related operation for configuring the MTU of the DD packet....................................................12-51
Table 12-41 Related operation for setting the interval for sending Hello packets...........................................12-52
Table 12-42 Related operation for setting the dead time between adjacent routers.........................................12-53
Table 12-43 Related operation for setting the Hello packet poll interval.........................................................12-54
Table 12-44 Related operation for setting the LSA transmit delay..................................................................12-55
Table 12-45 Related operation for setting LSA retransmit interval between adjacent routers........................ 12-55
Table 12-46 Related operation for setting the SPF calculation interval for OSPF...........................................12-56
Table 12-47 Related operation for configuring route summarization between areas.......................................12-57
Table 12-48 Related operation for configuring summarization of routes imported by OSPF......................... 12-58
Table 12-49 Related operation for importing routes from other protocols into OSPF.....................................12-59
Table 12-50 Related operations for setting parameters for OSPF to import external routes........................... 12-60
Table 12-51 Parameters for defining a route policy.........................................................................................12-61
Table 12-52 Related operation for configuring a route policy.........................................................................12-62
Table 12-53 Related operation for defining the route policy matching rule.................................................... 12-63
Table 12-54 Related operation for modifying the attributes of the filtered route............................................ 12-64
Table 13-1 Related operations for enabling the MSTP function........................................................................13-4
Table 13-2 Related operation for setting the working mode of MSTP..............................................................13-6
Table 13-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST
region...................................................................................................................................................................13-8
Table 13-4 Related operations for configuring the MST region name...............................................................13-9
Table 13-5 Related operations for mapping the specified VLAN to the specified MSTP instance.................13-10
Table 13-6 Related operations for mapping all VLANs to the MSTP instances.............................................13-11
Table 13-7 Related operations for setting the MSTP revision level of the device...........................................13-12
Table 13-8 Related operation for activating the configuration of the MST region..........................................13-14
Table 13-9 Related operation for specifying the device as a root bridge or a backup root bridge...................13-15
Table 13-10 Related operations for setting the priority of the device in the specified spanning tree instance
...........................................................................................................................................................................13-17
Table 13-11 Related operation for setting the maximum hop of the MST region...........................................13-18
Table 13-12 Related operation for setting the diameter of the switching fabric..............................................13-19
Table 13-13 Related operation for setting the calculation standard for the path cost......................................13-20
Table 13-14 Related operations for setting the Forward Delay of the specified network bridge.....................13-22
Table 13-15 Related operations for setting the Hello Time of the specified network bridge..........................13-23
Table 13-16 Related operations for setting the Max Age of the specified network bridge..............................13-25
Table 13-17 Related operation for setting the timeout time factor of the specified network bridge................13-26
Table 13-18 Related operations for setting the maximum transmission rate of the specified port..................13-27
Table 13-19 Related operation for setting the specified port as an edge port..................................................13-28
Table 13-20 Related operation for setting the path cost of the port in the specified spanning tree instance.
...........................................................................................................................................................................13-30
Table 13-21 Related operation for setting the priority of the specified port....................................................13-31
Table 13-22 Related operation for setting the point-to-point link connection of the specified port................13-32
Table 13-23 Related operation for enabling the BPDU protection function of the device..............................13-34
Table 13-24 Related operations for enabling the loop protection function of the device................................13-35
Table 13-25 Related operations for enabling the root protection function of the device.................................13-36
Table 14-1 Data plan for configuring NTP broadcast mode..............................................................................14-4
Table 14-2 Data plan for configuring NTP multicast mode...............................................................................14-7
Table 14-3 Data plan for configuring NTP server/client mode........................................................................14-10
Table 14-4 Data plan for configuring NTP peer mode.....................................................................................14-13
Table 14-5 Related operations for configuring NTP ID authentication...........................................................14-17
Table 14-6 Related operation for configuring the NTP master clock..............................................................14-19
Table 14-7 Related operations for configuring NTP broadcast server mode...................................................14-20
Table 14-8 Related operations for configuring NTP broadcast client mode....................................................14-21
Table 14-9 Related operations for configuring the NTP multicast mode.........................................................14-23
Table 14-10 Related operations for configuring NTP server/client mode.......................................................14-24
Table 14-11 Related operation for configuring NTP peer mode......................................................................14-25
Table 14-12 Related operations for configuring the authority of access to a local device's NTP service.......14-26
Table 14-13 Related operations for configuring an interface for transmitting or receiving NTP packets.......14-27
Table 15-1 Related operation for adding a static MAC address.........................................................................15-3
Table 15-2 Related operation for configuring MAC address filtering...............................................................15-6
Table 16-1 Related operation for configuring the synwait timer.......................................................................16-3
Table 16-2 Related operation for configuring the finwait timer.........................................................................16-3
Table 21-1 Encapsulation mode mapping between the MA5600 and the modem.............................................21-3
Table 21-2 Data plan for configuring the ADSL2+ PPPoE/IPoE service..........................................................21-5
Table 21-3 Data plan for configuring the ADSL2+ IPoA service......................................................................21-9
Table 21-4 Data plan for configuring the ADSL2+ PPPoA service.................................................................21-14
Table 21-5 Parameters of an ADSL2+ line profile...........................................................................................21-23
Table 21-6 Related operations for adding an ADSL2+ line profile.................................................................21-25
Table 21-7 Related operations for adding an extended ADSL2+ line profile..................................................21-28
Table 21-8 Parameters of an ADSL2+ alarm profile.......................................................................................21-31
Table 21-9 Related operations for adding an ADSL2+ alarm profile..............................................................21-33
Table 21-10 Related operations for activating an ADSL2+ port......................................................................21-35
Table 21-11 Related operations for enabling IPoA protocol conversion.........................................................21-37
Table 21-12 Related operation for setting the aging time of IPoA forwarding entry.......................................21-38
Table 21-13 Related operations for setting the default gateway of the IPoA user...........................................21-38
Table 21-14 Related operations for enabling PPPoA protocol conversion......................................................21-41
Table 21-15 Related operation for enabling PPPoA/PPPoE MRU negotiation...............................................21-43
Table 21-16 Related operations for querying an ADSL2+ port.......................................................................21-44
Table 21-17 Related operation for enabling an ADSL modem to automatically configure the PVC..............21-45
Table 22-1 Encapsulation type mapping between the MA5600 and the modem...............................................22-3
Table 22-2 Data plan for configuring the SHDSL IPoE/PPPoE service............................................................22-5
Table 22-3 Data plan for configuring the SHDSL IPoA service......................................................................22-11
Table 22-4 Data plan for configuring the SHDSL PPPoA service...................................................................22-16
Table 22-5 Parameters of an SHDSL line profile.............................................................................................22-23
Table 22-6 Parameters of an SHDSL alarm profile.........................................................................................22-26
Table 22-7 Related operations for adding an SHDSL alarm profile................................................................22-27
Table 22-8 Related operation for configuring the SHDSL multi-pair binding................................................22-29
Table 22-9 Related operation for configuring the SHDSL EFM multi-port binding.......................................22-30
Table 22-10 Related operations for activating an SHDSL port........................................................................22-31
Table 23-1 Data plan for configuring the VDSL2 PPPoE/IPoE service............................................................23-4
Table 23-2 Data plan for configuring the VDSL2 IPoA service......................................................................23-11
Table 23-3 Data plan for configuring the VDSL2 PPPoA service...................................................................23-19
Table 23-4 Parameters of a VDSL2 line profile...............................................................................................23-28
Table 23-5 Related operations for adding a VDSL2 line profile......................................................................23-31
Table 23-6 Parameters of a VDSL2 channel profile........................................................................................23-34
Table 23-7 Related operations for adding a VDSL2 channel profile...............................................................23-34
Table 23-8 Parameters of a VDSL2 line template............................................................................................23-36
Table 23-9 Related operations for configuring a VDSL2 line template...........................................................23-37
Table 23-10 Parameters of a VDSL2 line alarm profile...................................................................................23-39
Table 23-11 Related operations for adding a VDSL2 line alarm profile.........................................................23-40
Table 23-12 Parameters of VDSL2 channel alarm profile...............................................................................23-42
Table 23-13 Related operations for adding a VDSL2 channel alarm profile...................................................23-42
Table 23-14 Parameters for configuring a VDSL2 alarm template..................................................................23-44
Table 23-15 Related operations for adding a VDSL2 alarm template.............................................................23-44
Table 31-15 Related operation for setting the unsolicited report interval........................................................31-38
Table 31-16 Related operation for setting the TTL for a V2 router.................................................................31-39
Table 31-17 Related operation for setting the preview recognition time.........................................................31-40
Table 31-18 Related operation for enabling the user action report function....................................................31-42
Table 31-19 Related operation for enabling the proxy of the IGMP report packet..........................................31-43
Table 31-20 Related operation for enabling the proxy of the IGMP leave packet...........................................31-44
Table 31-21 Related operations for adding a program.....................................................................................31-48
Table 31-22 Related operation for enabling the bandwidth management function..........................................31-50
Table 31-23 Related operation for modifying an authority profile..................................................................31-54
Table 31-24 Related operations for adding a BTV user...................................................................................31-56
Table 31-25 Related operations for modifying the attributes of a user............................................................31-57
Table 31-26 Related operation for blocking a BTV user.................................................................................31-58
Table 31-27 Related operation for binding a user with an authority profile....................................................31-59
Table 31-28 Related operation for enabling the function of monitoring BTV users........................................31-61
Table 31-29 Related operation for enabling the preview function...................................................................31-62
Table 31-30 Related operation for setting the preview auto reset time............................................................31-64
Table 31-31 Related operation for resetting the preview record......................................................................31-66
Table 31-32 Related operations for enabling the logging function..................................................................31-67
Table 31-33 Related operation for setting the logging interval........................................................................31-69
Table 31-34 Related operations for configuring log reporting.........................................................................31-70
Table 32-1 Modes to provide the triple play service..........................................................................................32-2
Table 32-2 Data plan for configuring the triple play service -multiple PVCs for multiple services..................32-4
Table 32-3 Data plan for configuring the triple play service - single PVC for multiple services....................32-10
Table 32-4 Data plan for configuring the triple play service by means of single PVC for multiple services
...........................................................................................................................................................................32-16
Table 32-5 Data plan for configuring the triple play service - single PVC for multiple services (based on the service
encapsulation type)............................................................................................................................................32-21
Table 33-1 Data plan for configuring Ethernet OAM........................................................................................33-4
Table 33-2 Related operation for creating an MD..............................................................................................33-7
Table 33-3 Related operations for creating an MA............................................................................................33-8
Table 33-4 Related operation for creating an MEP............................................................................................33-9
Table 33-5 Related operation for creating an RMEP.......................................................................................33-10
Table 33-6 Related operation for enabling the CFM globally..........................................................................33-11
Table 33-7 Related operation for enabling CFM alarm globally.....................................................................33-12
Table 33-8 Related operation for enabling the administration function of an MEP........................................33-13
Table 33-9 Related operation for enabling the CC transmission of an MEP...................................................33-14
Table 33-10 Related operation for enabling the global detection function of an RMEP.................................33-15
Table 33-11 Related operation for enabling detection function of the RMEP.................................................33-16
Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of an MEP........33-17
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC................................33-18
Table 33-14 Related operations for configuring loop detection function.........................................................33-20
Table 33-15 Related operations for configuring Linktrace function................................................................33-21
Table 34-1 Data plan for detection of MPLS OAM for static LSP connectivity...............................................34-3
Table 34-2 Data plan for the MPLS OAM protection switchover.....................................................................34-7
Table 34-3 Related operations for configuring the MPLS OAM function of the ingress................................34-12
Table 34-4 Related operations for configuring the MPLS OAM function of the egress................................. 34-13
Table 34-5 Related operations for configuring the tunnel protection group....................................................34-14
Table 34-6 Related operation for switching over the protection group manually............................................34-15
Table 34-7 Related operations for enabling the protection group to output the debugging information.........34-16
Table 35-1 Correspondence between the POWER4845 DIP switch and the slave node number......................35-3
Table 35-2 Correspondence between the H801ESC DIP switch and the slave node number............................35-3
Table 35-3 Correspondence between the FAN DIP switch and the slave node number....................................35-4
Table 35-4 Data plan for EMU configuration....................................................................................................35-4
Table 35-5 Related operations for adding an EMU............................................................................................35-9
Table 35-6 Commands for configuring the H303ESC/H304ESC EMU..........................................................35-10
Table 35-7 Related operations for configuring the H303ESC/H304ESC EMU..............................................35-12
Table 35-8 Commands for configuring an H561ESC EMU............................................................................ 35-12
Table 35-9 Related operations for configuring an H561ESC EMU.................................................................35-13
Table 35-10 Commands for configuring a POWER4845 EMU.......................................................................35-14
Table 35-11 Related operations for configuring a POWER4845 EMU...........................................................35-16
Table 35-12 Related operations for configuring the FAN alarm report...........................................................35-17
Table 35-13 Related operations for setting the fan speed adjustment mode....................................................35-18
Table 35-14 Related operations for setting the FAN speed..............................................................................35-19
Table 36-1 Data plan for the sample MSTP network.........................................................................................36-4
Table 37-1 Data plan for the sample subtended network...................................................................................37-4
Purpose
This document describes the configuration of various services supported by the MA5600/
MA5603. The description covers the following topics:
l Purpose
l Networking
l Data plan
l Prerequisite(s)
l Note
l Configuration flowchart
l Configuration procedure
l Result
This document helps users to know the configuration of various services on the MA5600/
MA5603.
Related Versions
The following table lists the product versions related to this document.
MA5600/MA5603 V300R003
This document uses the MA5600 as an example since the MA5600 and the MA5603 support
the same software functions, although their hardware is different. Particular description for the
MA5603 is not provided here.
Intended Audience
The intended audience of this document is:
Organization
This document consists of the following chapters and is organized as follows.
Chapter… Describes…
1 Managing the License The license feature and its configuration process.
3 Getting Started With CLI The basic CLI operations on the MA5600
11 Configuring the ARP & How to configure ARP and ARP proxy
ARP Proxy
12 Configuring the Routing How to configure the static and dynamic routing protocols
Protocol supported by the MA5600
15 Configuring MAC How to configure MAC addresses and the MAC address pool
Address
18 Configuring the QoS QoS and how to configure QoS on the MA5600
Chapter… Describes…
21 Configuring the ADSL2+ The ADSL2+ technology and how to configure the ADSL2
Service + access service on the MA5600
22 Configuring the SHDSL The SHDSL technology and how to configure the SHDSL
Service access service on the MA5600
23 Configuring the VDSL2 The VDSL2 technology and how to configure the VDSL2
Service access service on the MA5600
24 Configuring Protection The service protection on the upstream port of the MA5600
for Upstream Link
29 Configuring the VLAN How to configure the wholesale service on the MA5600
Stacking Wholesale Service
30 Configuring the QinQ How to configure the private line service on the MA5600
VLAN Leased Line Service
32 Configuring the Triple How to configure the triple play service on the MA5600
Play Service
35 Configuring the The EMUs supported by the MA5600 and how to configure
Environment Monitoring them
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a tip that may help you solve a problem or save time.
General Conventions
Convention Description
Command Conventions
Convention Description
Convention Description
GUI Conventions
Convention Description
Boldface Buttons, menus, parameters, tabs, window, and dialog titles are
in Boldface. For example, click OK.
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means the
two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and quickly
without moving the pointer.
Drag Press and hold the primary mouse button and move the pointer
to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in 04 (2007-11-30)
This is the fourth release.
Updates in 03 (2007-10-18)
This is the third release.
Updates in 02 (2007-01-10)
This is the second release.
Updates in 01 (2006-07-18)
This is the first release.
This chapter describes the license feature and its configuration process.
Service Description
With the license function enabled, the license server performs license control on the function
entries and resource entries supported by the MA5600 and provides individualized services for
customers.
Service Specifications
The control entries of the license function include function entries and resource entries.
A function entry refers to the entry whose license is controlled based on the function. The
controllable function entries supported by the MA5600 include:
A resource entry refers to the entry whose license is controlled based on the count. The
controllable resource entries supported by the MA5600 include:
l If you need to use the license function supported by the MA5600, consider the deployment
of the license server in data planning.
l It is recommended to install the license server on a same computer with the network
management system (NMS) server. If no NMS server exists, deploy one license server in the
network.
Prerequisite
l The network devices and lines are in the normal state.
l All boards of the MA5600 are normal.
l The license function is enabled.
Networking
Figure 1-1 shows the sample network for configuring the license application.
The license function is enabled on the MA5600. The license server is installed on the same
computer as the NMS server (N2000 BMS). The license management tool installed on the N2000
client configures and manages the license file. MA5600_A communicates with the license server
through port 0/7/0. The TCP port number is 10010.
100.100.100.1/24
Internet
N2000 client
Router
60.60.60.2/24
60.60.60.1/24
......
MA5600_A MA5600_B MA5600_N
Data Plan
Table 1-1 lists the data plan for configuring the license application.
Item Data
VLAN ID: 10
NOTE
l The configuration at the MA5600 side is the same. This section takes the configuration of
MA5600_A as an example.
l This section describes only the configuration at the device side. For how to configure the license server,
refer to the related configuration manual of the license server.
Configuration Flowchart
Figure 1-2 shows the flowchart for configuring the license application.
Start
End
Procedure
Step 1 Configure the interface that is for communicating with the license server.
1. Create a VLAN.
huawei(config)#vlan 10 smart
----End
Result
After the configuration, run the display license info command to check whether the
communication between the device and the license server is normal. MA5600_A is initialized,
each service module can register the controlled resource entries or function entries in the normal
state.
Context
l The IP address of the license server and the TCP port number must be consistent with the
data in the actual network plan.
l When the IP address of the license server and the TCP port number change, you need to
re-configure the device.
l Two IP addresses of the license server can be configured at the device side. The two IP
addresses must be different from each other. Only one TCP port number can be configured
at the device side.
Procedure
Step 1 Run the license server command to configure the license server.
Step 2 Run the display license info command to query the license basic information.
----End
Example
To configure the IP address of license server 1 as 10.10.10.1, that of license server 2 as
20.20.20.1, and TCP port number as 1024, do as follows:
huawei(config)#license server ipaddress 10.10.10.1 20.20.20.1 tcpport 1024
huawei(config)#display license info
License switch: enable
ESN: 10.71.55.192
IP address of the first server: 10.10.10.1
IP address of the second server: 20.20.20.1
TCP port number: 1024
Communication status: abnormal
License status: unregistered
NOTE
l When the upper layer device is not connected, the communication status of the license client is
abnormal. The license status of the license client is unregistered. In this case, no controlled resource
can be configured and no controlled function can be enabled.
l When the related configuration is complete in the network, the communication status of the license
client is normal. The license status of the license client is registered. In this case, new controlled
resources can be configured and controlled functions can be enabled within the management range of
the license.
Related Operation
Table 1-2 lists the related operation for configuring the license server.
Context
The ESN must be the IP address of the port connecting to the license server. When the IP address
of the port connecting to the license server changes, you should re-configure the ESN for the
device.
Procedure
Step 1 Run the license esn command to configure the ESN for the device.
Step 2 Run the display license info command to query the license basic information.
----End
Example
Assume that the device connects to the license server through the maintenance network port.
The IP address of the maintenance network port is 60.60.60.1. To configure the ESN for the
device, do as follows:
NOTE
Run the interface meth command to enter the MEth mode. Then run the ip address command to configure
the IP address of the maintenance network port.
huawei(config)#license esn 60.60.60.1
huawei(config)#display license info
License switch: enable
ESN: 60.60.60.1
IP address of the first server: 100.100.100.1
IP address of the second server: 200.200.200.1
TCP port number: 1024
Communication status: abnormal
License status: unregistered
NOTE
l When the upper layer device is not connected, the communication status of the license client is
abnormal. The license status of the license client is unregistered. In this case, no controlled resource
can be configured and no controlled function can be enabled.
l When the related configuration is complete in the network, the communication status of the license
client is normal. The license status of the license client is registered. In this case, new controlled
resources can be configured and controlled functions can be enabled within the management range of
the license.
Related Operation
Table 1-3 lists the related operation for configuring the ESN for the device.
Table 1-3 Related operation for configuring the ESN for the device
To... Run the Command...
This chapter describes the different maintenance modes of the MA5600 through a maintenance
terminal and features of the features of the maintenance modes.
2.1 Overview
This section describes the different maintenance modes of the MA5600 through the maintenance
terminal and features of the different maintenance modes.
2.2 Configuring the Terminal Through the Local Serial Port
This operation enables you to log in to and configure the MA5600 using the HyperTerminal of
the Windows operating system.
2.3 Configuring the Terminal Through the Remote Serial Port
This operation enables you to log in to and configure the MA5600 through the remote serial
port.
2.4 Configuring the Terminal Through the Outband Management Channel
This operation enables you to connect the maintenance terminal to the MA5600 over a local area
network (LAN) or a wide area network (WAN), and configure the MA5600 through the outband
management channel.
2.5 Configuring the Terminal Through the Inband Management Channel
This operation enables you to configure the MA5600 through the inband management channel.
2.6 Configuring the Terminal Through SSH
This operation enables you to connect the maintenance terminal to the MA5600 over a LAN or
a WAN and configure the MA5600 through SSH.
2.1 Overview
This section describes the different maintenance modes of the MA5600 through the maintenance
terminal and features of the different maintenance modes.
You can maintain the SmartAX MA5600 Multi-service Access Module (the MA5600 for short)
through a maintenance terminal in command line interface (CLI) mode. The configuration of a
maintenance terminal involves:
l 2.2 Configuring the Terminal Through the Local Serial Port
l 2.3 Configuring the Terminal Through the Remote Serial Port
l 2.4 Configuring the Terminal Through the Outband Management Channel
l 2.5 Configuring the Terminal Through the Inband Management Channel
l 2.6 Configuring the Terminal Through SSH
Remote serial port Uses the HyperTerminal of It connects modems at both the
the operating system for MA5600 side and the maintenance
configuration. terminal side.
SSH mode Uses the service channel of Secure Shell (SSH) ensures
the MA5600, or the network security by the
maintenance network port authentication, encryption and
of the SCU board to identification functions. When a
manage the system. user telnets to the MA5600 from
an insecure network, SSH protects
the MA5600 from malicious
events such as IP address spoofing
and clear text password
interception.
Networking
Figure 2-1 shows the networking for configuring the MA5600 through the local serial port.
Figure 2-1 Networking for configuring the MA5600 through the local serial port
RS-232 cable
CON
ETH
MON
Configuration Flowchart
Figure 2-2 shows the flowchart for configuring the MA5600 through the local serial port.
Figure 2-2 Flowchart for configuring the MA5600 through the local serial port
Start
End
Procedure
Step 1 Connect the serial port cable.
Use a RS-232 serial port cable to connect the serial port of the PC to the CON port of the SCU
board, as shown in Figure 2-1.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and set up a serial port connection. Input the name that is to be connected
to the MA5600. Click OK.
2. Configure the serial port.
Select the standard character terminal or PC terminal serial port that is actually connected
to the MA5600 (assuming it to be serial COM2). Click OK.
In Step 2, click OK. Then, set the serial port parameters in the dialog box as shown in Figure
2-3. The parameters are set as follows:
l Parity: None
l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure the baud rate of the HyperTerminal is consistent with that of
the serial port. By default, the baud rate of the serial port is 9600 bit/s.
l There may be illegible characters in the input information after you log in to the system. This is usually
due to baud rate inconsistency between the HyperTerminal and the system. In this case, use a different
baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400
bit/s, 57600 bit/s and 115200 bit/s.
Click OK.
Step 4 Define the terminal emulation type.
Select File > Properties in the HyperTerminal interface. Click the Settings tab. Select
VT100 or Auto Detection as the type of terminal emulation, as shown in Figure 2-4.
NOTE
When you paste text to the HyperTerminal, character delay controls the character transmit speed, and line
delay controls the interval of sending every line. A too short delay leads to the loss of characters. When
the pasted text is displayed abnormally, you can modify the setting.
----End
Result
In the HyperTerminal interface, press Enter. The system displays a message, requesting you to
enter the user name. Enter the user name and password for user registration (by default, the super
user name is root and password is admin), and wait till the command line prompt (MA5600>)
appears.
If the login fails, click the Hang-up icon first, and then the Dial icon. If you still fail to log in,
return to the previous steps to check the parameter settings and physical connections, and then
try again.
Prerequisite
Before using a serial port for remote maintenance, connect a modem at both the MA5600 and
the PC sides. In this way, you can set up a remote connection between the PC and the
MA5600 through modem dialup.
The modem at the MA5600 side is referred to as the called modem. The modem at the PC side
is referred to as the calling modem. The modems shall meet the following requirements:
l Both the calling and called modems comply with the related standards, and support AT
command set.
l The called modem must be an external modem.
l The calling modem can be either a built-in modem or an external modem. For better
compatibility and the ease of status monitoring, you are recommended to adopt an external
modem made by the vendor of the called modem.
l The following configuration is based on modems of the same type. In actual applications,
you can configure the modem by referring to the related AT command set.
Networking
Figure 2-6 shows the networking for configuring the MA5600 through the remote serial port.
Figure 2-6 Networking for configuring the MA5600 through the remote serial port
Telephone line
Modem CON
ETH
MON
PSTN
Telephone line
SCU MA5600
Serial port
cable
Modem PC
Configuration Flowchart
Figure 2-7 shows the flowchart for configuring the MA5600 through the remote serial port.
Figure 2-7 Flowchart for configuring the MA5600 through the remote serial port
Start
End
Procedure
Step 1 Set the called modem parameters.
Only three signal lines, namely SD, RD and SG, are used for connecting the MA5600 and the
modem. Therefore, before connecting the modem with the MA5600, shield the handshake
signals and flow control signals of the modem.
The configuration of a modem needs an intelligent terminal. The following modem configuration
is based on the HyperTerminal operating under Windows.
1. Connect the serial port of the modem with that of the maintenance terminal using the
dedicated cable for the modem, and power on the system. Installing a driver is not required
at this step.
2. Assume that the modem is connected to COM2 port. Start the HyperTerminal, and select
Direct to COM2 in the column of Connect using in the dialog box that appears. Set the
serial port parameters as follows: 9600 bit/s for baud rate, 8 for data bits, 1 for stop bits,
None for parity, None for flow control.
NOTE
After the connection, you may find that the terminal cannot display anything. This is because the
display function of the modem is disabled at the previous configuration operation. To enable the
terminal to display input and output information, run the AT&F command to restore the default
settings and press Enter.
3. Check the modem.
In the HyperTerminal, enter the AT&F command to restore the default settings of the
modem. Observe if the screen displays "OK". If yes, the modem is normal.
4. In the HyperTerminal, enter the following commands:
ATS0=1 //Enable the auto replay function (ringing sound).
AT&D //Ignore DTR signals.
AT&K0 //Disable the flow control function.
NOTE
After the execution of the last command, entering the AT command disables the echo function of
the terminal and prohibits it from displaying the execution results. Due to the limitation of the bit
rate of the modem, a baud rate of 9600 bit/s or 19200 bit/s is recommended for the serial port of the
MA5600. If necessary, you can run the baudrate command to modify the baud rate of the serial port
of the MA5600. To prevent an extremely high bit rate on the line between the two modems, you can
set AT$MB=9600 (or another value) before running the ATEQ1&W command.
After power-on, the calling modem can function in the normal state without any configuration.
However, if you connect the maintenance terminal with the modem using a standard cable, shield
the handshake signals and flow control signals of the modem before the connection. For details
on this shield operation, refer to the settings of the called modem parameters.
Plug the telephone line into the LINE port of the called modem. Connect the serial port of
the called modem with the maintenance port CON of SCU board on the MA5600 using the
dedicated serial port cable for the MA5600, and power on the modem.
2. Connect the calling modem.
For an external modem, plug the telephone line into the LINE port of the calling modem,
connect the serial port of the calling modem with that of the maintenance terminal using
dedicated cable for the modem, and power on the modem.
For a built-in modem, you only need to plug the telephone line into the LINE port of the
calling modem.
Step 4 Start the HyperTerminal.
1. Set up a new connection.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and input the name. Click OK.
2. Configure the serial port.
Select the standard character terminal or PC terminal serial port that is actually connected
to the MA5600 (assuming serial port COM2). Click OK.
Step 5 Set the parameters of the HyperTerminal.
In the above Step 2, click OK. Then, set the serial port parameters in the dialog box as shown
in Figure 2-8. The parameters are set as follows:
l Baud rate: 9600 bit/s
l Data bits: 8
l Parity: None
l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with that
of the serial port. By default, the baud rate of the serial port is 9600 bit/s.
l After login, illegible characters may be found among the input information. This is usually caused by
baud rate inconsistency between the HyperTerminal and the system. In this case, try to use another
baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400
bit/s, 57600 bit/s and 115200 bit/s.
----End
Result
After dialup, the "OH" and "RI" LEDs on the modem connecting to the PC turn on. The modem
generates a kind of sound, which indicates the progress of the connection. After the connection
is set up, the two modem CD LEDs (for carrier detection) turn on, and the HyperTerminal
interface displays "CONNECT9600 (or 19200)". This indicates that the inter-modem connection
is set up successfully.
If "NO CARRIER" is displayed, the connection fails. Check the hardware connections and the
telephone line. Press Enter until the login interface appears.
After configuring the MA5600, run the hang-up command of the HyperTerminal to break the
connection.
WARNING
l In the process of modem connection setup, pressing any key in the keyboard will interrupt
the ongoing call.
l After a remote maintenance operation, you need to disconnect the line, rather than merely
shutting down the HyperTerminal. Otherwise, modems of a certain model may remain online
all the time, causing failure in the next dialup connection.
Networking-LAN
Figure 2-9 shows the networking for local configuration through a LAN.
CON
ETH
MON
SCU MA5600
LAN
PC PC PC
Use a straight through cable to connect the MA5600 with the LAN. Make sure that the IP address
of the maintenance network port of the control board and that of the PC used for maintaining
the MA5600 are located in the same subnet.
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal with the
maintenance network port of the control board to maintain the MA5600.
Data Plan-LAN
Table 2-2 lists the data plan for the network.
Item Data
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal with the
maintenance network port of the control board to maintain the MA5600.
Networking-WAN
Figure 2-10 shows the connection between a WAN and the maintenance network port of the
control board.
Figure 2-10 Connection between a WAN and the maintenance network port of the control board
PC
LAN CON
WAN ETH
MON
Router
PC PC
SCU MA5600
Data Plan-WAN
Table 2-3 lists the data plan for the network.
Item Data
Configuration Flowchart
Figure 2-11 shows the flowchart for configuring the MA5600 through the outband management
channel.
Figure 2-11 Flowchart for configuring the MA5600 through the outband management channel
Start
Run Telnet
End
Procedure
Step 1 Set up the configuration environment.
Figure 2-9 and Figure 2-10 show the sample networks for configuring the MA5600 through
the outband management channel. You can set up the environment as required.
l If you set up the WAN configuration environment as shown in Figure 2-9, no route needs
to be added.
l If you set up the WAN configuration environment as shown in Figure 2-10, add a next hop
route to the NMS.
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
>>User name:root
>>User password:
----End
Result
After you log in to the system, you can perform the configuration successfully.
Networking-LAN
Figure 2-13 shows the networking for the maintenance through the GE port over a LAN.
Figure 2-13 Networking for the maintenance through the GE port over a LAN
CON
ETH
MON
GE 0/7/0
SCU MA5600
LAN
PC PC PC
Data Plan-LAN
Table 2-4 lists the data plan for the network.
Item Data
Networking-WAN
Figure 2-14 shows the networking for the maintenance through the GE port over a WAN.
Figure 2-14 Networking for the maintenance through the GE port over a WAN
CON
ETH
MON
IP GE 0/7/0
Router
PC
SCU MA5600
Data Plan-WAN
Table 2-5 lists the data plan for the network.
Item Data
Configuration Flowchart
Figure 2-15 shows the flowchart for configuring the MA5600 through the inband management
channel.
Figure 2-15 Flowchart for configuring the MA5600 through the inband management channel
Start
End
Procedure
Step 1 Set up the configuration environment.
Figure 2-13 and Figure 2-14 show the sample network for configuring the MA5600 through
the inband management channel. You can set up the environment based on your own conditions.
Step 2 Create an NMS VLAN and add the upstream port to it.
Run the ip address command to set the IP address and subnet mask of the MA5600 VLAN layer
3 interface.
huawei(config)#interface vlanif 30
huawei(config-if-vlanif30)#ip address 10.10.20.1 255.255.255.0
If the configuration environment is set up as shown in Figure 2-14, add the route of next hop.
huawei(config-if-vlanif30)#quit
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the SCU board in the Open field. Click OK to run the telnet
application as shown in Figure 2-16.
By default, the Super user uses root and admin as the user name and password. When you log
in, the system prompts the following
Huawei MA5600 Multi-service Access Module.
Copyright (C) Huawei Technologies Co., Ltd. 2002-2007. All rights reserved.
>>User name:root
>>User password:
----End
Result
After login, you can configure the terminal for maintenance.
Networking-LAN
Figure 2-17 shows the connection for setting up the SSH configuration environment in LAN
outband mode.
Figure 2-17 Setting up the SSH configuration environment in LAN outband mode
CON
ETH
MON
SCU MA5600
LAN
PC PC PC
Data Plan-LAN
Table 2-6 lists the data plan for the network.
Networking-WAN
Figure 2-18 shows the connection for setting up the SSH configuration environment in WAN
outband mode.
Figure 2-18 Setting up the SSH configuration environment in WAN outband mode
PC
LAN CON
WAN ETH
MON
Router
PC PC
SCU MA5600
Data Plan-WAN
Table 2-7 lists the data plan for the network.
Networking-LAN
Figure 2-19 shows the connection for setting up the SSH configuration environment in LAN
inband mode.
Figure 2-19 Setting up the SSH configuration environment in LAN inband mode
CON
ETH
MON
GE 0/7/0
SCU MA5600
LAN
PC PC PC
Data Plan-LAN
Table 2-8 lists the data plan for the network.
Networking-WAN
Figure 2-20 shows the connection for setting up the SSH configuration environment in WAN
inband mode.
Figure 2-20 Setting up the SSH configuration environment in WAN inband mode
CON
ETH
MON
IP GE 0/7/0
Router
PC
SCU MA5600
Data Plan-WAN
Table 2-9 lists the data plan for the network.
Configuration Flowchart
Figure 2-21 shows the flowchart for configuring the SSH environment. For details on
configuration, refer to "8.6 Configuring SSH."
Start
Create a user
password-
Set authentication authentication mode
mode for the SSH user
rsa, all, password-public
key authentication
modes
End
Procedure
Step 1 Set up the configuration environment.
You can set up the configuration environment shown in Figure 2-17, Figure 2-18, Figure
2-19 and Figure 2-20.
Step 2 Set the IP address of the maintenance network port/VLAN layer 3 interface.
l To set the IP address of the maintenance network port, do as follows:
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.2 255.255.255.0
User's Level:
1. Common User 2. Operator 3. Administrator:2
Permitted Reenter Number(0--4):4
User's Appended Info(<=30 chars):
This user has been added
Repeat this operation? (y/n)[n]:n
CAUTION
The first step after you succeed in logging in to the SSH is to configure and create the local RSA
key pair. Be sure to complete the "rsa local-key-pair create" operation and create the local key
pair before further SSH configurations.
After generating the client key, save public key and private key.
3. Generating the RSA public key.
Run sshkey.exe, the client software for converting keys, to convert the client public key
into the RSA public key, as shown in Figure 2-24.
Figure 2-24 Interface of converting the client public key into the RSA public key
Because the user authentication mode is RSA, the system will prompt message, as shown
in Figure 2-27.
Enter the correct user name to log in to the system according to the prompt.
----End
Result
After you log in to the system, you can perform the configuration successfully.
3.1 Overview
This chapter describes the command line interface (CLI) operation mode and how to apply it
for maintaining the MA5600.
3.2 CLI Characteristics
This section describes the CLI characteristics of the MA5600.
3.3 Basic Operations Through CLI
This section describes how to perform the basic operations on the MA5600 through the CLI.
3.1 Overview
This chapter describes the command line interface (CLI) operation mode and how to apply it
for maintaining the MA5600.
Service Description
You can maintain the MA5600 through two modes: network management system (NMS) and
CLI.
l The NMS provides a graphical user interface (GUI) for easy operations, and the CLI
provides the command line interface for the same purpose.
l You can maintain the MA5600 through the CLI easily. For this purpose, you can run the
HyperTerminal or the telnet program of the Windows operating system to log in to the
MA5600 to maintain it through the CLI.
Service Specification
This chapter describes some basic CLI operations. After reading this chapter, you can perform
the basic configurations for the MA5600 through the CLI.
Classification
The MA5600 provides various modes to realize hierarchical protection and avoid unauthorized
access.
The MA5600 provides the following command modes:
l User mode
l Privilege mode
l Global config mode
l Interface config Mode
l OSPF mode
l RIP mode
l MPLS-LDP mode
l Tunnel mode
l BTV mode
l Test mode
Features
l Downward compatibility
Based on different command modes, the system can prevent any unauthorized access.
For users at different levels, the command modes involved are different, and the
executable commands for these users are also different even though they can enter the
same mode.
Mode Switching
Figure 3-1 shows how to switch over among the command modes.
Login User mode enable Privilege mode config Global config mode
huawei> huawei# huawei(config)#
quit disable quit
MPLS-LDP mode
huawei(config-ospf-ldp)#
return
NOTE
To exit from a command mode, run the quit command. To exit from the current mode to privilege mode,
run the return command. To exit from the privilege mode to user mode, run the disable command. By
default, the command line prompt uses "MA5600" as its prefix. You can modify the prompt by using the
sysname command. The information in the bracket describes the current mode.
Function
For ease of operation, you can type in an incomplete keyword, and then press the space bar. The
system returns a list of matching keywords.
Notes
On pressing the space bar, if the system does not return the commands, it indicates that:
l You have entered a wrong command. In this case, check the command and enter the correct
one.
For example, when you enter dip (for display), entering a space does not display the
commands.
huawei#dip
For example, when you enter dis in privilege mode, the system cannot find a matched
keyword for it. This is because there are two commands that start with dis: disable and
display.
Function
The CLI provides basic command edit functions. It allows multi-line editing, with up to 255
bytes for each command.
Specification
Table 3-2 lists the edit functions.
Key Function
Common key If the edit buffer is not full, pressing such a key will move the
cursor rightwards from its current position.
<Backspace> Pressing this key will delete the character before the cursor and
move the cursor backwards. When reaching the beginning of the
command, the cursor stops.
Left arrow key <←> or Move the cursor leftwards for the length of one character.
<Ctrl+A>
Right arrow key <→> or Move the cursor rightwards for the length of one character.
<Ctrl+D>
Up/Down arrow key <↑ Display history commands. For some terminals which do not
><↓> support up/down arrow keys, you can use Ctrl+P to select the
previous history command.
<Ctrl+U> Delete the characters before the current cursor and move the
cursor to the beginning of the line.
<Ctrl+K> Delete the characters after the current cursor and move the cursor
to the end of the line.
<ESC> Pressing this key twice will delete the current input.
NOTE
Common keys refer to letter keys, number keys and mark keys.
Function
In interactive mode, when you type in an incomplete command, the system prompts you with
the next keyword and its parameter type.
Examples
l To run the load program command in interactive mode, do as follows:
huawei#load program
{ xmodem<K>|tftp<K>|ftp<K> }: tftp
{ ServerIpAddress<I><X.X.X.X> }: 10.10.10.1
{ frameid<U><0,1>|frameid/slotid<S><3,15> }: 0/3
When interactive mode is disabled, if you type in an incomplete command and press
Enter, the system will prompt error.
l To run the load program command after interactive mode is disabled, do as follows:
huawei#undo smart
huawei#load program tftp
^
% Incomplete command, and error detected at '^'
To query the command help after entering the switch command keyword by "?", do as
follows:
huawei#switch ?
---------------------------------------------
Command of user
Mode:
---------------------------------------------
language-mode Set language
parameter
Function
In interactive mode, the CLI characters such as K and I are used to express the parameter types
of a keyword.
Specification
Table 3-3 lists the meaning of the CLI characters supported by the MA5600.
Character Meaning
<K> Keyword
Character Meaning
<I> IP address
<H> Hexadecimal number. The system shall support the input of "0x".
The default setting is decimal number.
<D><yyyy-mm-dd> Date
<T><hh:mm:ss> Time
NOTE
The CLI supports the input of the hexadecimal number. However, if you do not type in "0x" when entering
a hexadecimal number, the system considers the input number as a decimal one.
Function
When you query information, sometimes the CLI will fail to display the information on one
screen because it is too much. In this case, you can use the pause function to view information
displayed on multiple screens.
l One screen here refers to the one screen displayed by the HyperTerminal software of a PC,
which contains 24 lines.
l The system supports that the screen scrolls upward automatically, that is, the displayed
information cannot pause. Run the scroll command to enable the auto-scroll function, run
the undo scroll command to disable the auto-scroll function. By default, the auto-scroll
function is disabled.
Specification
Table 3-4 lists the options for viewing information displayed on multiple screens.
Press Space when the display is Continue to display the information on the next screen.
frozen
press Enter when the display is Continue to display the information on the next line.
frozen
Context
To set the maximum number of history commands saved in the buffer, run the history-command
max-size command.
To restore the default setting, run the history-command max-size command.
By default, up to 10 history commands can be saved for every user in the CLI.
The display history-command command can only show the commands executed by the current
user. After re-login, the history commands are cleared.
Procedure
Step 1 Run the history-command max-size command to set the number of history commands that can
be saved in the command buffer.
Step 2 Run the display history-command command to show history commands.
----End
Example
To set the number of history commands that can be saved in the command buffer to 20, do as
follows:
huawei(config)#history-command max-size 20
huawei#display history-command
--------------------------------------------------
No. Command
--------------------------------------------------
10 interface ?
9 history-command max-size
8 mac-pool ?
7 display current-configuration
6 ?
5 quit
4 quit
3 radius-server ?
2 ?
1 ?
--------------------------------------------------
Function
The system checks the syntax of each command you type in, and executes the command if it
passes the check. If the command fails to pass the check, the system prompts an error.
Specification
Table 3-5 shows the common CLI error prompts.
Parameter error The parameter is wrong and the cursor indicates the error location.
Context
The CLI offers two ways for you to obtain online help:
l Full help
When you input ? following the prompt, you can obtain help information about the
current available commands.
When you input a complete keyword followed by a space and a question mark, such as
display ?, you can obtain help information about all commands matching the keyword.
l Partial help
When you input an incomplete keyword followed by a question mark, such as display
l?, you can obtain help information about the commands matching the incomplete
keyword.
To show the help information about all available commands in global config mode, do as follows:
huawei(config)#?
---------------------------------------------
To show help information about the commands matching an incomplete keyword display, do
as follows:
huawei(config)#display ?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
aaa AAA(Authentication,Authorization,Accounting)
acl ACL status and configuration information
adsl <Group> adsl command group
alarm Display alarm related information
arp <Group> arp command group
authentication-scheme Authentication scheme
---- More ( Press 'Q' to break ) ----
Related Operation
Table 3-6 lists the related operation for obtaining online help information.
Context
l With interactive command execution enabled, if you type in a complete command and press
Enter, the system gives prompts to prevent wrong operations.
For example, if you type in the reboot system command and then press Enter, the system
prompts the following:
Please check whether data has saved, the unsaved data will lose if reboot system, are you
sure to reboot system? (y/n)[n]:
l With interactive command execution disabled, if you type in a command and press
Enter, the system executes the command directly.
l By default, the interactive command execution is enabled.
Procedure
Step 1 Run the interactive command to disable interactive command execution.
Step 2 Run the display interactive command and you can find that the interactive command execution
is enabled.
----End
Example
To enable the interactive command execution, do as follows:
huawei>interactive
huawei>display interactive
Command confirmed function is enabled
Related Operation
Table 3-7 lists the related operation for enabling or disabling interactive command execution.
Table 3-7 Related operation for enabling or disabling interactive command execution
Procedure
Step 1 Run the info-center enable command to enable the CLI trap reporting function.
Step 2 Run the display info-center command and you can find that the CLI trap reporting is enabled.
----End
Example
To enable the CLI trap reporting function, do as follows:
huawei(config)#info-center enable
huawei(config)#display info-center
Information Center:enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 512,
current messages 36, channel number : 4, channel name : logbuffer
dropped messages 0, overwrote messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 0, channel number:3, channel name:trapbuffer
dropped messages 0, overwrote messages 0
Information timestamp setting:
log - date, trap - date, debug - boot
Related Operation
Table 3-8 lists the related operation for enabling or disabling CLI trap reporting.
Table 3-8 Related operation for enabling or disabling CLI trap reporting
Context
The MA5600 supports the general language and the local language, including English and
Chinese. English is the default language.
Procedure
Run the switch language-mode command to switch from one language to another.
----End
Example
To switch from one language to another, do as follows:
huawei(config)#switch language-mode
Related Operation
Table 3-9 lists the related operation for switching the terminal language.
Context
l The system can synchronize the time of the NTP server based on the time zone where the
MA5600 is located. The system can automatically set the local time based on the time zone
where the MA5600 is located.
l The time format is hh:mm:ss yyyy-mm-dd, that is, hour: minute: second year-month-day.
l The setting takes effect at once.
l During the setting, the system checks the validity of the time. Special attention shall be
paid to the settings of leap year and leap month.
Procedure
Step 1 Run the timezone command to set the time zone where the device is located.
Step 2 Run the time command to set the system time.
Step 3 Run the display time command and you can find that the current system time has been set
successfully.
----End
Example
To set the current system time zone and time, do as follows:
Command:
display time
2007-06-20 09:00:00+08:00
Context
l By default, the device name is MA5600.
l The new system name takes effect immediately after it is set.
l After the system is changed, the command line prompt will change to the new name
accordingly.
Procedure
Run the sysname command to set the system name.
----End
Example
To name the first MA5600 at the New York office in U.S.A, do as follows:
huawei(config)#sysname NY_MA5600_A
Context
l Different terminals feature different edit characteristics. To make most terminals become
mutually compatible, the system divides terminals into two types, namely:
Procedure
Step 1 Run the terminal type command to set the terminal type.
Step 2 Run the display terminal type command and you can find that the terminal type has been set
correctly.
----End
Example
To set the terminal type as VT 100, do as follows:
huawei#terminal type vt100
huawei>display terminal type
The terminal type: VT100
Context
By default, the system will let the user exit from the system as long as the user fails to type in
any information on the terminal for 5 minutes.
Procedure
Step 1 Run the idle-timeout command to set the timeout exit time.
Step 2 Run the display idle-timeout command and you can find the timeout exit time has been set
correctly.
----End
Example
To set the timeout exit time to 23 minutes, do as follows:
huawei>idle-timeout 23
huawei>display idle-timeout
The timeout value is set to 23 minutes currently. If there is no input from
terminal during this time, the user will be disconnected
Related Operation
Table 3-10 lists the related operation for setting the timeout exit time.
Table 3-10 Related operation for setting the timeout exit time
Context
Once a terminal is locked, if you press any button on the terminal, the system will prompts you
to enter the password. After entering the correct password, you can operate the terminal.
Procedure
Run the terminal hold command to lock the terminal.
----End
Example
To lock the current CLI terminal and then unblock it, do as follows:
huawei(config)#terminal hold
Hold Password(<=15 chars):
Confirm Password(<=15 chars):
The user terminal has been held
Hold Password(<=15 chars)://Press any key and the system will prompt you to
enter
the unblocking password.
huawei(config)# //Input the correct password.
Related Operation
Table 3-11 lists the related operation for locking the terminal.
Context
The command will clear the screen output, and display the command prompt on the upper left
of the screen. This command only clears what is displayed on the screen rather than those in the
buffer.
Procedure
Run the cls command to clear the terminal screen.
----End
Example
To clear the screen, do as follows:
huawei>cls
Context
The command cannot show the version of a faulty board.
Procedure
Run the display version command to display the system or board version.
----End
Procedure
Run the display cpu command to display the CPU usage of a board.
----End
Example
To show the CPU usage of the control board, do as follows:
huawei>display cpu 0/7
CPU occupancy: 12%
Context
You can query the memory usage of the control board only.
Procedure
Run the display mem command to show the memory usage of the control board.
----End
Example
To query the memory usage of the control board, do as follows:
huawei>display mem 0/7
Memory occupancy: 47%
Context
The commands used to test network state include ping and tracert.
l ping
To check the network connectivity and the host reachability, run the ping command.
l tracert
To send test packets from the transmit host to the destination host, run the tracert
command. With this command, you can check the connectivity of a network and locate
faults in the network.
The following gives the execution process of the tracert command:
– The host sends a packet with the Time to Live (TTL) of 1 to the destination.
– During the first hop, the system returns an Internet Control Message Protocol (ICMP)
packet to indicate the failure in sending the packet due to TTL timeout.
– The host sends a packet with the TTL of 2. The system also returns TTL timeout in the
second hop.
The process continues in this way until the packet reaches the destination.
By doing so, the system can record the source address of each ICMP TTL timeout
message, and provide a path along which an IP packet goes all the way to the destination.
Procedure
l Run the ping command to test the network state.
l Run the tracert command to test the network state.
----End
This chapter describes how to manage the MA5600 through the N2000 BMS and the related
configuration.
4.1 Overview
This section describes the network management protocols, the NMS that the MA5600 supports,
and the purpose of this chapter.
4.2 Basic Concepts
This section describes the concepts involved in the network configuration.
4.3 Configuration Example of an Outband NMS
This operation enables you to connect the MA5600 to the N2000 through the maintenance
network port. Then, you can maintain the MA5600 through an outband management channel.
4.4 Configuration Example of an Inband NMS
This operation enables you to connect the MA5600 to the N2000 through the GE port. Then,
you can maintain the MA5600 through an inband management channel.
4.5 SNMP Agent Configuration
This operation enables you to configure an SNMP agent when you want to maintain the
MA5600 through the manager.
4.6 Configuring the IP Address of the Outband NMS Interface
This operation enables you to configure the IP address of the outband NMS interface
(maintenance network port).
4.7 Configuring an NMS Route
This operation enables you to create a static route between the MA5600 and the manager.
4.8 Configuring the IP Address of the Inband NMS Interface
This operation enables you to configure the IP address of the inband NMS interface.
4.1 Overview
This section describes the network management protocols, the NMS that the MA5600 supports,
and the purpose of this chapter.
Service Description
Based on Simple Network Management Protocol (SNMP), the MA5600 communicates with the
NMS through its network management interface. Here, the iManager N2000 Fixed Network
Integrated Management System (N2000) is used as the NMS.
The N2000 can manage and maintain the MA5600 through the network port of the MA5600.
The MA5600 uses traps to send the status information to the N2000 to report some urgent and
important events.
Service Specification
This chapter describes the network configuration performed on the MA5600 to realize normal
communication between the MA5600 and the N2000, including outband NMS configuration
and inband NMS configuration.
NOTE
To realize normal communication between the MA5600 and the N2000, you must also perform
configurations on the N2000. For details, refer to the SmartAX MA5600 Multi-service Access Module
Commissioning Guide.
SNMP
SNMP ensures normal transmission of administrative message between any two points. It eases
up the administrator's following operations on any node of the network:
l Retrieving information
l Modifying information
l Locating a fault
l Diagnosing a fault
l Planning the capacity
l Generating a report
Manager
A manager runs the client software. It can send GetRequest, GetNextRequest and SetRequest
messages to the agent.
Agent
An agent is the server software running on a network device.
When receiving request messages from the manager, the agent:
l Reads or writes the management variables based on the message type.
l Generates and sends the response messages to the manager.
On the other hand, in case of device cold start, warm start, failure and fault recovery, the agent
sends traps to report such events to the manager.
Trap
Traps refer to the unsolicited messages sent from a managed device to the manager to report
some urgent and important events.
Networking
Figure 4-1 shows a sample network for configuring the outband NMS.
IP
NMS
Router
CON
ETH
MON
SCU MA5600
Data Plan
Table 4-1 lists the data plan for configuring the outband NMS.
Item Data
Configuration Flowchart
Figure 4-2 shows the flowchart for configuring the outband NMS.
Start
End
NOTE
l This section describes how to configure the MA5600 only. To set up the network connection, you also
need to configure the router.
l If the telnet environment has been set up according to "2.4 Configuring the Terminal Through the
Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the maintenance network port.
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.1 255.255.255.0
The setting of the MA5600 shall accord with that in the N2000. Assume that the N2000 adopts SNMP
V1.
huawei(config)#snmp-agent sys-info version v1
Step 6 Set the IP address of the maintenance network port as the source address for traps sending.
huawei(config)#snmp-agent trap source meth 0
----End
Result
After the configuration, you can manage the MA5600 through the N2000.
Networking
Figure 4-3 shows a sample network for configuring the inband NMS.
IP
N2000
Router
CON
ETH
MON
GE 0/7/0
SCU MA5600
Data Plan
Table 4-2 lists the data plan for configuring the inband NMS.
Configuration Flowchart
Figure 4-4 shows the flowchart for configuring the inband NMS.
Start
End
NOTE
l This section describes how to configure the MA5600 only. To set up the network connection, you also
need to configure the router.
l If the telnet environment has been set up according to "2.4 Configuring the Terminal Through the
Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the inband NMS port (GE port).
l Create an NMS VLAN
huawei(config)#vlan 1000 standard
The setting of the MA5600 shall accord with that in the N2000. Assume that the N2000 adopts SNMP
V3.
huawei(config)#snmp-agent sys-info version v3
Step 6 Set the IP address of the inband NMS as the source address for traps sending.
huawei(config)#snmp-agent trap source vlanif 1000
----End
Result
After the configuration you can manage the MA5600 successfully through the N2000.
Procedure
Step 1 Run the snmp-agent sys-info version command to set the SNMP version.
Step 2 Run the display snmp-agent sys-info version command to query the configured SNMP version.
----End
Example
To set the SNMP version as V1 and V2C, do as follows:
huawei(config)#snmp-agent sys-info version v1 v2c
huawei(config)#display snmp-agent sys-info version
{ <cr>|contact<K>|location<K> }:
Command:
display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1 SNMPv2c
Related Operation
Table 4-3 lists the related operation for setting the SNMP version.
Delete the set SNMP version information undo snmp-agent sys-info version
Context
l The default read-only community name in the Huawei iManager N2000 BMS is public,
and the read-write community name in the N2000 is private.
l The MA5600 supports up to 10 community names.
l The read and write community names set in the MA5600 shall accord with those in the
manager.
Procedure
Step 1 Run the snmp-agent community command to add a community name and set its read/write
authorities.
Step 2 Run the display snmp-agent community command to query a community name.
----End
Example
To add a read-only community named public, do as follows:
huawei(config)#snmp-agent community read public
huawei(config)#display snmp-agent community read
Community name: public
Storage type: nonVolatile
View name: ViewDefault
Total number is 1
Related Operation
Table 4-4 lists the related operation for adding a community and setting its read/write authorities.
Table 4-4 Related operation for adding a community and setting its read/write authorities
Context
By default, the MA5600 is prohibited from sending traps to the N2000.
Procedure
Step 1 Run the snmp-agent trap enable standard command to enable traps sending.
Step 2 Run the display snmp-agent trap enable command to check whether traps sending is enabled.
----End
Example
To enable the MA5600 to send traps to the N2000, do as follows:
huawei(config)#snmp-agent trap enable standard
huawei(config)#display snmp-agent trap enable
Trap is enabled
Related Operation
Table 4-5 lists the related operation for enabling traps sending.
Context
The N2000 can receive traps only when the IP address of a destination host of traps is set
correctly.
Procedure
Step 1 Run the snmp-agent target-host trap command to set the IP address of a destination host of
traps.
Step 2 Run the display snmp-agent target-host command to query the destination host of traps.
----End
Example
To set the IP address of the destination host of traps as 10.71.53.108, and run the community
name “private”, do as follows:
huawei(config)#snmp-agent target-host trap address 10.71.53.108 securityname
private v3
huawei(config)#display snmp-agent target-host
Traphost list:
Traphost address: 10.71.53.108
Traphost portnumber: 162
Traphost securityname: private
Traphost trapversion: v3
Total number is 1
Related Operation
Table 4-6 lists the related operation for setting the IP address of a destination host of traps.
Table 4-6 Related operation for setting the IP address of a destination host of traps
Context
The IP address of the interface for traps sending is the source IP address of the traps.
Procedure
Step 1 Run the snmp-agent trap source command to set the source interface for sending traps.
Step 2 Run the display snmp-agent trap-source command to query the source interface for sending
traps.
----End
Example
To set the source interface for traps sending as the layer 3 interface of VLAN 1000, do as follows:
huawei(config)#snmp-agent trap source vlanif 1000
huawei(config)#display snmp-agent trap-source
Trap source interface name: vlanif1000
Related Operation
Table 4-7 lists the related operation for setting the source interface for traps sending.
Table 4-7 Related operation for setting the source interface for traps sending
Delete the source interface for sending undo snmp-agent trap source
traps
Context
By default, system contact information is R&D Shenzhen, Huawei Technologies Co., Ltd.
Procedure
Step 1 Run the snmp-agent sys-info contact command to set the system contact information.
Step 2 Run the display snmp-agent sys-info contact command to query the system contact
information.
----End
Example
To set the system contact information as HW-075528780808, do as follows:
huawei(config)#snmp-agent sys-info contact HW-075528780808
huawei(config)#display snmp-agent sys-info contact
{ <cr>|location<K>|version<K> }:
Command:
display snmp-agent sys-info contact
The contact person for this managed node:
HW-075528780808
Related Operation
Table 4-8 lists the related operation for setting the system contact information.
Table 4-8 Related operation for setting the system contact information
Context
By default, the system location information is Shenzhen China.
Procedure
Step 1 Run the snmp-agent sys-info location command to set the system location information.
Step 2 Run the display snmp-agent sys-info location command to display the system location
information.
----End
Example
To set the system location information as Shanghai China, do as follows:
huawei(config)#snmp-agent sys-info location Shanghai China
huawei(config)#display snmp-agent sys-info location
{ <cr>|contact<K>|version<K> }:
Command:
display snmp-agent sys-info location
The physical location of this node:
Shanghai China
Related Operation
Table 4-9 lists the related operation for setting the system location information.
Table 4-9 Related operation for setting the system location information
Context
l The MA5600 supports up to 20 SNMP users.
l If the entered user name is an existing one, the system will update the configuration of the
user.
l If you do not enter the user authentication and encryption modes, the user can access the
equipment without authentication or encryption.
Procedure
Step 1 Run the snmp-agent usm-user command to configure an SNMP V3 user.
Step 2 Run the display snmp-agent usm-user command to query the SNMP V3 user.
----End
Example
To add an SNMP V3 user named user, belonging to a group named group, with the authentication
mode of md5, the authentication password of 1, the encryption mode of des56, and the encryption
password of 2, do as follows:
huawei(config)#snmp-agent usm-user v3 user group authentication-mode md5 1 privacy-
mode des56 2
huawei(config)#display snmp-agent usm-user user
User name: user
Engine ID: 800007DB0300E0FC995050
Group name: group
Authentication mode: md5, Privacy mode: des56
Storage type: nonVolatile
User status: active
Related Operation
Table 4-10 lists the related operation for configuring an SNMP V3 user.
Context
l The MA5600 supports up to 20 SNMP V3 groups.
l By default, the system has a read view named viewDefault with the range of internet sub-
tree; the write view and notify view are blank.
l If the entered group name is an existing one, the system will update the configuration of
the group.
l A specified view can be a non-existing view. In this case, the users in the group fail to
access anywhere.
l A user can access views in three modes:
– With authentication and encryption
– With authentication but no encryption
– With no authentication or encryption
l If the access mode level is lower than the security level of the configured group, the user
will fail to access. If the corresponding groups have multiple security levels, the user can
select the group with the highest security level, and then access the view corresponding to
the group.
Procedure
Step 1 Run the snmp-agent group v3 command to configure an SNMP V3 group.
Step 2 Run the display snmp-agent group command to query the SNMP V3 group.
----End
Example
To configure a group named group, with authentication but no encryption, with the read view
of internet, and with blank write and notify views, do as follows:
huawei(config)#snmp-agent group v3 group authentication read-view internet
huawei(config)#display snmp-agent group group
Group name: group
Security model: v3 AuthnoPriv
Readview: internet
Writeview: <no specified>
Notifyview: <no specified>
Storage type: nonvolatile
Related Operation
Table 4-11 lists the related operation for configuring an SNMP V3 group.
Context
l The number of sub-trees of all the views cannot exceed 20.
l By default, the system has a read view named ViewDefault, with the range of internet sub-
tree view.
l The view named ViewDefault cannot be deleted or updated.
Procedure
Step 1 Run the snmp-agent mib-view command to configure an SNMP MIB view.
Step 2 Run the display snmp-agent mib-view command to query the SNMP MIB view.
----End
Example
To configure a view named view1, including ip sub-tree, do as follows:
huawei(config)#snmp-agent mib-view view1 include ip
huawei(config)#display snmp-agent mib-view view1
View name: view1
MIB subtree: ip
Subtree mask:
Storage type: nonVolatile
View type: include
View status: active
Related Operation
Table 4-12 lists the related operation for configuring an SNMP MIB view.
Context
With no manually configured ID, the MA5600 will automatically initialize one at startup.
Procedure
Step 1 Run the snmp-agent local-engineid command to configure the local SNMP engine ID.
Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID.
----End
Example
To configure the engine ID of the local SNMP entity as 010101011000, do as follows:
huawei(config)#snmp-agent local-engineid 0101010110000
Command:
snmp-agent local-engineid 01010101110000
Info: Modify the local-engineid will disable the configured SNMPv3 user, all
of user local-engineid changes to the modified one after system reset, proceed?[
Y/N]:y
huawei(config)#display snmp-agent local-engineid
SNMP local EngineID: 010101011000
Related Operation
Table 4-13 lists the related operations for configuring the local SNMP engine ID.
Table 4-13 Related operations for configuring the local SNMP engine ID
To… Run the Command…
Context
By default, the handshake function between the MA5600 and the N2000 is disabled.
Procedure
Step 1 Run the system handshake enable command to enable the handshake function between the
MA5600 and the N2000.
Step 2 Run the display system handshake command to query the handshake function between the
MA5600 and the N2000.
----End
Example
To enable the handshake function between the MA5600 and the N2000, do as follows:
huawei(config)#system handshake enable
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 300s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------
Related Operation
Table 4-14 lists the related operations for enabling the handshake function between the
MA5600 and the N2000.
Table 4-14 Related operations for enabling the handshake function between the MA5600 and
the N2000
Context
l By default, the handshake interval between the MA5600 and the N2000 is zero second.
l The handshake interval between the MA5600 and the N2000 determines the handshake
frequency.
– When the interval is short, and the number of network elements under the N2000 is
large, the N2000 will be over-tasked to handle increasing handshake packets.
– When the interval is long, and the MA5600 and the N2000 are disconnected, the N2000
will fail to find the fault in time.
l You can set an appropriate handshake interval according to actual conditions.
Procedure
Step 1 Run the system handshake interval command to set the handshake interval.
Step 2 Run the display system handshake command to query he handshake interval.
----End
Example
To set the handshake interval to 10 seconds, do as follows:
huawei(config)#system handshake interval 10
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 10s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------
Related Operation
Table 4-15 lists the related operation for setting the handshake interval.
Context
l By default, the IP address of the maintenance network port (ETH port on the control board)
is 10.11.104.1, and the subnet mask is 255.255.0.0.
l Make sure that the IP address of the ETH port is located in the same subnet as that of the
gateway or the PC used for maintaining the MA5600.
l After setting the IP address, keep the record for future reference.
Procedure
Step 1 Run the interface meth command to enter meth mode.
Step 2 Run the ip address command to set the IP address of the ETH port on the control board.
Step 3 Run the display interface meth command to query the IP address of the ETH port on the control
board.
----End
Example
To the IP address of the ETH port as 10.10.10.1 and the subnet mask as 255.255.255.0, do as
follows:
huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.10.1 255.255.255.0
huawei(config)#display interface meth 0
meth0 current state : UP
Line protocol current state : UP
Description : HUAWEI, MA5600 Series, meth0 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcaa-8516
Auto-duplex(Full), Auto-speed(100M)
5 minutes input rate 1549 bytes/sec, 14 packets/sec
5 minutes output rate 168 bytes/sec, 1 packets/sec
10508484 packets input, 1472712535 bytes
2213003 packets output, 712283310 bytes
Related Operation
Table 4-16 lists the related operation for configuring the IP address of the outband NMS
interface.
Table 4-16 Related operation for configuring the IP address of the outband NMS interface
To… Run the Command… Remarks
Context
l The system supports up to 4096 static routes.
l When the MA5600 and the N2000 are located in different subnets, a route shall be
configured for the gateway to forward IP packets.
Procedure
Step 1 Run the ip route-static command to configure a static route.
Step 2 Run the display ip routing-table command to query the current routing configuration.
----End
Example
To create a route to subnet 10.71.8.0 (where the manager is located), and the gateway as
10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1
huawei(config)#display ip routing-table verbose
Routing Table : Public
Destinations : 3 Routes : 3
Destination: 10.0.0.0/8
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 10.71.62.1 Interface: meth0
RelayNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Label: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
BkNextHop: 0.0.0.0 BkInterface:
BkLabel: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
State: Active Adv GotQ Age: 7d06h27m42s
Tag: 0
Destination: 10.71.62.0/24
Protocol: Direct Process ID: 0
Preference: 0 Cost: 0
Related Operation
Table 4-17 lists the related operation for configuring an NMS route.
Context
l The MA5600 realizes inband NMS through the Ethernet port on the control board.
l To prevent login and access to the MA5600 from the user end, it is recommended that the
standard VLAN be used as the NMS VLAN.
Procedure
Step 1 Run the vlan command to create an NMS VLAN.
Step 2 Run the interface vlanif command to enter VLAN interface mode.
Step 3 Run the ip address command to set the IP address of the VLAN interface.
Step 4 Run the display interface vlanif command to query the IP address of the VLAN interface.
----End
Example
To set the IP address of the inband NMS interface as 10.10.10.2 and the subnet mask as
255.255.255.0, do as follows:
huawei(config)#vlan 1000 standard
huawei(config)#interface vlanif 1000
huawei(config-if-vlanif1000)#ip address 10.10.10.2 255.255.255.0
huawei(config)#display interface vlanif 1000
vlanif400 current state : UP
Line protocol current state : UP
Description : HUAWEI, MA5600 Series, Vlanif400 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.2/24
Related Operation
Table 4-18 lists the related operation for configuring the IP address of the inband NMS interface.
Table 4-18 Related operation for configuring the IP address of the inband NMS interface
To… Run the Command… Remarks
This chapter describes the functions of the log host of theMA5600 and how to configure the log
host.
5.1 Overview
This section describes the functions of the log and the application of the log to the MA5600.
5.2 Configuration Example of a Log Host
This example shows how to configure a log host. After the configuration, the logs reported by
the MA5600 can be displayed on the log lost.
5.3 Configuring a Log Host
This operation enables you to configure a log host, that is, add and activate the log host.
5.4 Deleting a Log Host
This operation enables you to delete a log host.
5.5 Deactivating a Log Host
This operation enables you to deactivate a log host.
5.6 Querying Logs
This operation enables you to query logs.
5.1 Overview
This section describes the functions of the log and the application of the log to the MA5600.
Function
Logs can serve as important references for system maintenance and troubleshooting.
In the MA5600, you can query the executed commands and other important information recorded
in logs.
l The related inband NMS configuration has been complete. You can telnet to the
MA5600 to maintain it through PC 1 and PC 2.
l PC 3 is installed with FTP or TFTP software, and can receive and save the logs reported
by the MA5600.
Networking
Figure 5-1 shows a sample network for configuring a log host.
In the networking, PCs 1, 2 and 3 connect to the GE port of the MA5600 over a LAN. PC 3
works as the log host of the MA5600.
CON
ETH
MON
GE 0/7/0
SCU MA5600
LAN
Data Plan
Table 5-1 lists the data plan for configuring a log host.
Item Data
PC 3 IP address: 10.10.10.1/24
Procedure
Step 1 Add a log host.
huawei(config)#loghost add 10.10.10.1 huawei
Step 3 Check the connectivity between the MA5600 and the log host to verify that the MA5600 can
communicate with the log host smoothly.
Step 4 Configure the TFTP software of the log host.
1. Enable the syslog server function.
2. Set the directory for saving the reported logs.
----End
Result
After the configuration:
l You can query the logs in the directory for saving the logs.
l The logs record the operation commands executed on PCs 1 and 2 to the system. They are
the same as those queried on the MA5600.
Context
l The MA5600 can log important operations in the UNIX host (also referred to as the log
server) of the internal network through the syslog mechanism.
l After configuring a log host, you need to enable the log host service of the log server, and
configure the directory for saving logs and the log file name to enable real-time reporting
of logs.
Procedure
Step 1 Run the loghost add command to add a log host.
Step 2 Run the loghost activate command to activate the log host.
Step 3 Run the display loghost list command to display the log host.
----End
Example
To add log host named huawei with IP address of 10.10.10.1, do as follows:
huawei(config)#loghost add 10.10.10.1 huawei
huawei(config)#loghost activate name huawei
huawei(config)#display loghost list name huawei
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Normal
Related Operation
Table 5-2 lists the related operations for configuring a log host.
Procedure
Step 1 Run the loghost delete command to delete a log host
Step 2 Run the display loghost list command to display the log host.
----End
Example
To delete the log host with IP address 10.10.10.1, do as follows:
huawei(config)#loghost delete ip 10.10.10.1
huawei(config)#display loghost list ip 10.10.10.1
Failure: The log server not exist
Related Operation
Table 5-3 lists the related operations for configuring a log host.
Context
The system sends log information only to the activated log hosts.
Procedure
Step 1 Run the loghost deactivate command to deactivate a log host.
Step 2 Run the display loghost list command to display the log host.
----End
Example
To deactivate the log host with IP address 10.10.10.1, do as follows:
huawei#loghost deactivate ip 10.10.10.1
huawei#display loghost list ip 10.10.10.1
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Deactivate
Related Operation
Table 5-4 lists the related operations for deactivating a log host.
Context
l The MA5600 can keep logs of the latest 512 operations. System administrators can query
the latest executed operation commands through logs. The executed query commands
cannot be recorded in the logs.
l Up to 512 logs can be stored in the system. When there are more than 512 records, the old
records will be overwritten.
l Query and record the system logs at once in the case of system failure, to avoid loss of logs
that are helpful for fault locating.
l To record the operation correctly, make sure that the system time is correct before service
configuration.
Procedure
Run the display log command to query logs.
----End
Example
To query the logs of operations performed by user "root" on July 9, 2007, do as follows:
huawei(config)#display log name root 2007-07-09
{ <cr>|time1<T><hh:mm:ss>|-<K> }:
Command:
display log name root 2007-07-09
---------------------------------------------------------------------------
No. UserName Domain IP-Address
10 root -- 10.70.41.163
Time: 2007-07-09 14:12:20
Cmd: config
---------------------------------------------------------------------------
No. UserName Domain IP-Address
9 root -- 10.70.41.163
Time: 2007-07-09 14:12:18
Cmd: enable
---------------------------------------------------------------------------
No. UserName Domain IP-Address
8 root -- 10.70.41.163
Time: 2007-07-09 13:06:53
Cmd: disable
---------------------------------------------------------------------------
No. UserName Domain IP-Address
7 root -- 10.70.41.163
Time: 2007-07-09 13:06:12
Cmd: quit
---- More ( Press 'Q' to break ) ----
6 Managing Users
This chapter describes the classification of users supported by the MA5600 and how to add,
modify, delete, or disconnect a user.
6.1 Overview
This section describes the definition of users and user levels and authorities supported by the
MA5600.
6.2 Adding a User Profile
This operation enables you to add a user profile. To add a new user, you need bind this user
profile to manage operators.
6.3 Adding a User
This operation enables you to add a user who can log in to the MA5600 to maintain it.
6.4 Modifying the User Attributes
You can modify the user attributes, such as user profile, authority, password, the permitted
reenter number and the appended information.
6.5 Disconnecting an Online User
This operation enables you to disconnect an online user to prevent the user from logging in to
the MA5600.
6.6 Deleting a User
This operation enables you to delete a user which is not permitted to log in to the MA5600.
6.1 Overview
This section describes the definition of users and user levels and authorities supported by the
MA5600.
Service Description
Users herein refer to persons who configure and maintain the MA5600 through CLI.
Service Specification
In terms of authority, MA5600 users can be divided into four levels:
l Common user
l Operator
l Administrator
l Super user
Users at all levels can only add a user with lower levels than theirs.
Common user Common users perform basic system operation and simple query
operation.
Context
l There exists one root profile in the system. This profile disables restrictions on users so
that root users can log in to the system smoothly after a system upgrade. It is not
recommended to bind the root profile when you add a new user.
l The system provides three default profiles whose levels are administrator, operator and
common user respectively. They are convenient for unified management and the operation
of adding users.
l Up to 12 profiles can be added.
l To add a user profile, you need to configure the following parameters:
– Use profile name
– Min. length of user name
– Min. length of password
– Validity period of the user name
– Validity period of the password
– Permitted start time of logon by a user
– Permitted end time of logon by a user
Min. length of user The min. length of user name can be 6 to 15 alphanumeric characters
name and it must be equal to or longer than 6 alphanumeric characters.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, then the validity lasts
the user name forever. By default, it is 30 days. The system checks the validity of user
names by day and when a user logs on to the system. Before three days
of the expiration, the system generates an alarm informing the user of
expiration day. The system generates an alarm informing the user of
expiration once the system identifies the expiration of a user name.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, then the validity lasts
the password forever. By default, it is 30 days. The validity period of the password
should not be equal to or shorter than that of the user name. The system
checks the validity of passwords by day and when a user logs on to the
system. Before three days of the expiration, the system generates an
alarm informing the user of expiration day and asking the user to modify
the password in time.
Permitted start Together with the parameter of permitted end time of logon by a
time of logon by a user, it specifies the permitted period for a user to log on to the system.
user A user can log on to the system only in the permitted period.
Parameters Description
Permitted end time Together with the parameter of permitted start time of logon by a
of logon by a user user, it specifies the permitted period for a user to log on to the system.
A user can log on to the system only in the permitted period. If a user
logs on to the system at the permitted start time but does not log out at
the permitted end time, the system will force the user to log out and stop
the user to configure the system.
Procedure
Step 1 Run the terminal user-profile add command to add a user profile.
Step 2 Run the display terminal user-profile command to query information on the user profile.
----End
Example
Assume that:
l Use profile name: userprofile
l Min. length of user name: 8 alphanumeric characters
l Min. length of password: 8 alphanumeric characters
l Validity period of the user name: 30 day
l Validity period of the password: 30 day
l Permitted start time of logon by a user: 09:00
l Permitted end time of logon by a user: 19:00
To add the user profile, do as follows:
huawei(config)#terminal user-profile add
User profile name(<=15 chars):userprofile
Min. length of user name(6--15)[6]:8
Min. length of password(6--15)[6]:8
Validity period of the user name(0--999 days)[30]:
Validity period of the password(0--999 days)[30]:
Permitted start time of logon by a user(hh:mm):09:00
Permitted end time of logon by a user(hh:mm):19:00
Repeat this operation? (y/n)[n]:
huawei(config)#display terminal user-profile
{ name<K>|all<K> }:name
{ profile_name<S><1,15> }:userprofile
Command:
display terminal user-profile name userprofile
---------------------------------------------------------------------------
User profile name : userprofile
Min. length of user name : 8
Min. length of password : 8
Validity period of the user name : 30
Validity period of the password : 30
Permitted start time of logon by a user : 09:00
Permitted end time of logon by a user : 19:00
---------------------------------------------------------------------------
Related Operation
Table 6-3 lists the related operations for adding a user profile.
Modify a user terminal user-profile The user profile name cannot be modified.
profile modify The default user profiles cannot be
modified, named root, admin, operator and
common user.
The bound user profiles cannot be
modified.
Delete a user terminal user-profile delete The default user profiles cannot be
profile deleted, named root, admin, operator and
common user.
The bound user profiles cannot be deleted.
Modify the terminal user user-profile This operation binds the user to another
profile bound profile.
with a user
Context
l The super user and the administrator can add a user with a lower level than theirs. That is:
– The super user can add an administrator, operators and common users.
– The administrator can only add a operator and a common user.
l A user name is unique, cannot be all or online.
l The super user or administrator can add multiple users to the system at a time. Up to 127
users can be added to the system. If the root user counts, up to 128 users can be added.
l The system supports up to 10 terminal users online simultaneously.
When adding a user, you need to configure the user attributes, including the user profile, the
user account, password, permitted reenter number, authority and appended information.
User name A user name (or a user account) consists of 1-15 printable characters.
A user name is unique, case sensitive and cannot contain any space.
Permitted reenter The permitted reenter number means the concurrent logon count of a
number user account. Whether a user name can be used to log in to the
MA5600 from several terminals at the same time depends on the
permitted reenter number. It is in the range of 0–4, and is generally set
to 1.
Procedure
Step 1 Run the terminal user name command to add a user.
Step 2 Run the display terminal user command to query a user.
----End
Example
To add a common user named huawei with password of huawei, reenter number of 3, the bound
user profile root, and appended information user, do as follows:
huawei(config)#terminal user name
User profile name(<=15 chars)[root]:
User Name(<=15 chars):huawei
User Password(<=15 chars):huawei //Not display on the terminal
User's Level:
1. Common User 2. Operator 3. Administrator:1
Permitted Reenter Number(0--4):3
User's Appended Info(<=30 chars):user
This user has been added
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
Name Level Status ReenterNum AppendInfo
--------------------------------------------------------------------
root Super Online 1 none
huawei User Offline 3 user
--------------------------------------------------------------------
Total record(s) number: 2
Related Operation
Table 6-5 lists the related operations for adding a user.
Delete a user undo terminal user name l Only the super user and administrators
can delete users at lower levels.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To
delete an online user , you need to
disconnect the user first.
l Multi users can be deleted at a time.
Modify the user terminal user user-profile The administrator can run this command to
profile modify the profile where the user is located.
That is, bind the user to another profile.
Context
l Administrators can modify the bound profile of themselves and users at lower level.
l The user name and password must satisfy the specification of the user profile to be bound.
Otherwise, the binding operation fails.
Procedure
Step 1 Run the terminal user user-profile command to modify the bound profile of a user.
Step 2 Run the display terminal user command to query the bound profile of the user.
----End
Example
To modify the profile bound with the user named testuser to the default admin profile, do as
follows:
huawei(config)#terminal user user-profile
User Name(<=15 chars):testuser
Permitted user-profile[root]:admin
Confirm user-profile:admin
Configuration will take effect when the user logs on next time.
Repeat this operation? (y/n)[n]:
Related Operation
Table 6-6 lists the related operations for modifying the profile bound with a user.
Table 6-6 Related operations for modifying the profile bound with a user
Context
Only the super user and administrators can perform the operation for users at lower levels.
l The super user can modify the level of a user to that of a common user, an operator, or an
administrator.
l Administrators can modify the level of a user to that of a common user, or an operator.
Procedure
Step 1 Run the terminal user level command to modify a user level.
Step 2 Run the display terminal user command to query a user level.
----End
Example
To change a common user huawei to an operator, do as follows:
huawei(config)#terminal user level
User Name(<=15 chars):huawei
1. Common User 2. Operator 3.Administrator:2
User's Level:2
Confirm Level: 2
Information will take effect when this user logs on next time
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
---------------------------------------------------------------------------
Name Level Status ReenterNum AppendInfo
---------------------------------------------------------------------------
root Super Online 1 none
huawei Operator Offline 3 user
---------------------------------------------------------------------------
Total record(s) number: 2
Related Operation
Table 6-7 lists the related operations for modifying a user level.
Context
l The super user and the administrator can change the passwords of users at lower levels
(including themselves). When changing the passwords of users at lower levels, the super
user and the administrator need not to input the old password.
l The common user and the operator can only change their own password, and need to input
the old password.
Procedure
Step 1 Run the terminal user password command to change a user password.
Step 2 Log in to the equipment with the user old name and old password.
----End
Example
To change the password of a common user huawei, do as follows:
huawei(config)#terminal user password
User name (<=15 chars):huawei
Old Password(<=15 chars):hw //Not display on the terminal
New password(<=15 chars):huawei //Not display on the terminal
Confirm Password(<=15 chars):huawei //Not display on the terminal
Information takes effect
Repeat this operation? (y/n)[n]:n
Related Operation
Table 6-8 lists the related operations for changing a user password.
Context
l The super user and administrators can modify the permitted reenter number of users at
lower levels.
l It is not allowed to modify the permitted reenter number of the super user.
Procedure
Step 1 Run the terminal user reenter command to modify the permitted reenter number of a user.
Step 2 Run the display terminal user command to query the permitted reenter number of a user.
----End
Example
To modify the permitted reenter number of the common user huawei to 1, do as follows:
huawei(config)#terminal user reenter
User name (<=15 chars):huawei
Permitted reenter number(0--4):1
Confirm Reenter Number(0--4):1
Information takes effect
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
---------------------------------------------------------------------------
Name Level Status ReenterNum AppendInfo
---------------------------------------------------------------------------
root Super Online 1 none
huawei Operator Offline 1 user
---------------------------------------------------------------------------
Total record(s) number: 2
Related Operation
Table 6-9 lists the related operations for modifying the permitted reenter number.
Table 6-9 The related operations for modifying the permitted reenter number.
To... Run the Command...
Context
l The super user and administrators can modify their own appended information and that of
users at lower levels.
l Common users and operators can modify their own appended information.
Procedure
Step 1 Run the terminal user apdinfo command to modify the appended information on a user.
Step 2 Run the display terminal user command to query the appended information on a user.
----End
Example
To modify the appended information on the common user huawei, do as follows:
Related Operation
Table 6-10 lists the related operations for modifying the appended information.
Context
Only the super user and administrators can disconnect an online user at lower levels.
Procedure
Step 1 Run the client kickoff command to disconnect an online user.
Step 2 Run the display client command to query an online user.
----End
Example
To disconnect user 2, and then run the display client command to find the user has been
disconnected, do as follows:
huawei#client kickoff 2
Are you sure to kick the user off?(y/n)[n]: y
huawei#display client
-----------------------------------------------------------------------------
ID Client name Domain name IP Address Login Time
-----------------------------------------------------------------------------
Related Operation
Table 6-11 lists the related operation for disconnecting an online user.
Context
l Only the super user and administrators can delete the users at lower levels than themselves.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To delete an online user, you need to disconnect the user
first.
l Multiple users can be deleted at a time.
Procedure
Step 1 Run the undo terminal user namecommand to delete users.
Step 2 Run the display terminal user command to verify that a user is deleted successfully.
----End
Example
To delete a user named huawei, do as follows:
huawei(config)#undo terminal user name
User Name(<=15 chars):huawei
Are you sure to delete the user?(y/n)[n]:y
This user has been deleted
Repeat this operation? (y/n)[n]:n
huawei(config)#display terminal user all
---------------------------------------------------------------------------
Name Level Status ReenterNum AppendInfo
---------------------------------------------------------------------------
root Super Online 1 none
---------------------------------------------------------------------------
Total record(s) number: 1
Related Operation
Table 6-12 lists the related operations for deleting a user
This chapter describes how to manage the MA5600. Device management includes shelf
management and board management.
7.1 Overview
This section describes the contents of the chapter and the board status.
7.2 Setting the Description of a Shelf
This operation enables you to set the description for a shelf to differentiate it from other shelves.
7.3 Resetting the Control Boards
This operation enables you to reset the control boards. When you need to reset the control boards
to run the newly-loaded program and database, use this command.
7.4 Adding a Service Board Offline
This operation enables you to add a required service board in an idle slot and configure data of
the service board offline. After the corresponding service board is inserted, the board can start
immediately.
7.5 Confirming a Service Board
This operation enables you to confirm a service board that has been discovered automatically.
7.6 Deleting a Service Board
This operation enables you to delete a service board that is no longer in need.
7.7 Resetting a Service Board
This operation enables you to reset a service board when it is unstable.
7.8 Prohibiting a Service Board
This operation enables you to prohibit a service board.
7.9 Managing a Subboard
This section describes the operation purpose and specification of device management, the rules
of subboard combination and replacement.
7.1 Overview
This section describes the contents of the chapter and the board status.
Service Description
Device management involves:
l Shelf management
– Setting description of a shelf
– Querying description of a shelf
– Querying attributes of a shelf
l Control board management
– Resetting a control board
– Querying a control board
l Service board management
– Adding a service board offline
– Confirming a service board
– Deleting a service board
– Resetting a service board
– Prohibiting/Unprohibiting a service board
– Querying a service board
l Subboard management
– Replacing a subboard
– Querying a subboard
Board Status
Table 7-1 lists the service board status.
Procedure
Step 1 Run the frame set command to set the description of a shelf.
Step 2 Run the display frame desc command to query the description of a shelf.
----End
Example
To set the description of shelf 0, do as follows:
huawei(config)#frame set 0 desc adl
huawei(config)#display frame desc 0
--------------------------------------------------------
FrameID Frame description
--------------------------------------------------------
0 adl
--------------------------------------------------------
Related Operation
Table 7-2 lists the related operation for setting the description of a shelf.
Context
l The control boards include active control board and standby control board.
l Resetting an active control board leads to two results:
– In the case of an active/standby configuration, the operation has no adverse impact on
the ongoing services.
– In the case there is no standby control board, the operation disconnects the control board
from all the service boards, that is, all service boards in the system are reset.
l The reset operation may cause loss to unsaved data. Therefore, before the operation, run
the save command to save the system data.
l Reset the system only when necessary. In general, the system is reset after new application
or database is loaded.
l The board reset command cannot be used to reset the control boards.
l The reboot active command and the reboot standby command can be used to reset the
active control board and standby control board respectively.
Procedure
Run the reboot command to reset the control board.
----End
Related Operation
Table 7-3 lists the related operations for resetting the control boards.
Query a board display board You can query the board type, board
status and port information.
Context
l After the service board is added offline, the service board becomes faulty. Only after a
service board of the configured type is inserted into this slot, the board becomes normal.
If a service board of a different type is inserted, the board keep resetting because the board
type is not matching.
l You can add a service board only in an idle slot.
Procedure
Step 1 Run the board add command to add a service board.
Step 2 Run the display board command to query the information on the board.
----End
Example
To add a service board in slot 3, do as follows:
huawei(config)#board add 0/3 adg
huawei(config)#display board 0
-------------------------------------------------------------------------
SlotID BoardName Status SubType0 SubType1
-------------------------------------------------------------------------
0
1 H561SHEA Normal
2 H561AIUG Failed O1CTG
3 ADG Failed
4
5 H561ETHA Failed O4GS
6
7
8 H561SCU Active_normal O4GS
9
10
11
12
13
14
15
-------------------------------------------------------------------------
Related Operation
Table 7-4 lists the related operation for adding a service board offline.
Context
After you insert a service board into an idle slot, the system automatically identifies the board
type. The automatically identified service board is in the auto-find state. To enable the board for
normal service transmission, you need to confirm this board.
Procedure
Step 1 Run the board confirm command to confirm a service board.
Step 2 Run the display board command to query the confirmed service board.
----End
Example
To confirm board 0/6, do as follows:
huawei(config)#board confirm 0/6
0 frame 6 slot board confirm successfully
Related Operation
Table 7-5 lists the related operation for confirming a service board.
Add a service board board add You can add a service board only
offline to an idle slot.
Context
l A service board with ongoing service cannot be deleted.
l A service board in the auto-find state cannot be deleted.
Procedure
Step 1 Run the board delete command to delete a service board.
Step 2 Run the display board command to query service board list.
----End
Example
To delete service board 0/6, do as follows:
huawei(config)#board delete 0/6
are you sure to delete this board? (y/n)[n]:y
Board delete successfully
Context
l The system will generate a fault alarm after the reset operation and a recovery alarm after
the board recovers.
l The system will generate the reset failure alarm if the control board does not receive the
response from the service board for a long time after the reset command is delivered.
l When the service boards are enabled after the board reset operation succeeds, the service
boards report registration information to the control board so that the control board can
configure their data to restore the services.
Procedure
Run the board reset command to reset a service board.
----End
Example
To reset service board 0/6, do as follows:
huawei(config)#board reset 0/6
Are you sure to reset board? (y/n)[n]:y
0 frame 1 slot reset board message sent successfully...
Context
l Through the operation, you can:
– Suspend (but not delete) the service of the board.
– Release resources dynamically.
l A control board cannot be prohibited.
l A service board in the auto-find state and unconfirmed cannot be prohibited.
l Prohibiting a service board interrupts the services of the board.
Procedure
Step 1 Run the board prohibit command to prohibit a service board.
Step 2 Run the display board command to query the service board status.
----End
Example
To prohibit service board 0/2, do as follows:
huawei(config)#board prohibit 0/2
Prohibiting board will interrupt all services on this board, are you sure to
prohibit board? (y/n)[n]:y
Prohibited board successfully
Related Operation
Table 7-6 lists the related operation for prohibiting a service board.
Specification
The MA5600 supports inserting subboards on the SCU, ETH and AIUG boards to provide
multiple upstream interfaces. Among them, the AIUG board can provide E3 and IMA subtending
function.
The SCU control board or the ETH service board supports the replacement of the subboard. That
is, after you save the database, remove the board, replace the subboard, and insert the board to
the slot again, the board is in the normal state.
The AIUG board of the MA5600 does not support the replacement of the subboard. That is,
when the board is normal, after you remove the board and replace the subboard, the board is in
the failed state.
Meanwhile, when inserting or replacing subboards on or from the AIUG board, comply with
the following requirements:
l For the 622M subboard, the subboard can be inserted only in the second subboard slot and
inserting a subboard in the first subboard slot is not allowed.
l For the IMA subboard, the subboard can be inserted only in the first subboard slot and
inserting a subboard in the second subboard slot is not allowed.
l An H561AIUG board can be attached with only one BITS subboard.
l When no subboard is inserted in the first subboard slot, inserting a subboard in the second
subboard slot is not allowed.
l The number of subboard ports in the first subboard slot must be greater than or equal to
that in the second subboard slot.
NOTE
l For the SCU control board, if you do not follow the mentioned rules when replacing the subboard, the
system generates the alarm that the type of the subboard on the control board is changed, indicating
the operation failure. When you query the boards through the CLI, the system displays the information
about original subboards and the faulty status of the subboards.
l For the service board, if you do not follow the mentioned rules when replacing the subboard, the board
cannot be found automatically.
Related Operation
Table 7-7 lists the related operation for managing a subboard.
Querying a service display board You can query the subboards used by the
board board.
This chapter describes the remote user management supported by the MA5600, including
authentication, authorization, and accounting.
8.1 Overview
This section contains service description and service specification of remote user authentication
on the MA5600.
8.2 Related Concepts
This section describes concepts related to remote user authentication, including AAA, RADIUS
and SSH.
8.3 Configuration Example of Remote User Authentication
This example shows how to configure the remote user authentication to prevent illegal access
to the MA5600.
8.4 Configuring RADIUS
This section describes RADIUS configuration, including creating a RADIUS server template,
setting the IP address and port number of a RADIUS server, setting the shared key of the
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, configuring an
NAS port and its ID format, and setting the format of user name sent to a RADIUS server.
8.5 Configuring AAA
This section describes AAA configuration, including configuring an authentication scheme,
creating a domain, specifying the authentication scheme and specifying the RADIUS server
template.
8.6 Configuring SSH
This section describes the SSH configuration, including creating the local RSA key pair,
configuring the SSH user public key and configuring an SSH user.
8.1 Overview
This section contains service description and service specification of remote user authentication
on the MA5600.
Service Description
Remote user authentication refers to the process of examining the remote users who want to log
in to the MA5600. Only authenticated users can log in to the MA5600 to manage and maintain
it.
Service Specifications
The MA5600 realizes remote user authentication.
l AAA/RADIUS
– In an authentication, authorization and accounting (AAA)/Remote Authentication Dial-
In User Service (RADIUS) frame, the MA5600 serves as a network access server
(NAS). As for the RADIUS server, the MA5600 is a RADIUS client.
– When the AAA/RADIUS function is enabled, the MA5600 forwards the user name and
password of the login user to the RADIUS server for authentication.
l SSH
– The SSH protocol is based on a server-client mode, using TCP for interconnection to
realize secure remote access to insecure networks.
What Is AAA
Authentication, Authorization and Accounting (AAA) is a framework for network security
management.
Advantages of AAA
Operating in the server-client model, the AAA framework uses the clients as managed objects
and the server for storing user information.
The AAA framework has the following advantages:
l Excellent expansibility
l Standard authentication schemes
l Centralized user management
l Multi-system based security mechanism
What Is RADIUS
As a management framework, AAA can be carried out by a number of protocols. RADIUS is a
common one among them.
RADIUS is an information exchange protocol with the distributed server-client model. It is used
to manage a large number of distributed dialup users.
An RADIUS server manages a simple user database to provide AAA function for users and
modify users' service information according to the service types and authorities.
The users forward their AAA requests to the RADIUS server through a NAS.
Principles of RADIUS
l When you receive a request from a user to access other network (or use some network
resources), the NAS forwards the user data to the RADIUS server in line with the related
mechanism defined by the RADIUS protocol.
l The RADIUS server authenticates the user account and password contained in the user
data, and returns the data required data to the NAS.
NOTE
l The NAS and the RADIUS server also use a key to encrypt the data exchanged between them.
In this case, the data such as the password can be avoided being intercepted or stolen.
l The RADIUS configuration only defines the parameters related to the connections between the
NAS and the RADIUS server. To make these parameters take effect, you must enter domain
mode first, specify a RADIUS scheme, and then select the RADIUS AAA mode.
What Is SSH
SSH provides authentication, encryption, and identification to guarantee network
communication security. When users telnet the router through an insecure network, SSH offers
security guarantee and powerful authentication to protect the route against attacks such as IP
address spoofing and interception of plain text password.
SSH RFC
IETF defined SSH RFC document. There are two versions of the SSH protocol:
l SSHv1.5: SSHv1.5 was issued earlier than SSHv2. At present, a majority of SSHs support
it.
l SSHv2: SSHv2 is more standard and precise than SSHv1.5. It enhances security and adds
the file transfer function.
Advantages
The SSH protocol is based on a client/server mode. It uses TCP for interconnection to realize
secure remote access through insecure networks. Compared with telnet, SSH has the following
features:
l SSH supports the methods of using the password and RSA public key to authenticate clients.
l SSH supports Data Encryption Standard (DES), 3DES, and AES to encrypt session data.
l When the SSH server communicates with the SSH client, both the user name and the
password are encrypted to prevent the password from being intercepted.
l SSH encrypts the data to guarantee the security and reliability during the transmission.
l SSH supports authentication of a server.
l SSH supports the MD5 and SHA algorithms to identify the integrity of the session data to
guarantee authenticity of the session data and prevent the data from being altered
maliciously during the transfer process.
l SSH supports RSA authentication mode. In this mode, SSH implements secure key
exchange and authentication of the server by generating public and private keys. These
keys are generated according to the encryption principle of the asymmetric encryption
system. This guarantees the whole secure process of sessions.
Networking
Figure 8-1 shows a sample network for configuring the remote user authentication.
Figure 8-1 Sample network for configuring the remote user authentication
10.10.10.1 Radius
server
Internet
Radius
10.10.10.2 server
MA5600
LAN
PC PC PC
Data Plan
Table 8-1 lists the data plan for configuring the remote user authentication.
Table 8-1 Data plan for configuring the remote user authentication
Item Data
NOTE
This chapter describes configuration of the MA5600 only. For configuration of the RADIUS server, refer
to related documents. The RADIUS configuration profile contains the IP address and port number of the
RADIUS server. Configure other parameters such as RADIUS shared key and RADIUS server type
according to the practice.
Configuration Flowchart
Figure 8-2 shows the flowchart for configuring the remote user authentication.
Start
Create domain
End
Procedure
Step 1 Create a RADIUS server virtual profile.
huawei(config)#radius-server template radius2005
Step 2 Bind the RADIUS server virtual profile with the authentication server.
huawei(config-radius-radius2005)#radius-server authentication 10.10.10.1 1812
huawei(config-radius-radius2005)#radius-server authentication 10.10.10.2 1812
secondary
Step 7 Bind the domain with the RADIUS server virtual profile.
huawei(config-aaa-domain-radius1)#radius-server radius2005
----End
Result
After the configuration on the RADIUS server is complete, log on to the MA5600 and type in
the user name in the format of "userid@domain-name". If the RADIUS server contains the user
name and domain configuration, the user can log on to it and manage the devices.
8.4.1 Overview
This section describes RADIUS specification and notes for configuring RADIUS.
Specification
For the MA5600, the RADIUS is configured on each RADIUS server group.
In actual networking, a RADIUS server group can be:
l An independent RADIUS server
l A pair of primary/secondary RADIUS servers with the same configuration but different IP
addresses
The attributes of each RADIUS server profile include:
l IP addresses of primary and secondary servers
l Shared key
l RADIUS server type
Note
The RADIUS configuration only defines the parameters used for data exchange between the
MA5600 and the RADIUS server. To validate these parameters, you need to quote the RADIUS
server group in a domain. For details, refer to "8.5 Configuring AAA".
Context
l Before this setting, you need to configure a RADIUS server template.
l One RADIUS server template can be used by multiple domains.
Procedure
Step 1 Run the radius-server template command to create RADIUS server template and enter the
corresponding mode.
Step 2 Run the quit command to quit RADIUS mode.
Step 3 Run the display radius-server configuration command to query the created RADIUS server
template.
----End
Example
To specify "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : huawei
Timeout-interval(in second) : 5
Primary-authentication-server : 0.0.0.0:0:LoopBack0
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 0.0.0.0:0:LoopBack0
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 3
Domain-included : YES
-------------------------------------------------------------------
Related Operation
Table 8-2 lists the related operation for specifying the RADIUS server template
Table 8-2 Related operation for specifying the RADIUS server template
Context
l The servers may include the primary and secondary servers. By default, the IP address of
the primary or the secondary server is 0.0.0.0.
l To ensure the normal communication between the MA5600 and the RADIUS server, before
setting the IP address and port number of the server, make sure that the route between the
MA5600 and the RADIUS server is normal.
l Make sure that the port settings between the MA5600 and the server are consistent.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the radius-server authentication command to configure the primary authentication server.
Step 3 Run the radius-server authentication secondary command to configure the secondary server.
Step 4 Run the quit command to quit from the RADIUS config mode.
Step 5 Run the display radius-server configuration command to query the IP address and port number
of a RADIUS server.
----End
Example
To set the IP address and port number of the primary server as 10.10.10.1 and 1812, and the IP
address and port number of the secondary server as 10.10.10.2 and 1812, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server authentication 10.10.10.1 1812
Related Operation
Table 8-3 lists the related operation for setting the IP address and port number of a server.
Table 8-3 Related operation for setting the IP address and port number of a server
Context
l By default, the key is "huawei".
l The RADIUS client (namely the MA5600) and the RADIUS server use MD5 algorithm to
encrypt the packets exchanged between them. They respond to the received packets only
when the keys at both ends are identical.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the radius-server shared-key command to set the shared key of the RADIUS server.
Step 3 Run the quit command to quit from the RADIUS config mode.
Step 4 Run the display radius-server configuration command to query the shared key of the RADIUS
server.
----End
Example
To set the shared key of a RADIUS server as "radius2004", do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server shared-key radius2004
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : radius2004
Timeout-interval(in second) : 5
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 3
Domain-included : YES
-------------------------------------------------------------------
Context
l After the MA5600 sends RADIUS request packets to the RADIUS server, if no response
from the RADIUS server is received for a period of time, the MA5600 needs to resend
these packets to the RADIUS server to make sure that the users can really obtain RADUS
service.
l By default, the timeout interval is 5s.
Procedure
Step 1 Run the radius-server template command to create a RADIUS template and enter
corresponding RADIUS config mode.
Step 2 Run the radius-server timeout command to set the response timeout interval of a RADIUS
server.
Step 3 Run the quit command to quit from the RADIUS config mode.
Step 4 Run the display radius-server configuration command to query the response timeout interval
of a RADIUS server.
----End
Example
To set the timeout interval of a RADIUS server as 10s, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server timeout 10
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 3
Domain-included : YES
-------------------------------------------------------------------
Related Operation
Table 8-4 lists the related operation for setting the response timeout interval of a RADIUS server.
Table 8-4 Related operation for setting the response timeout interval of a RADIUS server
Context
l If no response has been received from the RADIUS server within the timeout time specified
by the timeout timer, the MA5600 resends the request packets to the RADIUS server. When
the retransmit count exceeds the specified maximum value, the MA5600 considers its
connection with the RADIUS server as interrupted, and turns to other RADIUS servers for
requesting services.
l By default, the maximum retransmit count of RADIUS request packets is 3.
l You can modify the configuration only when the RADIUS profile is not referenced.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the radius-server retransmit command to configure the retransmit time of the configured
server.
Step 3 Run the quit command to quit from the RADIUS config mode.
Step 4 Run the display radius-server configuration command to query the maximum count of
RADIUS request packets.
----End
Example
To set the maximum retransmit count of RADIUS request packets as 5, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server retransmit 5
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 5
Domain-included : YES
-------------------------------------------------------------------
Related Operation
Table 8-5 lists the related operation for setting the maximum retransmit count of the RADIUS
request packets.
Table 8-5 Related operation for setting the maximum retransmit count of the RADIUS request
packets
Context
The MA5600 supports both standard RADIUS protocol and Portal of Huawei.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the radius-server type command to set the RADIUS server type.
Step 3 Run the quit command to quit from the RADIUS config mode.
Step 4 Run the display radius-server configuration command to query the RADIUS server type.
----End
Example
To set the RADIUS server type as "portal", do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server type portal
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : portal
Traffic-unit : B
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 5
Domain-included : YES
-------------------------------------------------------------------
Context
The NAS port and its ID format are internal extended attributes of Huawei.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server profile and enter
RADIUS config mode.
Step 2 Run the radius-server nas-port-format command to configure an NAS port of the RADIUS
server.
Step 3 Run the radius-server nas-port-id-format command to configure the ID format of the NAS
port of the RADIUS server.
----End
Example
To set the format of NAS ports as "new", and that of NAS port IDs as "new" for RADIUS server
template "radius1", do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server nas-port-format new
huawei(config-radius-radius1)#radius-server nas-port-id-format new
Context
l By default, the user name of a RADIUS server has the domain name.
l The access users are generally named in the format of "userid@domain-name". The part
following "@" is the domain name. The MA5600 assigns users to different ISP domains
based on their respective domain names.
l Some earlier RADIUS servers reject user names with domain names. In this case, you can
run the command to specify that the user name to be sent to a RADIUS server carries no
domain name.
l If a RADIUS server group does not allow user names carrying domain names, the RADIUS
server group shall not be used at the same time in two or more domains. Otherwise, when
receiving the same user names, the RADIUS server will mistake the users in different
domains as the same user.
l You can modify the configuration only when the RADIUS server profile is not referenced.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the (undo)radius-server user-name domain-included command to set whether the user
name sent to RADIUS server carries domain name.
Step 3 Run the quit command to quit RADIUS config mode.
Step 4 Run the display radius-server configuration command to query format of the user name that
is sent to the RADIUS server.
----End
To specify that a user name to be sent to a RADIUS server carries no domain name, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#undo radius-server user-name domain-included
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : portal
Traffic-unit : B
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 5
Domain-included : NO
-------------------------------------------------------------------
To specify that a user name to be sent to a RADIUS server carries domain name, do as follows:
huawei(config)#radius-server template radius1
huawei(config-radius-radius1)#radius-server user-name domain-included
huawei(config-radius-radius1)#quit
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : portal
Traffic-unit : B
Shared-secret-key : radius2004
Timeout-interval(in second) : 10
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 5
Domain-included : YES
-------------------------------------------------------------------
Context
l The MA5600 supports the authentication through the RADIUS server.
l After configuring an authentication scheme, reference it for setting a domain to bring it
into play.
l After an authentication scheme is created and before you reference the scheme, you need
to configure RADIUS for the MA5600 and configure the related user information on the
remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 3 Run the display authentication-scheme command to query the newly configured authentication
scheme.
----End
Example
To add the authentication scheme "huawei", with the authentication mode of RADIUS, do as
follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme huawei
huawei(config-aaa-authen-huawei)#authentication-mode radius
huawei(config-aaa-authen-huawei)#quit
huawei(config-aaa)#quit
huawei(config)#display authentication-scheme
{ <cr>|string<S><1,32> }:
Command:
display authentication-scheme
---------------------------------------------------------------------------
Authentication-scheme-name Authentication-method
---------------------------------------------------------------------------
default local
huawei radius
---------------------------------------------------------------------------
Total 2,2 printed
Related Operation
Table 8-6 lists the related operations for configuring an authentication scheme.
Show AAA display aaa configuration You can query the usage of
configuration the resources configured on
the authentication scheme
table.
Context
l A domain is a group of users with the same attributes.
l For a user name in the form of "userid@domain-name", such as
huawei20041028@huawei.net, the "huawei.net" following "@" is the domain name, and
the "userid" is used as the user name for identity authentication.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to create a domain.
----End
Example
To create a domain named huawei.net, do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#quit
huawei(config)#display domain
{<cr>|string<S><1,20> }:
Command:
display domain
-----------------------------------------------------------------------
DomainName State CAR Access-limit Online
-----------------------------------------------------------------------
default Active 0 384 0
huawei.net Active 0 384 0
-----------------------------------------------------------------------
Total 2,2 printed
Related Operation
Table 8-7 lists the related operations for creating a domain.
Context
Before this setting, you need to configure a RADIUS server template. For details, refer to "8.4
Configuring RADIUS."
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to specify huawei as the current domain and enter domain mode.
Step 3 Run the radius-server command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 4 Run the quit command to quit the domain mode.
Step 5 Run the quit command to quit the AAA mode.
Step 6 Run the display domain command to query the information on the domain.
----End
Example
To specify "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#radius-server radius1
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#quit
huawei(config)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Domain-state : Active
Authentication-scheme-name : huawei
Accounting-scheme-name : default
Authorization-scheme-name : default
User-CAR : -
Next-Hop : -
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
Acl-Number : -
Idle-data-attribute (time,flow) : 0, 60
User-priority : -
User-access-limit : 384
Online-number : 0
RADIUS-server-template : radius1
-------------------------------------------------------------------
Related Operation
Table 8-8 lists the related operation for specifying the RADIUS server template.
Table 8-8 Related operation for specifying the RADIUS server template
To… Run the Command… Remarks
Context
l An authentication scheme defines the policy to authenticate all the users of an ISP.
l Before specifying a scheme, you need to create it.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the domain command to specify huawei as the current domain and enter domain mode.
Step 3 Run the authentication-scheme command to specify the authentication scheme.
Step 4 Run the quit command to quit the domain mode.
Step 5 Run the quit command to quit the AAA mode.
Step 6 Run the display domain command to query the information on the domain.
----End
Example
To specify "huawei" as the authentication scheme of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#authentication-scheme huawei
huawei(config-aaa-domain-huawei.net)#quit
huawei(config-aaa)#quit
huawei(config)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Domain-state : Active
Authentication-scheme-name : huawei
Accounting-scheme-name : default
Authorization-scheme-name : default
User-CAR : -
Next-Hop : -
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
Acl-Number : -
Idle-data-attribute (time,flow) : 0, 60
User-priority : -
User-access-limit : 384
Online-number : 0
RADIUS-server-template : -
-------------------------------------------------------------------
Related Operation
Table 8-9 lists the related operations for specifying the authentication scheme.
Query AAA display aaa configuration You can query the usage of
configuration resources configured on the
domain.
Context
l The key size ranges from 512 bits to 2048 bits. You can change it to 512, 1024, or 2048
bits as required. By default, it is 512 bits.
l Before using the SSH service for the first time, you must run the rsa local-key-pair
create command.
l If you destroy the SSH server host public key pair and service key pair, you must create
the new SSH server host key pair and service key pair.
Procedure
Step 1 Run the rsa local-key-pair create command to create the local RSA key pair.
Step 2 Run the display rsa local-key-pair public command to query the local RSA key pair.
----End
Example
To create a local RSA key pair, do as follows:
huawei(config)#rsa local-key-pair create
The key name will be: huawei_Host
Table 8-10 lists the related operation for creating a local RSA key pair.
Table 8-10 Related operation for creating a local RSA key pair
To… Run the Command…
Configuration Flowchart
Figure 8-3 shows the flowchart for configuring the SSH user public key.
Figure 8-3 Flowchart for configuring the SSH user public key
Start
Enter config-rsa-public-key
mode
End
Procedure
Step 1 Run the rsa peer-public-key command to enter config-rsa-public-key mode.
Step 2 Run the public-key-code begin command to enter public key edit mode.
Step 3 Input the user public key.
Step 4 Run the public-key-code end command to quit public key edit mode.
Step 5 Run the peer-public-key end command to quit to global config mode.
Step 6 Run the display rsa peer-public-key command to query the SSH user public key.
----End
Example
To paste the conversed user public key in the current system, do as follows:
huawei(config)#rsa peer-public-key key
huawei(config-rsa-public-key)#public-key-code begin
huawei(config-rsa-key-code)#30450240 B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E
huawei(config-rsa-key-code)#FD00ED66 B8B5E954 2B053A82 131B967C 8DDC1176 0746A8BB
huawei(config-rsa-key-code)#C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F 020125
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
huawei(config)#display rsa peer-public-key
{ <cr>|brief<K>|name<K> }:
Command:
display rsa peer-public-key
=====================================
Key name: key
=====================================
Key Code:
3045
0240
Context
SSH user authentication falls into the following types:
Procedure
Step 1 Run the ssh user assign rsa-key command to set the RSA public key of SSH user.
Step 2 Run the ssh user authentication-type rsa command to set the RSA authentication mode of SSH
user.
Step 3 Run the display ssh user-information command to query the authentication mode of SSH user.
----End
Example
To set the RSA public key of the SSH user huawei as key, and the authentication mode as RSA,
do as follows:
huawei(config)#ssh user huawei assign rsa-key key
huawei(config)#ssh user huawei authentication-type rsa
huawei(config)#display ssh user-information
{ <cr>|string<S><1,16> }:
Command:
display ssh user-information
Username Authentication-type User-public-key-name Service-type
huawei rsa key stelnet
Related Operation
Table 8-11 lists the related operations for configuring an SSH user.
Delete the RSA public key of an undo ssh user assign rsa-key
SSH user
This chapter describes the classification of VLANs supported by the MA5600 and how to
configure a VLAN.
9.1 Overview
This section describes VLAN technology, as well as count, types and attributes of VLAN
supported by the MA5600.
9.2 Configuration Example of a Standard VLAN
This example shows how to subtend two MA5600 devices through a standard VLAN. For details,
refer to "25.3 Configuration Example of the Subtended Network Through the SCU
Board" or "25.4 Configuration Example of Subtending Device Through the ETHA
Board."
9.3 Configuration Example of a Smart VLAN
This example shows how to configure a smart VLAN to realize ADSL2+ access.
9.4 Configuration Example of a MUX VLAN
This example shows how to configure a MUX VLAN to realize ADSL2+ access.
9.5 Configuration Example of the Super VLAN
This example shows how to configure the super VLAN to enable users whose services are
isolated at layer 2 to communicate with each other at layer 3.
9.6 Creating a VLAN
This operation enables you to create a VLAN or VLANs of the same type in batches.
9.7 Configuring the VLAN Attribute
This operation enables you to configure the VLAN attribute to QinQ, stacking or common.
9.8 Setting the Inner and Outer Ethernet Protocols Type of a Stacking VLAN
This operation enables you to set the inner and outer Ethernet protocol type of a stacking VLAN
supports.
9.9 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN
This operation enables you to set the inner VLAN priority of the service port in a stacking VLAN.
9.10 Adding an Upstream Port to a VLAN
9.1 Overview
This section describes VLAN technology, as well as count, types and attributes of VLAN
supported by the MA5600.
Service Description
Virtual local area network (VLAN) is a technology used to form virtual workgroups by logically
grouping the devices of a LAN. The Institute of Electrical and Electronics Engineers (IEEE)
issued draft IEEE 802.1q in 1999, aiming at standardizing VLAN implementations.
For details on the VLAN feature, refer to the chapter "VLAN" in the Feature Description
VLAN.
Service Specification
The MA5600 supports up to 4000 VLANs.
The MA5600 supports the following types of VLANs:
l Standard VLAN
l Smart VLAN
l MUX VLAN
l Super VLAN
Standard l Ethernet ports in a standard VLAN can Used for Ethernet ports and
VLAN communicate with each other. service ports. Applied in
l An Ethernet port in a standard VLAN is the network equipment
isolated from an Ethernet port in another management, subtending,
standard VLAN. and layer 2 interconnection
between service ports.
l The service ports of the same VLANs on
different service boards can realize the The standard VLAN with
layer 2 interconnection. the common attribute can
be configured as the
service virtual port of the
AIUG board to work with
the MPLS subboard and
realize the ATM uplink of
the MPLS service.
Smart VLAN A smart VLAN can contain multiple xDSL Applied to xDSL access,
service ports. Traffic streams of these ports such as residential areas to
in a smart VLAN are isolated from each provide access to the
other. Traffic streams of different VLANs are Internet.
also isolated from each other. A smart VLAN
can serve multiple xDSL users, thus saving
VLAN resources.
MUX VLAN A MUX VLAN can contain only one service Applied when users are
port. Traffic streams of different VLANs are distinguished by VLANs.
isolated from each other. One-to-one
mapping can be set up between a MUX
VLAN and an access user. So, a MUX VLAN
can uniquely identify an access user.
Common A VLAN with this attribute can be used as a layer 2 VLAN. You can create
a layer 3 virtual interface for it if necessary.
The standard VLAN with the common attribute can also be configured as
the service virtual port of the AIUG board for the ATM uplink of the MPLS
service after mpls vlan is enabled.
VLAN Application
attribute
QinQ When a packet is added with the tag of a VLAN with QinQ attribute, the
packet contains two VLAN tags:
l Inner VLAN tag from the private network
l Outer VLAN tag from the MA5600
Through the outer VLAN tag, a layer 2 VPN tunnel can be set up to
transparently transmit service data among private networks.
When standard VLANs are used to realize the interconnection between
service ports, set the attribute of the standard VLANs as QinQ.
For details about the QinQ VLAN, see the chapter "30 Configuring the
QinQ VLAN Leased Line Service."
Stacking When a packet is added with the tag of a VLAN with Stacking attribute,
the packet contains two VLAN tags: inner VLAN tag and outer VLAN tag
allocated by the MA5600. With this attribute, the upper layer BRAS can
authenticate users based on the double VLAN tags, thus increasing the
number of access users. The upper layer network working in layer 2 mode
can forward packets based on the outer "VLAN+MAC" to provide the
multi-ISP wholesale service. For details about the stacking VLAN, see the
chapter "29 Configuring the VLAN Stacking Wholesale Service."
Networking
Figure 9-1 shows a sample network for configuring a smart VLAN.
Router
Internet
A A CON
ETH
D D MON
G G
E E
GE0/7/0
SCU MA5600
Modem Modem
PC1 PC2
Data Plan
Table 9-3 lists the data plan for configuring a smart VLAN.
Item Data
Prerequisite
l The network devices and lines are normal.
l All boards of the MA5600 are normal.
l The VPI/VCI of the modem is 0/35.
Configuration Flowchart
Figure 9-2 shows the flowchart for configuring a smart VLAN.
Start
End
Procedure
Step 1 Create a MUX VLAN.
huawei(config)#vlan 10 smart
----End
Result
Both PC 1 and PC 2 can access to the IP network, but they cannot ping each other.
Networking
Figure 9-3 shows a sample network for configuring a MUX VLAN.
Router
Internet
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
Modem Modem
PC1 PC2
Data Plan
Table 9-4 lists the data plan for configuring a MUX VLAN.
Item Data
Prerequisite
l The network devices and lines are normal.
l All the boards of the MA5600 are normal.
l The VPI/VCI of the modem is 0/35.
Configuration Flowchart
Figure 9-4 shows the flowchart for configuring a MUX VLAN.
Start
End
Procedure
Step 1 Create a MUX VLAN.
huawei(config)#vlan 20 mux
huawei(config)#vlan 21 mux
----End
Result
After the configuration, PC 1 can access the Internet.
Networking
Figure 9-5 shows a sample network for configuring a super VLAN.
Router
Internet
A A CON
ETH
D D MON
G G
E E
GE0/7/0
SCU MA5600
Modem Modem
PC1 PC2
Data Plan
Table 9-5 lists the data plan for configuring a super VLAN.
Prerequisite
l The network devices and lines are normal.
l All the service boards are normal.
l The VPI/VCI of the modem is 0/35.
l PC 1 and PC 2 can obtain their IP addresses dynamically in the DHCP mode.
l The sub VLAN must exist already. The VLAN can be a smart VLAN or a MUX VLAN.
In this procedure, it is a MUX VLAN.
l A super VLAN cannot contain physical ports, and the layer 3 interface can be established
on the super VLAN. Whether the layer 3 interface is up depends on whether the physical
port of the up state exists in the contained sub VLAN.
l A sub VLAN contains only physical ports, and the layer 3 interface cannot be established
on the sub VLAN.
Configuration Flowchart
Figure 9-6 shows the flowchart for configuring a super VLAN.
Start
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create sub VLANs and add them to the super VLAN.
huawei(config)#vlan 20 mux
huawei(config)#vlan 21 mux
huawei(config)#port vlan 20 0/7 0
huawei(config)#port vlan 21 0/7 0
huawei(config)#supervlan 100 subvlan 20
huawei(config)#supervlan 100 subvlan 21
NOTE
The IP address of the layer 3 interface of the super VLAN must be in the same subnet as the IP address
obtained by the PC.
Step 6 Enable ARP Proxy for the layer 3 interface of the super VLAN.
huawei(config-if-Vlanif100)#arp proxy enable
Step 7 Create the standard VLAN and add the upstream port to the VLAN.
huawei(config)#vlan 30 standard
huawei(config)#port vlan 30 0/7 0
----End
Result
After the configuration, both PC 1 and PC 2 can communicate with each other and access the
Internet.
Prerequisite
The ID of the VLAN to be added does not exist in the system.
Context
l If the service ports belonging to the same smart VLAN are created on two boards, the
service ports belonging to the same standard VLAN cannot be created on the two boards
simultaneously.
l If the service ports belonging to the same standard VLAN are created on two boards, the
service ports belonging to the same smart VLAN cannot be created on the two boards
simultaneously.
l The MA5600 supports up to 4000 VLANs and some VLANs are reserved for the system.
Procedure
Step 1 Run the vlan command to add a VLAN.
Step 2 Run the display vlan command to query VLAN information.
----End
To add 10 standard VLANs in batches with VLAN IDs ranging from 1000 to 1009, do as follows:
huawei(config)#vlan 1000 to 1009 standard
It will take several minutes, and console may be timeout, please use command
idle-timeout to set time limit
Are you sure to add VLANs? (y/n)[n]:y
huawei#display vlan all
{ <cr>|vlantype<E><mux,standard,smart,super>|vlanattr<K> }:
Command:
display vlan all
---------------------------------------------------------
VLAN Type Attribute STND-Port NUM SERV-Port NUM
---------------------------------------------------------
1 MUX common 8 0
2 standard common 0 0
1000 standard common 0 0
1001 standard common 0 0
1002 standard common 0 0
1003 standard common 0 0
1004 standard common 0 0
1005 standard common 0 0
1006 standard common 0 0
1007 standard common 0 0
1008 standard common 0 0
1009 standard common 0 0
---------------------------------------------------------
Total: 12
Note : STND-Port--standard port, SERV-Port--service virtual port
Related Operation
Table 9-6 lists the related operations for creating a VLAN.
Display VLAN display statistics vlan The traffic of VLAN service ports is
statistics measured.
Prerequisite
The VLAN with its attribute to be configured already exists.
Context
l The attribute of default VLAN1 cannot be configured to QinQ or stacking.
l When the attribute of a smart VLAN or a MUX VLAN is common, you can configure the
attribute of the VLAN to QinQ or stacking.
l The attribute of a standard VLAN can be configured to QinQ, but not to stacking.
l The attribute of a super VLAN cannot be configured to QinQ or stacking.
l The attribute of a VLAN cannot be changed from QinQ to stacking or from stacking to
QinQ directly.
Procedure
Step 1 Run the vlan attrib command to configure the VLAN attribute.
Step 2 Run the display vlan command to display the VLAN attribute.
----End
Example
To configure the attribute of smart VLAN 10 to QinQ, do as follows:
Command:
display vlan 10
VLAN ID: 10
VLAN type: smart
VLAN type: smart
VLAN attribute: QinQ
VLAN description:
------------------------------
F/S /P Native VLAN State
------------------------------
0/7/0 2 down
------------------------------
Standard port number: 1
Service virtual port number: 0
Related Operation
Table 9-7 lists the related operation for configuring the VLAN attribute.
Restore the VLAN undo vlan attrib By default, the VLAN attribute is
attribute common.
Context
l By default, the inner and outer Ethernet protocol type of a stacking VLAN is 0x8100. That
is, the Ethernet frame has a 802.1q VLAN Tag.
l The protocol type to be set cannot be set as a value for other protocols, such as 0x0800 (IP
packets) or 0x0806 (ARP packets).
Procedure
Step 1 Run the stacking inner-ethertype command to set the inner Ethernet protocol type of a stacking
VLAN; run the stacking outer-ethertype command to set the outer Ethernet protocol type of
a stacking VLAN.
Step 2 Run the display stacking inner-ethertype command to display the inner Ethernet protocol type
of a stacking VLAN; run the display stacking outer-ethertype command to display the outer
Ethernet protocol type of a stacking VLAN.
----End
Example
To set the inner Ethernet protocol type the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking inner-ethertype 0x8100
huawei(config)#display stacking inner-ethertype
The inner Ethernet type in the system: 0x8100
To set the outer Ethernet protocol type the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking outer-ethertype 0x8100
huawei(config)#display stacking outer-ethertype
The outer Ethernet type in the system: 0x8100
Procedure
Run the stacking inner-priority command to set the inner VLAN priority of the service port.
----End
Example
To set the inner VLAN priority of the service port in stacking VLAN 4000 as 5, do as follows:
huawei(config)#stacking inner-priority vlan 4000 5
Prerequisite
The VLAN to which an upstream port is to be added already exists.
Context
The upstream port of a VLAN must be an Ethernet port.
Procedure
Step 1 Run the port vlan command to add an upstream port.
Step 2 Run the display vlan command to query the upstream port number.
----End
Example
To add upstream port 0/7/0 to VLAN 10, do as follows:
Command:
display vlan 10
VLAN ID: 10
VLAN type: MUX
VLAN attribute: stacking
------------------------------
F/S /P Native VLAN State
------------------------------
0/7/0 1 up
------------------------------
Standard port number: 1
Service virtual port number: 0
Related Operation
Table 9-8 lists the related operation for adding an upstream port to a VLAN.
Context
l An xDSL port can support up to eight service ports.
l The SHDSL service port supports only the ATM and PTM port encapsulation modes.
l The VPI and VCI values of the service port must be the same as that of the xDSL modem
connected to the port.
l If the service ports of the same smart VLAN are created on two service boards, the service
ports of the same standard VLAN cannot be created on the two service boards.
l The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of
the service ports are different. If the VPI/VCI of the service port is auto-sensing, only one
service port can be created on a port.
l When the service port needs to carry multiple services, the MA5600supports the traffic
classification. That technology can be based on user VLAN, service encapsulation mode
on the user side and the priority of packets on the user side. When the service flow is
classified by user VLAN, the traffic classification can be performed on the untagged packet
(the data packet without VLAN tag).
Procedure
Step 1 Run the service-port vlan command to add a service port.
Step 2 Run the display service-port vlan command to query service ports.
----End
Example
To add service port 0/2/0 with the VPI/VCI of 0/35 and the traffic profile of 5 to VLAN 10, do
as follows:
huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5
huawei(config)#display service-port port 0/2/0
{ <cr>|sort-by<K>|autosense<K> }:
Command:
display service-port port 0/2/0
----------------------------------------------------------------------------
VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE LABEL PRI
ID ATTR TYPE PARA
----------------------------------------------------------------------------
10 common adl 0/2/0 0 35 vlan 100 6 6 up - -
----------------------------------------------------------------------------
Total : 1 (Up/Down : 1/0)
Note : F--Frame, S--Slot, P--Port(or virtual port, such as IMA group etc.)
top--TDM over packet
Related Operation
Table 9-9 lists the related operations for adding a service port to a VLAN.
Delete a service port undo service-port The service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for a BTV user.
l The port is bound with an IP address
or a MAC address.
l The port is configured with a static
MAC address.
Context
l The VPI/VCI of the service port must be the same as that of the xDSL modem connected
to the port.
l The SHDSL service port supports only the ATM and PTM port encapsulation modes.
l The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of
the service ports are different. If the VPI/VCI of the service port is auto-sensing, only one
service port can be created on a port.
l If the service ports of the same smart VLAN are created on two service boards, the service
ports of the same standard VLAN cannot be created on the two service boards.
l An xDSL port can be configured with up to eight service ports.
l The VLAN(s) to which the service ports are to be added already exist.
l The suitable traffic item already exists.
Procedure
Step 1 Run the multi-service-port vlan or the multi-service-port from-vlan command to add service
ports.
Step 2 Run the display service-port vlan command to query service ports.
----End
Example
To add service ports 0/2/0-0/2/3 to smart VLAN 10, do as follows:
huawei(config)#multi-service-port vlan 10 port 0/2 0-3 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5
huawei(config)#display service-port vlan 10
-------------------------------------------------------------------------
VLAN ID VLAN-ATTR PORT-TYPE F/S /P VPI VCI RX TX STATE LABEL
-------------------------------------------------------------------------
10 common adl 0/2/0 0 35 2 2 up -
10 common adl 0/2/1 0 35 2 2 up -
10 common adl 0/2/2 0 35 2 2 up -
10 common adl 0/2/3 0 35 2 2 up -
-------------------------------------------------------------------------
Total : 4 (Up/Down : 4/0)
Note : F--Frame, S--Slot, P--Port(or Virtual Port, such as IMA GROUP,
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl port
To add all ADSL2+, SHDSL, or VDSL, ports to MUX VLANs (to add port 1 to VLAN 2, port
2 to VLAN 3, and so on), do as follows:
huawei(config)#multi-service-port from-vlan 2 board 1-18 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5
Creating start...
Creating end:
The number of total service virtual port which need be created: 3
The number of total service virtual port which have been created: 3
huawei(config)#display service-port vlan 6
{ <cr>|sort-by<K>|autosense<K> }:
Command:
display service-port vlan 6
-----------------------------------------------------------------------------
VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE LABEL PRI
ID ATTR TYPE PARA
-----------------------------------------------------------------------------
6 QinQ shl 0/5 /10 0 35 - - 5 5 act/up - -
6 QinQ shl 0/5 /11 0 35 - - 5 5 act/up - -
6 QinQ shl 0/5 /12 0 35 - - 5 5 act/up - -
-----------------------------------------------------------------------------
Total : 3 (Up/Down : 3/0)
Note : F--Frame, S--Slot, P--Port(or virtual port, such as IMA group etc.)
top--TDM over packet.The characters precede / in the STATE column
indicate the Admin-Status and characters behind the / indicate the
Oper-Status of the service port.act means activate and deact means
deactivate.dn is abbreviation of down.
NOTE
If adding a service port fails, the reason is that the service port to be added is already added to the mapping
VLAN.
Related Operation
Table 9-10 lists the related operations for adding service ports in batches.
Delete a service port undo service-port The service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for a BTV user.
l The port is bound with the IP address
or MAC address.
l The port is configured with a static
MAC address.
Procedure
Step 1 Run the service-port desc command to set the description of a service port.
Step 2 Run the display service-port desc command to query the description of the service port.
----End
Example
To set the description of service port 0/2/0 with VPI/VCI of 0/35, do as follows:
huawei(config)#service-port desc 0/2/0 vpi 0 vci 35 description user0/2/0
huawei(config)#display service-port desc 0/2/0
{<cr>|autosense<K>|vpi<K>|user-vlan<K>|user-encap<K>}:
Command:
display service-port desc 0/2/0
------------------------------------------------------------------------------
PORT : adl
F/S/P : 0/2/0
VPI : 0
VCI : 35
FLOWTYPE : -
FLOWPARA : -
DESCRIPTION : user0/2/0
------------------------------------------------------------------------------
Related Operation
Table 9-11 lists the related operation for setting the description of a service port.
Table 9-11 Related operation for setting the description of a service port
To… Run the Command…
This chapter describes the principles of the DHCP relay function supported by the MA5600 and
how to configure the DHCP relay function.
10.1 Overview
This section describes the DHCP relay function and its application to the MA5600.
10.2 Configuration Example of DHCP Standard Mode
This example shows how to configure DHCP standard mode to obtain the IP address
automatically.
10.3 Configuration Example of DHCP Option60 Mode
This example shows how to enable PCs to obtain IP addresses automatically in DHCP option60
mode.
10.4 Configuration Example of DHCP MAC Address Segment Mode
This example shows how to enable the PC to obtain the IP address automatically in DHCP MAC
address segment mode.
10.5 Creating a DHCP Server Group
This operation enables you to create a DHCP server group.
10.6 Setting Working Mode of a DHCP Server
This operation enables you to set working mode of a DHCP server.
10.7 Setting DHCP Relay Mode
This operation enables you to set DHCP relay mode.
10.8 Binding a DHCP Server Group with a VLAN Interface
This operation enables you to bind a DHCP server group with a VLAN interface.
10.9 Creating an Option60 Domain
This operation enables you to create an option60 domain.
10.10 Binding a DHCP Server Group with a DHCP Option60 Domain
This operation enables you to bind a DHCP server group with a DHCP option60 domain.
10.11 Configuring the Gateway of a DHCP Option60 Domain
This operation enables you to configure the gateway of a DHCP option60 domain.
10.1 Overview
This section describes the DHCP relay function and its application to the MA5600.
Service Description
The Dynamic Host Configuration Protocol (DHCP) works in the client/server mode. The DHCP
client can dynamically request configuration data and the DHCP server can provide the data for
the client conveniently. DHCP adopts IP address renting management and IP address time
division multiplexing, greatly saving IP address resources.
Initially, the DHCP was only suitable for applications where the DHCP client and server were
located on the same subnet and could not work across a network segment. If the early DHCP is
used to dynamically configure the host, each subnet shall be equipped with a DHCP server. That
is obviously uneconomical.
The introduction of DHCP relay solves the mentioned problem. The DHCP relay serves as relay
between the DHCP client and the server located on different subnets. The DHCP packets can
be relayed to the destination DHCP server (or client) across network segments. In this way, the
DHCP clients on different networks can use the same DHCP server. This is economical and
convenient for centralized management. Figure 10-1 shows the principle of DHCP relay.
LAN
DHCP client
DHCP client
Internet
For details on DHCP, refer to the chapter "DHCP Relay" in the Feature Description.
Service Specification
The MA5600 supports layer 2 and layer 3 DHCP relay as well as DHCP Option82 to guarantee
DHCP security.
NOTE
For the configuration of the DHCP Option82, refer to "19.5 Enabling the DHCP Option82 Function"
and "19.6 Setting the Maximum Length of DHCP Packets."
Prerequisite
The primary IP address of the layer 3 interface of VLAN 2 shall be in the same network segment
as that of the upper layer router. There shall be routing between the device and the DHCP server.
Networking
Figure 10-2 shows a sample network for configuring DHCP standard mode.
10.1.1.1
10.1.1.2
IP network
10.2.1.1
MA5600
VLAN 3 DHCP Server group 2
10.2.1.2
In this network:
l DHCP server group 1 assigns IP addresses for the two PCs in VLAN 2.
l DHCP server group 2 assigns IP addresses for the two PCs in VLAN 3.
Data Plan
Table 10-1 lists the data plan for configuring DHCP standard mode.
Configuration Flowchart
NOTE
The configuration on VLAN 3 is the same as that on VLAN 2. This example only shows how to configure
PCs of VLAN 2 to obtain IP addresses.
Figure 10-3 shows the flowchart for configuring DHCP standard mode.
Start
Add
AddaDHCP
DHCPserver
servergroup
group
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 standard
For details on setting working mode of the DHCP server, refer to "10.6 Setting Working Mode of a DHCP
Server."
Step 4 Configure the VLAN upstream port and the service port.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/7 0
huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
huawei(config)#service-port vlan 2 adsl 0/2/1 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Result
The PCs can obtain IP addresses dynamically.
Prerequisite
The primary IP address of the layer 3 of VLAN 2 shall be in the same network segment as that
of the upper layer router. There shall be routing between the device and the DHCP server.
Networking
Figure 10-4 shows a sample network for configuring DHCP option60 mode.
10.10.10.10
10.10.10.11
MA5600
Data Plan
Table 10-2 lists the data plan for configuring DHCP option60 mode.
Secondary IP address: -
10.10.10.11/24
Context
l The name of option60 domain must be configured according to the type of connected
terminal device.
l If Windows 98/2000/XP/NT series runs on the DHCP client, the domain name must be
msft.
l The system selects the domain based on the option60 field in the packet. If there is no
appropriate domain matched, the default domain is used.
Configuration Flowchart
Figure 10-5 shows the flowchart for configuring the DHCP option60 mode.
Start
Define a domain
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 option60
For details on setting working mode of the DHCP server, refer to "10.6 Setting Working Mode of a DHCP
Server."
Step 6 Configure the VLAN upstream port and the service port.
huawei(config-dhcp-domain-msft)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/7 0
huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Result
The PCs can obtain IP addresses dynamically.
Prerequisite
The primary IP address of the layer 3 interface of VLAN 2 shall be in the same network segment
as that of the upper layer router. There shall be routing between the device and the DHCP server.
Networking
Figure 10-6 shows a sample network for configuring MAC address segment mode.
Figure 10-6 Sample network for configuring MAC address segment mode
10.10.10.10
10.10.10.11
MA5600
Data Plan
Table 10-3 lists the data plan for configuring MAC address segment mode.
Table 10-3 Data plan for configuring MAC address segment mode
Function Data
Configuration Flowchart
Figure 10-7 shows the flowchart for configuring MAC address segment mode.
Start
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 mac-range
For details of setting working mode of the DHCP server, refer to "10.6 Setting Working Mode of a DHCP
Server."
Step 5 Bind the MAC address segment with the DCHP server group.
huawei(config-mac-range-huawei)#dhcp-server 2
Step 6 Configure the upstream port and the service port to the VLAN.
huawei(config-mac-range-huawei)#quit
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/7 0
huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Result
The PCs can obtain IP addresses dynamically.
Context
l To improve the reliability of a network, you can specify a primary DHCP server and a
secondary one in a server group to form a DHCP server group.
l Up to 20 DHCP server groups (0–19) can be configured in the system.
l The primary server or the secondary server is identified by its IP address. The secondary
server cannot be added independently. Instead, it has to be added together with the primary
server.
Procedure
Step 1 Run the dhcp-server command to create a DHCP server group.
Step 2 Run the display dhcp-server command to query the information on the DHCP server group.
----End
Example
To add the primary and secondary DHCP servers with IP addresses of 10.1.1.1 and 10.1.1.2
respectively to DHCP server group 1, do as follows:
huawei(config)#dhcp-server 1 ip 10.1.1.1 10.1.1.2
huawei(config)#display dhcp-server 1
The primary IP address of DHCP server group 1: 10.1.1.1
The secondary IP address of DHCP server group 1: 10.1.1.2
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP OFFER messages: 0
DHCP ACK messages: 0
DHCP NAK messages: 0
DHCP DECLINE messages: 0
DHCP DISCOVER messages: 0
DHCP REQUEST messages: 0
DHCP INFORM messages: 0
DHCP RELEASE messages: 0
Related Operation
Table 10-4 lists the related operation for creating a DHCP server group.
Context
The MA5600 supports two DHCP server working modes:
l load-sharing: In this mode, the MA5600 sends DHCP messages to both the active and
standby DHCP servers. By default, the system is in load-sharing mode.
l backup: In this mode, the MA5600 sends DHCP messages to the DHCP server that is
running at the current time. The system firstly takes the active DHCP server as the running
DHCP server at the current time. When the DHCP server does not reply OFFER message
to the MA5600 within a specified period, the system switches the standby DHCP server to
the running DHCP server at the current time. This mode can reduce the message load in
the network.
Procedure
Step 1 Run the dhcp server mode command to set the working mode of a DHCP server.
Step 2 Run the display dhcp config command to query the working mode of the DHCP server.
----End
Example
To set the DHCP server to backup mode, the maximum response time to DISCOVER message
to 50s and the maximum timeout times for responding to DISCOVER message to 100, do as
follows:
huawei(config)#dhcp server mode backup 50 100
huawei(config)#display dhcp server config
DHCP server mode: backup
DHCP server reply max time: 50 second
DHCP server reply timeout max times: 100
Related Operation
Table 10-5 lists the related operations for setting working mode of a DHCP server.
Table 10-5 Related operations for setting working mode of a DHCP server
To... Run the Command...
Context
The MA5600 supports both layer 2 and layer 3 DHCP relay. Layer 3 DHCP relay includes:
l DHCP standard mode: Select the DHCP server according to the IP address of the VLAN
layer 3 interface for forwarding DHCP packets.
l DHCP option60 mode: Select the DHCP server according to the DHCP optioni60 domain.
l DHCP MAC address segment mode: Select the DHCP server group according to the source
MAC address segment of DHCP packets.
Procedure
Step 1 Run the dhcp mode command to set DHCP working mode.
Step 2 Run the display dhcp config command to query DHCP working mode.
----End
Prerequisite
The DHCP server group has been created.
Context
l A VLAN layer 3 interface can be bound with only one DHCP server group. Therefore, all
DHCP packets to be sent upstream through the VLAN layer 3 interface shall be forwarded
to the DHCP server group bound with the VLAN interface.
l If a layer 3 interface has been bound with a DHCP server group, the new setting overwrites
the old one.
l By default, a VLAN interface is not bound with any DHCP server.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 3 Run the display dhcp-server interface vlanif command to query the DHCP server group that
is bound with VLAN interface.
----End
Example
To bind DHCP server group 1 to VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-Vlanif2)#dhcp-server 1
huawei(config)#display dhcp-server interface vlanif 2
The DHCP server group of this interface is 1
Related Operation
Table 10-6 lists the related operations for binding a DHCP server group with a VLAN interface.
Table 10-6 Related operations for binding a DHCP server group with a VLAN interface
Context
l The system supports up to 128 DHCP option60 domains.
l If the domain exists, enter domain mode directly. By default, the system has a DHCP
option60 domain named default.
Procedure
Step 1 Run the dhcp domain command to create a domain.
Step 3 Run the display dhcp domain command to query the option60 domain.
----End
Example
To create domain msft, do as follows:
huawei(config)#dhcp domain msft
huawei(config-dhcp-domain-msft)#quit
huawei(config)#display dhcp domain
{ <cr>|string<s><1,32> }:
Command:
display dhcp domain
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
0 default none none none
1 msft none none none
--------------------------------------------------------------------
Total: 2
Related Operation
Table 10-7 lists the related operations for creating a DHCP option60 domain.
Delete a DHCP option60 domain undo dhcp domain The domain named default
cannot be deleted.
Context
Only one DHCP server group can be bound to a DHCP domain.
Procedure
Step 1 Run the dhcp domain command to enter domain mode.
Step 2 Run the dhcp-server command to bind a DHCP server group.
Step 3 Run the display dhcp domain command to query the DHCP server group.
----End
Example
To bind DHCP server group 1 to DHCP domain msft, do as follows:
huawei(config)#dhcp domain msft
huawei(config-dhcp-domain-msft)#dhcp-server 1
huawei(config-dhcp-domain-msft)#quit
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
1 msft 1 none none
--------------------------------------------------------------------
Related Operation
Table 10-8 lists the related operations for binding a DHCP server group with a DHCP option60
domain.
Table 10-8 Related operations for binding a DHCP server group with a DHCP option60 domain
To… Run the Command… Remarks
Context
l A DHCP domain can be configured with only one gateway address.
l By default, the gateway address of a domain is the IP address of the VLAN layer 3 interface.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the dhcp domain gateway command to set the gateway address.
Step 3 Run the quit command to quit from VLAN interface mode.
Step 4 Run the display dhcp domain command to query the DHCP server group.
----End
Example
To set the gateway address of domain msft as 10.1.2.1, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-Vlanif2)#dhcp domain msft gateway 10.1.2.1
huawei(config-if-Vlanif2)#quit
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
1 msft 1 2 10.1.2.1
--------------------------------------------------------------------
Related Operation
Table 10-9 lists the related operation for configuring the gateway of a DHCP option60 domain.
Table 10-9 Related operation for configuring the gateway of a DHCP option60 domain
Delete the gateway of a DHCP undo dhcp domain gateway In VLAN interface
option60 domain mode.
Context
The system supports up to 128 MAC address segments.
Procedure
Step 1 Run the dhcp mac-range command to create a DHCP MAC address segment and enter MAC
address segment mode.
Step 2 Run the display dhcp mac-range command to query the MAC address segment.
----End
Example
To set a MAC address segment named huawei, do as follows:
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#quit
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 10-10 lists the related operations for creating a DHCP MAC address segment.
Table 10-10 Related operations for creating a DHCP MAC address segment
To... Run the Command... Remarks
Delete a DHCP MAC undo dhcp mac-range The MAC address segment
address segment named default cannot be deleted.
Context
l A MAC address segment is a consecutive MAC address array specified by a start MAC
address and an end MAC address.
l The MAC address adopts the format of "H-H-H" ("H" is a 4-bit hexadecimal number).
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 2 Run the mac-range command to set the range of a MAC address segment.
Step 3 Run the quit command to quit from the MAC address segment mode.
Step 4 Run the display dhcp mac-range command to query the range of the MAC address segment.
----End
Example
To set the range of MAC address segment huawei from 0000-0000-0001 to 0000-0000-0100,
do as follows:
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 10-11 lists the related operation for setting the range of a DHCP MAC address segment.
Table 10-11 Related operation for setting the range of a DHCP MAC address segment
To... Run the Command... Remarks
Context
A MAC address segment can be bound with only one DHCP server group.
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 3 Run the display dhcp mac-range command to query the information on the MAC address
segment.
----End
Example
To bind MAC address segment huawei with server group 1, do as follows:
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#dhcp-server 100
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 10-12 lists the related operations for binding a DHCP server group with a DHCP MAC
address segment.
Table 10-12 Related operations for binding a DHCP server group with a DHCP MAC address
segment
Context
A DHCP MAC address segment can be configured with only one gateway address.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the dhcp mac-range gateway command to configure the gateway address.
Step 3 Run the quit command to quit from VLAN interface mode.
Step 4 Run the display dhcp mac-range command to query the information on the gateway address.
----End
Example
To set the gateway address of MAC address segment huawei as 10.1.2.1, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-Vlanif2)#dhcp mac-range huawei gateway 10.1.2.1
huawei(config-if-Vlanif2)#quit
huawei(config)#display dhcp mac-range huawei
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway
-group -IF
------------------------------------------------------------------------------
0 huawei none none none 2 10.1.2.1
------------------------------------------------------------------------------
Related Operation
Table 10-13 lists the related operations for configuring the gateway of a DHCP MAC address
segment.
Table 10-13 Related operations for configuring the gateway of a DHCP MAC address segment
To... Run the Command... Remarks
Unbind the DHCP server group from undo dhcp-server In MAC address segment
a MAC address segment mode.
This chapter describes the principles of the ARP and ARP proxy supported by the MA5600 and
how to configure the ARP and ARP proxy.
11.1 Overview
This chapter describes ARP proxy service description and service specification.
11.2 Configuration Example of the ARP Proxy
This operation enables you to configure ARP proxy to enable users in different VLANs to
communicate with each other.
11.3 Adding a Static ARP Entry
This operation enables you to add a static ARP entry to realize layer 3 interconnection with no
dynamic ARP trigged.
11.4 Enabling the ARP Proxy
This operation enables you to enable the ARP proxy to implement layer 3 interconnection for
users who are isolated at layer 2.
11.1 Overview
This chapter describes ARP proxy service description and service specification.
Service Description
Before two hosts in a network can communicate with each other, they shall know each other's
physical addresses, that is, MAC addresses. The IP address represents only the address of a host
at the network layer. To send the data at the network layer to a destination host, the source host
must know the physical address of the destination host. This is why an IP address shall be
translated into a MAC address.
Address Resolution Protocol (ARP) is used to translate an IP address into a MAC address.
Through ARP proxy, two PCs subject to layer 2 isolation can interconnect with each other at
layer 3.
For details on the ARP proxy feature, refer to the chapter "ARP Proxy" in the Feature
Description.
Service Specification
The MA5600 can maintain ARP entries both dynamically and manually. It supports ARP proxy
function.
The MA5600 supports the ARP protocol and maintains an ARP table for the mapping between
the MAC addresses and the IP addresses. You can configure the static ARP entry manually. The
MA5600 supports the manual configuration of up to 256 static ARP entries. The MA5600 can
dynamically learn up to 3584 dynamic ARP entries.
Networking
Figure 11-1 shows a sample network for configuring the ARP proxy.
IP network
Router
MA5600
Data Plan
Table 11-1 lists the data plan for configuring the ARP proxy.
Item Data
IP address: 10.0.0.254/24
IP Address: 10.0.1.254/24
Prerequisite
l The network equipment and line work in the normal state.
Configuration Flowchart
Figure 11-2 shows the flowchart for configuring the ARP proxy.
Start
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create sub VLANs 3 and 4, and add them to the super VLAN.
huawei(config)#vlan 10 smart
huawei(config)#vlan 20 mux
huawei(config)#supervlan 100 subvlan 10
huawei(config)#supervlan 100 subvlan 20
huawei(config)#interface vlanif 30
huawei(config-if-vlanif30)#ip address 10.0.1.254 24
NOTE
The IP address of the layer 3 interface of the super VLAN must be in the same subnet as that of the PC.
NOTE
Skip step 8 if you only want PCs in different VLANs to communicate with each other.
----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface
are enabled, PC 1 and PC 3 in different VLANs can communicate with each other.
After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and
that of the sub VLAN interface are enabled, PC 1 and PC 2 in the same VLAN can communicate
with each other.
Context
l The ARP mapping list applies only to a LAN for address resolution, instead of the WAN.
l The system supports up to 256 static ARP entries.
Procedure
Step 1 Run the arp command to add a static ARP entry.
Step 2 Run the display arp static command and you can find that a static ARP entry has been added
successfully.
----End
Example
To add a static ARP entry to set up the mapping between the IP address 129.102.0.1 and the
MAC address 00e0-fc01-0000, passing through port 0/7/0 of VLAN 10, do as follows:
huawei(config)#arp 129.102.0.1 00e0-fc01-0000 10 0/7/0
huawei(config)#display arp static
IP Address MAC Address VLAN ID Port Type
129.102.0.1 00e0-fc01-0000 10 0/7/0Static
--- 1 entry found ---
Related Operation
Table 11-2 lists the related operations for adding a static ARP entry.
Delete an ARP undo arp The system can delete both static and
entry dynamic ARP entries.
Clear redundant reset arp You can clear a static ARP entry, a dynamic
information ARP entry, or ARP entries related to a port.
By entering the parameter all, you can clear
all ARP entries.
Context
Principles for applying the ARP Proxy are as follows:
Hosts isolated at layer 2 can communicate with each other through the ARP proxy function of
the MA5600. This section offers an example for the principles of applying of the ARP proxy.
Table 11-3 lists the data plan of the ARP proxy.
PC B
For the topology as shown in, to achieve interconnection between PCs in the VLAN, the ARP
proxy must be set as follows:
l For interconnection between PC A and PC B, enable the global ARP proxy and the ARP
proxy on super VLAN 2 and sub VLAN 3.
l For interconnection between PC A and PC C, enable the global ARP proxy and the ARP
proxy on super VLAN 2.
Procedure
Step 1 Run the arp proxy command to enable the global ARP proxy function.
Step 2 Run the display arp proxy command and you can find that the ARP proxy has been enabled.
----End
Related Operation
Table 11-4 lists the related operation for enabling the ARP proxy.
This chapter describes the routing protocols supported by the MA5600 and how to configure
the routing protocols.
Service Description
This chapter describes the following routing protocols:
l Static route: a special type of route that is configured manually by a network administrator.
Static routes are used in small networks with a simple topology that is not expected to
change frequently.
l Routing Information Protocol (RIP): a routing protocol that is based on the Vector-Distance
Algorithm (V-D).
l Open Shortest Path First (OSPF): a dynamic routing protocol running inside an autonomous
system (AS). OSPF discovers and forwards routing information by collecting and
forwarding the link status of an AS.
For details on the routing protocol, refer to the chapter "Routing" in the Feature Description.
Service Specification
With a routing protocol running, the MA5600 can work as a router. The routing protocols
supported by the MA5600 include:
l Static routing protocols
l Dynamic routing protocols such as RIP and OSPF
Networking
Figure 12-1 shows a sample network for configuring the static route.
PC_C 1.1.5.1/24
1.1.5.2/24
1.1.2.2/24
1.1.3.1/24
1.1.1.2/24 1.1.4.2/24
MA5600_ A MA5600_ B
MA5600_A, MA5600_B, and MA5600_C have the routing function. It is expected that after
the configuration, any two PCs can communicate with each other.
Data Plan
Table 12-1 lists the data plan for configuring the static route at the user side.
Table 12-1 Data plan for configuring the static route at the user side
Item Data
VLAN ID: 2
VLAN ID: 2
VLAN ID: 2
Item Data
Context
Configure a native VLAN of the layer 3 interface of each MA5600 to ensure a normal
communication among MA5600 devices.
Configuration Flowchart
Figure 12-2 shows the flowchart for configuring the static route.
Start
End
NOTE
The procedure shown in the above flowchart is for configuring static routes on one MA5600. To configure
static routes on multiple MA5600 devices, repeat the procedure.
Procedure
Step 1 Configure the IP address of the layer 3 interface.
NOTE
The configurations are the same for the three MA5600 devices. So, here the configuration for the
MA5600_A is taken for example.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 1.1.1.2 24
huawei(config-if-vlanif2)#ip address 1.1.2.1 24 sub
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all
the MA5600 devices.
Networking
Figure 12-3 shows a sample network for configuring RIP.
MA5600_A uses port 0/7/1 to subtend with MA5600_B, uses port 0/7/0 for upstream service,
and connects with the network in the management center over the MAN.
RIP is enabled respectively on MA5600_A and MA5600_B. Users can access MA5600_A and
MA5600_B through the RIP route to operate and maintain MA5600_A and MA5600_B.
Management
MAN center
192.13.24.5/22 Router
MA5600_A
GE Loopback IP
192.15.24.1/26 192.13.2.1/24
Data Plan
Table 12-2 lists the data plan for configuring RIP.
RIP version: V2
RIP route filtering policy: The system performs route filtering
according to the IP address prefix list abc. Only the routing
information of IP addresses 192.13.2.1 and 192.13.2.2 can be
transmitted through the layer 3 interface of VLAN 100.
Item Data
RIP version: V2
RIP route filtering policy: The system performs route filtering
according to the IP address prefix list abc. Only the routing
information of IP address 192.13.2.2 can be transmitted through
the layer 3 interface of VLAN 10.
Configuration Flowchart
Figure 12-4 shows the flowchart for configuring RIP.
Start
End
Procedure
l Configure MA5600_A.
1. Configure the layer 3 interface that supports RIP.
huawei(config)#vlan 100 smart
huawei(config)#port vlan 100 0/7 0
huawei(config)#interface vlanif 100
huawei(config-if-vlanif100)#ip address 192.13.24.5 22
huawei(config-if-vlanif100)#quit
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.1 24
huawei(config-if-loopback0)#quit
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
l Configure MA5600_B.
1. Configure the layer 3 interface that supports RIP.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/7 0
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 192.15.24.2 26
huawei(config-if-vlanif10)#quit
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.2 24
huawei(config-if-loopback0)#quit
----End
Result
You can log in to MA5600_A and MA5600_B from the maintenance terminal of the
management center for operation and maintenance.
Networking
Figure 12-5 shows a sample network for configuring OSPF.
DR
192.1.1.1/24 192.1.1.4/24
192.1.1.2/24 192.1.1.3/24
BDR
Data Plan
Table 12-3 lists the data plan for configuring OSPF.
Priority: 100 -
VLAN ID: 2 -
Priority: 0 -
VLAN ID: 2 -
Priority: 2 -
VLAN ID: 2 -
VLAN ID: 2 -
Context
l In this example, the interfaces of all the MA5600 devices are in one VLAN. If they are not
in one VLAN, configure a native VLAN to ensure a normal communication among them.
l The OSPF area IDs of the MA5600 devices must be consistent.
Configuration Flowchart
Figure 12-6 shows the flowchart for configuring OSPF.
Start
Enable OSPF
End
NOTE
The procedure shown in the above flowchart is for configuring OSPF on one MA5600. To configure OSFP
on multiple MA5600 devices, repeat the procedure.
Procedure
Step 1 Configure MA5600_A.
1. Configure the IP address of the layer 3 interface.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 192.1.1.1 24
huawei(config-if-vlanif2)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 2.2.2.2 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 3.3.3.3 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf dr-priority 2
huawei(config-if-vlanif2)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 4.4.4.4 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
----End
Result
Run the display ip routing-table command and you can find the learnt route table. Hosts can
communicate with each other.
Networking
Figure 12-7 shows a sample network for configuring the route policy. The MA5600_A and
MA5600_B have the routing function.
Static:20.0.0.1
30.0.0.1
40.0.0.1
Vlanif2 Vlanif2
10.0.0.1/24 10.0.0.2/24
Data Plan
Table 12-4 lists the data plan for configuring the route policy.
VLAN ID: 2
OSPF area: 0
VLAN ID: 2
OSPF area: 0
Configuration Flowchart
Figure 12-8 shows the flowchart for configuring the route policy.
Start
Configure router ID
Configure ACL
End
Procedure
Step 1 Configuring MA5600_A.
1. Configure the IP address of layer 3 interface on MA5600_A.
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.0.0.1 24
2. Enable OSPF on MA5600_A and specify the area ID to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
3. Enable OSPF on MA5600_B and specify the area id to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
----End
Result
1. MA5600_A and MA5600_B run OSPF successfully, and they can communicate well with
each other.
2. After a filter is configured on MA5600_B, parts of the three imported static routes are
available while part of them is screened. That is, routes from segments 20.0.0.0 and 40.0.0.0
are available, while the route from segment 30.0.0.0 is screened.
Prerequisite
The IP address has been configured for the layer 3 service port.
Context
l The system supports up to 4096 static routes.
l The following items are contained in a static route:
– Destination address: It is used to label the destination address or destination network of
an IP packet.
– Subnet mask: The subnet mask is comprised of consecutive "1"s, and expressed in dotted
decimal format, or the count of consecutive "1"s. The mask is used with the destination
address to identify the subnet address of the destination host or router.
– Output interface: It specifies the interface of a router for IP packet forwarding.
– Next hop IP address: It indicates the next router that an IP packet will pass through.
– Route priority: When there are multiple routes with different priorities to the same
destination, the route with the highest priority (smallest value) will be the optimal one.
The default priority of a static route is 60.
l When configuring a static route, specify the transmit interface or the next hop IP address
if necessary. For a port supporting ARP or connecting to a point-to-point network, the
destination IP address is in the network that connects to the port directly. In this case, you
need to specify the transmit interface.
l A route with both the destination IP address and network mask being 0.0.0.0 is the default
route. If no matching route is found in the routing table for an IP packet, the packet is
forwarded over the default route.
Procedure
Step 1 Run the ip route-static command to add a static route.
Step 2 Run the display ip routing-table command to query the routing table.
----End
Example
To set up a static route to the subnet 10.71.8.0 through gateway 10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1
huawei(config)#display ip routing-table protocol static
{ <cr>|inactive<K>|verbose<K> }:
Command:
display ip routing-table protocol static
Related Operation
Table 12-5 lists the related operation for adding a static route.
Context
To configure the global parameters of RIP, you need to enable RIP first. However, you do not
have to comply with this when configuring the interface related parameters.
Procedure
Step 1 Run the rip command to start the RIP process.
----End
Example
To enable RIP process 1, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-6 lists the related operation for enabling RIP process.
Context
l The MA5600 supports packets in two formats: RIP-1 and RIP-2.
l The default is RIP-1.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the version command to set the RIP version.
Step 3 Run the display rip command to query the RIP information.
----End
Example
To set the format of packets as RIP-2, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-7 lists the related operation for setting the RIP version.
Restore the system default format of the RIP packets undo version
Context
If the field is not zero, RIP refuses to process the packet.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the checkzero command to configure zero field check for RIP-1 packets.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To configure zero field check for RIP-1 packets, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#checkzero
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-8 lists the related operation for configuring zero field check for RIP-1 packets.
Table 12-8 Related operation for configuring zero field check for RIP-1 packets
To... Run the Command...
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the default-route originate command to create a default route and set its cost.
Step 3 Run the display rip command to query the configured cost of the default route.
----End
Example
To create a default route and set its cost as 5, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#default-route originate cost 5
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-9 lists the related operation for setting the cost of the default route.
Table 12-9 Related operation for setting the cost of the default route
Context
Route summarization is to combine routes of different subnets into one route. Route
summarization helps to reduce the routing traffic on the network as well as the size of the routing
table.
Procedure
Step 1 Run the rip command to start RIP process.
Step 3 Run the display rip command to query the configuration of default route summarization.
----End
Example
To enable the route summarization, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#summary
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-10 lists the related operation for enabling route summarization.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the default-cost command to specify the default routing metric.
Step 3 Run the display rip command to query the configuration information on the default routing
metric.
----End
Example
To set the default routing metric as 10, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#default-cost 10
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-11 lists the related operation for specifying default routing metric.
Context
To enhance the routing function, the MA5600 allows RIP to import routes (including direct
route, static routes and OSPF routes) of other protocols into the routing table at a certain metric.
This greatly improves the capability of RIP to obtain routes and enhances the performance of
RIP.
Procedure
Step 1 Run the rip command to start the RIP process.
----End
Example
To import static routes, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#import-route static
Related Operation
Table 12-12 lists the related operation for importing routes of other protocols.
Context
l In some special cases, the router can receive a number of host routes from the same subnet,
and these routes are of little help in route addressing, but consume vast amounts of network
resources. In this case, receiving host routes shall be disabled.
l By default, receiving host routes is enabled.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the undo host-route command to prohibit the router from receiving host routes.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To set the system to refuse host routes, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#undo host-route
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-13 lists the related operation for disabling receiving host routes.
Context
l Each kind of IGP routing protocol has its own preference. The route policy selects the route
of the routing protocol with the highest preference as the optimal route.
l The greater the preference value, the lower the preference.
l The default RIP preference is 100.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the preference command to configure the RIP preference.
Step 3 Run the display rip command to query the configuration of RIP preference.
----End
Example
To set the RIP preference as 120, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#preference 120
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-14 lists the related operation for configuring the RIP preference.
Context
The route filtering can be performed based on the ACL, IP-prefix list of the system, or the IP-
prefix of the VLAN interface. Routes which fail to meet the filtering criteria will not be received
or sent.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the filter-policy ip-prefix export static command to configure the route filtering policy.
----End
Example
To filter the transmitted RIP routing updates based on the IP-prefix list abc, do as follows:
huawei(config)#rip 1
Related Operation
Table 12-15 lists the related operation for configuring the route filtering policy.
Table 12-15 Related operation for configuring the route filtering policy
To... Run the Command...
Context
In general, do not disable this function.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the verify-source command to verify the source IP address of a RIP route update.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To enable the RIP route verification function, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#verify-source
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Enabled Default route cost : 5
Verify-source : Enabled
Networks : None
Configured peers : None
Related Operation
Table 12-16 lists the related operation for verifying the source IP address of a RIP route update.
Table 12-16 Related operation for verifying the source IP address of a RIP route update
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the reset command to restore the system configuration parameters of the RIP process.
Step 3 Run the display rip command to query the system configuration parameters of the RIP process.
----End
Example
To restore the system configuration parameters of the RIP process, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#reset
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 30 sec Age time : 180 sec
Suppress time : 0 sec Garbage-collect time : 120 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the reset rip statistics command to clear statistics of RIP process.
----End
Example
To clear statistics of RIP process 1, do as follows:
huawei#reset rip 1 statistics
Context
After the transmission is disabled on an interface, the interface can still receive and process RIP
packets from other routers.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the silent-interface command to disable RIP packet transmission on an interface.
Step 3 Run the display rip command to query the configuration information.
----End
Example
To disable VLAN interface 7 from sending RIP packets, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#network 192.0.1.0
huawei(config-rip-1)#silent-interface vlanif 7
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 30 sec Age time : 180 sec
Related Operation
Table 12-17 lists the related operation for disabling RIP packet transmission on an interface.
Table 12-17 Related operation for disabling RIP packet transmission on an interface
Context
l Generally, RIP packets are forwarded in broadcast mode. If you want an interface to
exchange routing information with a peer router in unicast mode, run the peer command
to specify the IP address of the peer router.
l Specifying the peer router enables the peer router to receive the same packet in both
multicast (broadcast) and unicast modes. So, when configuring the IP address of the peer
router, it is recommended that you change the related interface on the router to silent mode.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the peer command to configure the IP address of a peer router.
----End
Example
To configure the IP address of the peer router as 10.0.0.1, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#peer 10.0.0.1
Related Operation
Table 12-18 lists the related operation for configuring the IP Address of a Peer router.
Table 12-18 Related operation for configuring the IP Address of a Peer router
To... Run the Command...
Context
l The summary address is valid only when the classful summarization is disabled.
l With split horizon or poison reverse is enabled, summary address and classful
summarization will fail. That is, to transmit route summarization to neighbors, disable split
horizon or poison reverse of the related interface.
Procedure
Step 1 Runt the interface vlanif command to enter VLAN interface mode.
Step 2 Runt the rip summary-address command to configure IP address of a summary route.
----End
Example
To configure the summary IP address of VLAN interface 2 as 10.0.0.0, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip summary-address 10.0.0.0 255.255.255.0
Related Operation
Table 12-19 lists the related operation for configuring a summary route IP address.
Context
By default, an interface is enabled to receive and transmit RIP packets.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip input(rip output) command to enable an interface to receive/transmit RIP packets.
----End
Related Operation
Table 12-20 lists the related operation for enabling an interface to receive and transmit RIP
packets.
Table 12-20 Related operation for enabling an interface to receive and transmit RIP packets
To... Run the Command...
Context
l Once the function is enabled, RIP will not send the routing information learned from a
neighbor to it again. This avoids the creation of routing loops.
l By default, the split horizon function is enabled.
l The split horizon and poison reserve functions cannot be enabled at the same time.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip split-horizon command to enable the split horizon function.
----End
Example
To enable the RIP split horizon function, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip split-horizon
Related Operation
Table 12-21 lists the related operation for enabling the split horizon function.
Table 12-21 Related operation for enabling the split horizon function
To... Run the Command...
Context
You are not allowed to enable both the split horizon and poison reverse functions at the same
time.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip poison-reverse command to enable the poison reverse function.
----End
Example
To enable the RIP poison reverse function, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip poison-reverse
NOTE
Once the function is enabled, if a route breaks down but is still kept in RIP packets, the route is configured
as infinite, that is, the routing metric is set as 16. The poison reversal function avoids the creation of routing
loops among multiple routers.
Related Operation
Table 12-22 lists the related operation for enabling the poison reverse function.
Table 12-22 Related operation for enabling the poison reverse function
To... Run the Command...
Context
RIP-2 supports two authentication modes: plain text authentication and MD5 encrypted text
authentication.
l The plain text authentication does not ensure security. The authentication key, which is not
encrypted, is sent together with the packet.
l MD5 encrypted text authentication ensures security in that the authentication key is
encrypted and then sent. MD5 encrypted text authentication has two formats: one is a
common packet format and the other is a non-standard packet format.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip authentication-mode command to configure the RIP-2 authentication mode.
----End
Example
To configure the RIP-2 authentication mode as plain text mode and password as huawei, do as
follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip authentication-mode simple huawei
Related Operation
Table 12-23 lists the related operation for configuring the RIP-2 authentication mode.
Table 12-23 Related operation for configuring the RIP-2 authentication mode
To... Run the Command...
Context
The default input metric is 0 while the default output metric is 1.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip metricin or rip metriout command to configure the added metric when the interface
receives or transmits or the RIP packets.
----End
Example
To configure the input metric added to a RIP route as 5, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#rip metricin 5
Related Operation
Table 12-24 lists the related operation for configuring the additional metric of a route.
Table 12-24 Related operation for configuring the additional metric of a route
Context
By default:
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the timers rip command to configure the RIP timer.
Step 3 Run the display rip route command to query configuration information on the RIP timer.
----End
Example
To set the update time as 35s, age time as 170s, suppression time as 0s and Garbage-collect time
as 240s, do as follows:
huawei(config)#rip 1
huawei(config-rip-1)#timers rip 35 170 0 240
huawei(config-rip-1)#quit
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces :
vlanif7
Default routes : Disabled
Verify-source : Enabled
Networks :
192.0.1.0
Configured peers :
10.0.0.1
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-25 lists the related operation for configuring the RIP timer.
Context
By default, the function is disabled.
Procedure
Step 1 Run the rip tunnel command to enable the transparent transmission function of the RIP packet
based on the VLAN.
Step 2 Run the display rip tunnel command to query the status of the function.
----End
Example
To enable the transparent transmission function of the RIP packet based on VLAN 10, do as
follows:
huawei(config)#rip tunnel enable vlan 10
huawei(config)#display rip tunnel vlan 10
rip tunnel is enable
This operation enables you to set the VLAN-based transparent transmission for open shortest
path first (OSPF) packets. If you require the transparent transmission for OSPF packets in a
VLAN, enable the function.
Context
l By default, OSPF is disabled.
l To configure the related parameters, enable OSPF first.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the display ospf command to query the OSPF process.
----End
Example
To enable OSPF process 1, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#quit
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 10.71.62.27
OSPF Protocol Information
RouterID: 10.71.62.27 Border Router:
Route Tag: 0
Multi-VPN-Instance is not enabled
Spf-schedule-interval: 5
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 0
RFC 1583 Compatible
Area Count: 0 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Related Operation
Table 12-26 lists the related operation for enabling OSPF.
Context
l OSPF does not support configuring the DR priority for interface NULL.
l The DR is for broadcast or NBMA type interfaces. The interfaces of p2p, p2mp network
type do not need DR election.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
----End
Example
To configure the DR priority 8 for interface vlanif2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 192.1.1.1 24
huawei(config-if-vlanif2)#ospf dr-priority 8
huawei(config-if-vlanif2)#quit
huawei(config)#display ospf interface vlanif 2
OSPF Process 1 with Router ID 192.168.1.1
Interfaces
Interface: 192.1.1.1 (vlanif2)
Cost: 1 State: Down Type: Broadcast MTU: 1500
Priority: 8
Designated Router: 0.0.0.0
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Context
A router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS.
Procedure
Step 1 Run the router-id command to set an OSPF router ID.
Step 2 Run the display ospf brief command to query the configured OSPF router ID.
----End
Example
To set the ID of a router as 192.168.1.1, do as follows:
huawei(config)#ospf router-id 192.168.1.1
Warning: OSPF The new router id will be activated only after Reset Ospf Process
huawei(config-ospf-1)#quit
huawei(config)#reset ospf 1 process
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 192.168.1.1
OSPF Protocol Information
RouterID: 192.168.1.1 Border Router:
Route Tag: 0
Multi-VPN-Instance is not enabled
Spf-schedule-interval: 5
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 0
RFC 1583 Compatible
Area Count: 0 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Related Operation
Table 12-27 lists the related operation for setting an OSPF router ID.
Context
l OSPF further divides the AS into different areas. Routing information is transmitted
between the areas through the ABRs which are located at the boarders of the areas. This
helps to reduce the number of OSPF packets in the network, thus improving the
performance of OSPF.
l If the specified area does not exist, the system first creates the area and then enters area
config mode.
l An area ID is shown in the form of an IP address.
l If an area ID is an integer, the MA5600 automatically converts the integer into an IP address.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
----End
Example
To create area 1 and enter area config mode, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#area 1
huawei(config-ospf-100-area-0.0.0.1)#
Related Operation
Table 12-28 lists the related operation for entering OSPF area config mode.
Table 12-28 Related operation for entering OSPF area config mode
Context
Wildcard-mask in the network command is the reverse of the IP address, that is, the mask of
the IP address is reserved (0 changed to 1 and 1 changed to 0). "1" indicates the digit in the IP
address is omitted and "0" indicates that the digit must be reserved.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
Step 3 Run the network command to configure the interface running OSPF protocol and the area the
interface belongs to.
----End
Example
To configure the subnet 131.108.20.0 for the interface running OSPF, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#area 1
huawei(config-ospf-1-area-0.0.0.2)#network 131.108.20.0 0.0.0.255
Related Operation
Table 12-29 lists the related operation for configuring subnets for an area.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
Step 3 Run the stub command to configure the OSPF stub area.
----End
Example
To configure OSPF area 1 as a Stub area, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#area 1
huawei(config-ospf-1-area-0.0.0.1)#stub
Related Operation
Table 12-30 lists the related operations for configuring a Stub area.
Context
l Up to 128 adjacent routers can be configured in a process.
l Since an NBMA interface on the network cannot discover the adjacent routers through
broadcasting the Hello packets, you need to specify the adjacent routers.
l By default, the preference for NBMA interface adjacent router is 1.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the peer command to configure an NBMA adjacent router.
----End
Example
To configure the IP address of the NBMA adjacent router as 1.1.1.1 and specify the DR priority
as 120, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#peer 1.1.1.1 dr-priority 120
Related Operation
Table 12-31 lists the related operation for configuring an NBMA adjacent router.
Context
l Multiple dynamic routing protocols can run on one router at the same time. Due to this
reason, the problem of route sharing and routing protocol selection occurs.
l The system defines a preference for each routing protocol. When different routes are found
by different protocols to the same destination, the route found by the routing protocol with
the highest preference serves as the current effective route.
l The OSPF preference ranges from 1 to 255. By default, it is 10.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the preference command to set OSPF preference.
Step 3 Run the display ospf brief command to query the OSPF preference.
----End
Example
To set the OSPF preference as 12, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#preference 12
huawei(config-ospf-1)#quit
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 192.0.2.3
OSPF Protocol Information
Related Operation
Table 12-32 lists the related operation for setting OSPF preference.
Context
After the transmission is disabled on an interface, the interface shall be in silent state. The
interface can still advertise its direct route. However, the OSPF Hello packets of the interface
will be blocked, and no adjacency can be set up on the interface.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the silent-interface command to prohibit an interface from transmitting OSPF packets.
----End
Example
To prohibit VLAN interface 7 from transmitting OSPF packets, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#silent-interface vlanif 7
Related Operation
Table 12-33 lists the related operation for prohibiting an interface from transmitting OSPF
packets.
Table 12-33 Related operation for prohibiting an interface from transmitting OSPF packets
Context
The default maximum route count is:
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the maximum-routes command to configure the maximum OSPF route count.
----End
Example
To configure the maximum count of OSPF routes as 500, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#maximum-routes intra 500
Related Operation
Table 12-34 lists the related operation for configuring the maximum OSPF route count.
Table 12-34 Related operation for configuring the maximum OSPF route count
Procedure
Step 1 Run the ospf command to start the OSPF process.
----End
Example
To enable the logging function of OSPF, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#enable log config
Related Operation
Table 12-35 lists the related operation for enabling the OSPF logging function.
Table 12-35 Related operation for enabling the OSPF logging function
Context
By default, the function is disabled.
Procedure
Step 1 Run the ospf tunnel command to set the VLAN-based transparent transmission for OSPF
packets.
Step 2 Run the display ospf tunnel command to query the VLAN-based transparent transmission for
OSPF packets.
----End
Example
To enable the transparent transmission for OSPF packets in VLAN 10, do as follows:
huawei(config)#ospf tunnel enable vlan 10
huawei(config)#display ospf tunnel vlan 10
ospf tunnel is enable
Context
OSPF divides networks into four types. By default, the network type of an interface is determined
by the physical interface. For details, see Table 12-36.
p2mp Point-to-Multipoint -
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf network-type command to configure the network type.
----End
Example
Presume that the Ethernet port 0/7/0 is in VLAN 2, to configure the network type of the port
0/19/0 as P2P, do as follows:
huawei(config)#interface vlanif 2
huawei(config-vlanif-2)#ospf network-type p2p
Related Operation
Table 12-37 lists the related operation for configuring the network type on an OSPF interface.
Table 12-37 Related operation for configuring the network type on an OSPF interface
To... Run the Command...
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf cost command to configure the cost of the interface running OSPF.
----End
Example
To configure the cost of the interface running OSPF as 5, do as follows:
huawei(config)#interface vlanif 2
huawei(config-vlanif2)#ospf cost 5
Related Operation
Table 12-38 lists the related operation for configuring OSPF cost.
Restore the default undo ospf cost By default, the system calculates the
cost cost needed for the interface running
OSPF according to the current baud
rate of the interface.
Context
l OSPF supports plain text authentication or MD5/HMAC-MD5 encrypted text
authentication for adjacent routes to transmit OSPF packets.
l By default, the interface is not configured with any authentication mode.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf authentication-mode command to configure OSPF packet authentication.
----End
Example
To configure the OSPF authentication as plain text authentication and the authentication
password as "huawei", do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf authentication-mode simple huawei
Related Operation
Table 12-39 lists the related operation for configuring OSPF packet authentication.
Context
l After the adjacency is set up between two routers, the routers begin to transmit DD packets
to each other to exchange the owned routing information.
l By default, the interface does not fill in the MTU field while transmitting DD packets. In
other words, the MTU field in the DD packets is 0.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf mtu-enable command to configure the MTU of the DD packet.
----End
Example
To configure interface vlanif2 to fill in the MTU field when transmitting DD packet, do as
follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf mtu-enable
Related Operation
Table 12-40 lists the related operation for configuring the MTU of the DD packet.
Table 12-40 Related operation for configuring the MTU of the DD packet
To... Run the Command...
Restore the default setting for the interface undo ospf mtu-enable
when transmitting DD packets
This operation enables you to set the LSA retransmit interval between adjacent routers.
12.10.6 Setting the SPF Calculation Interval for OSPF
This operation enables you to set the SPF calculation interval for OSPF.
Context
l By default, Hello interval of P2P and broadcast interfaces is 10s and that of P2MP and
NBMA interfaces is 30s.
l The intervals for sending Hello packets of network neighbors should be consistent with
each other.
l The interval for sending Hello packets should be in inverse proportion of route convergence
speed and network load.
l After the network type of the interface is modified, the interval for sending Hello packets
restores the default value.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer hello command to set the interval for sending Hello packets.
----End
Example
To set the interval for sending OSPF Hello packet as 15s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer hello 15
Related Operation
Table 12-41 lists the related operation for setting the interval for sending Hello packets.
Table 12-41 Related operation for setting the interval for sending Hello packets
To... Run the Command...
Restore the default interval for sending undo ospf timer hello
Hello packets
Context
l By default, the dead time between adjacent routers on a P2P and broadcast interfaces is 40s
and that on P2MP and NBMA (non-broadcast) interfaces is 120s.
l The value of dead seconds must be 4 times that of hello seconds at least.
l After the network type of the interface is modified, the dead time is restored to the default
value.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer dead command to set the dead time of adjacent routers.
----End
Example
To set the dead time of adjacent routers as 60s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer dead 60
Related Operation
Table 12-42 lists the related operation for setting the dead time between adjacent routers.
Table 12-42 Related operation for setting the dead time between adjacent routers
To... Run the Command...
Context
l In the NBMA network, after the adjacent router fails, a router transmits Hello packet to the
failed router periodically with the Hello packet poll interval.
l The Hello packet poll interval shall at least four times the interval for sending Hello packets.
l By default, the Hello packet poll interval is 120s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer poll command to set the Hello packet poll interval.
----End
Example
To set the Hello packet poll interval as 60s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer poll 60
Related Operation
Table 12-43 lists the related operation for setting the Hello packet poll interval.
Table 12-43 Related operation for setting the Hello packet poll interval
Context
l The Link State Advertise (LSA) describes the interface state and the adjacency state of a
router. When saved in the LSDB of the local router, LSA ages. However, LSA does not
age in the process of network transmission.
l It is necessary to add LSA transmit delay to the expiration time before the transmission.
This configuration is very important for low speed networks.
l By default, the delay for sending link-state update is 1s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf trans-delay command to set the LSA transmit delay.
----End
Example
To set LSA transmit delay as 10s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf trans-delay 10
Related Operation
Table 12-44 lists the related operation for setting the LSA transmit delay.
Table 12-44 Related operation for setting the LSA transmit delay
Context
l When a router sends an LSA to its neighbors, it shall wait for an ACK from them. If no
ACK is received from the neighbors within the retransmit interval, this LSA shall be resent.
l A too small LSA retransmit interval on an interface may lead to unnecessary retransmission.
A too large LSA retransmit interval affects the flooding speed in case of packet loss.
l By default, the LSA retransmit interval between adjacent routers is 5s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf timer retransmit command to set the LSA retransmit interval.
----End
Example
To set the LSA retransmit interval as 8s, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ospf timer retransmit 8
Related Operation
Table 12-45 lists the related operation for setting the LSA retransmit interval between adjacent
routers.
Table 12-45 Related operation for setting LSA retransmit interval between adjacent routers
Context
l Whenever the LSDB of OSPF changes, the SPF shall be recalculated.
l Calculating the shortest path upon any change consumes vast amounts of resources and
affects the operation efficiency of the router. Adjusting the SPF calculation interval,
however, can restrain the resource consumption due to frequent network changes.
l By default, the interval of SPF recalculation is 5s.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the spf-schedule-interval command to set the SPF calculation interval for OSPF.
----End
Example
To set the interval of SPF recalculation as 10s, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#spf-schedule-interval 10
Related Operation
Table 12-46 lists the related operation for setting the SPF calculation interval for OSPF.
Table 12-46 Related operation for setting the SPF calculation interval for OSPF
Context
l By default, the ABR does not summarize routes between areas.
l One area can be configured with multiple summarization network segments.
l The route summarization is valid when configured on an ABR.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 2 Run the area command to add an area and enter the configuration mode of the area.
Step 3 Run the network command to configure the interface running OSPF protocol and the area the
interface belongs to.
Step 4 Run the abr-summary command to configure route summarization between areas.
----End
Example
To summarize the routes in the two network segments of 20.20.10.0 and 20.20.20.0 in OSPF
area as one route entry 20.20.0.0 and send it to other areas, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#area 1
huawei(config-ospf-100-area-0.0.0.1)#network 20.20.10.0 0.0.0.255
huawei(config-ospf-100-area-0.0.0.1)#network 20.20.20.0 0.0.0.255
huawei(config-ospf-100-area-0.0.0.1#abr-summary 20.20.0.0 255.255.0.0
Related Operation
Table 12-47 lists the related operation for configuring route summarization between areas.
Table 12-47 Related operation for configuring route summarization between areas
Context
OSPF supports the summary of imported routes. By default, the summary of imported routes is
disabled.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the asbr-summary command to configure summary of routes with the same prefix.
----End
Example
To enable the summary of routes with the same prefix of 10.2, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#asbr-summary 10.2.0.0 255.255.0.0
Related Operation
Table 12-48 lists the related operation for configuring the summarization of routes imported by
OSPF.
Table 12-48 Related operation for configuring summarization of routes imported by OSPF
Context
l OSPF makes the routes found by other routing protocols to be processed as routes outside
the AS. The protocol types of routes that OSPF can import are RIP, direct routes and static
routes.
l By default, OSPF's importing routes from other protocols is disabled.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the import-route rip command to import routes from other protocols into OSPF.
----End
Example
To specify the imported RIP route as Type 2 external route, the route tag as 33, and the cost as
50, do as follows:
huawei(config)#ospf 1
huawei(config-ospf-1)#import-route rip 40 type 2 tag 33 cost 50
Related Operation
Table 12-49 lists the related operation for importing routes from other protocols into OSPF.
Table 12-49 Related operation for importing routes from other protocols into OSPF
To... Run the Command...
Context
The default settings are:
l Cost: 10
l The type of imported route: 2
l The upper limit of the imported external routes: 1000 at a time
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the default command to set the default parameters for OSPF to import external routes.
----End
Example
Assume that:
l The upper limit of the default imported external routes: 100
l The default cost for OSPF to accept external routes: 8
l The default tag for OSPF to accept external routes: 8
l The default type of imported routes: Type-1
To set the OSPF imported routes, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#default cost 8 type 1 tag 8 limit 100
Related Operation
Table 12-50 lists related operations for setting parameters for OSPF to import external routes.
Table 12-50 Related operations for setting parameters for OSPF to import external routes
Restore the default upper limit for OSPF to import undo default limit
external routes each time
Restore the default cost for OSPF to import external undo default cost
routes
Restore the default tag when OSPF imports external undo default tag
routes
Restore the default type of the external routes to be undo default type
imported
Context
l Up to 1000 route policies can be defined in the system, and each route policy can be
configured with up to 20 nodes.
l A route policy may consist of several nodes, with each node as a unit for the match test.
The node number is also the matching order.
l The relationship between nodes of a route policy is "or". The system checks every node of
a route policy. If one node passes the match test, it means that the route policy passes the
match test.
l Every node consists of if-match clause and apply clause:
– if-match defines the matching order. The relationship between two if-match clauses
of a node is "and". In other words, the match test can be considered as pass-through
only when all if-match clauses of a node are satisfied.
– apply clause specifies the action to be taken when node match test is conducted, that
is, set some attributes of the routes.
Parameter Description
Table 12-51 lists the parameters for defining a route policy.
Parameter Description
Procedure
Step 1 Run the route-policy command to create a route policy and the enter route policy configuration
mode.
Step 2 Run the display route-policy command to query the running status of the configured route
policy.
----End
Example
To configure route policy 1 with node number of 10 and the matching mode "permit", do as
follows:
huawei(config)#route-policy policy1 permit node 10
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:policy1
Command:
display route-policy policy1
Route-policy : policy1
permit : 10
Related Operation
Table 12-52 lists the related operation for configuring a route policy.
Context
l The if-match clause defines the matching rules, namely the preconditions for routes to pass
the current route policy, based on the attributes of the routes.
l The relationship between two if-match clauses of a node is "and". The match test can be
considered as pass-through only when all if-match clauses of a node are satisfied. The apply
clause specifies the action to be taken when node match test is conducted.
l If no if-match clause is specified, all routes can pass through the node.
l By default, no match action is taken.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match ip command to set the filtering criteria of routing information.
Step 3 Run the display route-policy command to query the configuration information.
----End
Example
To set filtering the address prefix list p1 of destination address of route, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip next-hop ip-prefix p1
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Related Operation
Table 12-53 lists the related operation for defining the route policy matching rule.
Table 12-53 Related operation for defining the route policy matching rule
Context
l The apply clause specifies the commands to be used for modifying the attributes of the
routes when if-match clauses are satisfied.
l By default, no setting is available.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match command to set the filtering criteria of routing information.
Step 3 Run the apply tag command to set the tag of the route information.
Step 4 Run the display route-policy command to query the configured route policy.
----End
Example
To set the routing information tag of the filtered route as 100, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip-prefix p1
huawei(config-route-policy)#apply tag 100
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Apply clauses :
apply tag 100
Related Operation
Table 12-54 lists the related operation for modifying the attributes of the filtered route.
Table 12-54 Related operation for modifying the attributes of the filtered route
To... Run the Command...
13 Configuring MSTP
This chapter describes how to configure the MSTP protocol on the MA5600.
13.1 Overview
This chapter describes the multiple spanning tree protocol (MSTP) and its applications to the
MA5600.
13.2 Enabling the MSTP Function
This operation enables the MSTP function on the MA5600.
13.3 Setting the Working Mode of MSTP
This operation enables you to set the working mode of MSTP.
13.4 Setting the MST Region Parameters
This section describes how to set the parameters of the multiple spanning tree (MST) region.
13.5 Activating the Configuration of the MST Region
This operation enables you to activate the configuration of the MST region.
13.6 Specifying the Device as a Root Bridge or a Backup Root Bridge
This operation enables you to specify the device as a root bridge or a backup root bridge.
13.7 Setting the Priority of the Device in the Specified Spanning Tree Instance
This operation enables you to set the priority of the device in the specified spanning tree instance.
13.8 Setting the Maximum Hop of the MST Region
This operation enables you to set the maximum hop of the MST region.
13.9 Setting the Diameter of the Switching Fabric
This operation enables you to set the diameter of the switching fabric.
13.10 Setting the Calculation Standard for the Path Cost
This operation enables you to set the calculation standard for the path cost.
13.11 Setting the Time Parameters of the Specified Network Bridge
This section describes how to set the time parameters of the specified network bridge. The time
parameters include Forward Delay, Hello Time, MAX Age, and time factor.
13.12 Setting the Parameters of the Specified Port
This section describes how to set the parameters of the specified port.
13.13 Setting the mCheck Variable
This operation enables you to set the mCheck variable to force a port to work in MSTP mode.
13.14 Configuring the Device Protection Function
This section describes how to configure the device protection functions, including BPDU
protection, loopback protection and root protection.
13.15 Clear the MSTP Protocol Statistics
This operation enables you to clear the MSTP protocol statistics.
13.1 Overview
This chapter describes the multiple spanning tree protocol (MSTP) and its applications to the
MA5600.
Service Description
MSTP applies to a redundant network. It makes up for the drawback of STP and RSTP. MSTP
makes the network converge fast and the traffic of different VLANs distributed along their
respective paths, which provides a better load-sharing mechanism.
MSTP trims a loop network into a loop-free tree network. It avoids the proliferation and infinite
cycling of the packets in the loop network. In addition, MSTP provides multiple redundant paths
for VLAN data transmission to achieve the load-sharing purpose.
For details on MSTP, refer to the chapter "MSTP" in the Feature Description.
Service Specification
The MA5600 supports MSTP, which is compatible with the STP and RSTP. It supports MSTP
loop network to meet the various networking requirements.
Context
l By default, the MSTP function is disabled.
l After the MSTP function is enabled, the device determines whether it works in STP
compatible mode or MSTP mode based on the configured protocol.
l After the MSTP function is enabled, MSTP maintains dynamically the spanning tree of the
VLAN based on the received BPDU packets. After the MSTP function is disabled, the
MSTP device becomes a transparent bridge and does not maintain the spanning tree.
Procedure
Step 1 Run the stp enable command or stp port enable command to enable the MSTP function of the
bridge or the port.
Step 2 Run the display stp command or display stp port command to query the MPLS state of the
bridge or the port.
----End
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 1 days :18m:27s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :32768.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :None
Port Stp Mode :Stp
PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
Related Operation
Table 13-1 lists the related operations for enabling the MSTP function.
Restore the default MSTP state of the undo stp port By default, it is
port enabled.
Context
l MSTP supports two working modes:
– MSTP mode
– STP mode
l MSTP is compatible with STP. If the network bridge that runs STP exists in the switching
fabric, MSTP automatically runs in MSTP/STP compatible mode.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the stp mode
mstp command to force the port to work in MSTP mode.
Procedure
l The following section shows the procedure for setting the STP working mode.
1. Run the stp mode stp command to set the STP working mode.
2. Run the display stp command to query the working mode.
l The following section shows the procedure for setting the RSTP working mode.
1. Run the stp mode stp command to set the MSTP working mode.
2. Run the display stp command to query the working mode.
----End
Command:
display stp
The bridge is executing the IEEE compatible Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 2 days :16m:14s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 2 days :16m:16s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-2 lists the related operation for setting the working mode of MSTP.
Table 13-2 Related operation for setting the working mode of MSTP
Restore the default working mode of undo stp mode By default, the
MSTP device works in
MSTP mode.
Context
l The purpose of setting the MD5-Key is for device security. Two devices in the same
multiple spanning tree (MST) can communicate with each other when their MD5-Key
values are the same.
l The MD5-Key value is a character string not longer than 32 bytes. In addition, its length
must be a multiple of 2. By default, it is 0x13AC06A62E47FD 51F95D2BA243CD0346.
Procedure
Step 1 Run the stp md5-key command to set the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Step 2 Run the display current-configuration command to query the configuration of the device.
----End
Example
To set the MD5-Key for the MD5 encryption algorithm as 0x11ed224466, do as follows:
huawei(config)#stp md5-key 11ed224466
huawei(config)#display current-configuration section config
[MA5600V300R003: 3002]
#
[config]
<config>
mpls vlan 10
mpls vlan 20
mpls vlan 500
mpls vlan 1000
mpls vlan 1001
#
stp region-configuration
region-name huawei
instance 1 vlan 1000
instance 2 vlan 100
active region-configuration
stp instance 0 priority 0
stp timer hello 1000
stp md5-key 11ED224466
stp port 0/7/0 root-protection enable
stp enable
#
lacp priority 0 system
lacp long-period 20
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-3 lists the related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Table 13-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region
Context
You can configure the parameters related to the MST regions, such as the name, revision level,
and VLAN instance mapping table.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the region-name command to configure the name of the MST region.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To configure the name of the MST region as huawei-mstp-bridge, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#region-name huawei-mstp-bridge
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
Related Operation
Table 13-4 lists the related operations for configuring the MST region name.
Table 13-4 Related operations for configuring the MST region name
Context
l By default, all VLANs are mapped to CIST, that is, instance 0.
l One VLAN can be mapped to only one instance at one time. If you re-map a VLAN to
another instance, the original mapping is disabled.
l A maximum of 10 VLAN sections can be configured for an MSTP instance.
l After the mapping, activate it to validate it.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the instance vlan command to map the specified VLAN to the specified MSTP instance.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To map VLANs 2-10 and VLANs 12-16 to MSTP instance 3, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#instance 3 vlan 2 to 10 12 to 16
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
Related Operation
Table 13-5 lists the related operations for mapping the specified VLAN to the specified MSTP
instance.
Table 13-5 Related operations for mapping the specified VLAN to the specified MSTP instance
Context
l By default, all VLANs are mapped to CIST, that is, instance 0.
l On the MA5600, you can specify the VLAN to each MSTP instance rapidly by modular
arithmetic.
– When you map the VLAN to the MSTP instance by modular arithmetic, the ID of the
mapped instance is (VLANID - 1) % module + 1.
– The modular value for the modular arithmetic ranges from 1 to 16. It indicates the
number of the MSTP instances.
l This operation is used to map the VLANs to the MSTP instances rapidly. In actual
application, you can run the instance vlan command to adjust the mappings as required.
l Activate the setting to make it take effect.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the vlan-mapping module command to map all VLANs to the MSTP instances by modular
arithmetic.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To map all VLANs to the MSTP instances by modular arithmetic, with the modular value of 16,
do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#vlan-mapping module 16
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
InstanceVlans Mapped
1 1, 17, 33, 49, 65, 81, 97, 113, 129, 145, 161,
177, 193, 209, 225, 241, 257, 273, 289, 305, 321, 337,
353, 369, 385, 401, 417, 433, 449, 465, 481, 497, 513,
529, 545, 561, 577, 593, 609, 625, 641, 657, 673, 689,
705, 721, 737, 753, 769, 785, 801, 817, 833, 849, 865,
881, 897, 913, 929, 945, 961, 977, 993, 1009, 1025, 1041,
1057, 1073, 1089, 1105, 1121, 1137, 1153, 1169, 1185, 1201, 1217,
1233, 1249, 1265, 1281, 1297, 1313, 1329, 1345, 1361, 1377, 1393,
1409, 1425, 1441, 1457, 1473, 1489, 1505, 1521, 1537, 1553, 1569,
1585, 1601, 1617, 1633, 1649, 1665, 1681, 1697, 1713, 1729, 1745,
1761, 1777, 1793, 1809, 1825, 1841, 1857, 1873, 1889, 1905, 1921,
1937, 1953, 1969, 1985, 2001, 2017, 2033, 2049, 2065, 2081, 2097,
2113, 2129, 2145, 2161, 2177, 2193, 2209, 2225, 2241, 2257, 2273,
2289, 2305, 2321, 2337, 2353, 2369, 2385, 2401, 2417, 2433, 2449,
2465, 2481, 2497, 2513, 2529, 2545, 2561, 2577, 2593, 2609, 2625,
2641, 2657, 2673, 2689, 2705, 2721, 2737, 2753, 2769, 2785, 2801,
2817, 2833, 2849, 2865, 2881, 2897, 2913, 2929, 2945, 2961, 2977,
2993, 3009, 3025, 3041, 3057, 3073, 3089, 3105, 3121, 3137, 3153,
3169, 3185, 3201, 3217, 3233, 3249, 3265, 3281, 3297, 3313, 3329,
3345, 3361, 3377, 3393, 3409, 3425, 3441, 3457, 3473, 3489, 3505,
3521, 3537, 3553, 3569, 3585, 3601, 3617, 3633, 3649, 3665, 3681,
3697, 3713, 3729, 3745, 3761, 3777, 3793, 3809, 3825, 3841, 3857,
3873, 3889, 3905, 3921, 3937, 3953, 3969, 3985, 4001, 4017, 4033,
4049, 4065, 4081
2 2, 18, 34, 50, 66, 82, 98, 114, 130, 146, 162,
178, 194, 210, 226, 242, 258, 274, 290, 306, 322, 338,
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-6 lists the related operations for mapping all VLANs to the MSTP instances.
Table 13-6 Related operations for mapping all VLANs to the MSTP instances
To... Run the Command...
Context
l By default, the revision level is 0.
l Activate the setting to make it take effect.
NOTE
l When you configure the parameters related to the MST region, the current device is placed into a
specified MST region.
l Two devices belong to a same MST region when they meet the following conditions:
l They have the same MST region name and the MSTP revision level.
l The VLAN mapping tables, which correspond to all the spanning tree instances, must be the same
with each other.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the revision-level command to set the MSTP revision level of the device.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To set the MSTP revision level as 100, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#revision-level 100
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :00e0fc995050
Revision level :100
Related Operation
Table 13-7 lists the related operations for setting the MSTP revision level of the device.
Table 13-7 Related operations for setting the MSTP revision level of the device
13.4.6 Restoring the Default Settings for All Parameters of the MST
Region
This operation enables you to restore the default settings for all parameters of the MST region.
Context
By default, the name of the MST region is its management MAC address, all VLANs are mapped
to instance 0, and the revision level of MSTP is 0.
Procedure
Step 1 Run the reset stp region-configuration command to restore the default settings to all parameters
of the MST region.
Step 2 Run the stp region-configuration command to switch over to MST region mode.
Step 3 Run the display stp region-configuration command to query the configuration of the MST
region.
----End
Example
To restore the default settings for all parameters of the MST region, do as follows:
huawei(config)#reset stp region-configuration
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Region name :00e0fc995050
Revision level :0
Context
When you configure the parameters related to the MST region, especially the VLAN mapping
table, MSTP will recalculate the spanning tree. This results in an unstable network topology.
To avoid it, MSTP will not recalculate the spanning tree immediately after you configure the
parameters, unless the following conditions are met:
l Run the active region-configuration command to activate the configuration of the MST
region.
l Run the stp enable command to enable the MSTP function.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the active region-configuration command to activate the configuration of the MST region.
Step 3 Run the display stp region-configuration command to query the effective configuration of the
MST region.
----End
Example
To activate the configuration of the MST region, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#active region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :100
Related Operation
Table 13-8 lists the related operation for activating the configuration of the MST region.
Table 13-8 Related operation for activating the configuration of the MST region
Context
l By default, the device is not used as a root bridge or a backup root bridge.
l After specifying the current bridge as a root bridge or a backup root bridge, you cannot
modify the system priority of the root bridge.
l One spanning tree instance can be configured with only one root bridge, but more backup
root bridges.
– If the root bridge fails or is powered off, the backup root bridge is used as the root bridge.
– If multiple backup root bridges are configured, the root bridge with the smallest MAC
address is used as the root bridge of the specified spanning tree instance.
Procedure
Step 1 Run the stp root command to specify the device as a root bridge or a backup root bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To specify the current device as the root bridge of MSTP instance 2, do as follows:
huawei(config)#stp instance 2 root primary
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 2
{ <cr>|port<K> }:
Command:
display stp instance 2
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :15m:52s
Related Operation
Table 13-9 lists the related operation for specifying the device as a root bridge or a backup root
bridge.
Table 13-9 Related operation for specifying the device as a root bridge or a backup root bridge
Context
l The priority of the device ranges from 0 to 61440, with the step of 4096. By default, it is
32768.
l The priority of the device determines whether it can be selected as the root bridge of the
spanning tree. A device with a smaller priority is likely to be selected as the root bridge of
the spanning tree.
l The device that supports MSTP has different priorities in different spanning tree instances.
l If two devices have the same priority, then the device with the smaller MAC address is
selected as the root bridge of the spanning tree.
Procedure
Step 1 Run the stp priority command to set the priority of the device in the specified spanning tree
instance.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the priority of the device in spanning tree instance 2 as 4096, do as follows:
huawei(config)#stp instance 2 priority 4096
NOTE
If you set the parameter instance instance-id as 0, the priority you set is used as the priority of the device
in the CIST.
huawei(config)#display stp instance 2
{ <cr>|port<K> }:
Command:
display stp instance 2
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :16m:20s
Related Operation
Table 13-10 lists the related operations for setting the priority of the device in the specified
spanning tree instance.
Table 13-10 Related operations for setting the priority of the device in the specified spanning
tree instance
To... Run the Command...
Set the priority of the port in the specified stp port port-priority
spanning tree instance
Context
l By default, the maximum hop of the MST region is 20.
l The device takes the root device of the spanning tree in the MST region as a start point.
When the configuration message in the region, that is, the BPDU packet, is forwarded by
one device, the hop is reduced by 1. The device drops the packet with the hop of 0. In this
case, the network scale in the region is restricted.
l If the current device becomes the root bridge device of the CIST or multiple spanning tree
instance (MSTI) in the MST region, the maximum hop configured on the bridge device
becomes the network diameter of the spanning tree. In this case, the spanning tree scale in
the region is restricted.
Procedure
Step 1 Run the stp max-hops command to set the maximum hop of the MST region.
Step 2 Run the display stp command to query the MSTP configuration of the current device.
----End
Example
To set the maximum hop of the MST region as 10, do as follows:
huawei(config)#stp max-hops 10
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 10
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :17m:39s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-11 lists the related operation for setting the maximum hop of the MST region.
Table 13-11 Related operation for setting the maximum hop of the MST region
Context
l The setting takes effect only to CIST.
l The device takes the root of the spanning tree in the MST region as a start point. When the
configuration message in the region, that is, the BPDU packet, is forwarded by one device,
the hop is reduced by 1. The device drops the packet with the hop of 0. In this case, the
network scale in the region is restricted.
l If the current device becomes the root bridge of the CIST or MSTI in the MST region, the
maximum hop configured on the root bridge is the network diameter of the spanning tree.
l The parameters Hello Time, Forward Delay and Max Age are related to the network scale.
When you set the diameter of the switching fabric, MSTP sets automatically the parameters
Hello Time, Forward Delay and Max Age to a proper value based on the configured network
diameter.
l By default, the diameter of the switching fabric is 7, the Forward Delay is 15, the Hello
Time is 2s, and the Max Age is 20s.
NOTE
l The diameter of the switching fabric is the path with the most switching devices along it. The diameter
is indicated by the number of the switching devices along the path.
l The larger the network diameter is, the larger the network scale is.
Procedure
Step 1 Run the stp bridge-diameter command to set the diameter of the switching fabric.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the diameter of the switching fabric as 6, do as follows:
huawei(config)#stp bridge-diameter 6
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 3 days :17m:55s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-12 lists the related operation for setting the diameter of the switching fabric.
Table 13-12 Related operation for setting the diameter of the switching fabric
Context
l The MA5600 supports three kinds of calculation standards for the path cost: the IEEE
802.1d standard (dot1d), the IEEE 802.1t standard (dot1t), and the private standard of
Huawei (legacy). By default, the private standard of Huawei (legacy) is used.
l After the calculation standard is set, the path cost of the device is calculated based on it
automatically.
l Different calculation standards define different path cost values for the ports. If the set
calculation standard is different from the current standard, all ports use the default path cost
of the set calculation standard.
Procedure
Step 1 Run the stp pathcost-standard command to set the calculation standard for the path cost.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the calculation standard for the path cost as IEEE 802.1t, do as follows:
huawei(config)#stp pathcost-standard dot1t
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 95 Time since last TC : 0 days : 0m: 4s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-13 lists the related operation for setting the calculation standard for the path cost.
Table 13-13 Related operation for setting the calculation standard for the path cost
Context
l For MSTP, when the port switches from discarding to forwarding state, an intermediate
state (Learning) is used if the rapid transition condition of the port state is not met. In this
case, the temporary loop can be avoided.
l The Forward Delay of the root bridge specifies the interval of state transition. If the current
device is a root bridge, its state transition interval is specified by the Forward Delay. The
other devices use the Forward Delay specified by the root bridge to perform state transition.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Forward Delay is 15 seconds.
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer forward-delay command to set the Forward Delay of the specified network
bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the Forward Delay of the specified network bridge as 2000 centiseconds, do as follows:
huawei(config)#stp timer forward-delay 2000
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-14 lists the related operations for setting the Forward Delay of the specified network
bridge.
Table 13-14 Related operations for setting the Forward Delay of the specified network bridge
Set the Max Age of the specified network stp timer max-age
bridge
Context
l The device transmits the configuration packets at regular intervals specified by the Hello
Time to keep the spanning tree stable. If a device does not receive the configuration packets,
it considers that the configuration packets are timed out and then recalculates the spanning
tree.
l If the current device is a root bridge, the configuration packets are sent at regular intervals
specified by the Hello Time. The other devices use the Hello Time specified by the root
bridge to send the configuration packets.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Hello Time is 2 seconds.
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer hello command to set the Hello Time of the specified network bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the Hello Time of the specified network bridge as 1000 centiseconds, do as follows:
huawei(config)#stp timer hello 1000
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-15 lists the related operations for setting the Hello Time of the specified network
bridge.
Table 13-15 Related operations for setting the Hello Time of the specified network bridge
Set the Max Age of the specified network stp timer max-age
bridge
Context
l The Max Age takes no effect to MSTI.
l On the CIST, the device uses the Max Age to determine whether the configuration received
by the port is out of date. If the configuration received by the port is out of date, recalculate
the spanning tree instance.
l If the device is a CIST root bridge, it uses the Max Age to determine whether the
configuration is out of date. If the device is not a CIST root bridge, it uses the Max Age set
on the CIST root bridge to determine it.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Max Age is 20 seconds.
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer max-age command to set the Max Age of the specified network bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the Max Age of the specified network bridge as 3000 centiseconds, do as follows:
huawei(config)#stp timer max-age 3000
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-16 lists the related operations for setting the Max Age of the specified network bridge.
Table 13-16 Related operations for setting the Max Age of the specified network bridge
To... Run the Command...
Context
l The device that supports MSTP sends Hello packets at regular intervals to the neighboring
network bridges. In this case, it checks whether the links are normal.
l If the device does not receive the Hello packets from the upstream device within a triple
Hello Time, it considers the upstream device faulty and recalculates the spanning tree. By
doing so, the link problem can be resolved in time.
l Generally, the network condition is good. If the upstream devices are busy, the spanning
tree may be recalculated. You can avoid such an unnecessary calculation by the timeout
time factor of the specified network bridge.
l By default, the timeout time factor of the specified network bridge is 3.
Procedure
Step 1 Run the stp time-factor command to set the timeout time factor of the specified network bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To set the timeout time factor of the specified network bridge as 6, do as follows:
huawei(config)#stp time-factor 6
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 6 Max Hops : 20
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 6
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-17 lists the related operation for setting the timeout time factor of the specified network
bridge.
Table 13-17 Related operation for setting the timeout time factor of the specified network bridge
Context
l The maximum transmission rate of the port indicates the maximum MSTP packets
transmitted by the port within one Hello Time.
l The port can transmit a maximum of 255 packets within one Hello Time. The default
number of packets transmitted is 3.
Procedure
Run the stp port transmit-limit command to set the number of packets transmitted by the port
within the Hello Time.
----End
Example
To set the maximum packets transmitted by the port within one Hello Time as 16, do as follows:
huawei(config)#stp port 0/7/0 transmit-limit 16
Related Operation
Table 13-18 lists the related operations for setting the maximum transmission rate of the
specified port.
Table 13-18 Related operations for setting the maximum transmission rate of the specified port
Context
l You can set only the port connected to the terminal as an edge port. When the BPDU
protection is disabled from the switching device, after the port receives the BPDD packets,
even if the port is set as an edge port, it still works as a non-edge port. By default, all ports
are set as non-edge ports.
l If you specify a port as an edge port, the rapid transition can be implemented if the port is
transited from blocking to forwarding state.
l This setting takes effect to all spanning tree instances. When a port is set as an edge port,
it works as an edge port on all spanning tree instances. When a port is set as a non-edge
port, it works as a non-edge port on all spanning tree instances.
NOTE
For the port directly connected to the terminal, set it as an edge port, and enable its BPDU protection
function. For more details, see the section "13.14.1 Enabling the BPDU Protection Function of the
Device." In this case, the rapid transition of the port state can be implemented, and the network security is
guaranteed.
Procedure
Step 1 Run the stp port edged-port enable command to set the port as an edge port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set port 0/7/0 as an edge port, do as follows:
huawei(config)#stp port 0/7/0 edged-port enable
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 2m:25s
-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/7/ 0 128 200000 Disabled Disa Down Edge
3 0/7/ 2 128 200000 Enabled Disa Down None
17 0/ 2/ 0 0 200000 Enabled Disa Down None
18 0/ 2/ 1 128 200000 Enabled Disa Down None
19 0/ 2/ 2 128 200000 Enabled Disa Down None
20 0/ 2/ 3 128 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 13-19 lists the related operation for setting the specified port as an edge port.
Table 13-19 Related operation for setting the specified port as an edge port
To... Run the Command...
13.12.3 Setting the Path Cost of the Port in the Specified Spanning
Tree Instance
This operation enables you to set the path cost of the port in the specified spanning tree instance.
Context
l By default, the network bridge obtains the path cost of the port based on the link status.
l Setting the path cost of the Ethernet port results in the recalculation of the spanning tree.
Therefore, the default path cost is recommended.
NOTE
l Path cost is a parameter related to the rate of the link connected to the port. For the device that supports
MSTP, the port has different path costs in different spanning tree instances.
l Setting a proper path cost makes various VLAN traffic be forwarded along different physical links. In
this case, the VLAN load-sharing function is implemented.
Procedure
Step 1 Run the stp port cost command to set the path cost of the port in the specified spanning tree
instance.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set the path cost of the port in spanning tree instance 2 as 1024, do as follows:
huawei(config)#stp port 0/7/0 instance 2 cost 1024
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 0
{ <cr>|port<K> }:
Command:
display stp instance 0
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 5m:27s
-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/7/ 0 128 1024 Disabled Disa Down Edge
3 0/7/ 2 128 200000 Enabled Disa Down None
17 0/ 2/ 0 0 200000 Enabled Disa Down None
18 0/ 2/ 1 128 200000 Enabled Disa Down None
19 0/ 2/ 2 128 200000 Enabled Disa Down None
20 0/ 2/ 3 128 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 13-20 lists the related operation for setting the path cost of the port in the specified
spanning tree instance.
Table 13-20 Related operation for setting the path cost of the port in the specified spanning tree
instance.
To... Run the Command...
Restore the default path cost of the undo stp port cost
specified port
Context
l The priority of a port affects its role in the specified spanning tree instance. You can set
different priorities for the same port on the different MSTIs. This makes various VLAN
traffic be forwarded along different physical links. In this case, the VLAN load-sharing
function is implemented.
l If the priority of the port changes, MSTP recalculates the role of the port and perform state
transition.
l The priority of the port ranges from 0 to 240, with the step of 16. By default, it is 128.
Procedure
Step 1 Run the stp port port-priority command to set the priority of the specified port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set the priority of the specified port as 64, do as follows:
huawei(config)#stp port 0/7/0 instance 0 port-priority 64
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 0
{ <cr>|port<K> }:
Command:
display stp instance 0
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 5m:57s
-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/7/ 0 64 1024 Disabled Disa Down Edge
3 0/7/ 2 64 200000 Enabled Disa Down None
17 0/ 2/ 0 0 200000 Enabled Disa Down None
18 0/ 2/ 1 128 200000 Enabled Disa Down None
19 0/ 2/ 2 128 200000 Enabled Disa Down None
20 0/ 2/ 3 128 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 13-21 lists the related operation for setting the priority of the specified port.
Table 13-21 Related operation for setting the priority of the specified port
Context
l By default, the point-to-point parameter is set to auto mode. MSTP checks whether the
link connected to the specified port is a point-to-point link.
l The port state cannot be changed rapidly if the port is not connected to a point-to-point link.
The default setting is recommended.
l This setting takes effect to CIST and MSTI. When the port is set as connecting (or not
connecting) with the point-to-point link, the setting applies to all the spanning tree
instances.
l If the port is set as connecting with the point-to-point link, but actually it is not connected
with a point-to-point link, the port is in loopback state.
NOTE
l For an aggregated port, only the primary port can be set as connecting with the point-to-point link.
l Assume that a port works in auto negotiation mode, if it is in full-duplex mode after the negotiation, it
can be set as connecting with the point-to-point link.
Procedure
Run the stp port point-to-point command to set whether the link that is connected to the port
is a point-to-point link.
----End
Example
To set the link that is connected to port 0/7/0 as a point-to-point link, do as follows:
huawei(config)#stp port 0/7/0 point-to-point force-true
Related Operation
Table 13-22 lists the related operation for setting the point-to-point link connection of the
specified port.
Table 13-22 Related operation for setting the point-to-point link connection of the specified port
Set the link connected to the port as the undo stp port point-to-point
default state
Context
Run the stp port mcheck command to check whether there is any network bridge that runs STP
in the subnet to which the current port is connected.
l If the network bridge that runs STP exists in the subnet where the port is connected, the
port runs in MSTP/STP compatible mode automatically.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the command
to force the port to work in MSTP mode. After that, the type of the packets received by the
port determines whether it works in MSTP or STP compatible mode.
This command takes effect only when the network bridge runs MSTP.
Procedure
Run the stp port mcheck command to set the mCheck variable.
----End
Example
To transit port 0/7/0 to work in MSTP mode, do as follows:
Context
l By default, the BPDU protection function is disabled.
l If the port of an access device is connected directly to the user terminal, such as a PC, or
connected to the file server, the port is usually set as an edge port to implement rapid state
transition. When the port receives the BPDU packets, the system sets the port as a non-
edge port and recalculates the spanning tree. This results in an unstable network topology.
l MSTP provides the BPDU protection function to prevent users from forging BPDU packets
to attack the device maliciously. If the BPDU protection function is enabled on the device,
the system disables the edge port that receives the BPDU packets. If the disabled port does
not receive the BPDU packets within 180s, it is enabled automatically.
Procedure
Step 1 Run the stp bpdu-protection enable command to enable the BPDU protection function of the
device.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To enable the BPDU protection function of device, do as follows:
huawei(config)#stp bpdu-protection enable
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:
display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : enabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 0 days : 6m:42s
-----------------------------------------------------------------------------
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-23 lists the related operation for enabling the BPDU protection function of the device.
Table 13-23 Related operation for enabling the BPDU protection function of the device
To... Run the Command...
Context
l To avoid the switching fabric loop due to the link congestion or unidirectional link fault,
MSTP provides the loop protection function.
l After the loop protection function is enabled, the root port keeps its role, and the blocked
port keeps its discarding state and does not forward any packets. In this case, the loop will
not occur in the network.
l By default, the loop protection function is disabled.
Procedure
Step 1 Run the stp port loop-protection enable command to enable the loop protection function of
the port.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To enable the loop protection function of port 0/7/0, do as follows:
huawei(config)#stp port 0/7/0 loop-protection enable
huawei(config)#display stp port 0/7/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-24 lists the related operations for enabling the loop protection function of the device.
Table 13-24 Related operations for enabling the loop protection function of the device
Context
l Due to the incorrect configuration or malicious attacks, the legal root bridge in the network
might receive the configuration packets with a higher priority. In this case, the current root
bridge becomes invalid, which causes the network topology changed. MSTP provides the
root protection function to avoid such a case.
l For the port that is enabled with the root protection function, it is only used as a specified
port for all instances. Once the port receives the configuration packets with a higher priority,
which sets the port as a non-specified port, the port will be in the listening state, and will
not forward the packets. When the port does not receive the configuration packets with a
higher priority for a certain period, the port will restore to the normal state.
l By default, the root protection function of the port is disabled.
Procedure
Step 1 Run the stp port root-protection enable command to enable the root protection function of the
port.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To enable the root protection function of port 0/7/0, do as follows:
huawei(config)#stp port 0/7/0 root-protection enable
huawei(config)#display stp port 0/7/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :0.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :Root
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
---- More ( Press 'Q' to break ) ----
Related Operation
Table 13-25 lists the related operations for enabling the root protection function of the device.
Table 13-25 Related operations for enabling the root protection function of the device
To... Run the Command...
Disable the root protection function of the stp port root-protection disable
device
Context
You can clear the device/port MSTP protocol statistics.
Procedure
Step 1 Run the reset stp statistics command to clear the MSTP protocol statistics.
Step 2 Run the reset stp port statistics command to clear the MSTP protocol statistics of a port.
----End
14 Configuring NTP
This chapter describes the NTP protocol and how to configure it on the MA5600.
14.1 Overview
This section describes the NTP concepts and its specification on the MA5600.
14.2 Configuration Example of NTP Broadcast Mode
This operation enables you to configure NTP broadcast mode on the MA5600, so as to implement
clock synchronization among network devices.
14.3 Configuration Example of NTP Multicast Mode
This operation enables you to configure NTP multicast mode on the MA5600, so as to implement
clock synchronization among network devices.
14.4 Configuration Example of NTP Server/Client Mode
This operation enables you to configure NTP server/client mode on the MA5600, so as to
implement clock synchronization among network devices.
14.5 Configuration Example of NTP Peer Mode
This operation enables you to configure NTP peer mode on the MA5600, so as to implement
clock synchronization among network devices.
14.6 Configuring the NTP ID Authentication
This operation enables you to configure NTP ID authentication so as to enhance network security
and avoid unauthorized clock modification.
14.7 Configuring the NTP Master Clock
This operation enables you to configure the NTP master clock.
14.8 Configuring NTP Broadcast Mode
This section describes how to configure the MA5600 as NTP broadcast server mode and NTP
broadcast client mode.
14.9 Configuring the NTP Multicast Mode
This operation enables you to configure the NTP multicast server or client mode.
14.10 Configuring NTP Server/Client Mode
This operation enables you to define a remote server as the NTP server, and the local device as
the client.
14.11 Configuring NTP Peer Mode
This operation enables you to configure the MA5600 as the peer of a local device.
14.12 Configuring the Authority of Access to a Local Device's NTP Service
This operation enables you to configure the authority of access to a local device's NTP service.
14.13 Configuring an Interface for Transmitting/Receiving NTP Packets
This operation enables you to configure an interface for transmitting or receiving NTP packets.
14.1 Overview
This section describes the NTP concepts and its specification on the MA5600.
Service Description
Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite. NTP
is used to synchronize the time between the distributed time server and the client. The network
devices that support NTP keep their time consistent by exchanging NTP packets to implement
various service applications based on universal time, such as the network management system
and the network accounting system.
According to the time zone of the MA5600, NTP can synchronize the time with the NTP server.
In addition, NTP can automatically set the local time according to the time zone of the
MA5600.
For details on NTP, refer to the chapter "NTP" in the Feature Description.
Service Specification
There are four NTP modes:
l Server/client
l Peer
l Broadcast
l Multicast
The MA5600 supports all these modes.
Prerequisite
The time zone of the MA5600 is already configured. For details, refer to the "3.3.5 Setting
System Time".
Networking
Figure 14-1 shows a sample network for configuring NTP broadcast mode.
Figure 14-1 Sample network for configuring the NTP broadcast mode
IP
LSW
MA5600_A MA5600_B
An MA5600 serves as an NTP broadcast server, and periodically sends clock synchronization
packets to destination 255.255.255.255. The other MA5600 serves as a client to intercept the
broadcast packets from the server, and then synchronizes its clock with that of the server.
Data Plan
Table 14-1 lists the data plan for configuring NTP broadcast mode.
Item Data
Clock: Selects the local clock as the NTP master clock at stratum
2.
Context
l The network devices and the line must be in the normal state.
l The clock stratum of the synchronizing device must be equal to or lower than that of the
synchronized device. Otherwise, clock synchronization fails.
Configuration Flowchart
Figure 14-2 shows the flowchart for configuring NTP broadcast mode.
Start
End
Procedure
l Configure the NTP broadcast server MA5600_A.
1. Define the local clock of MA5600_A as the master NTP clock at stratum 2.
huawei(config)#ntp-service refclock-master 2
4. Define the master NTP clock as the NTP broadcast server and specify the
authentication ID.
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-key
88
----End
Result
Follow the steps below to verify the configuration:
1. After synchronization, show the state of MA5600_B.
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 1.1.1.1
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 996.5820 ms
root delay: 0.00 ms
root dispersion: 10.45 ms
peer dispersion: 10.93 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
By analyzing the sessions of MA5600_B, you can find that MA5600_B has been connected
to MA5600_A.
Prerequisite
The time zone of the MA5600 is already configured. For details, refer to the "3.3.5 Setting
System Time".
Networking
Figure 14-3 shows a sample network for configuring NTP multicast mode.
IP
LSW
MA5600_A MA5600_B
MA5600_A sends multicast packets through VLAN interface 2 while MA5600_B intercepts
multicast information from VLAN interface 2. After receiving multicast packets from
MA5600_A, MA5600_B synchronizes with MA5600_A.
Data Plan
Table 14-2 lists the data plan for configuring NTP multicast mode.
Clock: Selects the local clock as the NTP master clock at stratum
2.
Context
The stratum of the NTP server must be higher than or equal to that of the NTP client. Otherwise,
the synchronization fails.
Configuration Flowchart
Figure 14-4 shows the flowchart for configuring NTP multicast mode.
Start
End
Procedure
l Configure the NTP multicast server MA5600_A.
1. Set the local clock as the master clock working in stratum 2.
huawei(config)#ntp-service refclock-master 2
4. Set MA5600_A as the multicast server and specify the authentication ID.
huawei(config-if-vlanif2)#ntp-service multicast-server authentication-
keyid 88
----End
Result
Follow the steps below to verify the configuration:
1. After synchronization, display the state of MA5600_B.
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 1.1.1.1
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 996.5820 ms
root delay: 0.00 ms
root dispersion: 10.45 ms
peer dispersion: 10.93 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
By analyzing the sessions of MA5600_B, you can find that MA5600_B has been connected
to MA5600_A.
Prerequisite
The time zone of the MA5600 is already configured. For details, refer to the "3.3.5 Setting
System Time".
Networking
Figure 14-5 shows a sample network for configuring NTP server/client mode.
IP
LSW
MA5600_A MA5600_B
An MA5600 serves as an NTP broadcast server, while the other MA5600 serves as a client. The
client sends the clock synchronization request to the server and the server synchronizes the clock
according to the request.
Data Plan
Table 14-3 shows the data plan for configuring NTP server/client mode.
Context
The stratum of the NTP server must be higher than or equal to that of the NTP client. Otherwise,
the synchronization fails.
Configuration Flowchart
Figure 14-6 shows the flowchart for configuring NTP server/client mode.
Start
Is there a clock No
reference?
Yes
Configure the NTP master clock
No
Configure authentication?
Yes
No
Configure a layer 3 interface?
Yes
End
NOTE
l When the MA5600 functions as a time server, the layer 3 interface needs to be configured.
l If any other network device supporting NTP serves as a time server, whether the layer 3 interface needs
to be configured depends on the features of the device.
Procedure
l Configure the NTP server MA5600_A.
1. Set the local clock as the master clock working in stratum 2.
huawei(config)#ntp-service refclock-master 2
----End
Result
Follow the steps below to verify the configuration:
1. Before synchronization, display the state of MA5600_B.
huawei(config)#display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Prerequisite
The time zone of the MA5600 is already configured. For details, refer to the "3.3.5 Setting
System Time".
Networking
Figure 14-7 shows a sample network for configuring NTP peer mode.
IP
LSW
MA5600_A MA5600_B
One MA5600 serves as an NTP active peer, while the other MA5600 serves as the passive peer.
The active peer sends a clock synchronization request to the passive peer, and then the passive
peer responds to the request. In this case, the peer with a higher clock stratum is synchronized
by the peer with a lower clock stratum.
Data Plan
Table 14-4 lists the data plan for configuring NTP peer mode.
Item Data
Item Data
Configuration Flowchart
Figure 14-8 shows the flowchart for configuring NTP peer mode.
Start
Is there a clock No
reference?
Yes
Configure the NTP master clock
No
Configure authentication?
Yes
No
Configure a layer 3 interface?
Yes
End
Procedure
l Configure the server MA5600_A.
1. Set the local clock as the NTP master clock in stratum 2.
huawei(config)#ntp-service refclock-master 2
----End
Result
According to the above configurations, MA5600_A and MA5600_B are defined as peers.
MA5600_A works in active peer mode, and MA5600_B works in passive peer mode. By default,
the system clock is at stratum 16, so the clock of MA5600_B is at stratum 16. The clock of
MA5600_A is at stratum 2. Therefore, MA5600_B turns to MA5600_A for clock
synchronization.
MA5600_A has been synchronized with MA5600_B, and the stratum of MA5600_B is 3, an
increase of 1 on that of MA5600_A.
NOTE
Whether the active peer synchronizes with the passive peer or the passive peer synchronizes with active
peer is determined by the clock stratum rather than the active or the passive state.
Context
l If the NTP authentication is disabled on the client, the client can turn to the server for clock
synchronization, regardless of whether the NTP authentication is enabled on the server.
l If NTP authentication is enabled, a reliable key shall be configured.
l The configuration of the server shall be consistent with that of the client.
l If NTP is enabled on the client, the client can pass the authentication by the server, as long
as the server is configured with the same key as that of the client, regardless of whether
NTP authentication is enabled on the server or its key is reliable.
l The client synchronizes the server that provides the reliable key. If the server provides an
unreliable key, the client does not synchronize the server.
Configuration Flowchart
Figure 14-9 shows the flowchart for configuring the NTP server/client mode with ID
authentication.
Figure 14-9 Flowchart for configuring the NTP server/client mode with ID authentication
Start
End
Procedure
Step 1 Run the ntp-service authentication enable command to enable the NTP ID authentication.
Step 2 Run the ntp-service authentication-keyid command to set a key for the ID authentication.
Step 3 Run the ntp-service reliable authentication-keyid command to define the key as a reliable
one.
Step 4 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To enable NTP ID authentication, configure the NTP configuration key as aNiceKey with key
number of 42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5
aNiceKey
huawei(config)#ntp-service reliable authentication-keyid 42
huawei(config)#display current-configuration section post-system
[MA5600V300R003: 3002]
#
[post-system]
<post-system>
ip route-static 0.0.0.0 0.0.0.0 10.71.55.1
ip route-static 2.2.2.2 255.255.255.255 10.1.1.2
ip route-static 2.2.2.2 255.255.255.255 20.1.1.2
#
static-lsp ingress tunnel-interface tunnel1 destination 2.2.2.2 nexthop 10.1.1
.2 out-label 8200
static-lsp ingress tunnel-interface tunnel2 destination 2.2.2.2 nexthop 20.1.1
.2 out-label 8210
#
snmp-agent local-engineid 000007DB0300E0FC590001
snmp-agent sys-info version v1 v2c
snmp-agent group v3 group authentication read-view internet
snmp-agent usm-user v3 user group authentication-mode md5
5B35F3BA2B65CA9D4A35CC868E5963CF privacy-mode des56
B889728872508FA68D4C91595D092958
snmp-agent
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 X&9#$^U(!:[Q=^Q`
MAF4<1!!
ntp-service reliable authentication-keyid 42
#
ssh user op authentication-type password
ssh user user authentication-type password
ssh user test authentication-type password
#
tunnel-policy policy10
#
return
Related Operation
Table 14-5 lists the related operations for configuring NTP ID authentication.
Context
l The IP address of the local reference lock is set to 127.127.t.u, in which:
Procedure
Step 1 Run the ntp-service refclock-master command to configure the NTP master clock.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To define the clock of a local device as the master NTP clock at stratum 2 and specify the IP
address as 127.127.127.0, do as follows:
huawei(config)#ntp-service refclock-master 127.127.1.0 2
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 10.00 ms
reference time: 13:41:41.065 UTC Feb 14 2006(C79C5C95.10ADBC66)
Related Operation
Table 14-6 lists the related operation for configuring the NTP master clock.
Table 14-6 Related operation for configuring the NTP master clock
To... Run the Command...
Context
l This task is to specify an interface on the local device to transmit NTP broadcast packets.
The local device operates in broadcast-server mode, and serves as a broadcast server to
broadcast packets to its clients regularly.
l Perform this operation on the interface where the NTP broadcast packets are to be
transmitted.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the ntp-service broadcast-server command to configure the NTP broadcast server mode.
Step 3 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To define VLAN interface 2 on a local device to transmit NTP broadcast packets which are
encrypted by key 88, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-keyid 88
huawei(config-if-vlanif2)#quit
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif10>
interface vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls te
#
<vlanif30>
interface vlanif30
ntp-service broadcast-server authentication-keyid 88
#
return
Related Operation
Table 14-7 lists the related operations for configuring NTP broadcast server mode.
Table 14-7 Related operations for configuring NTP broadcast server mode
Display NTP service trace display ntp-service trace Synchronize NTP server chain
from the local device to the
reference clock source, and
display brief information on
each NTP server.
Context
l The local device first detects the broadcast packets from the server. When receiving the
first broadcast packet, it enters the client/server mode briefly to exchange packets with a
remote server for estimating the network delay. The local device then enters the broadcast
client mode, continues detecting the broadcast packets, and synchronizes the local clock
according to the received broadcast packets.
l Perform this operation on the interface where the NTP multicast packets are to be
transmitted.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the ntp-service broadcast-client command to configure NTP broadcast client mode.
Step 3 Run the display ntp-service status command to query the NTP information.
----End
Example
To specify a local device as a broadcast client to receive broadcast packets through VLAN
interface 2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei(config)#display ntp-service status
huawei#display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 212.125.95.4
nominal frequence: 100.0000 Hz
actual frequence: 100.0000 Hz
clock precision: 2^6
clock offset: 0.5809 ms
root delay : 372.66 ms
root dispersion: 23.87 ms
peer disper: 10.83 ms
reference time: 04:01:11.344 UTC May 16 2003(C26EE107.5847A17F)
Related Operation
Table 14-8 lists the related operations for configuring NTP broadcast client mode.
Table 14-8 Related operations for configuring NTP broadcast client mode
Context
Working principle of NTP multicast server is as follows:
l The local device first detects the multicast packets from the server. When receiving the first
multicast packet, it enters the client/server mode briefly to switch packets with a remote
server for estimating the network delay.
l The local device enters multicast client mode, continues to detect the multicast packets,
and synchronizes the local clock according to the received multicast packets.
Note that:
l The server and the client can be configured only on the interface where the NTP multicast
packets are to be transmitted or received.
l In multicast mode, the NTP configurations must be performed on both the server and the
client. The client must be synchronized by the clock of the server.
Procedure
Step 1 Run the interface vlanif command to enter the layer 3 interface mode.
Step 2 Run the ntp-service multicast-server command to configure the NTP multicast mode.
Step 3 Run the display ntp-service status command to query the NTP status information.
----End
To define a local device as multicast server to transmit multicast packets through VLAN interface
2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service multicast-server
huawei(config)#display ntp-service status
UA5000(config)#display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 10.94 ms
peer dispersion: 10.00 ms
reference time: 21:57:54.244 UTC Sep 9 2006(C8ADB762.3E7CD035)
To define a local device as multicast client to receive multicast packets through VLAN interface
2, do as follows:
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ntp-service multicast-client
huawei(config)#display ntp-service status
UA5000(config)#display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 10.94 ms
peer dispersion: 10.00 ms
reference time: 22:00:03.537 UTC Sep 9 2006(C8ADB7E3.89A7E308)
Related Operation
Table 14-9 lists the related operations for configuring the NTP multicast mode.
Table 14-9 Related operations for configuring the NTP multicast mode
Context
l The client sends the clock synchronization request to the server. After receiving the request,
the server automatically works in server mode and then sends the response. After receiving
the response from the server, the client filters and selects the clock, and synchronizes the
preferred server.
l In this mode, only the local client initiates the clock synchronization with the remote server,
while the remote server does not.
Procedure
Step 1 Run the ntp-service unicast-server command to configure the NTP server/client mode.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To specify the device with the IP address of 1.0.1.11 as the NTP server and the version as 3for
the client, do as follows:
huawei(config)#ntp-service unicast-server 1.0.1.11 version 3
huawei(config)#display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operation
Table 14-10 lists the related operations for configuring NTP server/client mode.
Context
l The active peer sends the clock synchronization request to the passive peer. After receiving
the request, the other peer automatically works in passive peer mode and sends the response.
Both the active peer and the passive peer synchronize their clocks mutually.
l In NTP peer mode, the NTP configuration is performed only on the active peer.
l The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Procedure
Step 1 Run the ntp-service unicast-peer command to configure NTP peer mode.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To specify the remote device with IP address of 3.0.1.32 as the peer of the local device, do as
follows:
huawei(config)#ntp-service unicast-peer 3.0.1.32
huawei(config)#display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operation
Table 14-11 lists the related operation for configuring NTP peer mode.
Prerequisite
The ACL applied already exists.
Context
By default, access to a local device's NTP service is not controlled. With this configuration,
when there is an access request, the request will be matched with peer, query, server, and
synchronization in descending order. The first matched authority will be granted.
l peer: authority for absolute access
l query: control and query authority.
l server: authority for server's access and query
l synchronization: authority for only the server's access
Procedure
Step 1 Run the ntp-service access command to configure the authority of access to a local device's
NTP service.
Step 2 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To configure the authority of access to a local device's NTP service as "peer", and the ACL
applied as 2000, do as follows:
huawei(config)#ntp-service access peer 2000
huawei(config)#display current-configuration section post-system
[MA5600V300R003: 3002]
#
[post-system]
<post-system>
ip route-static 0.0.0.0 0.0.0.0 10.71.55.1
ip route-static 2.2.2.2 255.255.255.255 10.1.1.2
ip route-static 2.2.2.2 255.255.255.255 20.1.1.2
#
snmp-agent local-engineid 000007DB0300E0FC590001
snmp-agent sys-info version v1 v2c
Related Operation
Table 14-12 lists the related operations for configuring the authority of access to a local device's
NTP service.
Table 14-12 Related operations for configuring the authority of access to a local device's NTP
service
To... Run the Command…
Prerequisite
The applied ACL has been existed.
Context
l Once an interface is specified through the ntp-service source-interface command, the IP
address of the interface is also the IP address of the packets.
l If the ntp-service unicast-server or ntp-service unicast-peer command also specifies a
transmit interface, this transmit interface prevails.
Procedure
Run the ntp-service source-interface command to specify an interface for transmitting NTP
packets.
----End
Example
To specify interface MEth 0 for transmitting NTP packets, do as follows:
huawei(config)#ntp-service source-interface meth 0
Related Operation
Table 14-13 lists the related operations for configuring an interface for transmitting or receiving
NTP packets.
Table 14-13 Related operations for configuring an interface for transmitting or receiving NTP
packets
To... Run the Command… Remarks
This chapter describes how to configure the MAC address and MAC address pool on the
MA5600.
15.1 Overview
This chapter describes MAC address and its application to the MA5600.
15.2 Adding a Static MAC Address
This operation enables you to add a static MAC address.
15.3 Setting the Maximum MAC Address Number Learned by a Service Port
This operation enables you to set the maximum MAC address number learned by a service port.
This helps to restrict the number of users connected to the port.
15.4 Configuring the Aging Time of a Dynamic MAC Address
This operation enables you to configure the aging time of a dynamic MAC address.
15.5 Binding the MAC Address
This operation enables you to bind a service port with a MAC address.
15.6 Configuring MAC Address Filtering
This operation enables you to configure the function of MAC address filtering to filter the packets
with the source MAC address as the specified one.
15.7 Configuring the MAC Address Pool
This operation enables you to configure the MAC address pool.
15.1 Overview
This chapter describes MAC address and its application to the MA5600.
Service Description
To meet the needs of bearing multiple services, the MA5600 supports the MAC address lists
and the MAC address pool.
The MAC address lists of the MA5600 is capable of learning new MAC addresses. If the source
MAC address of a packet does not exist in the list, the MA5600 can add the source MAC address
and the port number of the received packet to the list as a new item.
Dynamic MAC addresses in the MAC address list also features the aging function. The
MA5600 deletes the associated address items of a device that has not sent any packet with this
source MAC address for a certain period.
In IP over ATM (IPoA) or PPP over ATM (PPPoA) access, the MA5600 needs to convert the
IPoA/PPPoA packets into IP over Ethernet (IPoE)/PPP over Ethernet (PPPoE) packets. In this
case, the MAC address pool of the MA5600 needs to allocate MAC addresses to users, and add
ATM cells with the MAC address, that is, source MAC addresses (SMAC), so as to convert
ATM cells to Ethernet frames.
Service Specification
The MA5600 supports up to 1024 static MAC addresses.
The MA5600 supports up to 20 MAC address pools, but the total number of configurable MAC
addresses cannot exceed 1024.
The MA5600 supports up to 16384 MAC addresses including the dynamic MAC addresses and
static MAC addresses.
Context
l When you add a static MAC address and there exists the same dynamic MAC address in
the specified service channel or the upstream port of a specified VLAN, the dynamic MAC
address is overwritten by the static MAC address. A static MAC address cannot be added
if there exists a same static MAC address in the system.
l The configured static MAC address must be excluded from the MAC address pool. You
can run the display mac-pool command to check it.
l An upstream port which is included in different VLANs can be configured with the same
static MAC address.
Procedure
Step 1 Run the mac-address static command to add a static MAC address.
Step 2 Run the display mac-address static command to query the configured static MAC address.
----End
Example
To configure the MAC address of ADSL2+ port 0/2/0 (with VPI/VCI of 0/32) as
1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/2/0 vpi 0 vci 32 1010-1010-1010
huawei(config)#display mac-address static
---------------------------------------------------------------------------
Type MAC MAC Type F/S /P VPI VCI FLOWTYPE FLOWPARA VLANID
---------------------------------------------------------------------------
adl 1010-1010-1010 static 0/2/0 0 32 - - 3
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in gpon port
Related Operation
Table 15-1 lists the related operation for adding a static MAC address.
Context
l By default, the maximum MAC address number learned by a service port is 255.
l The maximum MAC address number learned by a service port does not include the
configured static MAC addresses.
Procedure
Step 1 Run the mac-address max-mac-count command to set the maximum MAC address number
learned by a service port.
Step 2 Run the display mac-address max-mac-count command to query the configured maximum
MAC address number learned by the service port.
----End
Example
To set the maximum MAC address number learned by service port 0/2/0 with VLAN ID of 10
at the user side as 10, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 32 user-vlan 10 10
huawei(config)#display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 32 user-vlan
10
Command:
display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 32 user-vlan 10
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/2/0 0 32 10 user-vlan 10 10
----------------------------------------------------------------------------
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in gpon port
Context
l To effectively realize the aging function of dynamic MAC addresses, you need to configure
the aging time. If a device has not transmitted any packet during the period which is the
one to double of the aging time, the MA5600 deletes the MAC address of the device from
the MAC address list.
l By default, the aging time is 300s. In general, the default value is recommended.
l If the aging time is set too short, a dynamic MAC address is deleted very soon. As a result,
the data packets associated with the address are broadcast to all the ports in a VLAN due
to the failure to find the destination address, thus affecting the running efficiency of the
MA5600.
l On the other hand, if the aging time is set too long, the MA5600 cannot update its MAC
address list according to the network change. Consequently, if the number of MAC
addresses learnt on the specified port reaches the maximum value, packets with new MAC
addresses are directly discarded due to failure to find the destination address.
l The address aging function is only effective to dynamic MAC addresses.
Procedure
Step 1 Run the mac-address timer command to configure the aging time of a dynamic MAC address.
Step 2 Run the display mac-address timer command to query the configured aging time of the
dynamic MAC address.
----End
Context
The MA5600 does not support binding a MAC address directly. By configuring a static MAC
address entry and setting the maximum address count to 0, you can bind a port with a MAC
address.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/2/0 is 1010-1010-1010, and the
maximum address count is 0, to bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/2/0 vpi 0 vci 35 1010-1010-1010
huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/2/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in epon port
Context
The system supports up to four filtering MAC addresses.
Procedure
Step 1 Run the security mac-filter command to configure MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To configure the MAC address 1000-0000-0000 as the filtering MAC address, do as follows:
huawei(config)#security mac-filter 1000-0000-0000
huawei(config)#display security mac-filter
--------- Mac Address ---------
1000-0000-0000
---- 1 mac address found ----
Related Operation
Table 15-2 lists the related operation for configuring MAC address filtering.
Context
l The system supports up to 20 MAC address pools and totally 1024 MAC addresses.
l The configured static MAC address must be excluded from the MAC address pool to be
configured. You can run the display mac-address static command to check it.
l A MAC address pool cannot contain the MAC address of the control board.
l When adding a MAC address pool, you do not need to specify the index and range of the
MAC address pool. By default, the range is 256.
You need to configure the MAC address pool in one of the following two cases:
l The user modem adopts the IPoA access mode, and the MA5600 adopts the IPoA or Auto
encapsulation mode.
l The user modem adopts the PPPoA access mode, and the MA5600 adopts the PPPoA or
Auto encapsulation mode.
Procedure
Step 1 Run the mac-pool command to configure the MAC address pool.
Step 2 Run the display mac-pool command to query the added MAC address pool.
----End
Example
To add a MAC address pool with the index of 0, the start MAC address of 1000-0000-0000, and
the address count of 800, do as follows:
huawei(config)#mac-pool 0 1000-0000-0000 800
huawei(config)#display mac-pool all
Current allocation method of MAC addresses: manual
User-configured MAC pools :
----------------------------------------------------------------
Index StartMAC EndMAC Scope UsedNum
----------------------------------------------------------------
0 1000-0000-0000 1000-0000-031f 800 0
----------------------------------------------------------------
MAC pools : 1, MAC addresses :800, Addresses in use : 0
This chapter describes how to configure the TCP&IP connection on the MA5600.
16.1 Overview
This chapter describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application to the MA5600.
16.2 Basic Concepts
This section describes concepts of synwait timer and finwait timer.
16.3 Configuring the Synwait Timer
This operation enables you to configure the synwait timer.
16.4 Configuring the Finwait Timer
This operation enables you to configure the finwait timer.
16.5 Configuring the Socket Buffer
This operation enables you to configure the size of the socket transmit and receive buffer.
16.6 Enabling the TCP Debugging
This operation enables the TCP debugging.
16.7 Enabling the IP Packets Debugging
This operation enables the IP packets debugging.
16.1 Overview
This chapter describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application to the MA5600.
Service Description
The MA5600 supports TCP/IP.
TCP connection configuration involves:
l Configuring the synwait timer
l Configuring the finwait timer
l Configuring the socket buffer
l Enabling the TCP debugging
Synwait Timer
When the synchronization (SYN) packet is sent, TCP enables the synwait timer. If no
acknowledgement (ACK) packet is received before time specified by the synwait timer, the TCP
connection will be terminated.
Finwait Timer
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer
is enabled.
If no FIN packet is received before the time specified by the finwait timer, the TCP connection
will be dropped.
Context
The timeout time of synwait timer ranges from 2s to 600s. The default is 75s.
Procedure
Run the tcp timer syn-timeout command to configure the synwait timer.
----End
Example
To set the TCP timer time as 100s, do as follows:
huawei(config)#tcp timer syn-timeout 100
Related Operation
Table 16-1 lists the related operation for configuring the synwait timer.
Restore the default setting of the syswait undo tcp timer syn-timeout
timer
Context
The timeout time of finwait timer ranges from 76s to 3600s. The default is 675s.
Procedure
Run the tcp timer fin-timeout command to configure the finwait timer.
----End
Example
To set the time of finwait timer as 200s, do as follows:
huawei(config)#tcp timer fin-timeout 200
Related Operation
Table 16-2 lists the related operation for configuring the finwait timer.
Context
The buffer size ranges from 1 KB to 32 KB. The default is 4 KB.
Procedure
Run the tcp window command to set the size of the socket transmit & receive buffer.
----End
Example
To set the size of the socket transmit & receive buffer as 12 KB, do as follows:
huawei(config)#tcp window 12
Related Operation
Table 16-3 lists the related operation for configuring the socket buffer.
Context
After the terminal monitor and terminal debugging function are enabled, the related
information will be displayed on the terminal.
By default, the terminal monitor and terminal debugging functions are disabled.
Procedure
Run the debugging tcp packet command to enable the TCP debugging.
----End
Example
To enable the TCP debugging, do as follows:
huawei(config)#debugging tcp packet
Related Operation
Table 16-4 lists the related operations for enabling the IP packets debugging.
Context
After the terminal monitor and terminal debugging function are enabled, the related
information will be displayed on the terminal.
By default, the terminal monitor and terminal debugging functions are disabled.
Procedure
Run the debugging ip packet command to enable the IP packets debugging.
----End
Example
To enable the IP packets debugging, do as follows:
huawei(config)#debugging ip packet
*0.24271340 MA5600-42 IP/8/debug_case:
Receiving, interface = vlanif3000, version = 4, headlen = 20, tos = 192,
pktlen = 70, pktid = 35614, offset = 0, ttl = 1, protocol = 17,
checksum = 17131, s = 10.11.0.209, d = 224.0.0.2
prompt: Receiving IP packet
Related Operation
Table 16-5 lists the related operations for enabling the IP packets debugging.
17 Configuring ACL
17.1 Overview
This chapter describes access control list (ACL) and its applications to the MA5600.
Service Description
An ACL carries out the packet filtering function. You can configure some matching rules on
network devices to filter unwanted data packets. With the matching rules, network devices can
permit or deny the matching data packets to pass. The classified traffic is the prerequisite for
carrying out Quality of Service (QoS).
For details on ACL, refer to the Feature Description ACL.
Service Specifications
The MA5600 can ensure high QoS for user services based on the traffic rule classification,
measurement and scheduling policies. The MA5600 supports the following types of ACLs:
l Basic ACL
l Advanced ACL
l Layer 2 ACL
l Customized ACL
The MA5600 performs filtering, traffic mirroring, traffic limitation, priority queuing,
scheduling, redirection, and traffic measurement on packets filtered by ACL rules.
If ACL rules are delivered to user port of the MA5600, such as ADSL2+ port 0/1/0, then all
ADSL2+ ports in slot 1 of frame 0 filter packets; If ACL rules are delivered to an Ethernet port,
then only the Ether port filters packets.
For the basic, advanced or layer 2 ACL, the mask of the IP/MAC address is the inverse mask.
For the customized ACL, the mask of the IP/MAC address is the positive mask.
ACL Types
Table 17-1 describes the four types of ACLs.
Assume that ACL group A denies all IP packets, and ACL group B permits packets to a specific
IP address, QoS action A is based on ACL A, while QoS action B is based on ACL B. Activate
QoS action A first on a port, and then activate QoS action B on the same port. After that, all
packets are denied except the packets carrying the specific IP address. This is because that QoS
action B is activated later than QoS action A.
If QoS action B is activated first on the port, and QoS action A is activated later, all the IP packets
are denied.
Matching Sequence
When matching the packets using different groups of ACL rules, the QoS action that is activated
earlier has a higher priority than the actions activated later.
Assume that ACL group A filters all IP packets, and ACL group B permits packets to a specific
IP address, QoS action A is based on ACL A, while QoS action B is based on ACL B. Activate
QoS action A first on a port, and then activate QoS action B on the same port. After that, all IP
packets are filtered. This is because that QoS action B is activated later than QoS action A.
If QoS action B is activated first on the port, and QoS action A is activated later, all packets are
filtered except the packets carrying the specific IP address.
You can define a rule such as permit any or deny any for all ACLs so that any packet has a
rule to match.
l Activate QoS actions consecutively if the QoS actions apply to the same ACL rule.
To enable traffic statistics and traffic limitation on packets that match with rule 10 of
ACL 2001, activate these two actions consecutively. The reason is that all QoS actions
based on the same rule share the same hardware resource.
l Activate QoS actions consecutively if the QoS actions have the same type of parameters
but different parameter values. This is because ACLs with the same parameters but different
values share the same hardware resource.
Assume that rule 10 of ACL 2000 denies packets from IP address 1.1.1.1, while rule 15
of ACL 2000 denies packets from IP address 2.2.2.2.
l The same type of parameter is used in configuring the two rules, only parameter values
differ. So the two rules use the same hardware resource, and have the same priority if they
are activated consecutively.
l When configuring an ACL group, comply with the principle that all ACLs within the group
have the same parameters but different values, as ACLs with the same parameters but
different values can share the same hardware resources. If a QoS based on an ACL group
is issued, the ACLs within the group will have the same priority. To offer different priorities
to rules of different ACL groups, comply with the preceding rules.
l The activated ACL rules will consume the hardware resources and share the hardware
resources with the protocol module (such as DHCP and IPoA) functions. In this case, the
hardware resources are insufficient.
Therefore, it is recommended to initiate the protocol module first and then activate ACL
rules in the data configuration.
If you fails to initiate a protocol module, handling it according to the steps given below:
CBR
The CBR is used for connections that require static bandwidth and the highest priority. It features
high stability and low burst. Data services are delivered in a fixed period with the smallest burst.
The CBR applies to the circuit service, emulation voice service and video service. Peak Cell
Rate (PCR) is the only parameter required for applying the CBR service. The source end can
send cells at the PCR rate or a rate lower than PCR.
rt-VBR
The rt-VBR is delay-critical and jitter-critical. It applies to voice services and interactive video
services. Compared with the CBR service, the rt-VBR service is more tolerant to burst. The
source end can send the data at different rates.
nrt-VBR
The nrt-VBR is used for non-realtime services with burst nature. Compared with the rt-VBR
service, the nrt-VBR service has lower priority.
UBR
The UBR is applied to services with high burst and no real time requirement, such as FTP and
E-mail. UBR users only demand best-effort service without QoS requirement.
The network offers no QoS guarantee for the UBR service. When congestion occurs, UBR cells
are the first to be dropped. Error correction is carried out by the upper layer protocols.
Traffic Classes
The MA5600 supports four service types, which correspond to thirteen traffic classes as defined
in RFC 2514. Different traffic types require different parameters.Table 17-2 shows all traffic
classes and their parameter settings. In the following table, parameter is abbreviated as P.
Service Traffic P1 P2 P3 P4
Type Class
Service Traffic P1 P2 P3 P4
Type Class
ClpNoTaggingScrCdvt Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr and drops on clp0Scr and drops the
the mismatched cells. mismatched cells.
ClpTaggingScrCdvt Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr. The on clp0Scr and drops the
mismatched CLP0 cells are mismatched cells.
labelled and the mismatched
CLP1 cells are dropped.
ClpNoTaggingScr Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr and drops on clp0Scr and drops the
the mismatched cells. mismatched cells.
ClpTaggingScr Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr. The on clp0Scr and drops the
mismatched CLP0 cells are mismatched cells.
labelled and the mismatched
CLP1 cells are dropped.
Traffic Class
Currently, the CBR service and rt-VBR service of the MA5600supports traffic shaping.
To enhance the processing efficiency of the system, 32 traffic classes are provided to the
parameters of the CBR service; similarly, 16 traffic classes are provided to the CPL01SCR and
CPL0SCR parameters of rt-VBR service.
By default, the system supports 32 traffic classes: 64, 128, 256, 512, 1000, 1024, 1500, 1920,
2000, 2048, 2500, 3000, 4096, 5000, 6000, 7000, 8000, 8160, 9000, 10000, 12000, 20000,
24544, 34000, 45000, 50000, 100000, 120000, 155000, 300000, 400000, 599039.
By default, the system supports 16 traffic classes: 64, 128, 192, 256, 320, 512, 800, 1024, 1500,
2000, 4000, 8096, 16000, 32000, 64000, 128000.
l Control the traffic at the access end, and monitor the traffic at the convergence end.
l Impose traffic control at places prone to traffic congestion or convergence.
l Impose traffic control at places near the source end.
l Impose traffic control at places with switching nodes.
l Impose traffic control for every node if end-to-end QoS must be ensured.
l Impose traffic control for every node, because the bandwidth of a PVC is determined by
the minimum SCR among nodes of the PVC.
l Determine the user bandwidth according to the minimum SCR among the nodes with the
services going through.
Traffic control is applicable to all devices in the whole network. Located at the access layer, the
MA5600 shall have the traffic control function to reduce traffic burstness and maintain the
stability of service delivery. In the upper layer device, traffic monitoring shall be enabled.
Data Plan
Table 17-4 lists the data plan for configuring the basic ACL.
Configuration Flowchart
Figure 17-1 shows the flowchart for configuring a basic ACL.
Start
Create an ACL
Activate/Deactivate an ACL
for a port
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, the port 0/7/0 on the MA5600
can receive the data packets from IP address 2.2.2.2, and discard other data packets.
Data Plan
Table 17-5 lists the data plan for configuring the advanced ACL.
DSCP 23 -
Configuration Flowchart
Figure 17-2 shows the flowchart for configuring an advanced ACL.
Start
Create an ACL
Activate/Deactivate an ACL
for a port
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/7/0 on the MA5600 can
receive the data packets from 2.2.2.0 to 3.3.3.3 with DSCP of 23. Other packets are discarded.
Data Plan
Table 17-6 lists the data plan for configuring the layer 2 ACL.
Source VLAN ID 12 -
Context
If you omit "0x" when entering the type of an Ethernet bearer protocol, the input shall be
considered as a decimal number. The decimal number you input is converted to hexadecimal
ones for the protocol type.
Configuration Flowchart
Figure 17-3 shows the flowchart for configuring a layer 2 ACL.
Start
Create an ACL
Activate/Deactivate an ACL
for a port
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/7/0 on the MA5600 can
receive the Ethernet frames with the source MAC address of 2222-2222-2222, destination MAC
address of 00e0-fc11-4141, VLAN ID of 12, and COS of 1. Other packets are discarded.
Context
The customized ACL can only be used to filter the data frame that is in the format of ETH II +
VLAN tag.
Data Plan
Table 17-7 shows the data plan for configuring the customized ACL.
Offset 27 -
Configuration Flowchart
Figure 17-4 shows the flowchart for configuring a customized ACL.
Start
Create an ACL
Activate/Deactivate an ACL
for a port
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/7/0 on the MA5600 rejects
TCP packets.
Context
The MA5600 supports up to 64 ACLs. Each ACL can be configured with up to 64 rules.
Procedure
Step 1 Run the acl command to create an ACL.
Step 2 Run the quit command to quit from the ACL config mode.
Step 3 Run the display acl command to query the configuration of the ACL.
----End
Example
To create an advanced ACL with ID of 3000, do as follows:
huawei(config)#acl 3000
huawei(config-acl-adv-3000)#quit
huawei(config)#display acl 3000
Advanced ACL 3000, 0 rule
Acl's step is 5
Related Operation
Table 17-9 lists the related operations for creating an ACL.
Delete an ACL undo acl If an ACL and its rules are activated, or if
they are quoted by other QoS functions,
the ACL and the rules cannot be deleted.
Configure the step step Step means the difference between two
for an ACL neighboring rules in a group of ACL rules.
By default, it is 5.
Context
ACL time ranges include relative time and absolute time.
l Relative time refers to periodical intervals, such as the period from 8:30 in the morning to
18:30 in the afternoon every Monday.
l Absolute time refers to intervals from a specific moment to another specific moment, such
as the period from 12:00 in the noon on June 8, 2006 to 18:00 in the afternoon on August
8, 2006.
The principle for a time range to take effect is as follows:
l When a time range includes only absolute time or relative time, the union set of all intervals
in the time range takes effect.
l When a range time includes both absolute time and relative time, the intersection set of the
union sets of both relative time and absolute time takes effect.
Note that:
l Configuring a time range is optional when you configure an ACL.
l A time range that is used cannot be deleted.
Procedure
Step 1 Run the time-range command to configure a time range.
Step 2 Run the display time-range command and you can find that the time range is configured.
----End
Example
To create a time range named "last24hrs" that is valid for the whole day of 2008-03-24, do as
follows:
Context
l By default, the step is 5.
l If a step changes, the rules in an ACL shall be re-numbered.
For example, presume that the rules of an ACL are numbered as 5, 10, and 15. If you
set the step to 2 using the command step 2, the rules will be numbered as 2, 4 and 6.
l To restore the default step value and renumber the ACL rules, run the undo step command.
Assume that ACL 1 contains rules 1, 3 and 5 with a step of 2. After you run the undo
step command, the numbers of the ACL rules are 5, 10 and 15, with the default step of
5.
Procedure
Step 1 Run the step command to modify the step of ACL rule.
Step 2 Run the display acl command to query the set step.
----End
Example
To set the step to 10, do as follows:
huawei(config-acl-basic-2000)#step 10
huawei(config)#display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 10
rule 10 permit (0 times matched)
Related Operation
Table 17-10 lists the related operation for setting the step.
Prerequisite
The basic ACL to which the rule is added already exists.
Context
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create a basic ACL rule.
Step 2 Run the rule command to configure the basic ACL rule.
Step 3 Run the quit command to quit from the basic ACL config mode.
Step 4 Run the display acl command to query the information on the basic ACL rule.
----End
Example
To define a basic ACL rule that enables data packets from 2.2.2.2 to pass, do as follows:
huawei(config)#acl 2000
huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0
huawei(config-acl-basic-2000)#quit
huawei(config)#display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 2.2.2.2 0 (0 times matched)
Related Operation
Table 17-11 lists the related operation for creating a basic ACL rule.
Prerequisite
The advanced ACL to which the rule is added already exists.
Context
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create an advanced ACL rule.
Step 2 Run the rule command to configure the advanced ACL rule.
Step 3 Run the quit command to quit from the advanced ACL config mode.
Step 4 Run the display acl command to query the information on the ACL rule.
----End
Example
To define an advanced ACL rule that enables data packets from 2.2.2.2 to 3.3.3.3 with DSCP
of 23 to pass, and the valid time as the predefined time 1, do as follows:
huawe(config)#acl 3000
huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3
0 dscp 23 time-range time1
huawei(config-acl-adv-3000)#quit
huawei(config)#display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3 0 dscp 23 time-range
time1 (0 times matched)(Inactive)
Related Operation
Table 17-12 lists the related operation for creating an advanced ACL rule.
Prerequisite
The layer 2 ACL to which the rule is added already exists.
Context
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create a layer 2 ACL rule.
Step 2 Run the rule command to configure the layer 2ACL rule.
Step 3 Run the quit command to quit from the layer 2 ACL config mode.
Step 4 Run the display acl command to query the information on the layer 2 ACL rule.
----End
Example
To define a layer 2 ACL rule that enables data packets with type of 0x8863, VLAN ID of 12,
COS of 1, source MAC address of 2222-2222-2222 and destination MAC address of 00e0-
fc11-4141 to pass, do as follows:
huawe(config)#acl 4000
huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000
huawei(config-acl-link-4000)#quit
huawei(config)#display acl 4000
Basic ACL 4000, 1 rule
Acl's step is 5
rule 1 permit type 0x8863 cos background source 2222-2222-2222 0000-0000-0000
12 destination 00e0-fc11-4141 0000-0000-0000
Related Operation
Table 17-13 lists the related operation for creating a layer 2 ACL rule.
Prerequisite
The customized ACL to which the rule is added already exists.
Context
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Figure 17-5 shows the first 64 bytes of a layer 2 frame. Every letter represents one hexadecimal,
and every two letters represent one byte.
Table 17-14 lists the meaning of the letters and their offset values.
G IP packet 20 R Acknowledgem 46
length ent
K Protocol 27 V Other 54
number (6
refers to TCP
and 17 refers to
UDP)
In Figure 17-5, the offset of their field is their offset in the 802.3 data frame of Sub Network
Access Protocol (SNAP) + tag. For the customized ACL, the user can use the rule mask and
offset parameters to extract any byte from the first 80 bytes of data frame, and then compare the
extracted byte with customized rules to filter matched data frames for processing.
Procedure
Step 1 Run the acl command to create a customized ACL rule.
Step 2 Run the rule command to configure the customized ACL rule.
Step 3 Run the display acl command to query the information on the ACL rule.
----End
Example
To filter all TCP packets, do as follows:
huawe(config)#acl 5000
huawei(config-acl-adv-5000)#rule permit 06 ff 27
huawei(config-acl-adv-5000)#quit
huawei(config)#display acl 5000
User ACL 5000, 1 rule
Acl's step is 5
rule 5 permit 06 ff 27
Related Operation
Table 17-15 lists the related operation for creating a customized ACL rule.
Table 17-15 Related operation for creating a used defined ACL rule
Prerequisite
The ACL to be activated has been configured, and the port for which the ACL is to be activated
is working in the normal state.
Procedure
Step 1 Run the packet-filter command to activate an ACL.
Step 2 Run the display packet-filter port command and you can find that the ACL is activated.
----End
Example
To activate ACL 3000 of port 0/2/0, do as follows:
huawei(config)#packet-filter inbound ip-group 3000 port 0/2/0
huawei(config)#display packet-filter port 0/2/0
port0/2/0
Inbound:
inbound Acl 3000 rule 1 port 0/2/0 running
Related Operation
Table 17-16 lists the related operation for activating the ACL of a port.
18.1 Overview
This section describes the Quality of Service (QoS) functions and the application of the functions.
18.2 Configuring the Traffic Entry
This operation enables you to configure the traffic entry. The traffic entries are the core of traffic
management. You can bind traffic entries with service traffic to achieve traffic management. In
the traffic management, traffic entries monitor and control the service traffic.
18.3 Configuring the Queue Scheduling
A queue is a unit that schedules packets in a physical port. After the queue scheduling is set, the
packets of key services can be processed in time when network congestion occurs.
18.4 Managing the Traffic Based on the ACL Rule
This section describes how to filter by the ACL rule the traffic that passes through the port and
how to manage the traffic that matches the ACL rule.
18.5 Setting the Rate Limit for an Upstream Port
This section describes how to set the rate limit for an upstream port.
18.1 Overview
This section describes the Quality of Service (QoS) functions and the application of the functions.
Service Description
QoS means the performance when the data stream flows through a network. By setting different
parameters of the QoS, such as service availability, throughput, delay, jitter, and packet loss
ratio, you can provide users with high quality services.
For details on the QoS, refer to the chapter "QoS" in the .MA5600 Feature Description
Service Specifications
The MA5600 supports the following QoS functions:
l Traffic management based on data stream
l Queue scheduling
The MA5600 supports the following queue scheduling modes:
– Strict-priority queue (PQ)
– Weighted round robin (WRR)
l Traffic management based on ACLs
l Rate restriction on upstream ports
NOTE
When configuring the traffic management based on ACLs, you need to configure the ACL for only port 0
of a service board (excepting the ETHA board). After the configuration, the ACL is valid for all the ports
of the service board.
Context
ATM-based Traffic Management
The MA5600 provides the ATM service by means of permanent virtual connection (PVC). When
setting up a PVC, select the traffic profile index, which corresponds to the traffic table.
l Traffic index
It is the traffic profile index selected when the PVC is set up.
l Service type
The MA5600 supports four service types: CBR, rt-VBR, nrt-VBR and UBR.
l Traffic type
The MA5600 supports the traffic shaping of the CBR and rt-VBR service. To enhance
the processing efficiency, 32 traffic classes are provided for CLP01PCR parameter of
CBR service; Similarly, 16 traffic classes are provided to CPL01SCR and CLP0SCR
parameters of rt-VBR service.
l Traffic parameter
It is the traffic profile index selected when the virtual port is added to the VLAN.
l CAR
It is the policy for selecting the traffic priority and packet priority.
Procedure
Step 1 Run the traffic table command to configure a traffic entry.
Step 2 Run the display traffic table command to query a traffic entry.
----End
Example
Assume that:
l Service type: cbr
l Traffic class: noClpNoScr
l Clp01Pcr: 160
l 802.1p priority: 6
l Priority policy: tag-In-Package
To add an ATM traffic entry, do as follows:
huawei(config)#traffic table atm srvcategory cbr tdtype noClpNoScr clp01Pcr 160
priority 6
priority-policy tag-In-Package
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index :
0
Priority :
6
Priority policy : tag-
pri
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 128 6 tag-
pri
-----------------------------------------------------------------------------
Assume that:
l CAR: 2048 kbps
l 802.1p priority: 6
l Priority policy: tag-In-Package
To add an IP traffic entry, do as follows:
huawei(config)#traffic table ip car 2048 priority 6 priority-policy tag-In-Package
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index : 10
Priority : 6
Priority policy : tag-pri
CAR : 2048 kbps
TD Type : NoClpNoScr
Service category : ubr
Referenced Status: not used
EnPPDISC : on
EnEPDISC : on
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
10 2048 6 tag-
pri
-----------------------------------------------------------------------------
Related Operation
Table 18-1 lists the related operations for configuring the traffic entry.
Delete a traffic entry undo traffic table You can delete a traffic entry
only if it is not referenced.
– WRR
NOTE
Context
The MA5600 supports two queue scheduling modes: PQ and WRR.
l PQ
PQ gives priority to packets in a high priority queue. When the high priority queue is empty,
packets in a queue with a lower priority are sent.
By default, the PQ mode is adopted.
l WRR
The system supports WRR for eight queues. Each queue has a weight value, namely, w7,
w6, w5, w4, w3, w2, w1, and w0 in descending order. The weight values mean the
proportions for resources acquisition. WRR is performed for the queues in turn. This
guarantees that each queue can obtain certain service time.
Table 18-2 lists the relationship between the weight values and the actual queues.
Table 18-2 Relationship between the weight values and the actual queues
Queue Configured Actual Queue Actual Queue
Number Weight Weight (Supporting Weight (Supporting
Ports of Eight Ports of Four
Queues) Queues)
7 W7 W7 -
6 W6 W6 -
5 W5 W5 -
4 W4 W4 -
3 W3 W3 W7 + W6
2 W2 W2 W5 + W4
1 W1 W1 W3 + W2
0 W0 W0 W1 + W0
NOTE
Wn: means the weight of queue n. The weight sum of queues must be equal to 100.
Procedure
Step 1 Run the queue-scheduler command to set the queue scheduling.
Step 2 Run the display queue-scheduler command to query the configuration of the queue scheduling.
----End
Example
To set the queue scheduling mode as WRR and assign weight values 10, 10, 20, 20, 10, 10, 10
and 10 to eight queues, do as follows:
huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10
huawei(config)#display queue-scheduler
Queue scheduling mode: weighted round robin
weight of queue 0: 10%
weight of queue 1: 10%
weight of queue 2: 20%
weight of queue 3: 20%
weight of queue 4: 10%
weight of queue 5: 10%
weight of queue 6: 10%
weight of queue 7: 10%
Related Operation
Table 18-3 lists the related operations for setting the queue scheduling.
Prerequisite
The related ACL and the sub rules are configured.
Context
l The restriction is valid only for permit rules of an ACL.
l The rate of the limited traffic must be an integer multiple of 64.
Procedure
Step 1 Run the traffic-limit command to restrict the ACL-matched traffic over a specified port
Step 2 Run the display qos-info traffic-limit port command to query the traffic control information
about the specified port.
----End
Example
For the traffic received on port 0/2/0 that matches the rule of ACL 2001, to limit its rate to 512
kbit/s; and for the packets that exceed the preset value, to label the packets with the DSCP priority
(af1), do as follows:
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port
0/2/0
huawei(config)#display qos-info traffic-limit port 0/2/0
traffic-limit:
port 0/2/0:
Inbound:
Matches: Acl 2001 rule 5 running
Target rate: 512 Kbps
Exceed action: remark-dscp af1
Related Operation
Table 18-4 lists the related operation for configuring the traffic restriction.
18.4.2 Adding a Priority Tag to the Traffic That Matches the ACL
Rule
This section describes how to add a priority tag to the ACL-matched traffic over a specified port,
so that the traffic can enjoy the services for the specified priority. The priorities that can be used
include ToS, DSCP, and 802.1p.
Context
The operation of adding priority tags is valid only for permit rules of an ACL.
The ToS and the DSCP priorities are mutually exclusive. Therefore, they cannot be configured
at the same time.
Prerequisite
The ACL and its sub rules are configured, and the port involved in adding a priority tag to the
traffic is working in the normal state.
Procedure
Step 1 Run the traffic-priority command to add a priority tag to the ACL-matched traffic over a
specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority.
----End
Example
Assume that the DSCP priority is 10 (af1) and the local priority is 0. To add a priority tag to the
traffic that matches ACL rule 2001 and is received by port 0/2/0, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/2/0
huawei(config)#display qos-info traffic-priority port 0/2/0
traffic-priority:
port 0/2/0:
Inbound:
Matches: Acl 2001 rule 5 running
Priority action: dscp af1 cos background
Related Operation
Table 18-5 lists the related operation for adding a priority tag to the traffic that matches the ACL
rule.
Table 18-5 Related operation for adding a priority tag to the traffic that matches the ACL rule
To... Run the Command...
Context
Traffic measurement is valid only for permit rules of an ACL.
Prerequisite
The ACL and its sub rules are configured, and the port involved in traffic statistics is working
in the normal state.
Procedure
Step 1 Run the traffic-statistic command to collect the statistics of the ACL-matched traffic over a
specified port
Step 2 Run the display qos-info traffic-statistic port command to query the traffic statistics about the
specified port.
----End
Example
To measure the traffic that matches ACL 2001 and are received on port 0/7/0, do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/7/0
huawei(config)#display qos-info traffic-statistic port 0/7/0
traffic-statistic:
port 0/7/0:
Inbound:
Matches: Acl 2001 rule 5 running
0 packet
Related Operation
Table 18-6 lists the related operation for collecting the statistics of the traffic that matches the
ACL rule.
Table 18-6 Related operation for collecting the statistics of the traffic that matches the ACL rule
Context
l The operation of traffic mirroring is valid only for permit rules of an ACL.
l The mirroring destination port cannot be the aggregated port.
Prerequisite
The ACL and its sub rules are configured, and the mirroring source port is working in the normal
state.
Procedure
Step 1 Run the traffic-mirror command to mirror the ACL-matched traffic over a specified port
Step 2 Run the display qos-info traffic-mirror port command to query the traffic mirroring
information about the specified port.
----End
Example
To mirror the packets that match the rules of ACL 2001 and are received on port 0/2/0 to port
0/7/0, do as follows:
traffic-mirror:
port 0/2/0:
Inbound:
Matches: Acl 2001 rule 5 running
Mirror to: port 0/7/0
Related Operation
Table 18-7 lists the related operation for configuring the traffic mirroring.
Prerequisite
The ACL and its sub rules are configured, and the port to be redirected is working in the normal
state.
Context
l The operation of traffic redirection is valid only for permit rules of an ACL.
l Currently, the system can redirect the traffic that matches the ACL rule on a service board
to the upstream port, and can redirect the traffic that matches the ACL rule on the upstream
port to a service port of the same service board.
Procedure
Step 1 Run the traffic-redirect command to redirect the ACL-matched traffic over a specified port.
Step 2 Run the display qos-info traffic-redirect port command to query the traffic redirection
information about the specified port.
----End
Example
To redirect the traffic that matches ACL 2001 and is received on port 0/7/0 to port 0/7/1, do as
follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/7/0 to port 0/7/1
huawei(config)#display qos-info traffic-redirect port 0/7/0
traffic-redirect:
port 0/7/0:
Inbound:
Matches: Acl 2001 rule 5 running
Redirected to: port 0/7/1
Related Operation
Table 18-8 lists the related operation for redirecting the traffic that matches the ACL rule.
Table 18-8 Related operation for redirecting the traffic that matches the ACL rule
To... Run the Command...
Context
l The MA5600 supports only the rate limit of Ethernet port on the boards, but does not support
the rate limit of a service port.
l The rate limit must be a multiple of 64.
Procedure
Step 1 Run the line-rate command to limit the rate of a port.
Step 2 Run the display qos-info line-rate port command to query the rate limit information about the
port.
----End
Example
To limit the rate of Ethernet port 0/7/0 to 640 kbit/s, do as follows:
huawei(config)#line-rate 6400 port 0/7/0
huawei(config)#display qos-info line-rate port 0/7/0
line-rate:
port 0/7/0:
Line rate: 6400 Kbps
Related Operation
Table 18-9 lists the related operation for setting the rate limit for an upstream port.
Table 18-9 Related operation for setting the rate limit for an upstream port
To... Run the Command...
This chapter describes how to configure the user security supported by the MA5600.
19.1 Overview
This section describes the service description and service specifications of user security.
19.2 Enabling the PITP
This operation enables the PITP so that the device can report the user port information to the
BRAS for authenticating the user.
19.3 Setting the RAIO Working Mode
This operation enables you to set the RAIO working mode.
19.4 Setting the Ethernet Encapsulation Type
This operation enables you to set the Ethernet encapsulation type.
19.5 Enabling the DHCP Option82 Function
This operation enables the DHCP option82 function so that the BRAS can authenticate the access
users. The MA5600 adds the option82 field to the DHCP packets to ensure the security of the
DHCP function.
19.6 Setting the Maximum Length of DHCP Packets
This operation enables you to set the maximum length of DHCP packets.
19.7 Binding the IP Address
This operation enables you to bind a service port with one or multiple IP addresses, so that the
messages from the IP addresses other than the bound IP addresses are refused to pass through
the service channel of the port.
19.8 Binding the MAC Address
This operation enables you to bind a service port with a MAC address.
19.9 Enabling Anti MAC Spoofing
This operation enables the anti MAC spoofing function. With the anti MAC spoofing function
enabled, unauthorized users are prevented from sending PPPoE and DHCP control packets
through forged MAC addresses.
19.10 Enabling Anti IP Spoofing
This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled,
unauthorized users are prevented from logging in to the device using legal IP addresses.
19.1 Overview
This section describes the service description and service specifications of user security.
Service Description
Policy Information Transfer Protocol (PITP), a member of Huawei Group Management Protocol
(HGMP) family, provides the Broadband Remote Access Server (BRAS) with the information
about the port of access users.
PITP binds user accounts with the access ports to avoid the theft and roaming of user accounts.
The DHCP Option82 contains reliable user port information and terminal information, which
are added to the DHCP packets. The DHCP Option82 is used as reference for the DHCP server
to allocate the IP address and other parameters.
For details onhe user security feature, refer to the chapter "User Security" in the Feature
Description.
Service Specifications
The MA5600 supports the PITP V mode and P mode as well as DHCP Option82 to implement
binding between the user account and the physical port.
l PITP V mode (VBAS mode): After the PPPoE discovery phase, BRAS initiates a request
for querying user ports, requiring the MA5600 to report the information on the user ports.
The MA5600 sends the port information to the BRAS when the MA5600 responds to
messages.
l PITP V mode (PPPoE Tag mode): In the PPPoE discovery phase, the MA5600 initiates a
request for querying user ports, and adds tags to the PPPoE authentication request messages.
In this way, the port information is sent to the BRAS.
Context
PITP has two modes:
l vmode
– The BRAS sends the VBRAS request packets to the MA5600 first, and the MA5600
sends the port information to the BRAS.
l pmode
– The MA5600 adds the tag to the PPPoE packets directly, and sends the port information
to the BRAS.
You can configure the PITP in the following two modes:
l Global configuration
– You can run the pitp { disable | enable { pmode | vmode } } command to disable PITP
or select PITP mode.
– By default, the global configuration is disabled.
l Port configuration
– You can run the pitp { port frame/slot/port { enable | disable } | board frame/slot
{ enable | disable } } command to enable or disable PITP of the physical port.
– By default, the port configuration is enabled.
l You can switch over between PITP P and V modes. However, the system works in only
one mode. Disabling PITP invalidates both PITP modes.
l Global PITP configuration is of higher priority than port PITP configuration.
l Global PITP configuration is of higher priority than port PITP configuration. If global PITP
configuration is disabled, packets from a port do not contain user port information
regardless whether the port PITP is enabled.
l PPPoE packets from a port contain user port information only when both global PITP
configuration and port PITP configuration are enabled.
l The ports on the control board do not support PITP, and it only transmits the PITP packets
transparently.
l To enable DHCP Option82 or PITP, you need to configure the RAIO mode first.
Procedure
Step 1 Run the pitp command to enable the PITP V mode or the PITP of the physical port.
Step 2 Run the display pitp config command to query the PITP configuration.
----End
Example
To enable the PITP V mode, do as follows:
huawei(config)#pitp enable vmode
huawei(config)#display pitp config
PITP is enabled. Current mode:vmode
Context
l Relay Agent Information Option (RAIO) includes DHCP option82 and PITP tag. Because
these two options are not standardized, different carriers have different formats of them.
l By default, the RAIO working mode is common.
l To differentiate the formats, set correctly the RAIO working mode before using the DHCP
option82 and PITP tag function.
Procedure
Step 1 Run the raio-mode command to set the RAIO working mode.
Step 2 Run the display raio-mode command to query the RAIO working mode.
----End
Example
To set the RAIO working mode as port-userlabel so that after the DHCP option82 function is
enabled on the port, and the PPPoE packets contain the description of the port, do as follows:
huawei(config)#display raio-mode
{ <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }:
Command:
display raio-mode
Current mode of PITP pmode: xdsl-port-rate mode
Current mode of PITP vmode: common mode
Current mode of DHCP option82: port-userlabel mode
To set the RAIO working mode as xdsl-port-rate so that after the PITP P mode is enabled on
the port, the PPPoE packets contain the upstream/downstream activation rate of the port, do as
follows:
huawei(config)#raio-mode xdsl-port-rate pitp-pmode
huawei(config)#raio-mode xdsl-port-rate pitp-pmode
huawei(config)#display raio-mode
{ <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }:
Command:
display raio-mode
Current mode of PITP pmode: xdsl-port-rate mode
Current mode of PITP vmode: common mode
Current mode of DHCP option82: xdsl-port-rate mode
Context
WARNING
Before setting the Ethernet encapsulation type, make sure that the PITP V mode is disabled.
When setting a protocol type, make sure that it does not conflict with any of existing protocol
types, such as:
l IP: 0x0800
l ARP: 0x0806
l RARP: 0x8035
l 802.1q: 0x8100
l PPPoE: 0x8863 and0x8864
Procedure
Step 1 Run the pitp vmode ether-type command to set the Ethernet encapsulation type.
Step 2 Run the display pitp vmode ether-type command and you can find the Ethernet encapsulation
type is set successfully.
----End
Example
To set the Ethernet encapsulation type in V mode, do as follows:
huawei(config)#pitp vmode ether-type 0x8200
huawei(config)#display pitp vmode ether-type
Vmode ethernet type is 0x8200
Related Operation
Table 19-1 lists the related operation for setting the Ethernet encapsulation type.
Table 19-1 Related operation for setting the Ethernet encapsulation type
To... Run the Command...
Context
l With the DHCP option82 function enabled, the MA5600 can add/remove the option82 field
to/from DHCP packets.
l With the DHCP option82 function disabled, the MA5600 transparently transmits or directly
forwards DHCP packets without processing them.
Procedure
Step 1 Run the dhcp option82 enable command to enable the DHCP option82.
Step 2 Run the display dhcp option82 config command and you can find the DHCP option82 is
enabled.
----End
Example
To enable the DHCP option82, do as follows:
huawei(config)#dhcp option82 enable
huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes
Related Operation
Table 19-2 lists the related operations for enabling the DHCP option82.
Context
l By default, the maximum length of DHCP packets is 1500 bytes.
l You can set the maximum length for the DHCP packets added with DHCP relay Agent
Option messages. If there are packets with length exceeding this value, the system
transparently transmits these packets.
Procedure
Step 1 Run the dhcp option82 max-length command to set the maximum length of DHCP packets.
Step 2 Run the display dhcp option82 config command to query the configured maximum length of
DHCP packets.
----End
Example
To set the maximum length of DHCP packets as 1300 bytes, do as follows:
huawei(config)#dhcp option82 max-length 1300
huawei(config)#huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes
Context
l A service channel can be bound with up to eight IP addresses. The bound IP address must
be unicast IP address.
l One port can be bound with either one IP address or eight consecutive IP addresses
according to the IP address mask at one time.
Procedure
Step 1 Run the bind ip command to bind an IP address.
Step 2 Run the display bind command to query the IP address binding information.
----End
To bind the IP address 10.1.1.245 of the service channel (VPI/VCI of 0/35) with ADSL port
0/2/0, do as follows:
huawei(config)#bind ip adsl 0/2/0 vpi 0 vci 35 single-service 10.1.1.245
huawei(config)#display bind adsl 0/2/0 vpi 0 vci 35
{ <cr>|user-encap<K>|user-vlan<K> }:
Command:
display bind adsl 0/2/0 vpi 0 vci 35
-------------------------
No. IP address
-------------------------
0 10.1.1.245
1 -
2 -
3 -
4 -
5 -
6 -
7 -
-------------------------
To bind the IP address 10.10.10.10/29 of the service channel (VPI/VCI of 0/35) with ADSL port
0/2/0 (the bound IP address segment is 10.10.10.8-10.10.10.15), do as follows:
huawei(config)#bind ip adsl 0/2/0 vpi 0 vci 35 single-service 10.10.10.10 29
huawei(config)#display bind adsl 0/2/0 vpi 0 vci 35 single-service
{ <cr>|user-encap<K>|user-vlan<K> }:
Command:
display bind adsl 0/2/0 vpi 0 vci 35
-------------------------
No. IP address
-------------------------
0 10.10.10.8
1 10.10.10.9
2 10.10.10.10
3 10.10.10.11
4 10.10.10.12
5 10.10.10.13
6 10.10.10.14
7 10.10.10.15
-------------------------
Related Operation
Table 19-3 lists the related operation for binding the IP address.
Context
The MA5600 does not support binding a MAC address directly. By configuring a static MAC
address entry and setting the maximum address count to 0, you can bind a port with a MAC
address.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/2/0 is 1010-1010-1010, and the
maximum address count is 0, to bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/2/0 vpi 0 vci 35 1010-1010-1010
huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/2/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in epon port
Context
l The anti MAC spoofing function is implemented through MAC address binding.
l Each service virtue port can be bound with up to eight different MAC addresses
dynamically.
l If a user has been online before the anti MAC spoofing function is enabled, the system does
not bind MAC address.
l If a user logs in after the anti MAC spoofing function is enabled, the user MAC address is
bound.
Procedure
Step 1 Run the security anti-macspoofing enable command to enable anti MAC spoofing function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable anti MAC spoofing, do as follows:
huawei(config)#security anti-macspoofing enable
huawei(config)#display security config
Anti-ipspoofing function : disable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operation
Table 19-4 lists the related operations for enabling anti MAC spoofing.
Context
l The anti IP spoofing function is implemented through dynamic IP address binding.
l By default, the dynamic IP address binding function is disabled.
l The system only binds the IP address of the user who obtains the IP address through DHCP.
l When the anti IP spoofing function is enabled for a user who has already got online, the
user service will be interrupted. In this case, the user needs to get offline and then online
again.
l When the anti IP spoofing function is enabled before the user gets online, the user does not
need to get offline and then online again.
Procedure
Step 1 Run the security anti-ipspoofing enable command to enable anti IP spoofing.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable anti IP spoofing, do as follows:
huawei(config)#security anti-ipspoofing enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operation
Table 19-5 lists the related operations for enabling anti MAC spoofing.
This chapter describes how to configure the system security supported by the MA5600.
20.1 Overview
This chapter describes the service description and service specification of system security.
20.2 Enabling Anti DoS Attack
This operation enables the anti DoS attack function, so as to prevent large amount of packets
sent by the access user from attacking the MA5600.
20.3 Enabling Anti IP Attack
This operation enables the function of anti IP attack. This function prevents users from
maliciously sending IP packets to the IP address of the device to enhance the device security.
20.4 Enabling Anti ICMP Attack
This operation enables the function of anti ICMP attack.
20.5 Enabling Source Route Filtering
This operation enables the function of source route filtering. This function filters the IP packet
containing the route option field.
20.6 Configuring MAC Address Filtering
This operation enables you to configure the function of MAC address filtering to filter the packets
with the source MAC address as the specified one.
20.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE/DHCP Users
This operation enables you to set the time to detect exceptional disconnection of the PPPoE/
DHCP users.
20.8 Configuring the Black List
This operation enables you to configure a firewall black list, such as adding some IP addresses
to the firewall black list, so that the service packets from these IP addresses cannot pass the
firewall.
20.9 Configuring the Firewall Function
This operation enables you to configure the firewall function to prohibit or allow the packets
that meet the criteria to pass the inband or outband management interface.
20.1 Overview
This chapter describes the service description and service specification of system security.
Service Description
The MA5600 supports system security setting to prevent attacks initiated at the network or user
side. This helps to guarantee user or equipment stability.
For details on the system security, refer to the chapter "System Security" in the Feature
Description.
Service Specification
To ensure stable operation, the MA5600 supports the following security features:
l Anti DoS attack
l Anti IP spoofing
l Anti MAC spoofing
l Anti IP attack
l Anti ICMP attack
l Source route filtering
l MAC address filtering
l IP/MAC address binding
l Firewall function
l SSH
Procedure
Step 1 Run the security anti-dos enable command to enable anti DoS attack.
Step 2 Run the display security config command to query the status of anti DoS attack.
----End
Example
To enable anti DoS attack, do as follows:
huawei(config)#security anti-dos enable
huawei(config)#display security config
Anti-ipspoofing function : disable
Anti-dos function : enable
Anti-macspoofing function : disable
Anti-ipattack function : disable
Related Operation
Table 20-1 lists the related operations for enabling anti DoS attack.
Procedure
Step 1 Run the security anti-ipattack enable command to enable anti IP attack function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the function of anti IP attack, do as follows:
huawei(config)#security anti-ipattack enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : enable
Anti-icmpattack function : disable
Source-route filter function : disable
Related Operation
Table 20-2 lists the related operation for enabling the function of anti IP attack.
Table 20-2 Related operation for enabling the function of anti IP attack
Procedure
Step 1 Run the security anti-icmpattack enable command to enable anti ICMP attack.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the function of anti ICMP attack, do as follows:
huawei(config)#security anti-icmpattack enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : enable
Anti-icmpattack function : enable
Source-route filter function : disable
Related Operation
Table 20-3 lists the related operation for enabling the function of anti ICMP attack.
Table 20-3 Related operation for enabling the function of anti ICMP attack
Context
By default, the source route packet is not discarded.
Procedure
Step 1 Run the security source-route enable command to enable the function of source route filtering.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable the function of source route filtering, do as follows:
huawei(config)#security source-route enable
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : enable
Anti-icmpattack function : enable
Source-route filter function : enable
Related Operation
Table 20-4 lists the related operation for enabling the function of source route filtering.
Table 20-4 Related operation for enabling the function of source route filtering
To… Run the Command…
Context
The system supports up to four filtering MAC addresses.
Procedure
Step 1 Run the security mac-filter command to configure MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To configure the MAC address 1000-0000-0000 as the filtering MAC address, do as follows:
huawei(config)#security mac-filter 1000-0000-0000
huawei(config)#display security mac-filter
--------- Mac Address ---------
1000-0000-0000
---- 1 mac address found ----
Related Operation
Table 20-5 lists the related operation for configuring MAC address filtering.
Context
l For PPPoE users, the timeout time includes aging period and overall aging time.
– The system checks the online/offline status of a user every aging period. When the
offline period of a user exceeds the aging period but is less than the overall aging time,
the offline time of the user will be accumulated.
– When the accumulated offline time exceeds the overall aging time, it is considered that
the user has been offline.
l By default, the PPPoE aging period is 90s, and the overall aging time is 360s.
l For DHCP users, the detection time contains only the timeout total time (1560s by default).
l By default, the DHCP overall aging time is 1560s.
Procedure
Step 1 Run the security timeout command to set the time to detect exceptional disconnection of the
PPPoE or DHCP users.
Step 2 Run the display security config command and you can find the information about the time to
detect the exceptional disconnection of the PPPoE/DHCP users.
----End
To set the timeout total time for PPPoE users as 1800s, do as follows:
huawei(config)#security pppoe timeout 1800
To set the timeout total time for DHCP users as 1800s, do as follows:
huawei(config)#security dhcp timeout 1800
huawei(config)#display security config
Anti-ipspoofing function : enable
Anti-dos function : disable
Anti-macspoofing function : disable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
Prerequisite
The ACL applied to the firewall function exists.
Context
l The system supports up to 2000 items in a firewall black list.
l You can use the ACL rule when enabling the firewall black list function. In this case, the
priority level of the firewall black list is higher than that of the ACL rule. That is, the system
checks the firewall black list first, and then matches the ACL rule.
l The ACL rule used when the black list function is enabled can only be the advanced ACL
rule.
l The firewall black list function only takes effect to the service packets that are sent from
the user side.
Procedure
Step 1 Run the firewall blacklist item command to add a firewall black list item.
Step 2 Run the firewall blacklist enable command to enable the firewall black list item.
Step 3 Run the display firewall blacklist item command to show the configuration of the firewall black
list.
----End
Example
To add IP address 10.10.10.10 to a firewall black list with the aging time of 100 minutes, enable
the firewall black list function and apply ACL 3000, do as follows:
huawei(config)#firewall blacklist item 10.10.10.10 timeout 100
huawei(config)#firewall blacklist enable acl-number 3000
huawei(config)#display firewall blacklist item
Firewall blacklist items :
Current manual insert items : 1
Current automatic insert items : 0
Need aging items : 1
Related Operation
Table 20-6 lists the related operations for configuring the firewall black list function.
Table 20-6 Related operations for configuring the firewall black list function
Prerequisite
The ACL applied to the firewall function exists.
Context
l Only one ACL can be configured respectively for the egress and ingress directions of the
inband or outband management interface.
l The ACL applied to the firewall function can be the basic ACL or the advanced ACL.
l The priority level of the ACL rule is superior to the default operation of firewall. That is,
the packets matching the ACL rule are handled based on the ACL rule, and those not
matching the rule are handled based on the default operation of firewall.
Configuration Flowchart
Figure 20-1 shows the flowchart for configuring the firewall function.
Start
End
Procedure
Step 1 Run the firewall enable command to enable the firewall function.
Step 2 Run the firewall default command to set the default operation of the firewall as deny.
Step 3 Run the interface meth 0 command to enter interface config mode.
Step 4 Run the firewall packet-filter command to apply ACL 2000 to the maintenance network port.
Step 5 Run the display firewall packet-filter statistics command and you can find the configuration.
----End
Example
To enable the firewall function, set the default operation of the firewall as deny, and apply ACL
2000 to the outband management interface to filter packets, do as follows:
huawei(config)#firewall enable
huawei(config)#firewall default deny
huawei(config)#interface meth 0
huawei(config-if-meth0)#firewall packet-filter 2000 inbound
huawei(config)#display firewall packet-filter statistics all
Interface: meth0
In-bound Policy: acl 2000
From 2006-02-16 10:00:26 to 2006-02-16 10:02:43
0 packets, 0 bytes, 0% permitted,
0 packets, 0 bytes, 0% denied,
0 packets, 0 bytes, 0% permitted default,
0 packets, 0 bytes, 0% denied default,
Totally 0 packets, 0 bytes, 0% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Related Operation
Table 20-7 lists the related operation for configuring the firewall function.
Context
l The specified protocol types include: Telnet, SSH, and SNMP.
l Each firewall can be added with up to 10 address segments.
l When one address segment is added, the first address cannot be the same as the existed
one.
l When deleting one address segment, you can only input the first address of the address
segment.
Procedure
Step 1 Run the sysman ip-access command to add an accessible address segment.
Step 2 Run the display sysman ip-access telnet command to query the configuration of the accessible
address segment.
----End
Example
To add a legal address segment the refuse list of the telnet type, do as follows:
huawei (config)#sysman ip-access telnet 1.1.1.1 10.10.10.10
huawei(config)#display sysman ip-access telnet
IP-Access Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.1 10.10.10.10
--------------------------------------------
Related Operation
Table 20-8 lists the related operations for configuring an accessible address segment.
Context
l The specified protocol type includes: telnet, SSH, and SNMP.
l Each firewall is allowed to add ten address segments.
l When you add an address segment, the start address cannot be the same as an existing one.
l To delete an address segment, input the start address of the address segment.
Procedure
Step 1 Run the sysman ip-refuse command to configure the inaccessible address segment.
Step 2 Run the display sysman ip-refuse command to query configuration of the accessible address
segment.
----End
Example
To add a address segment to the telnet IP-refuse table, do as follows:
huawei(config)#sysman ip-refuse telnet 1.1.1.10 10.10.10.1
huawei(config)#display sysman ip-refuse telnet
IP-Refuse Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.10 10.10.10.1
--------------------------------------------
Related Operation
Table 20-9 lists the related operations for configuring the inaccessible address segment.
Table 20-9 Related operations for configuring the inaccessible address segment
This chapter describes the ADSL2+ technology and how to configure the ADSL2+ service on
the MA5600.
21.1 Overview
This section describes the service description and service specifications of Asymmetrical Digital
Subscriber Line 2 plus (ADSL2+).
21.2 Configuration Example of the ADSL2+ PPPoE/IPoE Service
This example shows how to configure the ADSL2+ service so that the user can access the Internet
through the ADSL2+ lines in the PPPoE/IPoE mode.
21.3 Configuration Example of the ADSL2+ IPoA Service
This example shows how to configure the ADSL2+ service so that the user can access the Internet
through the ADSL2+ lines in the IPoA mode.
21.4 Configuration Example of the ADSL2+ PPPoA Service
This example shows how to configure the ADSL2+ service so that the user can access the Internet
through ADSL2+ lines in the PPPoA mode.
21.5 Adding an ADSL2+ Line Profile
This operation enables you to add an ADSL2+ line profile. This helps to include the parameters
needed by all the ADSL2+ ports in a line profile. After the line profile is configured successfully,
it can be directly used to activate the ports.
21.6 Adding an Extended ADSL2+ Line Profile
This operation enables you to add an extended ADSL2+ line profile. The extended ADSL2+
line profile is used to configure the extended parameters for an ADSL2+ port when the port is
activated. This helps to filter the sub-carrier that are unsuitable for carrying data.
21.7 Adding an ADSL2+ Alarm Profile
This operation enables you to add an ADSL2+ alarm profile. After the alarm profile is configured
and bound successfully, it can be directly used to activate the ports.
21.8 Activating an ADSL2+ Port
This operation enables you to activate an ADSL2+ port for transmitting service data.
21.9 Configuring the Port Rate Measurement Thresholds for an ADSL2+ Port
This operation enables you to configure the upstream and downstream rate measurement
thresholds for an ADSL2+ port.
21.10 Configuring IPoA/IPoE Protocol Conversion
The MA5600 supports the conversion between the IPoA and IPoE protocols. In this way, the
IPoA users can access the upper layer IP network to enhance the access ability and network
capability of the MA5600.
21.11 Configuring PPPoA/PPPoE Protocol Conversion
The MA5600 supports the conversion between the PPPoA and PPPoE protocols. In this way,
the PPPoA users can access the upper layer IP network to enhance the access ability and network
capability of the MA5600.
21.12 Querying an ADSL2+ Port
This operation enables you to query the comprehensive information about an ADSL2+ port.
21.13 Enabling the Auto PVC Configuration of an ADSL Modem
This operation enables a modem to automatically configure the VPI/VCI.
21.1 Overview
This section describes the service description and service specifications of Asymmetrical Digital
Subscriber Line 2 plus (ADSL2+).
Service Description
ADSL2+ adopts asymmetric transmission mode and features:
l High rate, up to 24 Mbit/s downstream and 1.2 Mbit/s upstream
l Long reach distance, up to 6.5 km
Service Specifications
The MA5600 provides the ADSL2+ service through the ADGE board. An MA5600 shelf can
house up to 14 ADSL2+ boards. With each board providing 64 ADSL2+ ports, a shelf provides
up 896 ADSL2+ subscribers.
The MA5600 provides six encapsulation modes, including llc-Bridge, vcmux-Bridge, llc-IPoA,
vcmux-IPoA, llc-PPPoA and vcmux-PPPoA.
The MA5600 provides an Auto mode, including llc-Bridge, vcmux-Bridge, llc-IPoA, llc-PPPoA
and vcmux-PPPoA.
Table 21-1 lists the encapsulation mode mapping between the MA5600 and the modem.
Table 21-1 Encapsulation mode mapping between the MA5600 and the modem
Prerequisite
l The network devices and lines are in the normal state.
l The ADSL2+ service board is in the normal state.
Context
l The MA5600 can limit the rate of users through the configured traffic profile or the
configured ADSL2+ line profile. If the two profiles work together, the user bandwidth is
the minimum value defined in the two profiles. In this section, the traffic profile is taken
as an example. If the qualified rate of the port is lower than 96%, configure the data
manually. If the user bandwidth is insufficient, reconfigure the data of the traffic profile.
l Only the deactivated port can be bound with the line profile.
Networking
Figure 21-1 lists a sample network for configuring the ADSL2+ PPPoE/IPoE service.
Figure 21-1 Sample network for configuring the ADSL2+ PPPoE/IPoE service
10.1.1.1
Internet
Router
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
PPPoE/IPoE access
Modem
PC
Data Plan
Table 21-2 lists the data plan for configuring the ADSL2+ PPPoE/IPoE service.
Table 21-2 Data plan for configuring the ADSL2+ PPPoE/IPoE service
Line profile Index: 1002 (the default When activating the ADSL2
profile) + port, you can use the
parameters configured in the
line profile to negotiate with
the CPE. Upon successful
negotiation, the ADSL2+
port is activated and the lines
connecting to the port can
bear services.
Configuration Flowchart
Figure 21-2 shows the flowchart for configuring the ADSL2+ PPPoE/IPoE service.
Is there an No
appropriate traffic
profile?
No
Is the port activated?
Yes
No
Is there an
appropriate
line profile?
Is there an No
appropriate alarm
profile?
Yes
Add an alarm profile
End
NOTE
l To authenticate users on the BRAS, configure the name and password of the access user on the BRAS.
To assign IP addresses to users through the BRAS, configure the corresponding IP address pool on the
BRAS.
l In this example, the extended line profile is not configured. If required, refer to "21.6 Adding an
Extended ADSL2+ Line Profile."
Procedure
Step 1 Query and configure the traffic profile.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------
Step 2 Create a VLAN and add a service port and an upstream port to the VLAN.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/7 0
huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 multi-service user-
encap pppoe rx-cttr 7 tx-cttr 7
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports in
Batches" to add service ports in batches.
If there is no appropriate line profile, add one. The default line profile 1002 is adopted in this
example.
Step 5 Bind the line profile and activate ADSL2+ port 0/2/0.
huawei(config)#interface adsl 0/2
huawei(config-if-adsl-0/2)#deactivate 0
huawei(config-if-adsl-0/2)#activate 0 profile-index 1002
----End
Result
After the configuration, the user can access the Internet in the PPPoE/IPoE mode.
Prerequisite
l The network devices and lines are in the normal state.
l The ADSL2+ service board is in the normal state.
Context
l With the development of the IP network, IP access becomes the mainstream access mode
for digital subscriber line access multiplexers (DSLAMs). To be compatible with the user
side modems that adopt the ATM as the access mode, the MA5600 supports the conversion
between the IPoA protocol and the PPPoA protocol and that between the IPoE and the
PPPoE protocol, and enables IPoA/PPPoA users to transparently access the upper layer IP
network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l In the case of the IPoA access, you can select the dynamic IP address (without specifying
the source IP address) or the static IP address (specifying the source IP address) for the
packets. To switch from a dynamic address to a static address in the IPoA mode, you must
adopt the LLC-Bridge encapsulation first, and then adopt the IPoA static address
encapsulation.
l The MA5600 can limit the rate of users through the configured traffic profile or the
configured ADSL2+ line profile. If the two profiles work together, the user bandwidth is
the minimum value defined in the two profiles. In this section, the traffic profile is taken
as an example. If the qualified rate of the port is lower than 96%, configure the data
manually. If the user bandwidth is insufficient, reconfigure the data of the traffic profile.
l Only the deactivated port can be bound with the line profile.
Networking
Figure 21-3 shows a sample network for configuring the ADSL2+ IPoA service.
Figure 21-3 Sample network for configuring the ADSL2+ IPoA service
10.1.1.1
Internet
Router
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
IPoA access
Modem
PC
Data Plan
Table 21-3 lists the data plan for configuring the ADSL2+ IPoA service.
Table 21-3 Data plan for configuring the ADSL2+ IPoA service
Item Data Remarks
Line profile Index: 1002 (the default When activating the ADSL2+ port,
profile) you can use the parameters
configured in the line profile to
negotiate with the customer premises
equipment (CPE).
Alarm profile Index: 1 (the default profile) Configure the alarm threshold of the
line parameter in the alarm profile.
By binding the threshold to a port,
you can monitor the conditions of the
lines connecting to the port.
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
Configuration Flowchart
Figure 21-4 shows the flowchart for configuring the ADSL2+ IPoA service.
Start
No
Is there an
appropriate traffic
profile?
Bind the line profile
Yes Add a traffic profile
Is there an No
Enable protocol conversion
appropriate
line profile?
NOTE
l To authenticate users on the broadband remote access server (BRAS), configure the name and password
of the access user on the BRAS. To assign IP addresses to users through the BRAS, configure the
corresponding IP address pool on the BRAS.
l In this example, the extended line profile is not configured. If required, refer to "21.6 Adding an
Extended ADSL2+ Line Profile."
Procedure
Step 1 Query and configure the traffic profile.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
--------------------------------------------------------------------------
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports in
Batches" to add service ports in batches.
If there is no appropriate line profile, add one. The default line profile 1002 is adopted in this
example.
Step 4 Bind the line profile and activate ADSL2+ port 0/2/0.
huawei(config)#interface adsl 0/2
huawei(config-if-adsl-0/2)#deactivate 0
huawei(config-if-adsl-0/2)#activate 0 profile-index 1002
4. Set the IPoA service encapsulation mode of ADSL2+ port 0/2/0 as LLC-IPoA.
huawei(config)#encapsulation 0/2 start-portId 0 end-portId 10 type ipoa llc
----End
Result
After the configuration, the user can access the Internet in the IPoA mode.
Prerequisite
l The network devices and lines are in the normal state.
l The ADSL2+ service board is in the normal state.
Context
l With the development of the IP network, IP access becomes the mainstream access mode
in DSLAMs. To be compatible with the use side modems that adopt the ATM as the access
mode, the MA5600 supports the conversion between the IPoA protocol and the PPPoA
protocol and that between the IPoE and the PPPoE protocol, and enables IPoA/PPPoA users
to transparently access the upper layer IP network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l The MA5600 can limit the rate of users through the configured traffic profile or the
configured ADSL2+ line profile. If the two profiles work together, the user bandwidth is
the minimum value defined in the two profiles. In this section, the traffic profile is taken
as an example.
Networking
Figure 21-5 shows a sample network for configuring the ADSL2+ PPPoA service.
Figure 21-5 Sample network for configuring the ADSL2+ PPPoA service
10.1.1.1
Internet
Router
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
PPPoA access
Modem
PC
Data Plan
Table 21-4 lists the data plan for configuring the ADSL2+ PPPoA service.
Table 21-4 Data plan for configuring the ADSL2+ PPPoA service
Item Data Remarks
Line profile Index: 1002 (the default When activating the ADSL2
profile) + port, you can use the
parameters configured in the
line profile to negotiate with
the CPE.
Configuration Flowchart
Figure 21-6 shows the flowchart for configuring the ADSL2+ PPPoA service.
Start
No
Is there an
appropriate traffic
profile?
Bind the line profile
Yes Add a traffic profile
Is there an No
Enable protocol conversion
appropriate
line profile?
NOTE
l To authenticate users on the BRAS, configure the name and password of the access user on the BRAS.
To assign IP addresses to users through the BRAS, configure the corresponding IP address pool on the
BRAS.
l In this example, the extended line profile is not configured. If required, refer to "21.6 Adding an
Extended ADSL2+ Line Profile."
Procedure
Step 1 Query and configure the traffic profile.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------
Step 2 Create a VLAN and add a service port and an upstream port to the VLAN.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/7 0
huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 7 tx-cttr 7
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports in
Batches" to add service ports in batches.
If there is no appropriate line profile, add one. The default line profile 1002 is adopted in this
example.
Step 4 Bind the line profile and activate ADSL2+ port 0/2/0.
huawei(config)#interface adsl 0/2
huawei(config-if-adsl-0/2)#deactivate 0
huawei(config-if-adsl-0/2)#activate 0 profile-index 1002
3. Set the PPPoA service encapsulation mode of ADSL2+ port 0/2/0 as LLC-PPPoA.
huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type pppoa llc
----End
Result
After the configuration, the user can access the Internet in the PPPoA mode.
Context
When configuring an ADSL2+ line profile, pay attention to the following points:
l Up to 1002 line profiles can be configured for the MA5600. 1, 1000, 1001 and 1002 are
default ones, which can be modified.
l ADSL2+ line profile contains a series of parameters, such as:
– Upstream/downstream rate
– Upstream/downstream interleaved depth
– Signal to Noise Ratio (SNR) margin
When a port is being activated, the ATU-R negotiates with the ATU-C based on the
parameters in the line profile, so as to determine whether the connection can be set up to
between them under the existing conditions.
l When the transmission mode is G.lite (G992.2/G992.4), you can select only "interleaved"
as the channel mode.
l When the downstream channel mode is fixed, the downstream rate must be equal to the
minimum rate.
l When setting the upstream/downstream SNR margin, make sure that the settings comply
with mini. SNR margin ≤ target SNR margin ≤ max. SNR margin.
l According to G.lite Standards, when the transmission mode is G.lite (G992.2/G992.4), the
supported rate ranges 64–1536 kbit/s in downstream, and 32–512 kbit/s in upstream.
l When setting the downstream SNR margin for rate downshift, make sure that it is larger
than or equal to the downstream mini. SNR margin. Similarly, the upstream SNR margin
for rate downshift shall be equal to or larger than the upstream mini. SNR margin.
Configuration Flowchart
Figure 21-7 and Figure 21-8 show the flowchart for configuring an ADSL2+ line profile.
Start
No
Name the profile?
Yes
No
Configure the Modem?
Yes
Select ADSL2+ working mode
Interleaved
mode
Set channel mode
No
Set interleaved delay? Fast channel mode
Yes
Select downstream adapt mode
Set max. downstream
interleaved delay
A
Set downstream SNR margin
Set target SNR margin in for rate downshift
upstream
Set downstream SNR margin
Set max. SNR margin in for rate upshift
upstream
No
Set adjustment time? B
Yes
Set min. downshift time in
downstream
No
Set bit rate?
Yes
Set min. transmit rate in
downstream
End
Procedure
Run the adsl line-profile add command to add an ADSL2+ line profile.
----End
Example
Assume that:
l ADSL2+ work mode: G.dmt
l Maximum downstream delay: 8 ms
l Maximum upstream delay: 2 ms
l Minimum downstream rate: 1024 Kbit/s
l Maximum downstream rate: 32000 Kbit/s
l Minimum upstream rate: 32 Kbit/s
l Maximum upstream rate: 512 Kbit/s
To add an ADSL2+ line profile, do as follows:
huawei(config)#adsl line-profile add
{ <cr>|profile-index<L><2,999> }:
Command:
adsl line-profile add
Start adding profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
> Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1
> Will you set basic configuration for modem? (y/n)[n]:y
Note: Setting to these mode of G992.3~5 will lead that the adsl ports that
are not support adsl2+ not be activated
ADSL transmission mode:
> 0: All (G992.1~5,T1.413)
> 1: Full rate(G992.1/3/5 or T1.413)
> 2: g.lite(G992.2/4) (ADSL over ISDN board doesn't support g.lite mode)
> 3: T1.413(ADSL over ISDN board doesn't support T1.413 mode)
> 4: g.dmt (G992.1/3/5)
> 5: g.hs (G992.1~5, G992.5 is prior)
> 6: G992.1
> 7: G992.2
> 8: G992.3
> 9: G992.4
> 10:G992.5
> 11: ADSL all (G992.1~2,T1.413)
> 12: ADSL&ADSL2(G992.1/3 or T1.413)
Please select (0~12) [0]: 4
Profile Index You can input the line profile index or press Enter to enable
the system to allocate a profile index. The profile index is
unique.
ADSL2+ transmission mode Currently, there are six ADSL/ADSL2+ working modes:
G992.1, G992.2, G992.3, G992.4, G992.5 and T1.413.
l G992.2 adopts rather narrow frequency spectrum and low
upstream/downstream rate. Its frequency spectrum is only
half of that of G992.1 or T1.413; its maximum upstream
and downstream rates are 512 kbit/s and 1536 kbit/s
respectively.
l G992.1 and the T1.413 adopt similar rates: up to 8160
kbit/s in downstream, and up to 896 kbit/s in upstream.
Trellis mode The Trellis coding algorithm is used to boost SNR and
enhance line stability. It is usually enabled.
channel mode There are two channel modes: interleave mode and fast
mode. Compared with fast mode, the interleave mode is
characterized by stable line connection, and longer
transmission delay.
l For common Internet access services, the interleave mode
is recommended.
l For services that are delay sensitive, such as Video On
Demand (VOD), fast mode is recommended.
Maximum downstream/ The larger the interleave delay, the higher the ADSL2+
upstream interleaved depth connection stability, but the longer the transmission delay.
Parameter Description
SNR margin for modem The SNR margin refers to the additional tolerable SNR that
does not lead to the deterioration of the current line rate. The
larger the modem SNR margin, the higher the connection
stability, but the lower of the activated physical connection
rate.
Minimum SNR margin in In the process of ADSL2+ connection setup, if the calculated
downstream/upstream SNR margin is lower than the preset one, the port activation
will fail.
Maximal SNR margin in In the process of ADSL2+ connection setup, if the calculated
downstream/upstream target SNR margin of an ADSL2+ line is higher than the
preset max. SNR margin, the system will limit the
downstream max. SNR margin to the preset max. value.
Target SNR margin in The target SNR margin is the preserved SNR margin to
downstream/upstream ensure normal communication in the case of line SNR
deterioration. The larger the target SNR margin, the lower
the chance of occurrence of the line error, the safer the
system may be, but the lower the data transmission rate.
Therefore, the target SNR margin shall be adjusted based on
the actual line conditions.
Downstream/Upstream SNR When the SNR margin reaches this value, the system starts
margin for rate downshift to adjust the rate downwards.
Downstream/Upstream SNR When the SNR margin reaches this value, the system starts
margin for rate upshift to adjust the rate upwards.
Minimum upshift time in When the SNR margin reaches "SNR margin for rate
downstream/upstream upshift", the system will keep the current rate for a certain
period before adjusting the rate upwards.
Minimum downshift time in When the SNR margin reaches "SNR margin for rate
downstream/upstream downshift", the system will keep the current rate for a certain
period before adjusting the rate downwards.
Minimum bit rate in In the process of ADSL2+ connection setup, if the calculated
downstream/upstream upward/downward rate is lower than this value, the port
activation will fail.
Parameter Description
Maximum bit rate in In setting up the ADSL2+ connection, if the line is in good
downstream/upstream condition and the calculated downstream/upstream rate of an
ADSL2+ line is higher than the preset max. value, the system
will limit the rate to the preset value while increasing the
SNR margin. If the line is in poor condition, and the
calculated downstream/upstream rate is lower than the set
max. rate, the system will set up the ADSL2+ connection at
the calculated rate, while maintaining the target SNR margin.
Related Operation
Table 21-6 lists the related operations for adding an ADSL2+ line profile.
Quickly add an ADSL2+ adsl line-profile quickadd The system adopts non-interactive
line profile mode for inputting parameters of
the command. The command
serves as a complement to the
command adsl line profile add.
Delete an ADSL2+ line adsl line-profile delete You cannot delete the default line
profile profiles or a referenced line profile.
Modify an ADSL2+ line adsl line-profile modify After the line profile is modified,
profile the system prompts that the profile
takes effect immediately
Context
An extended ADSL2+ line profile is used to configure the extended parameters for an ADSL2
+ port when the port is activated. The following are three major parameters:
l missingtone
When you set this parameter to the specified sub-carrier of the line, these sub-carriers
has no power output, and no bit is allocated to them.
If the noise of some bands is very unstable, you can set this parameter to forbid this
band. In this way, the line will not be affected by the band.
Some bands have special purposes in some regions. To prevent interference to these
bands, you can set the parameter to forbid these bands.
l Impulse Noise Protection (INP)
INP defines the capacity of resisting the impulse interference of the ADSL channel. Its
unit is DMT SYMBOL.
If INP is 1, it means that the current ADSL channel can resist the impulse noise of one
DMT SYMBOL.
l Maximum downstream power spectral density (PSD) margin
The maximum downstream PSD margin ranges from –40 dBm/Hz to –52 dBm/Hz. By
default, it is –40 dBm/Hz.
l L2 low power management mode configuration
The system allows you to set the switch for automatic entering or exiting L2 low power
mode, allowing or prohibiting the board automatically to enter or exit L2 low power
mode according to the data traffic.
The MA5600 supports up to 32 extended ADSL2+ line profiles. After an extended ADSL2+
line profile is configured, bind it with the ports and then directly reference it for activating the
ADSL2+ ports.
NOTE
l The H561ADBF board supports Annex.B working mode only. If the Annex type is incorrect and the
incorrect extended line profile is used to activate the port, the system automatically selects a suitable
parameter to ensure that the port can be activated normally.
l The H569ADEE board does not support Annex.B working mode. If the entered Annex type is Annex.B
and the incorrect extended line profile is used to activate the port,the system automatically selects a
suitable parameter to ensure that the port can be activated normally.
Procedure
Step 1 Run the adsl extline-profile add command to add an extended ADSL2+ line profile.
Step 2 Run the display adsl extline-profile command to query a configured extended ADSL2+ line
profile.
----End
Example
Add an extended ADSL2+ line profile and disable the tones 40-50, and then validate the
configuration. To set the minimum pulse noise protection parameter for the downstream line as
noProtection, transmission mode as G992.1, and Annex type as Annex.A, do as follows:
Command:
adsl extline-profile add
Start adding profile
Notes: If pilot tone is included in the forbidden tones ,the link may not be
activated
When port activated with annexA in mode G992.1, 64tone is pilot
When port activated with annexB in mode G992.1, 96tone is pilot
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
> Will you configure the disabled tone? (y/n)[n]:y
> How many sections do you want to configure?(1-4)[4]:
> No.1 Please input the start index of the disabled tone(32-511)[32]:40
> Please input the end index of the disabled tone(32-511)[32]:50
> Do you want to validate the settings of this section? (y/n)[n]:y
> No.2 Please input the start index of the disabled tone(32-511)[32]:
> Please input the end index of the disabled tone(32-511)[32]:
> Do you want to validate the settings of this section? (y/n)[n]:y
> No.3 Please input the start index of the disabled tone(32-511)[32]:
> Please input the end index of the disabled tone(32-511)[32]:
> Do you want to validate the settings of this section? (y/n)[n]:y
> No.4 Please input the start index of the disabled tone(32-511)[32]:
> Please input the end index of the disabled tone(32-511)[32]:
> Do you want to validate the settings of this section? (y/n)[n]:y
> Will you configure the minimum INP in downstream? (y/n)[n]:y
> Minimum INP on downstream direction:
> 0--auto
> 1--noProtection(0)
> 2--halfSymbol(0.5)
> 3--singleSymbol(1)
> 4--twoSymbols(2)
> 5--fourSymbols(4)
Please select (0~5) [0]:
> Will you configure the minimum INP in upstream? (y/n)[n]:y
> Minimum INP on uptream direction:
> 0--auto
> 1--noProtection(0)
> 2--halfSymbol(0.5)
> 3--singleSymbol(1)
> 4--twoSymbols(2)
> 5--fourSymbols(4)
Please select (0~5) [0]:
> Will you configure the maximum PSD mask in downstream? (y/n)[n]:y
> Maximum PSD mask in downstream(40~52 -dBm/Hz) [40]:
> Warning: The configuration of transmission mode in extline-profle will
replace the one configured in line-profile when the transmission mode is enabled!
> Will you enable the transmission mode?(y/n)[n]:y
ADSL transmission mode in standard :
> 1: G992.1 2: G992.2 3: G992.3 4: G992.5 5: T1.413
> Please input the standard possible in use(1-5)[1,3-4]:
ADSL annex type :
> 1: Annex.A 2: Annex.B 3: Annex.L 4: Annex.M
> Please input the Annex possible in use(1-4)[1-4]:
> Will you configure the L2 parameter?(y/n)[n]:y
> L2 mode state: 0-disable,1-enable,2-force(0~2)[0]:2
> Warning: System can not support to force into or out of L2 power mode by
manually now!
> L2 mode state: 0-disable,1-enable,2-force(0~2)[0]:1
> Minimum L0 time interval between L2 exit and next L2 entry(0~255s)[255]:
> Minimum L2 time interval between L2 entry and first L2 trim(0~255s)[30]:
> Maximum aggregate transmit power reduction per L2 request or L2 power trim(0~
31db)[3]:
> Total maximum aggregate transmit power reduction in L2(0~31db)[9]:
Add profile 1 successfully
huawei(config)#display adsl extline-profile 1
------------------------------------------------------------------
Related Operation
Table 21-7 lists the related operations for adding an extended ADSL2+ line profile.
Table 21-7 Related operations for adding an extended ADSL2+ line profile
To... Run the Command... Remarks
Modify an extended adsl extline-profile After the profile is modified, the system
ADSL2+ line profile modify prompts the profile takes effect
immediately.
Prerequisite
The ADSL2+ line meets the requirements of service provisioning.
Context
When adding an ADSL2+ alarm profile, you should pay attention to the following points:
l The MA5600 has a default ADSL2+ alarm profile named DEFVAL and numbered 1. You
can modify the profile but cannot delete it.
l The ADSL2+ alarm profile contains a series of alarm thresholds to measure and monitor
an activated ADSL2+ line. When a statistic reaches the threshold, the MA5600 sends the
alarm to the loghost and NMS.
Configuration Flowchart
Figure 21-9 shows the flowchart for adding an ADSL2+ alarm profile.
Procedure
Run the adsl alarm-profile add command to add an ADSL2+ alarm profile.
----End
Example
To add an ADSL2+ alarm profile, with the index of 2, do as follows:
huawei(config-if-adsl-0/2)#adsl alarm-profile add 2
Start adding profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
<ATU-C>
> The number of Loss of Frame Seconds (0~900) [0]:50
> The number of Loss of Signal Seconds (0~900) [0]:10
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> Enable or disable the Initial failure trap 0-disable 1-enable (0~1) [0]:
> The number of failed fast retrain seconds (0~900) [0]:10
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968Kbps) [0]:100
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~31968Kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~31968Kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~31968Kbps) [0]:
<ATU-R>
> The number of Loss of Frame Seconds (0~900) [0]:10
> The number of Loss of Signal Seconds (0~900) [0]:10
> The number of Loss of Power Seconds (0~900) [0]:10
> The number of Errored Seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~5968Kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~5968Kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~5968Kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~5968Kbps) [0]:
Add profile 2 successfully
Parameters Description
The number of loss of frame Seconds Within any given 15-minute period, if the number of
downstream frame second loss exceeds the preset
value, an alarm is generated.
The number of loss of signal Seconds Within any given 15-minute period, if the number of
lost signal seconds exceeds the preset value, an alarm
is generated.
Parameters Description
The number of loss of link seconds Within any given 15-minute period, if the number of
lost link seconds exceeds the preset value, an alarm is
generated.
The number of loss of power seconds Within any given 15-minute period, if the number of
lost power seconds exceeds the preset value, an alarm
is generated.
The number of errored seconds Within any given 15-minute period, if the number of
errored seconds exceeds the preset value, an alarm is
generated.
The number of failed fast retrain Within any given 15-minute period, if the number of
seconds failed retrain events exceeds the preset value, an alarm
is generated.
The number of severely errored Within any given 15-minute period, if the number of
seconds severely errored seconds exceeds the preset value, an
alarm is generated.
The number of unavailable seconds Within any given 15-minute period, if the number of
unavailable seconds exceeds the preset value, an
alarm is generated.
Threshold of positive difference Within any given 15-minute period, if the positive
between the current and the past difference between the current and the past transmit
transmit rate in fast mode rates in fast mode exceeds the preset value, an alarm
is generated.
Threshold of negative difference Within any given 15-minute period, if the negative
between the current and the past difference between the current and the past transmit
transmit rate in fast mode rates in fast mode exceeds the preset value, an alarm
is generated.
Threshold of positive difference Within any given 15-minute period, if the positive
between the current and the past difference between the current and the past transmit
transmit rate in interleaved mode rates in interleaved mode exceeds the preset value, an
alarm is generated.
Threshold of negative difference Within any given 15-minute period, if the negative
between the current and the past difference between the current and the past transmit
transmit rate in interleaved mode rates in interleaved mode exceeds the preset value, an
alarm is generated.
Related Operation
Table 21-9 lists the related operations for adding an ADSL2+ alarm profile.
Delete an ADSL2+ alarm adsl alarm-profile You cannot delete the default alarm
profile delete profiles or a referenced alarm profile.
Modify an ADSL2+ adsl alarm-profile After the profile is modified, the system
alarm profile modify prompts that the profile takes effect
immediately.
Prerequisite
The ADSL2+ line profile has been configured.
Context
l Activating (or activation) refers to the training between the ATU-C and the ATU-R. During
the training process, the system checks the line distance and line state based on settings
included in the line profile, such as upstream/downstream line rate and SNR margin. The
ATU-C negotiates with the ATU-R to check whether the MA5600 can work well under the
existing conditions.
l If the training succeeds, the ATU-C can communicate with the ATU-R. At the moment,
the port works in activated state, and is ready for service data transmission.
l When the ATU-R is online, the activation process ends upon the completion of the training.
When the ATU-R gets offline, the communication is terminated, and the ATU-C is in
listening state. Once the ATU-R gets online, the training process begins automatically.
When the training succeeds, the port is activated.
l To activate an ADSL2+ port, you need to bind it with an ADSL2+ line profile. If no profile
is specified, the system will use the profile bound with the port last time to activate ADSL2
+ port.
Procedure
Step 1 Run the activate command to activate an ADSL2+ port.
Step 2 Run the display port state command to query the activated port.
----End
To activate all ports on ADSL2+ board in slot0/2 using line profile 1, do as follows:
huawei(config-if-adsl-0/2)#activate all profile-index 1
huawei(config-if-adsl-0/2)#display port state all
32 Activated 1 1 --
33 Activated 1 1 --
34 Activated 1 1 --
35 Activated 1 1 --
36 Activated 1 1 --
37 Activated 1 1 --
38 Activated 1 1 --
39 Activated 1 1 --
40 Activated 1 1 --
41 Activated 1 1 --
42 Activated 1 1 --
43 Activated 1 1 --
44 Activated 1 1 --
45 Activated 1 1 --
46 Activated 1 1 --
47 Activated 1 1 --
48 Activated 1 1 --
49 Activated 1 1 --
50 Activated 1 1 --
51 Activated 1 1 --
52 Activated 1 1 --
53 Activated 1 1 --
54 Activated 1 1 --
55 Activated 1 1 --
56 Activated 1 1 --
57 Activated 1 1 --
58 Activated 1 1 --
59 Activated 1 1 --
60 Activated 1 1 --
61 Activated 1 1 --
62 Activated 1 1 --
63 Activated 1 1 --
----------------------------------------------------------------------
Total number of activated port : 64
Total number of unactivated port: 0
To activate port 0 on the ADSL2+ board in slot 0/2 using line profile huawei, do as follows:
huawei(config-if-adsl-0/2)#activate 0 profile-name huawei
huawei(config-if-adsl-0/2)#display port state 0
----------------------------------------------------------------------
Port Status Line_Profile Alm_Profile Ext_Profile
----------------------------------------------------------------------
0 Activated 3 1 --
----------------------------------------------------------------------
Related Operation
Table 21-10 lists the related operations for activating an ADSL2+ port.
Context
l When an ADSL2+ port is activated, the upstream and downstream rate measurements states
change.
l If the host detects one rate measurement does not meet the system requirement, an alarm
will be reported to the NMS.
l If the host detects both the upstream and downstream rate measurements meet the system
requirement, a recovery alarm will be reported.
l The upstream and downstream rate measurement thresholds are set separately. If you need
to monitor both the upstream rate and downstream rate, set the upstream and downstream
rate measurement thresholds respectively.
l The upstream and downstream rate measurement thresholds can be set to rates or percents.
l The upstream and downstream rate measurement thresholds can be configured for all ADSL
boards for one time. They can also be configured for a specified ADSL port.
l The system generates alarms irrespective of whether the upstream and downstream rate
measurement thresholds meet the requirement. This does not affect other processing of a
port.
Procedure
Step 1 Run the adsl line-monitoring command to set the rate measurement thresholds for an ADSL2
+ port.
Step 2 Run the display adsl line-monitoring command to query the rate measurement thresholds
information of an ADSL2+ port.
----End
Example
To set the upstream rate measurement threshold of all ADSL boards as 80%, do as follows:
huawei(config)#adsl line-monitoring all rate-threshold upstream upstream-rate-pe
rcent 80
Command was executed successfully for slot : 0, 1, 2
huawei(config)#display adsl line-monitoring 0/2/0
Port ID : 0/2/0
Port Type : ADSL
Line Monitoring Upstream Rate-percent : 80 percent
Line Monitoring Downstream Rate-percent : 80 percent
To set the downstream rate measurement threshold of port 0/2/0 as 90%, do as follows:
huawei(config)#adsl line-monitoring port 0/2/0 rate-threshold downstream
downstream-rate-percent
90
huawei(config)#display adsl line-monitoring 0/2/0
Port ID : 0/2/0
Port Type : ADSL
Line Monitoring Upstream Rate-percent : 80 percent
Line Monitoring Downstream Rate-percent : 90 percent
Procedure
Step 1 Run the ipoa enable command to enable IPoA protocol conversion.
Step 2 Run the display ipoa config command to query IPoA protocol conversion state.
----End
Example
To enable IPoA protocol conversion, do as follows:
huawei(config)#ipoa enable
Run the display ipoa config command and you can find the IPoA protocol conversion is enabled.
Related Operation
Table 21-11 lists the related operations for enabling IPoA protocol conversion.
Context
l By default, the aging time of IPoA forwarding entry is 1200s.
l When the aging time times out, the IPoA forwarding entry cannot be updated, and the
system regards users offline.
Procedure
Step 1 Run the ipoa expire-time command to set the aging time of IPoA forwarding entry.
Step 2 Run the display ipoa config command to query the correctly configured aging time of IPoA
forwarding entry.
----End
Example
To configure the aging time of IPoA forwarding entry as 300s, do as follows:
huawei(config)#ipoa expire-time 300
Run the display ipoa config command and you can find the aging time of IPoA forwarding entry
is set correctly.
huawei(config)#display ipoa config
IPoA status : enable
IPoA user default gateway : 0.0.0.0
IPoA expire-time : 300 s
Related Operation
Table 21-12 lists the related operation for setting the aging time of IPoA forwarding entry.
Table 21-12 Related operation for setting the aging time of IPoA forwarding entry
To... Run the Command...
Context
l By default, the gateway of the IPoA user is 0.0.0.0.
l The default gateway of the IPoA user is the interface IP address of upper device that
connects to the MA5600. But not that of the MA5600 its own.
Procedure
Step 1 Run the ipoa deault gateway command to set the default gateway of the IPoA user.
Step 2 Run the display ipoa config command to query the default gateway of the IPoA user is set
correctly.
----End
Example
To set the default gateway of the IPoA user as 10.1.1.1, do as follows:
huawei(config)#ipoa default gateway 10.1.1.1
Run the display ipoa config command and you can find that the default gateway of the IPoA
user is set correctly.
huawei(config)#display ipoa config
IPoA status : enable
IPoA user default gateway : 10.1.1.1
IPoA expire-time : 300 s
Related Operation
Table 21-13 lists the related operations for setting the default gateway of the IPoA user.
Table 21-13 Related operations for setting the default gateway of the IPoA user
To... Run the Command...
Restore the default gateway of the IPoA user undo ipoa default gateway
Context
l By default, LLC and VC-MUX are used for the IPoA encapsulation. You can set the
encapsulation type as needed.
l When configuring LLC for the IPoA service, pay attention to the following points:
– LLC encapsulation supports both dynamic and static source IP address learning. So you
do not need to specify the source IP address if the modem automatically reports the IP
address.
– When a default gateway has been configured for the IPoA service, you need not
configure the destination IP address for the IPoA user. In this case, the user’s destination
IP address is that of the default gateway.
– After you have configured IPoA encapsulation for an xDSL port, you can delete a virtual
port only after you have changed the encapsulation type to LLC bridge.
– Make sure the MAC address pool is configured before the encapsulation configuration.
Otherwise, the encapsulation configuration fails.
l When configuring VC-MUX for the IPoA service, pan attention to the following points:
– Since VC-MUX encapsulation supports only static source IP address learning, you must
specify the source IP address.
– When a default gateway has been configured for the IPoA service, you need not
configure the destination IP address for the IPoA user. In this case, the user’s destination
IP address is that of the default gateway.
– After you have configured IPoA encapsulation for an xDSL port, you can delete a virtual
port only after you have changed the encapsulation type to LLC bridge.
– Make sure the MAC address pool is configured before the encapsulation configuration.
Otherwise, the encapsulation configuration fails.
Procedure
Step 1 Run the encapsulation command to configure the encapsulation type of the IPoA user.
Step 2 Run the display encapsulation type command to query the configuration.
----End
Example
To configure the encapsulation type of the IPoA user as LLC, do as follows:
huawei(config)#encapsulation 0/2/0 vpi 0 vci 34
{ type<K> }:type
{ bridge<K>|pppoa<K>|auto<K>|ipoa<K> }:ipoa
{ llc<K>|vc-mux<K> }:llc
{ <cr>|srcIP<K>|dstIP<K> }:
Command:
encapsulation 0/2/0 vpi 0 vci 34 type ipoa llc
Changing encapsulation type may cause service interruption, are you sure to
make the operation? (y/n)[n]y
Set encapsulation type successfully
Run the display encapsulation type command to query the LLC-IPoA user.
huawei(config)#display encapsulation type ipoa llc
{ <cr>|number<K> }:
Command:
display encapsulation type ipoa llc
--------------------------------------------------------------------------
Run the display encapsulation type command to query the VC-MUX-IPoA user.
huawei(config)#display encapsulation type ipoa vc-mux
{ <cr>|number<K> }:
Command:
display encapsulation type ipoa vc-mux
----------------------------------------------------------------------------
F/S /P VPI VCI ENCAP SRCIP DSTIP SRCIP-MODE
----------------------------------------------------------------------------
0/2 /0 0 34 vc_ip 10.1.1.2 10.1.1.1 static
----------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(or Virtual Port, such as IMA GROUP,
VLAN ID etc.), The VPI is access-end VLAN ID in VDSL port
Procedure
Step 1 Run the pppoa enable command to enable PPPoA/PPPoE protocol conversion.
Step 2 Run the display pppoa config command to query the PPPoA/PPPoE protocol conversion state.
----End
Example
To enable the PPPoA/PPPoE protocol conversion, do as follows:
huawei(config)#pppoa enable
Run the display pppoa config command and you can query the PPPoA protocol conversion is
enabled.
huawei(config)#display pppoa config
Global PPPoA-to-PPPoE conversion : Enable
Max-receive-unit negotiate function: Disable
Related Operation
Table 21-14 lists the related operations for enabling PPPoA protocol conversion.
Context
l By default, LLC and VC-MUX are used for the PPPoA encapsulation. You can set the
encapsulation type as needed.
l For PPPoA access, LLC and VC-MUX encapsulation are similar. Configure it based on
the actual access user type.
l After you have configured PPPoA encapsulation for an xDSL port, you can delete a virtual
service port only when you have changed the encapsulation type to LLC bridge.
l Be sure to configure the MAC address pool before the encapsulation configuration.
Otherwise, the encapsulation configuration will fail.
Procedure
Step 1 Run the encapsulation command to configure the encapsulation type of the PPPoA user.
Step 2 Run the display encapsulation type command to query the configuration.
----End
Example
To configure the encapsulation type of a PPPoA user as LLC, do as follows:
huawei(config)#encapsulation 0/2/0 vpi 0 vci 34
{ type<K> }:type
{ bridge<K>|pppoa<K>|auto<K>|ipoa<K> }:pppoa
{ llc<K>|vc-mux<K> }:llc
Command:
encapsulation 0/2/0 vpi 0 vci 34 type pppoa llc
Changing encapsulation type may cause service interruption, are you sure to
make the operation? (y/n)[n]y
Set encapsulation type successfully
Run the display encapsulation type command to query the LLC-PPPoA user.
huawei(config)#display encapsulation type pppoa llc
--------------------------------------------------------------------------
F/S /P VPI VCI ENCAP SRCIP DSTIP SRCIP-MODE
--------------------------------------------------------------------------
0/2 /0 0 34 llc_ppp - - -
--------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(or Virtual Port, such as IMA GROUP,
VLAN ID etc.), The vpi is access-end VLAN ID in vdsl port
Context
The MA5600 determines whether to segment and resemble packets according to the PPPoA/
PPPoE MRU configuration.
l MRU enabled
– The PC initiates the PPPoE connection and negotiates by MRU of 1492 bits. In this
case, the packets will be segmented and resembled.
l MRU disabled
– The MA5600 identifies the PPPoE packets converted from PPPoA packets. It adds a
Tag to the packets and then sends them to the upper layer BRAS. The BRAS negotiates
with the CPE according to the 1500-byte MRU. By doing so, the size of the MTU
between the CPE and the BRAS is equal to that of the standard MTU of the Ethernet.
In this case, the packet is not segmented and reassembled.
Procedure
Step 1 Run the pppoa mru enable command to enable PPPoA/PPPoE MRU negotiation.
Step 2 Run the display pppoa config command to query PPPoA and MRU switch state.
----End
Example
To enable the MRU negotiation, do as follows:
huawei(config)#pppoa mru enable
Run the display pppoa config command to query the PPPoA and MRU configuration.
Related Operation
Table 21-15 lists the related operation for enabling PPPoA/PPPoE MRU negotiation.
Context
An ADSL2+ port may be in activating, activated, deactivated or loopback state.
Figure 21-10 shows the status conversion of the ADSL2+ port.
Procedure
Run the display interface adsl command to query the comprehensive information about an
ADSL2+ port.
----End
Example
To display the comprehensive information about ADSL2+ port 0/2/0, do as follows:
huawei#display interface adsl 0/2/0
Adsl 0/2/0 is down
The ADSL link is activating
Description : --
Bind line-profile No.1002 ADSL LINE PROFILE 1002
Bind alarm-profile No. 1 DEFVAL
Bind no ext-profile
BTV user bind profile name : --
Hardware is ATU-C
Last UP time : --
Last DOWN time : --
Related Operation
Table 21-16 lists the related operations for querying an ADSL2+ port.
Query the switch controlling the display adsl line-operation detail config
detailed display of ADSL2+ line
operations
Prerequisite
The modem must support the function of automatically configuring the VPI/VCI.
Procedure
Run the modem-learning command to enable the auto PVC configuration of an ADSL modem.
----End
Example
To enable the modem in slot 0/2 to automatically configure the PVC, do as follows:
huawei(config-if-adsl-0/2)#modem-learning enable
Related Operation
Table 21-17 lists the related operation for enabling an ADSL modem to automatically configure
the PVC.
Table 21-17 Related operation for enabling an ADSL modem to automatically configure the
PVC
To... Run the Command...
This chapter describes the SHDSL technology and how to configure the SHDSL service on the
MA5600.
22.1 Overview
This section describes the SHDSL service and its specifications.
22.2 Configuration Example of the SHDSL IPoE/PPPoE Service
This example shows how to configure the SHDSL service so that the user can access the Internet
through the SHDSL lines in the IPoE/PPPoE mode.
22.3 Configuration Example of the SHDSL IPoA Service
This example shows how to configure the SHDSL IPoA service so that the user can access the
Internet through the SHDSL lines in the IPoA mode.
22.4 Configuration Example of the SHDSL PPPoA Service
This example shows how to configure the SHDSL PPPoA service so that the user can access
the Internet through the SHDSL lines in the PPPoA mode.
22.5 Adding an SHDSL Line Profile
This operation enables you to add an SHDSL line profile. The SHDSL line profile includes a
majority of parameters of the ports. After the line profile is configured, it can be used to activate
the ports.
22.6 Adding an SHDSL Alarm Profile
This operation enables you to add an SHDSL alarm profile. The SHDSL alarm profile is used
to set a group of alarm thresholds for measuring and monitoring the performances of an active
SHDSL line. When a statistic reaches the threshold, the MA5600 informs the device of the event,
and sends alarms to the NMS.
22.7 Binding an SHDSL Alarm Profile
This operation enables you to bind an SHDSL alarm profile to SHDSL ports to validate the alarm
profile after the SHDSL ports are activated.
22.8 Configuring the SHDSL Multi-Pair Binding
This operation enables you to configure the single-pair high-speed digital subscriber line
(SHDSL) multi-pair binding. The purpose of configuring the SHDSL multi-pair binding is to
improve the line rate.
22.1 Overview
This section describes the SHDSL service and its specifications.
Service Description
The single-line high speed digital subscriber line (SHDSL) technology provides a symmetric
high-rate leased line access service over twisted pairs to meet the broadband access requirements
of the small and medium enterprises or SOHO users. SHDSL provides a distance from 3 km to
6 km.
The MA5600 provides the SHDSL service through the SHEA or SHEB board. The SHEB board
supports the SHDSL.bis line.
l The SHDSL.bis single twisted pair supports the symmetric rates from 192 kbit/s to 5696
kbit/s. The system can adjust the line rate automatically according to the line conditions.
The adjustment granularity is eight kbit/s.
l In theory, the system supports the binding of up to four pairs. The bi-directional rate ranges
from 768 kbit/s to 22784 kbit/s.
The SHDSL port supports the ATM/PTM mode activation. You can configure the corresponding
profiles to switch the mode of the SHDSL port between the ATM mode and the PTM mode.
l The system supports the binding of M-pair. In the ATM port encapsulation mode, the
system supports the binding of two-pair, three-pair, and four-pair. The rates are respectively
twice, three times and four times of the single-pair rate.
l The system supports the EFM binding. In the PTM port encapsulation mode, the system
supports the binding of up to four ports. The rate is the sum of the rates of the four ports.
NOTE
The SHEB board divides the 32 ports into eight groups in turn. Each group contains four ports. The port
involved in M-pair binding and that involved in EFM binding must belong to the same group.
For details on the SHDSL service, refer to the chapter "SHDSL.bis Access" in the MA5600
Feature Description.
Service Specifications
The MA5600 provides the SHDSL service through the SHEA or SHEB board. Each SHEA or
SHEB board provides 32 SHDSL ports.
Table 22-1 lists the encapsulation type mapping between the MA5600 and the modem.
Table 22-1 Encapsulation type mapping between the MA5600 and the modem
Prerequisite
l The SHEB board is in the normal state.
l The network devices and lines are in the normal state.
Context
l The MA5600 can restrict the user bandwidth through a traffic profile or an SHDSL line
profile. When both the traffic profile and the SHDSL line profile work, the smaller one of
the bandwidths restricted by the two profiles is used as the user bandwidth.
l In this example, the traffic is taken as an example. Make sure that the user bandwidth
configured in the line profile is larger than that configured in the traffic profile.
Networking
Figure 22-1 shows a sample network for configuring the SHDSL IPoE/PPPoE service.
Figure 22-1 Sample network for configuring the SHDSL IPoE/PPPoE service
10.1.1.1/24
Internet
Router
S CON
ETH
H MON
E
B
GE0/7/0
SCU MA5600
IPoE/PPPoE access
Modem
PC
Data Plan
Table 22-2 lists the data plan for configuring the SHDSL IPoE/PPPoE service.
Table 22-2 Data plan for configuring the SHDSL IPoE/PPPoE service
Item Data Remarks
Traffic profile Index: 1 (the default profile) Configure the access rate, priority,
l Rate: 2 Mbit/s and priority policy in the traffic
profile. When you add a service port,
l Priority: 6 you can specify the traffic profile to
l Priority policy: Pvc-Setting restrict the access rate, priority, and
priority policy.
In an ideal case, configure the rate of
the traffic profile as 2048 kbit/s. The
actual qualified rate of the port may
be lower than 96%. Therefore,
increase the rate to meet the user
demands.
Line profile Index: 2. The parameter values must To activate the SHDSL port, use the
be the same as those of the default parameters configured in the line
profile (with the index of 1). profile to negotiate with the CPE.
When the two parties negotiate
successfully, the SHDSL port is
activated and the lines connecting to
the port can bear services.
Alarm profile Index: 1 (the default profile) Configure the alarm threshold of the
line parameter in the alarm profile.
By binding the threshold to a port,
you can monitor the conditions of the
lines connecting to the port.
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
Configuration Flowchart
Figure 22-2 shows the flowchart for configuring the SHDSL IPoE/PPPoE service.
No
Is there an
appropriate traffic
profile?
Yes
Add a traffic profile
No
Is the port activated?
Yes
Is there
an appropriate line
profile?
Yes
Add a line profile
Is there an
appropriate alarm
profile?
Yes
Add an alarm profile
End
Procedure
Step 1 Add an SHEB board and confirm it. Then insert the SHEB board into the MA5600 shelf. The
system automatically finds and confirms the SHEB board. If the SHEB board is in the auto-find
state, confirm the board through the command line.
huawei(config)#board confirm 0/5
Step 2 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports
in Batches" to add service ports in batches.
Step 5 Check whether there is an appropriate SHDSL line profile. Line profile 1 is the default line
profile with the bandwidth of 2048 kbit/s. In general, use the default line profile. In this example,
a new line profile is created.
huawei(config-if-shl-0/5)#quit
huawei(config)#shdsl line-profile add 2
During inputting,press 'Q' to quit,then settings at this time will be ignored
Do you want to name the profile (y/n) [n]:y
Step 6 Check whether there is an appropriate alarm profile. If there is no appropriate alarm profile, add
one. In this example, the default alarm profile 1 is used.
1. An SHDSL alarm profile takes effect only when it is bound with a port.
2. By default, each port is bound with alarm profile 1 in system initialization. If the port has
been bound with another alarm profile, rebind it with alarm profile 1.
huawei(config)#interface shl 0/5
huawei(config-if-shl-0/5)#alarm-config 0 1
Step 7 Activate SHDSL port 0/5/0. Use profile 3 to activate SHDSL port 0.
huawei(config-if-shl-0/5)#activate 0 3
----End
Result
After the configuration, the user can access the Internet in the IPoE/PPPoE mode.
Prerequisite
l The SHEB board is in the normal state.
Context
l With the development of the IP network, IP access becomes the mainstream access mode
in DSLAMs. To be compatible with the user side modems that adopt the ATM as the access
mode, the MA5600 supports the conversion between the IPoA protocol and the PPPoA
protocol and that between the IPoE and the PPPoE protocol, and enables IPoA/PPPoA users
to transparently access the upper layer IP network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l The MA5600 can restrict the user bandwidth through a traffic profile or an SHDSL line
profile. When both the traffic profile and the SHDSL line profile work, the smaller one of
the bandwidths restricted by the two profiles is used as the user bandwidth.
l In this example, the traffic is taken as an example. Make sure that the user bandwidth
configured in the line profile is larger than that configured in the traffic profile.
Networking
Figure 22-3 shows a sample network for configuring the SHDSL IPoA service.
Figure 22-3 Sample network for configuring the SHDSL IPoA service
10.1.1.1/24
Internet
Router
S CON
ETH
H MON
E
B
GE0/7/0
SCU MA5600
IPoA access
Modem
PC
Data Plan
Table 22-3 shows the data plan for configuring the SHDSL IPoA service.
Table 22-3 Data plan for configuring the SHDSL IPoA service
Item Data Remarks
Traffic profile Index: 1 (the default profile) Configure the access rate,
l Rate: 2 Mbit/s priority, and priority policy
in the traffic profile. When
l Priority: 6 you add a service port, you
l Priority policy: Pvc-Setting can specify the traffic profile
to restrict the access rate,
priority, and priority policy.
In an ideal case, configure
the rate of the traffic profile
as 2048 kbit/s. The actual
qualified rate of the port may
be lower than 96%.
Therefore, increase the rate
to meet the user demands.
Line profile Index: 2. The parameter values must be the To activate the SHDSL port,
same as those of the default profile (with the use the parameters
index of 1). configured in the line profile
to negotiate with the CPE.
When the two parties
negotiate successfully, the
SHDSL port is activated and
the lines connecting to the
port can bear services.
Configuration Flowchart
Figure 22-4 shows the flowchart for configuring the SHDSL IPoA service.
Is there No
an appropriate traffic
profile
Yes Add a traffic profile
No
Yes
Is there No
an appropriate line
profile
Is there No
an appropriate alarm
profile
Yes Add an alarm profile
End
Procedure
Step 1 Add an SHEB board and confirm it. Then insert the SHEB board into the MA5600 shelf. The
system automatically finds and confirms the SHEB board. If the SHEB board is in the auto-find
state, confirm the board through the command line.
huawei(config)#board confirm 0/5
Step 2 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------
Traffic parameters for ATM service:
-------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
--------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
-------------------------------------------------------------------
6 ubr 1 -- -- -- -- -- -- off/off/--
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
--------------------------------------------------------------------
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports
in Batches" to add service ports in batches.
Step 5 Check whether there is an appropriate SHDSL line profile. If there is no appropriate profile, add
one. Line profile 1 is the default line profile with the bandwidth of 2048 kbit/s. In general, use
the default line profile. In this example, a new line profile is created.
huawei(config-if-shl-0/5)#quit
huawei(config)#shdsl line-profile add 2
During inputting,press 'Q' to quit,then settings at this time will be ignored
Do you want to name the profile (y/n) [n]:y
Please input profile name:prof_name_test
> pathmode(1--ATM;2--PTM)[1]:1
> G.SHDSL interface mode of line (1--two wire;2--four wire;3--six wire;4--eight
wire;)[1]:
Step 6 Check whether there is an appropriate alarm profile. If there is no appropriate alarm profile, add
one. In this example, the default alarm profile 1 is used. An SHDSL alarm profile takes effect
only when it is bound with a port. By default, each port is bound with alarm profile 1 in system
initialization. If the port has been bound with another alarm profile, rebind it with alarm profile
1.
huawei(config)#interface shl 0/5
huawei(config-if-shl-0/5)#alarm-config 0 1
In the case of IPoA access, select the dynamic IP address (without specifying the source IP
address) or the static IP address (specifying the source IP address) for the packets. To switch
from a dynamic address to a static address in the IPoA mode, adopt the LLC-Bridge
encapsulation first, and then adopt the IPoA static address encapsulation.
----End
Result
After the configuration, the user can access the Internet in the IPoA mode.
Prerequisite
l The SHEB board is in the normal state.
l The network devices and lines are in the normal state.
Context
l With the development of the IP network, IP access becomes the mainstream access mode
in DSLAMs. To be compatible with the user side modems that adopt the ATM as the access
mode, the MA5600 supports the conversion between the IPoA protocol and the PPPoA
protocol and that between the IPoE and the PPPoE protocol, and enables IPoA/PPPoA users
to transparently access the upper layer IP network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l The MA5600 can restrict the user bandwidth through a traffic profile or an SHDSL line
profile. When both the traffic profile and the SHDSL line profile work, the smaller one of
the bandwidths restricted by the two profiles is used as the user bandwidth.
l In this example, the traffic is taken as an example. Make sure that the user bandwidth
configured in the line profile is larger than that configured in the traffic profile.
Networking
Figure 22-5 shows a sample network for configuring the SHDSL PPPoA service.
Figure 22-5 Sample network for configuring the SHDSL PPPoA service
10.1.1.1/24
Internet
Router
S CON
ETH
H MON
E
B
GE0/7/0
SCU MA5600
PPPoA access
Modem
PC
Data Plan
Table 22-4 shows the data plan for configuring the SHDSL PPPoA service.
Table 22-4 Data plan for configuring the SHDSL PPPoA service
Item Data Remarks
Traffic profile Index: 1 (the default profile) Configure the access rate, priority,
l Rate: 2 Mbit/s and priority policy in the traffic
profile. When you add a service port,
l Priority: 6 you can specify the traffic profile to
l Priority policy: Pvc-Setting restrict the access rate, priority, and
priority policy.
In an ideal case, configure the rate of
the traffic profile as 2048 kbit/s. The
actual qualified rate of the port may
be lower than 96%. Therefore,
increase the rate to meet the user
demands.
Line profile Index: 2. The parameter values must To activate the SHDSL port, use the
be the same as those of the default parameters configured in the line
profile (with the index of 1). profile to negotiate with the CPE.
When the two parties negotiate
successfully, the SHDSL port is
activated and the lines connecting to
the port can bear services.
Alarm profile Index: 1 (the default profile) Configure the alarm threshold of the
line parameter in the alarm profile.
By binding the threshold to a port,
you can monitor the conditions of the
lines connecting to the port.
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
Configuration Flowchart
Figure 22-6 shows the flowchart for configuring the SHDSL PPPoA service.
Start
Is there No
an appropriate traffic
profile
Yes Add a traffic profile
No
Yes
Is there No
an appropriate line
profile
Is there No
an appropriate alarm
profile
Yes Add an alarm profile
End
Procedure
Step 1 Add an SHEB board and confirm it. Then insert the SHEB board into the MA5600 shelf. The
system automatically finds and confirms the SHEB board. If the SHEB board is in the auto-find
state, confirm the board through the command line.
huawei(config)#board confirm 0/5
Step 2 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------
Traffic parameters for ATM service:
-------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
--------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
-------------------------------------------------------------------
6 ubr 1 -- -- -- -- -- -- off/off/--
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
--------------------------------------------------------------------
Step 3 Create a VLAN and add a service port and an upstream port to it.
1. Create VLAN 10, and add upstream port 0/7/0 to it.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/7 0
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports
in Batches" to add service ports in batches.
1. Run the display port state command to query the port status. If the port is already activated,
deactivate it first and then use the new line profile to reactivate it.
2. Deactivate SHDSL port 0/5/0.
huawei(config)#interface shl 0/5
huawei(config-if-shl-0/5)#deactivate 0
Step 7 Bind SHDSL port 0/5/0 by using the default alarm profile. Alarm profile 1 is the default alarm.
In general, use the default alarm profile. You can also configure other alarm profiles on demands.
huawei(config-if-shl-0/5)#alarm-config 0 1
Step 8 Activate SHDSL port 0/5/0. Use alarm profile 3 to activate SHDSL port 0.
huawei(config-if-shl-0/5)#activate 0 3
----End
Result
After the configuration, you can access the Internet in the PPPoA mode.
Context
Each SHDSL line of the MA5600 is associated with a specific channel mode, and is bound with
a line profile.
The SHDSL port can be activated in the ATM/PTM mode, thus realizing ATM/PTM switching
in the manner of profile configuration.
Two default profiles, profile 1 and profile 100, cannot be deleted but can be modified.
Five default SHDSL line profiles, profiles 1, 100, 101, 102, and 103, cannot be deleted but can
be modified.
Configuration Flowchart
Figure 22-7 shows the flowchart for adding an SHDSL line profile.
Start
Yes
Set the interface mode of the SHDSL
line
Set the downstream current target
SNR margin
Yes
Whether to use
the default parameters to
create a new profile? Set the downstream worst case target
SNR margin
No
Set the SHDSL min. line rate Set the upstream current target SNR
margin
Set the SHDSL max. line rate Set the upstream worst case target
SNR margin
End
Procedure
Run the shdsl line-profile add command to add an SHDSL line profile.
----End
Example
To add an SHDSL line profile with the index of 3, do as follows:
huawei(config)#shdsl line-profile add 3
During inputting,press 'Q' to quit,then settings at this time will be ignored
Do you want to name the profile (y/n) [n]:y
Please input profile name:prof_name_test
> pathmode(1--ATM;2--PTM)[1]:1
> G.SHDSL interface mode of line (1--two wire;2--four wire;3--six wire;4--eight
wire;)[1]:
> Do you use the default data to create a line profile?(y/n)[y]:n
> G.SHDSL minimum line rate(Value must be multiple of 64, except 2312kbps,
192~5696,2312 kbps)[2048]: 2048
> G.SHDSL maximum line rate (Value must be multiple of 64, except 2312kbps,
192~5696,2312 kbps)[2048]: 2048
> Power Spectral Density mode (1--symmetric;2--asymmetric)[1]:
> Transmission mode (1--G.991.2 Annex A;2--G.991.2 Annex B;3--support Annex A&B)
[3]: 1
> Remote enable (1--enabled;2--disabled)[1]:
> Probe enable (1--disabled;2--enabled)[1]:
> Do you config the target SNR margin?(y/n)[n]:y
> Downstream current target SNR margin(0~10 db)[0]: 3
> Downstream worst case target SNR margin(0~10 db)[0]: 2
> Upstream current target SNR margin(0~10 db)[0]: 9
> Upstream worst case target SNR margin(0~10 db)[0]: 8
> Target SNR margin bitmap(0x01~0x0f,bit0--down current,bit1-down worst,
bit2--up current,bit3--up worst)[1]:
Add profile 2 successfully
Parameter Description
Table 22-5 lists the parameters of an SHDSL line profile.
Profile index You can enter a profile index or press Enter to enable the system
to allocate a profile index.
pathmode Selects line encapsulation mode. ATM and PTM are supported.
Power spectral density There are two types of PSD: symmetrical and asymmetrical.
mode
Parameter Description
Probe enable l If this function is enabled, the system implements the line probe
function to search the best line rate.
l If this function is disabled, the system skips the line rate
adaptation process to shorten the time to set up the G.SHDSL
line.
l By default, the probe function is disabled.
Downstream/Upstream l The target SNR margin is the preserved SNR margin to ensure
current target SNR normal communication in the case of line SNR deterioration.
margin The larger the target SNR margin, the less chances of occurrence
of the line error, and the safer the system can be. Meanwhile,
the larger the target SNR margin, the lower the maximum data
transmission rate.
l Therefore, the target SNR margin must be adjusted based on the
actual line conditions.
Context
There are two default alarm profiles, profile 1 and profile 100.
Configuration Flowchart
Figure 22-8 shows the flowchart for adding an SHDSL alarm profile.
Use default
parameter to create Yes
alarm profile?
No
Set loop attenuation threshold
End
Procedure
Run the shdsl alarm-profile add command to add an SHDSL alarm profile.
----End
Example
To add an SHDSL alarm profile with the index of 3, do as follows:
huawei(config)#shdsl alarm-profile add 3
During inputting,press 'Q' to quit,then settings at this time will be ignored
Do you want to name the profile (y/n) [n]:y
Please input profile name:profile-3
> Do you use the default data to create an alarm profile?(y/n)[y]:n
> Loop attenuation threshold (0~127 db)[0]:
> SNR margin threshold (0~10 db)[0]:
> ES threshold (0~900 s)[0]:
> SES threshold (0~900 s)[0]:
> CRC anomaly threshold (0~58981500)[0]:
> LOSWS threshold (0~900 s)[0]:
> UAS threshold (0~900 s)[0]:
Add profile 3 successfully
Parameter Description
Table 22-6 lists the parameters of an SHDSL alarm profile.
Parameter Description
Profile index You can enter a profile number or press Enter to enable the
system to designate a number for it. The profile index is unique,
and is in the range of 2 to 99.
Loop attenuation The system collects performance data generated within any 15-
threshold minute period. If the loop attenuation exceeds the threshold, the
system will report an alarm.
SNR margin threshold The system collects SNR related performance data generated
within any 15-minute period. If the SNR margin exceeds the
threshold, the system will report an alarm.
SES threshold The system collects SES related performance data generated
within any 15-minute period. If the accumulative SES exceeds
the threshold, the system will report an alarm.
CRC anomalies number The system collects CRC related performance data generated
threshold within any 15-minute period. If the accumulative CRC exceeds
the threshold, the system will report an alarm.
LOSWS threshold The system collects LOSW related performance data generated
within any 15-minute period. If the LOSW exceeds the
threshold, the system will report an alarm.
UAS threshold The system collects UAS related performance data generated
within any 15-minute period. If the UAS exceeds the threshold,
the system will report an alarm.
Related Operation
Table 22-7 lists the related operations for adding an SHDSL alarm profile.
Delete an SHDSL shdsl alarm-profile delete You cannot delete the default alarm
alarm profile profiles or a referenced alarm
profile.
Query an SHDSL display shdsl alarm- Run the command in privilege mode
alarm profile profile or SHDSL config mode.
Modify an SHDSL line shdsl line-profile modify The line profile is valid after being
profile modified.
Context
Pay attention to the following points:
l An SHDSL alarm profile can take effect only when it is bound to a port and the port is
activated.
l You can bind an SHDSL alarm profile to the deactivated port only.
l By default, the system uses the alarm profile bound with the port last time, or alarm profile
1 if the port is to be bound for the first time.
Procedure
Step 1 Run the alarm-config command to bind an SHDSL alarm profile with a port.
Step 2 Run the display port state command to query whether the ports has been bound with the alarm
profile.
----End
Example
To bind alarm profile 3 to port 1 of the SHDSL board in slot 0/5, do as follows:
huawei(config-if-shl-0/5)#alarm-config 1 3
Run the display port state command and you can find the ports has been bound with the alarm
profile.
huawei(config-if-shl-0/5)#display port state 1
---------------------------------------------------------------------------
Port Running Control Line Alarm Running Config Bind
ID Status Status Profile Profile Operation Operation Status
---------------------------------------------------------------------------
1 Deactivated Deactive 1 3 Normal None Normal
---------------------------------------------------------------------------
Prerequisite
The port for configuring the SHDSL multi-pair binding must be deactivated and cannot be
configured with any service port.
Context
Each SHDSL line of the MA5600 is associated with a specific channel mode, and is bound with
a line profile. A configuration table of SHDSL line profiles contains up to 103 line profiles.
Profile 1 is for activating the two-wire SHDSL port. Profile 100 is for activating the four-wire
SHDSL port. Profile 101 is for activating the six-wire SHDSL port. Profile 102 is for activating
the eight-wire SHDSL port.
In ATM port encapsulation mode, the system supports the binding of two-pair, three-pair, and
four-pair. The rates are respectively twice, three times and four times of the single-pair rate.
l The SHEB board divides the 32 ports into eight groups in turn. Each group contains four
ports. The ports for the multi-pair binding must belong to the same group.
l When configuring the SHDSL multi-pair binding, set the binding type as M-Pair. The
bound ports must be activated by a same profile simultaneously. Only the main port can
be configured. The configuration here refers to the operation of activating and deactivating
a port, configuring power backoff, and performing a loopback and canceling a loopback
on a port.
Procedure
Step 1 Run the interface shl command to enter the SHDSL mode.
Step 2 Run the port bind command to configure the SHDSL multi-pair binding.
----End
Example
To configure ports 0, 1 and 2 of the SHDSL board in slot 0/5 as three-pair, and to add the main
port to a service port, do as follows:
huawei(config)#interface shl 0/5
huawei(config-if-shl-0/5)#port bind m-pair 0-2
The M-Pair binding of port 0-2 is successful
huawei(config)#service-port vlan 10 shdsl mode atm 0/5/0 vpi 0 vci 35 multi-serv
ice user-encap pppoe rx-cttr 7 tx-cttr 7
Related Operation
Table 22-8 lists the related operation for configuring the SHDSL multi-pair binding.
Table 22-8 Related operation for configuring the SHDSL multi-pair binding
Prerequisite
The port for configuring the SHDSL EFM multi-port binding must be deactivated and cannot
be configured with any service port.
Context
Each SHDSL line of the MA5600 is associated with a specific channel mode, and is bound with
a line profile. A configuration table of SHDSL line profiles contains up to 103 line profiles.
Profile 103 is used to activate the port that is for EFM multi-port binding.
In the PTM port encapsulation mode, the system supports the binding of up to four ports. The
rate is the summation of the ports.
l The SHEB board divides the 32 ports into eight groups in turn. Each group contains four
ports. The ports for the EFM multi-port binding must belong to the same group.
l When you configure the SHDSL EFM multi-port binding, set the binding type as EFM.
The bound ports are independent from each other. You need to configure the parameters
of each port respectively. The configuration here refers to the operation of activating and
deactivating a port, configuring power backoff, and performing a loopback and canceling
a loopback on a port.
Procedure
Step 1 Run the interface shl command to enter the SHDSL mode.
Step 2 Run the port bind command to configure the SHDSL EFM multi-port binding.
----End
Example
To configure ports 0, 1 and 2 of the SHDSL board in slot 0/5 as EFM multi-port binding, and
to add service ports to each port respectively, do as follows:
huawei(config)#interface shl 0/5
huawei(config-if-shl-0/5)#port bind efm 0-2
The EFM bonding of port 0-2 is successful
huawei(config)#service-port vlan 10 shdsl mode ptm 0/5/0 multi-serv
ice user-encap pppoe rx-cttr 1 tx-cttr 1
huawei(config)#service-port vlan 10 shdsl mode ptm 0/5/1 multi-serv
ice user-encap pppoe rx-cttr 1 tx-cttr 1
huawei(config)#service-port vlan 10 shdsl mode ptm 0/5/2 multi-serv
ice user-encap pppoe rx-cttr 1 tx-cttr 1
Related Operation
Table 22-9 lists the related operation for configuring the SHDSL EFM multi-port binding.
Table 22-9 Related operation for configuring the SHDSL EFM multi-port binding
Prerequisite
There is a suitable SHDSL line profile.
Context
l Activating (or activation) refers to the training between the STU-C and the STU-R. During
the training process, the system will check the line distance and line state based on settings
included in the line profile, such as upstream/downstream line rate and SNR margin. The
STU-C negotiates with the STU-R to check whether the devices can work well under the
existing conditions.
l If the training succeeds, the STU-C can communicate with the STU-R. At the moment, the
port works in activated state, and is ready for service delivery.
l When the STU-R is online, the activation process ends after the completion of the training.
When the STU-R gets offline, the communication is terminated, and the ATU-C is in the
listening state. Once the STU-R gets online, the training process begins automatically.
When the training succeeds, the port is activated.
l Before transmitting service traffic, an SHDSL port must be activated.
l If no profile index is entered during the activation operation, the system uses the profile
bound with the port last time to activate the port. If a port is to be activated for the first
time, the system uses the default line profile, namely profile 1.
l If you intend to use new parameters for an activated port, you must deactivate the port first,
and then activate it using the profile with the desired parameters.
Procedure
Step 1 Run the activate command to activate an SHDSL port.
Step 2 Run the display port state command to query the information of the SHDSL port.
----End
Example
To activate the SHDSL port 0 in slot 0/5 using line profile 1, do as follows:
huawei(config-if-shl-0/5)#activate 0 1
Run the display port state command to query the SHDSL port information.
huawei(config-if-shl-0/5)#display port state 0
---------------------------------------------------------------------------
Port Running Control Line Alarm Running Config Bind
ID Status Status Profile Profile Operation Operation Status
---------------------------------------------------------------------------
0 Activated Active 1 1 Normal None Normal
---------------------------------------------------------------------------
Related Operation
Table 22-10 lists the related operations for activating an SHDSL port.
Context
l An SHDSL port may be in activating, activated, deactivated or loopback state.
l Figure 22-9 shows the inter-conversion between the states.
Procedure
Run the display port state command to query the SHDSL port state.
----End
Example
To query the configuration and running status of the port 0/5/0, do as follows:
huawei(config-if-shl-0/5)#display port state 0
--------------------------------------------------------------------------
Port Running Control Line Alarm Running Config Bind
ID Status Status Profile Profile Operation Operation Status
--------------------------------------------------------------------------
0 Activating Active 1 1 Normal None Normal
--------------------------------------------------------------------------
Context
The SHDSL port clock modes include:
The network synchronization reference (NSR) clock mode takes effect only when the port is
reactivated.
The SHEA board supports the configuration of the board level clock mode, but does not support
that of the port level clock mode.
The SHEB boars supports the configuration of the port level clock mode, but does not support
that of the board level clock mode.
Procedure
Step 1 For the SHEA board, configure the board level clock mode as follows:
1. Run the set clockmode command to configure the clock mode.
2. Run the display clockmode command to display the configured clock mode.
Step 2 For the SHEB board, configure the port level clock mode as follows:
1. Run the shdsl line-profile quickadd command to configure the clock mode when adding
a profile.
2. Run the deactivate command to deactivate the port whose clock mode needs to be
configured.
3. Run the activate command to activate the port whose clock mode needs to be configured.
----End
Example
To configure the clock mode of the SHEA board in slot 0/5 as system clock synchronization
mode, do as follows:
huawei(config-if-shl-0/5)#set clockmode system
The new clockmode will not take effect until the port is activated again.
Are you sure to set clockmode? (y/n)[n]:y
huawei(config-if-shl-0/5)#display clockmode
Clock mode: System
To configure the clock mode of port of the SHEB board as system clock synchronization mode,
do as follows:
huawei(config-if-shl-)#shdsl line-profile quickadd
{ profile-index<U><2,99>|line<K>|ptm<K> }:3
{ line<K>|ptm<K> }:line
{ two-wire<K>|four-wire<K>|six-wire<K>|eight-wire<K> }:two-wire
{ <cr>|rate<K>|psd<K>|transmission<K>|remote<K>|probe<K>|clockmode<K>|snr-margin
<K>|name<K> }:clockmode
{ clockmode<E><free-run,system> }:system
{ <cr>|snr-margin<K>|name<K> }:
Command:
shdsl line-profile quickadd 3 line two-wire clockmode system
Add profile 3 successfully
huawei(config-if-shl-)#deactivate 0
Deactivate port 0 successfully
huawei(config-if-shl-)#activate 0 3
Send the command to activate port 0 successfully
This chapter describes the VDSL2 technology and how to configure the VDSL2 service on the
MA5600.
23.1 Overview
The section describes the service description and service specifications of VDSL2 service.
23.2 Configuration Example of the VDSL2 PPPoE/IPoE Service
This example shows how to configure the VDSL2 PPPoE/IPoE service so that the user can access
the Internet through the VDSL2 lines in the PPPoE/IPoE mode.
23.3 Configuration Example of the VDSL2 IPoA Service
This example shows how to configure the VDSL2 IPoA service so that the user can access the
Internet through the VDSL2 lines in the IPoA mode.
23.4 Configuration Example of the VDSL2 PPPoA Service
This example shows how to configure the VDSL2 PPPoA service so that the user can access the
Internet through the VDSL2 lines in the PPPoA mode.
23.5 Adding a VDSL2 Line Profile
This operation enables you to add a VDSL2 line profile so as to include the majority of
parameters of all the VDSL2 ports in a line profile.
23.6 Adding a VDSL2 Channel Profile
This operation enables you to add a VDSL2 channel profile.
23.7 Adding a VDSL2 Line Template
This operation enables you to add a VDSL2 line template. The line profile binds the specified
line profile and channel profile. Use the line profile to activate ports.
23.8 Adding a VDSL2 Line Alarm Profile
This operation enables you to configure a VDSL2 line alarm profile so as to include the majority
of parameters of all the VDSL2 ports in a line alarm profile. After the alarm profile is configured
successfully, it can be directly used to activate the ports.
23.9 Adding a VDSL2 Channel Alarm Profile
This operation enables you to add a channel alarm profile containing alarm thresholds for channel
parameters.
23.1 Overview
The section describes the service description and service specifications of VDSL2 service.
Service Description
Very High Speed DSL2 (VDSL2) adopts symmetric or asymmetric transmission mode, with the
reach distance of up to 3.5 km.
For details on VDSL2, refer to the chapter "VDSL2 Access" in the Feature Description.
Service Specifications
l The MA5600 provides the VDSL2 service through the VDEA board or the VDBD board.
l An MA5600 shelf can house up to 14 VDSL2 boards. With each VDSL2 board providing
32 VDSL2 ports, a shelf supports up to 448 VDSL2 subscribers.
Prerequisite
l The network devices and lines are in the normal state.
l The VDEA board works in the normal state.
l The upper layer router of the MA5600 has assigned the corresponding VLAN to the VDSL2
subscriber.
Context
The MA5600 can restrict the user bandwidth through the configured traffic profile or the
configured VDSL2 line profile. If the two profiles work together, the user bandwidth is the
minimum value defined in the two profiles.
Networking
Figure 23-1 shows a sample network for configuring the VDSL2 PPPoE/IPoE service.
Figure 23-1 Sample network for configuring the VDSL2 PPPoE/IPoE service
Internet
10.1.1.1/24 Router
V CON
ETH
D MON
E
A GE 0/7/0
SCU MA5600
PPPoE/IPoE access
Modem
PC
Data Plan
Table 23-1 lists the data plan for configuring the VDSL2 PPPoE/IPoE service.
Table 23-1 Data plan for configuring the VDSL2 PPPoE/IPoE service
Item Data Remarks
Alarm profile Alarm profile index: 1 (the default Configure the alarm threshold of
profile) the line parameter in the alarm
profile. By binding the threshold to
a port, you can monitor the
conditions of the lines connecting
to the port.
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
Configuration Flowchart
Figure 23-2 shows the flowchart for configuring the VDSL2 PPPoE/IPoE service.
Start
No
Is there
an appropriate traffic
profile?
Yes Add a traffic profile
No
Is the port activated?
Yes
Yes
Is there No
an appropriate line
profile?
Is there No
an appropriate alarm
profile?
End
Procedure
Step 1 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports
in Batches" to add service ports in batches.
NOTE
l If the default alarm profile is not adopted and you need to adopt alarm profile 2, run the vdsl alarm-
template add 2 command to add alarm profile 2, and then run the alarm-config 0 2 command to bind
the profile with the VDSL2 port.
l A VDSL2 alarm profile takes effect only when it is bound with a port. By default, each port is bound
with alarm profile 1.
----End
Result
After the configuration, the user can access the Internet in the PPPoE/IPoE mode.
Prerequisite
l The network devices and lines are in the normal state.
l The VDEA board works in the normal state.
l The upper layer router of the MA5600 has assigned the corresponding VLAN to the VDSL2
subscriber.
Context
l With the development of the IP network, IP access becomes the mainstream access mode
in DSLAMs. To be compatible with the user side modems that adopt the ATM as the access
mode, the MA5600 supports the conversion between the IPoA protocol and the PPPoA
protocol and that between the IPoE and the PPPoE protocol, and enables IPoA/PPPoA users
to transparently access the upper layer IP network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l The MA5600 can restrict the user bandwidth through the configured traffic profile or the
configured VDSL2 line profile. If the two profiles work together, the user bandwidth is the
minimum value defined in the two profiles.
l In the case of IPoA access, select the dynamic IP address (without specifying the source
IP address) or the static IP address (specifying the source IP address) for the packets. To
switch from a dynamic address to a static address in the IPoA mode, you must adopt LLC-
Bridge encapsulation first, and then adopt the IPoA static address encapsulation.
Networking
Figure 23-3 shows a sample network for configuring the VDSL2 IPoA service.
Figure 23-3 Sample network for configuring the VDSL2 IPoA service
Internet
10.1.1.1/24 Router
V CON
ETH
D MON
E
A GE 0/7/0
SCU MA5600
IPoA access
Modem
PC
Data Plan
Table 23-2 lists the data plan for configuring the VDSL2 IPoA service.
Table 23-2 Data plan for configuring the VDSL2 IPoA service
Item Data Remarks
Alarm profile Alarm profile index: 1 (the default Configure the alarm threshold of
profile) the line parameter in the alarm
profile. By binding the threshold to
a port, you can monitor the
conditions of the lines connecting
to the port.
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
Configuration Flowchart
Figure 23-4 shows the flowchart for configuring the VDSL2 IPoA service.
Start
No
Is there
an appropriate traffic
profile?
Yes Add a traffic profile
No
Yes
Is there No
an appropriate line
Yes profile?
Add a line profile
Is there No
an appropriate alarm
Yes profile?
End
NOTE
When adding a service port, you can select the ATM or PTM as the data path mode. The PTM data path
mode does not support the PPPoA and IPoA modes.
Procedure
Step 1 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
Step 2 Create VLAN 10, and add upstream port 0/7/0 to it.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/7 0
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports in
Batches" to add service ports in batches.
> 8 ranges:
> Will you set mode-specific parameters? (y/n) [n]:y
> Current configured modes:
> 1-defmode
> Please select 1-Add 2-Modify 3-Save and quit [3]:1
> 2-adsl 3-adsl2Pots 4-adsl2Isdn
> 5-adsl2PlusPots 6-adsl2PlusIsdn 7-adsl2ReachExtended
> 8-vdsl2Pots 9-vdsl2Isdn
> Please select [2]:7
> Maximum nominal aggregate transmit power downstream
> (0~205 0.1dBm) [145]:
> Maximum nominal aggregate transmit power upstream
> (0~205 0.1dBm) [145]:
> Will you set PSD mask value downstream parameter? (y/n) [n]:
> Will you set PSD mask value upstream parameter? (y/n) [n]:
> Current configured modes:
> 1-defmode 7-adsl2ReachExtended
> Please select 1-Add 2-Modify 3-Delete 4-Save and quit [4]:
Add profile 3 successfully
Bind the configured line profile with the channel profile. Suppose that the index of the line profile
is 3.
huawei(config)#vdsl line-template add 3
Start adding template
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the template (y/n) [n]:
> Please set the line-profile index (1~128) [1]:3
> Will you set channel configuration parameters? (y/n) [n]:y
> Please set the channel number (1~2) [1]:
> Channel1 configuration parameters:
----End
Result
After the configuration, the user can access the Internet in the IPoA mode.
Prerequisite
l The network devices and lines are in the normal state.
l The VDEA board works in the normal state.
l The upper layer router of the MA5600 has assigned the corresponding VLAN to the VDSL2
subscriber.
Context
l With the development of the IP network, IP access becomes the mainstream access mode
in DSLAMs. To be compatible with the user side modems that adopt the ATM as the access
mode, the MA5600 supports the conversion between the IPoA protocol and the PPPoA
protocol and that between the IPoE and the PPPoE protocol, and enables IPoA/PPPoA users
to transparently access the upper layer IP network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l The MA5600 can restrict the user bandwidth through the configured traffic profile or the
configured VDSL2 line profile. If the two profiles work together, the user bandwidth is the
minimum value defined in the two profiles.
Networking
Figure 23-5 shows a sample network for configuring the VDSL2 PPPoA service.
Figure 23-5 Sample network for configuring the VDSL2 PPPoA service
Internet
10.1.1.1/24 Router
V CON
ETH
D MON
E
A GE 0/7/0
SCU MA5600
PPPoA access
Modem
PC
Data Plan
Table 23-3 lists the data plan for configuring the VDSL2 PPPoA service.
Table 23-3 Data plan for configuring the VDSL2 PPPoA service
Alarm profile Alarm profile index: 1 (the default Configure the alarm threshold of
profile) the line parameter in the alarm
profile. By binding the threshold to
a port, you can monitor the
conditions of the lines connecting
to the port.
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
Configuration Flowchart
Figure 23-6 shows the flowchart for configuring the VDSL2 PPPoA service.
Start
No
Is there
an appropriate traffic
profile?
Yes Add a traffic profile
No
Is the port activated?
Yes
Yes
Is there No
an appropriate line
profile?
Is there No
an appropriate alarm
profile?
End
NOTE
When adding a service port, you can select the ATM or PTM as the data path mode. The PTM data path
mode does not support the PPPoA and IPoA modes.
Procedure
Step 1 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
Step 2 Create VLAN 10, and add upstream port 0/7/0 to it.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/7 0
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports in
Batches" to add service ports in batches.
Bind the configured line profile with the channel profile. Suppose that the index of the line profile
is 3.
huawei(config)#vdsl line-template add 3
Start adding template
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the template (y/n) [n]:
> Please set the line-profile index (1~128) [1]:3
> Will you set channel configuration parameters? (y/n) [n]:y
> Please set the channel number (1~2) [1]:
> Channel1 configuration parameters:
> Please set the channel-profile index (1~128) [1]:3
Add template 3 successfully
l If the default alarm profile is not adopted and you need to adopt alarm profile 2, run the vdsl alarm-
template add 2 command to add alarm profile 2, and then run the alarm-config 0 2 command to bind
the profile with the VDSL2 port.
l A VDSL2 alarm profile takes effect only when it is bound with a port. By default, each port is bound
with alarm profile 1.
----End
Result
After the configuration, the user can access the Internet in the PPPoA mode.
Context
l Up to 128 line profiles can be added for the MA5600. Line profile 1 is the default, which
can be modified but cannot be deleted.
l When the downstream channel mode is fixed, the downstream maximum rate must be equal
to the minimum rate.
l When setting the upstream/downstream SNR margin, make sure that the settings comply
with mini. SNR margin ≤ target SNR margin ≤ max. SNR margin.
Configuration Flowchart
Figure 23-7 shows the flowchart for adding a VDSL2 line profile.
Start
Yes Yes
Set VDSL tone blackout
Set the line profile configuration parameter
Yes
Set target SNR margin
Set PSD mask value No
downstream
downstream parameter?
Set minimum SNR margin
downstream
Yes
Set maximum SNR margin Set PSD mask value downstream
downstream parameter
Yes
Set RFI notch
End
configuration parameter
Procedure
Step 1 Run the vdsl line-profile add command to add a VDSL2 line profile.
Step 2 Run the display vdsl line-profile command to query the added VDSL2 line profile.
----End
Command:
display vdsl line-profile 3
------------------------------------------------------------------------------
Profile index: 3 Name: VDSL LINE PROFILE 3
Transmission mode:
T1.413 G.992.1(Annex A/B/C)
G.992.2(Annex A/C) G.992.3(Annex A/B/I/J/L)
G.992.4(Annex A/I) G.992.5(Annex A/B/I/J)
G.993.2(Annex A/B/C)
Form of transmit rate adaptation downstream : AdaptAtStartup
Form of transmit rate adaptation upstream : AdaptAtStartup
Target SNR margin downstream(0.1dB) : 60
Minimum downstream SNR margin(0.1dB) : 0
Maximum downstream SNR margin(0.1dB) : 300
Target SNR margin upstream(0.1dB) : 60
Minimum SNR margin upstream(0.1dB) : 0
Maximum SNR margin upstream(0.1dB) : 300
UPBO US1 band reference PSD parameters[a, b] : 1650,1020
UPBO US2 band reference PSD parameters[a, b] : 1650,615
UPBO US3 band reference PSD parameters[a, b] : 0,0
UPBO use of electrical length to compute UPBO : Auto
RFI notch configuration:
Number Start Tone Stop Tone Start Frequency End Frequency
(KHz) (KHz)
1 1 20 4.3 90.5
2 50 100 215.6 435.5
3 400 700 1725.0 3023.0
4 1000 2000 4312.5 8629.3
<defmode>
G.993.2 profile : Profile12a
VDSL2 PSD class mask : AnnexB998-M1x-A(B8-1)
Parameter Description
Table 23-4 lists the parameters of a VDSL2 line profile.
VDSL2 transmission Currently, there are six VDSL2 working modes: All
mode l 0: Custom
l 1: All (G992.1~5,T1.413, G993.2)
l 2: Full rate(G992.1/3/5, T1.413, G993.2)
l 3: g.dmt (G992.1/3/5, G993.2)
l 4: g.hs (G992.1~5, G993.2)
l 5: ADSL (G.992.1~5, T1.413)
l 6: VDSL (G993.2)
The form of transmit rate Options include 1-fixed and 2-adaptAtStartup. AdaptAtS
adaptation upstream/ l In fixed mode, the line must be activated with the tartup
downstream specified downstream activation rate. mode
l In adaptAtStartup mode, after the line training,
the downstream activation rate is between the
minimum activation rate and the maximum
activation rate, but cannot change during the
showtime. Otherwise, the line must be trained
again.
Maximal SNR margin in In the process of VDSL2 connection setup, if the 300 dB
downstream/upstream calculated target SNR margin of a VDSL2 line is
higher than the preset maximum SNR margin, the
system will limit the downstream maximum SNR
margin to the preset maximum value.
Target SNR margin in The target SNR margin is the preserved SNR margin 60 dB
downstream/upstream to ensure normal communication in the case of line
SNR deterioration. If the target SNR margin is large
enough, the chance of the occurrence of the line
error is reduced. Even if the system is the safer, the
rate of data transmission is low. Therefore, the target
SNR margin must be adjusted based on the actual
line conditions.
PSD mask value The PSD mask defines the PSD of a series of Null for
upstream/downstream breakpoints of transmit frequency bands. Determine both
the PSD of each sub-carrier by interpolation upstream
between two breakpoints. There are up to 16 and
upstream breakpoints and there are up to 32 downstrea
downstream breakpoints. m PSD.
PBO control upstream This function guarantees that the SNR margin at the Auto
upstream channel receiver meets the upstream PSD
mask requirements but reduces the transmit power.
Related Operation
Table 23-5 lists the related operations for adding a VDSL2 line profile.
Delete a VDSL2 line vdsl line-profile delete You cannot delete the default line
profile profiles or a referenced line
profile.
Modify a VDSL2 line vdsl line-profile modify After modification, the system
profile prompts that the modified profile
takes effect immediately.
Quickly add a VDSL2 vdsl line-profile quickadd The system adopts non-
line profile interactive mode for the input of
the parameter of the command.
The command serves as a
complement to the vdsl line-
profile quickadd command.
Context
l The system has a default channel profile. The parameters in the default profile are the data
for reference. You can create channel profiles according to the line conditions.
l The created channel profiles are numbered from 2 to 128. You can specify the index or
press Enter to enable the system to allocate an index.
l You can type in parameters in interactive mode.
Configuration Flowchart
Figure 23-8 shows the flowchart for adding a VDSL2 channel profile.
Start
Set interleaved delay No
for modem?
No Yes
Name the profile?
Set maximum interleaved delay
downstream
Yes
Start
Procedure
Step 1 Run the vdsl channel-profile add command to add a VDSL2 channel profile.
Step 2 Run the display vdsl channel-profile command to query the added channel profile.
----End
Example
To add VDSL2 channel profile 2, do as follows:
Add VDSL2 channel profile 2.
huawei(config)#vdsl channel-profile add 2
Start adding profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
> Data path mode 1-ATM, 2-PTM, 3-Both (1~3) [3]:
> Will you set the minimum impulse noise protection? (y/n) [n]:y
> Minimum impulse noise protection downstream:
> 1-noProtection 2-halfSymbol 3-singleSymbol 4-twoSymbols
> 5-threeSymbols 6-fourSymbols 7-fiveSymbols 8-sixSymbols
> 9-sevenSymbols 10-eightSymbols 11-nineSymbols 12-tenSymbols
> 13-elevenSymbols 14-twelveSymbols 15-thirteenSymbols 16-fourteenSymbols
> 17-fifteenSymbols 18-sixteenSymbols
> Please select (1~18) [1]:
> Minimum impulse noise protection upstream:
> 1-noProtection 2-halfSymbol 3-singleSymbol 4-twoSymbols
> 5-threeSymbols 6-fourSymbols 7-fiveSymbols 8-sixSymbols
> 9-sevenSymbols 10-eightSymbols 11-nineSymbols 12-tenSymbols
> 13-elevenSymbols 14-twelveSymbols 15-thirteenSymbols 16-fourteenSymbols
> 17-fifteenSymbols 18-sixteenSymbols
> Please select (1~18) [1]:
> Will you set interleaving delay parameters? (y/n) [n]:y
> Maximum interleaving delay downstream (0~200 ms) [20]:
> Maximum interleaving delay upstream (0~200 ms) [20]:
> Will you set parameters for rate? (y/n) [n]:y
> Minimum transmit rate downstream (128~100000 Kbps) [128]:
> Maximum transmit rate downstream (128~100000 Kbps) [100000]:
> Minimum transmit rate upstream (128~100000 Kbps) [128]:
> Maximum transmit rate upstream (128~100000 Kbps) [100000]:
Add profile 2 successfully
Command:
display vdsl channel-profile 2
------------------------------------------------------------------------------
Profile index: 2 Name: VDSL CHANNEL PROFILE 2
Data path mode : Both
Minimum impulse noise protection downstream : NoProtection
Minimum impulse noise protection upstream : NoProtection
Maximum interleaving delay downstream(ms) : 20
Maximum interleaving delay upstream(ms) : 20
Minimum transmit rate downstream(Kbps) : 128
Maximum transmit rate downstream(Kbps) : 100000
Minimum transmit rate upstream(Kbps) : 128
Maximum transmit rate upstream(Kbps) : 100000
------------------------------------------------------------------------------
Data path mode If the set mode is different from the mode supported -
by the physical line, guarantee that the line activation
with priority, and set adapting the board to the mode
supported.
Minimum transmit Ranges from 128 kbit/s to 100000 kbit/s. 128 kbit/s
rate downstream/
upstream
Maximum transmit Ranges from 128 kbit/s to 100000 kbit/s. 100000 kbit/s
rate downstream/
upstream
Related Operation
Table 23-7 lists the related operations for adding a VDSL2 channel profile.
Delete a VDSL2 vdsl channel-profile delete You cannot delete the default
channel profile channel profiles or a referenced
channel profile.
Quickly add a VDSL2 vdsl channel-profile quickadd The system adopts non-
channel profile interactive mode for the input
of the parameter of the
command. The command
serves as a complement to the
vdsl channel-profile add
command.
Prerequisite
The line profile and the channel profile have been configured.
Context
l The system has a default line template. The parameters in the default profile are the data
for reference. You can create line profile according to the line conditions.
l The created channel profiles are numbered from 2 to 128. When creating a profile, you
can specify the index or press Enter to enable the system to allocate an idle index.
l You can type in parameters in interactive mode.
Procedure
Step 1 Run the vdsl line-template add command to add a VDSL2 line template.
Step 2 Run the display vdsl line-template command to query the added line template.
----End
Command:
display vdsl line-template 2
------------------------------------------------------------------------------
Template index: 2 Name: VDSL LINE TEMPLATE 2
Line profile index : 3
Channel1 profile index : 2
Channel1 rate adaptation ratio downstream : -
Channel1 rate adaptation ratio upstream : -
------------------------------------------------------------------------------
Parameter Description
Table 23-8 lists the parameters of a VDSL2 line template.
Profile index You can enter a line template index, or press Enter to enable the system
to allocate a profile index. The profile index is unique.
Profile name You can enter a name or press Enter to enable the system to allocate
a profile name.
Channel number This enables you to set the number of channels the line supports. You
can configure the second channel only after you have configured the
first channel.
When modifying the line template, if you input a channel number that
is different from the last channel number, the system considers that
you will reconfigure the following channel number, and then the
configured parameters will be cleared.
Related Operation
Table 23-9 shows the related operations for configuring a VDSL2 line template.
Delete a VDSL2 line vdsl line-template delete You cannot delete a referenced
template extended line profile.
Quickly add a VDSL2 line vdsl line-template The system adopts non-interactive
template quickadd mode for the input of the parameter
of the command. The command
serves as a complement to the vdsl
line-template add command.
Context
l The VDSL2 line alarm profile contains a series of alarm thresholds to measure and monitor
the performance of an activated VDSL2 line. When a statistic reaches the threshold, the
MA5600 sends the alarm to the log host and the NMS.
l When configuring a VDSL2 line alarm profile, you cannot delete profile 1, but you can
modify it. The created line alarm profiles are numbered 2–50.
Configuration Flowchart
Figure 23-9 shows the flowchart for adding a VDSL2 line alarm profile.
Start
No
Name the profile?
No
Set the line
thresholds for CPE?
Yes
Yes
Set the number of severely errored
Set the number of forward error
seconds
correction seconds
End
Set the number of unavailable
seconds
Procedure
Step 1 Run the vdsl alarm-profile add command to add a VDSL2 line alarm profile.
Step 2 Run the display vdsl alarm-profile command to query the added VDSL2 line alarm profile.
----End
Example
To add a VDSL2 line alarm profile, do as follows:
Add VDSL2 line alarm profile 2.
huawei(config)#vdsl alarm-profile add 2
Start adding profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
> Will you set the line thresholds for CO? (y/n) [n]:y
Command:
display vdsl alarm-profile 2
------------------------------------------------------------------------------
Profile index: 2 Name: VDSL ALARM PROFILE 2
<CO>
The number of forward error correction seconds : 10
The number of errored seconds : 0
The number of severely errored seconds : 0
The number of loss of signal seconds : 0
The number of unavailable seconds : 0
<CPE>
The number of forward error correction seconds : 10
The number of errored seconds : 0
The number of severely errored seconds : 0
The number of loss of signal seconds : 0
The number of unavailable seconds : 0
The number of failed full initialization : 5
------------------------------------------------------------------------------
Profile index You can enter a profile index or press Enter to enable the system
to designate an index for it. The profile index is unique.
Forward error correction Within the 15-minute performance data collection period, if the
seconds forward error correction seconds exceed the threshold, an alarm
is reported. Otherwise, no alarm is reported.
Errored seconds Within the 15-minute performance data collection period, if the
errored seconds exceed the threshold, an alarm is reported.
Otherwise, no alarm is reported.
Severely errored seconds Within the 15-minute performance data collection period, if the
severely errored seconds exceed the threshold, an alarm is
reported. Otherwise, no alarm is reported.
Parameter Description
Loss of signal seconds Within the 15-minute performance data collection period, if the
loss of signal seconds exceeds the threshold, an alarm is
reported. Otherwise, no alarm is reported.
The number of unavailable Within the 15-minute performance data collection period, if the
seconds number of unavailable seconds exceeds the threshold, an alarm
is reported. Otherwise, no alarm is reported.
Failed full initialization Within the 15-minute performance data collection period, if the
failed full initialization times exceed the threshold, an alarm is
reported. Otherwise, no alarm is reported.
Related Operation
Table 23-11 shows the related operations for adding a VDSL2 line alarm profile.
Table 23-11 Related operations for adding a VDSL2 line alarm profile
Delete a VDSL2 line vdsl alarm-profile You cannot delete the default line alarm
alarm profile delete profiles or a referenced alarm profile.
Modify a VDSL2 line vdsl alarm-profile After modification, the system prompts
alarm profile modify that the modified profile takes effect
immediately.
Context
You cannot delete channel alarm profile 1, but you can modify it. The created alarm profiles are
numbered 2 to 50.
Configuration Flowchart
Figure 23-10 shows the flowchart for adding a VDSL2 channel alarm profile.
Start
set the channel No
thresholds for the CPE?
No
Name the profile? Yes
Set the number of coding
violations counts
Yes
Procedure
Step 1 Run the vdsl channel-alarm-profile add command to add a VDSL2 channel alarm profile.
Step 2 Run the display vdsl channel-alarm-profile command to query the added VDSL2 channel
alarm profile.
----End
Example
To add channel alarm profile 2, do as follows:
Add channel alarm profile 2.
huawei(config)#vdsl channel-alarm-profile add 2
Start adding profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
> Will you set the channel thresholds for CO? (y/n) [n]:y
> The number of coding violations counts (0~60000) [0]:10
> The number of corrected blocks counts (0~60000) [0]:
> Will you set the channel thresholds for CPE? (y/n) [n]:y
> The number of coding violations counts (0~60000) [0]:10
> The number of corrected blocks counts (0~60000) [0]:10
> The threshold of channel monitoring rate downstream
The number of coding violations Within the 15-minute performance data collection
counts period, if the number exceeds the set threshold, an
alarm is reported. 0 indicates no alarm is needed.
The number of corrected blocks counts Within the 15-minute performance data collection
period, if the number exceeds the set threshold, an
alarm is reported. 0 indicates no alarm is needed.
The threshold of channel monitoring If the activation rate of the current channel does not
rate upstream/downstream reach the set threshold, an alarm is reported. 0
indicates no alarm is needed.
Related Operation
Table 23-13 lists the related operations for adding a VDSL2 alarm profile.
Table 23-13 Related operations for adding a VDSL2 channel alarm profile
To... Run the Command... Remarks
Delete a VDSL2 vdsl channel-alarm- You cannot delete the default channel
channel alarm profile profile delete alarm profiles and a reference channel
alarm profile.
Prerequisite
The required line alarm profile and channel alarm profile has been configured.
Context
l The new alarm template binds the specified line alarm profile and channel alarm profile.
l If you do not specify the line alarm profile and alarm profile, the alarm template binds the
default line alarm profile and the channel alarm profile.
Procedure
Step 1 Run the vdsl alarm-template add command to add a VDSL2 alarm template.
Step 2 Run the display vdsl alarm-template command to query the VDSL2 alarm template.
----End
Parameter Description
Table 23-14 lists all parameters of a VDSL2 alarm template.
Profile index You can enter an alarm template index, or press Enter to
enable the system to allocate a profile index. The profile
index is unique.
Profile name You can enter a name or press Enter to enable the system
to allocate a profile name.
Line alarm profile index The index of the configured line alarm profile.
Channel number l This enables you to set the number of channels the line
supports.
l You can configure the second channel only after you have
configured the first one.
l When modifying the alarm template, if you input a
channel number that is different from the last, the system
considers that you will reconfigure the following channel
number, and then the configured parameters will be
cleared.
Channel alarm profile index The index of the configured channel alarm profile.
Related Operation
Table 23-15 lists the related operations for adding a VDSL2 alarm template.
Delete a VDSL2 alarm vdsl alarm-template delete You cannot delete the default
template alarm profile and the referenced
alarm profile .
Context
l The thresholds in the VDSL2 alarm template take effect only after the template is bound
with a port and the port is activated.
l By default, a port is bound with alarm template 1 and all the alarm thresholds in the template
are 0.
Procedure
Step 1 Run the alarm-config command to bind an alarm template with a port.
Step 2 Run the display port state command to query the binding between the alarm template and the
port.
----End
Example
To bind alarm template 2 with port 1 of the VDSL2 board in 0/5, do as follows:
huawei(config-if-vdsl-0/5)#alarm-config 1 2
huawei(config-if-vdsl-0/5)#display port state 1
-----------------------------------------------------------------
Port Status Loopback Line Template Alarm Template
-----------------------------------------------------------------
1 Activating Disable 1 2
-----------------------------------------------------------------
Prerequisite
The VDSL2 line template has been configured.
Context
Activation refers to the training between the VTU-C and VTU-R. During the training process,
the system checks the line distance and line status based on settings included in the line profile,
such as upstream/downstream line rate and SNR margin. The VTU-C negotiates with VTU-R
to check whether the system can work in the normal state under the existing conditions.
l To activate a VDSL2 port, you need bind it with a VDSL2 line template. If the template is
not specified, the system uses the profile bound wit the port last time to activate a VDSL2
port.
l If the training succeeds, the VTU-C can communicate with VTU-R. At the moment, the
port works in activated state, and is ready for service data communication.
l When the VTU-R is online, the activation process ends after the completion of the training.
When the VTU-R gets offline, the communication is terminated, and the VTU-C is in
listening state. Once the VTU-T gets online, the training process begins automatically.
When the training succeeds, the port is activated.
Procedure
Step 1 Run the active command to activate all port on the service board.
Step 2 Run the display port state command to query the port status and the line profile bound to it.
----End
Example
To activate all port on the VDSL2 board in slot using line profile 1, do as follows:
huawei(config)#interface vdsl
huawei(config-if-vdsl-0/2)#activate all template-index 1
To query the port status and the line profile bound with it, do as follows:
huawei(config-if-vdsl-)#display port state all
-----------------------------------------------------------------
Port Status Loopback Line Template Alarm Template
-----------------------------------------------------------------
0 Activated Disable 1 1
1 Activated Disable 1 1
2 Activated Disable 1 1
3 Activated Disable 1 1
4 Activated Disable 1 1
5 Activated Disable 1 1
6 Activated Disable 1 1
7 Activated Disable 1 1
8 Activated Disable 1 1
9 Activated Disable 1 1
10 Activated Disable 1 1
11 Activated Disable 1 1
12 Activated Disable 1 1
13 Activated Disable 1 1
14 Activated Disable 1 1
15 Activated Disable 1 1
16 Activated Disable 1 1
17 Activated Disable 1 1
18 Activated Disable 1 1
19 Activated Disable 1 1
20 Activated Disable 1 1
21 Activated Disable 1 1
22 Activated Disable 1 1
23 Activated Disable 1 1
-----------------------------------------------------------------
Total number of activated port : 24
Total number of unactivated port: 0
Related Operation
Table 23-16 lists the related operations for activating a VDSL2 port.
Prerequisite
The VDSL2 line template has been configured.
Context
A VDSL2 port may be in activating, activated, deactivated or loopback state.
Procedure
Run the display port state command to query comprehensive information of a VDSL2 port.
----End
Example
Example: To query a VDSL2 port0/2/0, do as follows:
huawei(config)#interface vdsl
huawei(config-if-vdsl-)#display port state 0
-------------------------------------------------------------------
Port Status Loopback Line_template Alm_template
-------------------------------------------------------------------
0 Deactivated Local 1 1
-------------------------------------------------------------------
Related Operation
Table 23-17 lists the related operations for querying a VDSL2 port.
This chapter describes how to configure the protection for the upstream link on the MA5600.
24.1 Overview
This chapter describes the service protection mechanism of the upstream port on the MA5600.
24.2 Configuration Example of the Upstream Link Protection
This operation enables you to back up upstream links.
24.3 Configuring a Protection Group
This operation enables you to configure a protection group. When the MA5600 is disconnected
from the upper layer device physically due to some unknown causes, the MA5600 uses the
standby line to transmit the subscriber services.
24.4 Configuring the Protection Group Weight
This operation enables you to configure the protection group weight. When there are multiple
protection groups on a control board, the system judges whether to implement active-standby
switchover according to the protection group weight.
24.1 Overview
This chapter describes the service protection mechanism of the upstream port on the MA5600.
Service Description
l The broadband access service of Internet becomes more and more popular, and users
demand for both high performance and stable network access. As a result, carriers prefer
the broadband access equipment that runs stably and has better automatic protection and
self-healing capability.
l The MA5600 adopts the active/standby mechanism to ensure the normal operation of the
service. In addition, it is designed with the service protection mechanism of the upstream
port. When the MA5600 is disconnected with the upper layer device physically due to some
unknown causes, the MA5600 uses the standby line to transmit the user services.
Service Specifications
The MA5600 provides three detection modes of the active/standby switchover to achieve the
service protection of the upstream port.
l Port status detection mode: It means that the two ports of a protection group, or the ports
of the two boards are enabled. The port status determines whether to implement switchover.
l Delay detection mode: It means that only one port in a protection group is enabled, and the
other one is disabled. If the status of the port of the active control board is DOWN, disable
the port. Then, enable the port of the standby control board. If the status of the port of the
standby control board is UP, the switchover is performed. Otherwise, detection proceeds.
l Delay enhanced detection mode: It means that one port in a protection group is enabled
and the other one is disabled. If the status of the port of the active control board is DOWN,
do not disable the port. Enable the port of the standby control board directly. If the status
of the port of the standby control board is UP, the switchover is performed. Otherwise,
detection proceeds.
l Protection groups in the delay detection mode and the delay enhanced detection mode
support optical ports, and the configuration of the duration for a enabled port in standby
control board detection.
l The delay detection mode and delay enhanced detection mode support the configuration
of detection delay and detection frequency of a protection group.
l The delay detection mode and delay enhanced detection mode support the configuration
of the weight of protection groups. When there are multiple protection groups, the active/
standby switchover is performed only when the requirement is met, namely, the sum of the
weights of protection groups in the condition that the port of the active control board is
faulty and the port of the standby control board is normal is larger than that of protection
groups in the condition that the port of the active control board is normal and the port of
the standby control board is faulty.
l Link Aggregation Control Protocol (LACP) detection mode: In this mode, the link
aggregation protocol control is performed, the port fault is detected, and protection
switchover function is triggered.
Context
l The MA5600 supports three detection modes for link protection: port status detection, delay
detection mode, and delay enhanced detection mode.
l The two ports of a link protection cannot be on a same upstream board, but the port numbers
and port type of the two ports must be the same.
Networking
Figure 24-1 shows a sample network for configuring the upstream link protection.
Figure 24-1 Sample network for configuring the upstream link protection
Internet
Router
A CON
D ETH
MON
G
E
GE 0/7/1 GE 0/8/1
Mode
m
PC
Configuration Flowchart
Figure 24-2 shows the flowchart for configuring the upstream link protection.
Start
Create a VLAN
End
Data Plan
Table 24-1 shows the data plan for configuring the upstream link protection.
Table 24-1 Data plan for configuring the upstream link protection
Item Data
VLAN ID 10
Procedure
Step 1 Run the protect-group command to configure the protection group.
huawei(config)#protect
huawei(config-protect)#protect-group first 0/7/1 second 0/8/1 eth workmode
portstate
huawei(config-protect)#quit
huawei(config)#vlan 10 smart
Step 3 Run the port vlan command to add the upstream port to the VLAN.
huawei(config)#port vlan 10 0/7 1
huawei(config)#port vlan 10 0/8 1
Step 4 Run the service-port command add to a service port to the VLAN.
huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
----End
Verification
After the configuration, users can access the Internet. When the uplink of upstream port 0/7/1
fails, the system automatically transfers the services to the uplink of upstream port 0/8/1. In this
way, users can still access the Internet.
Context
The two ports in a protection group must be on different upstream ports of the upstream board
and of the same type.
The two ports in the protection group must be in the same aggregation group, and the aggregation
group must contains only the only two ports.
Procedure
Step 1 Run the protect-group command to configure a protection group.
Step 2 Run the display protect-group command to query the protection group.
----End
Example
To configure a protection group that consists of ports 0/7/1 and 0/8/1, do as follows:
huawei(config-protect)#protect-group first 0/7/1 second 0/8/1 eth workmode
portstate
huawei(config-protect)#display protect-group
---------------------------------------------------------------------------
FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0/7/1 0/8/1 Enable First MainBoard-PORT PortState
---------------------------------------------------------------------------
Related Operation
Table 24-2 lists the related operation for configuring a protection group.
Context
Only the delay detection mode and the delay enhanced detection mode support the configuration
of the protection group weight.
Procedure
Step 1 Run the protect-group command to configure the protection group on a port and configure the
protection group weight.
Step 2 Run the display protect-group command to query the protection group weight.
----End
Example
To configure the protection group on ports 0/7/1 and 0/8/1 in delay enhanced detection mode
and configure the protection group weight as 60, do as follows:
huawei(config-protect)#protect-group first 0/7/1 second 0/8/1 eth workmode timebis
weight 60
huawei(config-protect)#display protect-group
{ frame/slot<S><1,15>|<cr>|frame/slot/port<S><1,15> }:0/7/1
Command:
display protect-group 0/7/1
----------------------------------------------------------------------------------
------------
FirstIntf :0/7/1
SecondIntf :0/8/1
CurrentIntf :First
Enable :Enable
ProtectType :ETH
WorkMode :Timebis
Standby-On-Time(10ms):40
Weight :60
HoldTime(10ms) :0
----------------------------------------------------------------------------------
---------------
This chapter describes the Ethernet technology and how to configure the device subtending on
the MA5600.
25.1 Overview
The MA5600 supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This section describes the service description and service
specifications of the subtending device.
25.2 Configuration Example of the Ethernet Access Service
The MA5600 provides the basic PPP over Ethernet (PPPoE) dialup service for the users
accessing through the ETH board that works in the normal state.
25.3 Configuration Example of the Subtended Network Through the SCU Board
The example shows how to subtend two MA5600 devices.
25.4 Configuration Example of Subtending Device Through the ETHA Board
This operation enables you to subtend two MA5600 devices.
25.5 Configuring the Working Mode of the ETH Board
This operation enables you to configure the working mode of the ETH board. In the private line
access, enterprise users directly access the device through the ETH board. In this case, you need
to run the related command to configure the working mode of the ETH board as QinQ.
25.6 Configuring the Physical Attributes of an Ethernet Port
25.7 Enabling the Flow Control on an Ethernet Port
This operation enables the flow control on an Ethernet port.
25.8 Enabling the Traffic Suppression
This operation enables the traffic suppression on a port to guarantee the stable network services.
25.9 Enabling the Ethernet Port Aggregation
This operation enables Ethernet port aggregation.
25.10 Mirroring an Ethernet Port
This operation enables the mirroring function of an Ethernet port. This helps analyze the cause
of a faulty port.
25.1 Overview
The MA5600 supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This section describes the service description and service
specifications of the subtending device.
Service Description
The MA5600 supports subtended through the Ethernet port. Multiple DSLAMs at different tiers
can be subtended through the GE/FE port to extend the network coverage and satisfy the
requirements for a large capacity.
For details on the subtended network, refer to the chapter "Subtended Network
Configuration" in the Feature Description.
Service Specifications
The MA5600 provides Ethernet ports through the SCU board and ETH board.
The Ethernet ports provided by the SCU board are used for upstream service transmission and
subtended network configuration.
The ETH board also provides the basic PPPoE dialup access service.
Context
The PPPoE protocol packets of the users accessing through the ETH board are transparently
transmitted through the MA5600 to the upper layer device for authentication.
Figure 25-1 Sample network for configuring the Ethernet access service
Router
Internet
CON
ETH
E MON
T
H
A
SCU MA5600
LSW
PC
Data Plan
Table 25-2 lists the data plan for the Ethernet access service.
Item Data
VLAN ID: 10
Prerequisite
l The network devices and lines are in the normal state.
l All boards of the MA5600 are normal.
l The working mode of the ETH board is normal.
Configuration Flowchart
Figure 25-2 shows the flowchart for configuring the Ethernet access service.
Start
End
Procedure
Step 1 Create a standard VLAN.
huawei(config)#vlan 10 standard
----End
Result
After the configuration, the PCs of the access users can access the network through PPPoE
dialup.
Networking
Figure 25-3 show a sample network for configuring the subtended network.
IP
CON
ETH
MON
GE 0/7/0
GE 0/7/1
MA5600_A SCU
A
CON
D ETH
G MON
G
GE 0/7/0
GE 0/7/1
PC
Configuration Flowchart
Figure 25-4 shows the flowchart for configuring the subtended network.
Start
End
Procedure
Step 1 Create a standard VLAN.
huawei(config)#vlan 9 standard
----End
Result
After the configuration, you can configure various services through both the MA5600_A and
MA5600_B. Users of MA5600_B can access the Internet.
Prerequisite
l The network device and the line are in the normal state.
l All boards of the MA5600 are in the normal state.
l Ethernet port 0/6/0 on MA5600_A and Ethernet port 0/7/0 on MA5600_B are of the same
type, and the port rate and duplex mode is auto negotiation.
Networking
Figure 25-5 shows a sample network for subtending devices
Internet
E CON
ETH
T
H
A
GE 0/6/0 GE 0/7/0
SCU MA5600_A
A CON
ETH
D
G
G
GE 0/7/1
SCU MA5600_B
Configuration Flowchart
Figure 25-6 shows the flowchart for configuring subtending devices
Start
End
NOTE
The mentioned configuration is performed on MA5600_A. No subtending port is needed to be configured
on MA5600_B. For other configurations, they are the same on MA5600_A and MA5600_B.
Procedure
Step 1 Create a standard VLAN.
huawei(config)#vlan 10 standard
----End
Result
After the configuration, the subtended devices can be configured with services and users
connected to MA5600_B can access the Internet.
Context
l The ETH board can work in normal mode or QinQ mode. The switchover of the working
mode of the ETH board will cause the resetting of the ETH board.
l If you need to switch the working mode of the ETH board from the normal mode to the
QinQ mode, check whether the ETH board is configured with the ETH OAM and the
multicast subtending port services. If the two services are configured, the switchover of the
working mode is rejected.
l If the working mode of the ETH board is switched from the normal mode to the QinQ mode,
and the native VLAN of the subtending port is not all "1"s, the switchover of the working
mode is rejected.
l If the working mode of the ETH board is switched from the QinQ mode to the normal mode,
and the QinQ VLAN of the subtending port is not all "1"s, the switchover of the working
mode is rejected.
l If the specified port is not in the specified VLAN, the switchover of the working mode is
rejected.
Procedure
Step 1 Run the eth mode command to configure the working mode of the ETH board.
Step 2 Run the display eth mode command to query the working mode of the ETH board.
----End
Example
To configure the working mode of the ETH board residing in slot 0/6 as the QinQ mode, do as
follows:
huawei(config)#eth mode qinq 0/6
This operation will reset the ETH board, are you sure to continue? (y/n)[n]:y
huawei(config)#display eth mode 0/6
Current eth mode is qinq
Context
l By default, the auto-neg switch of the Ethernet electric port is enabled.
l By default, the auto-neg switch of the Ethernet optical port is disabled.
Procedure
Step 1 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port.
Step 2 Run the display port state command to query the configuration of the Ethernet port.
----End
Example
To disable the auto-negotiation mode of Ethernet port 0/7/1 on the SCU board, do as follows:
huawei(config-if-scu-0/7)#auto-neg 1 disable
huawei(config-if-scu-0/7)#display port state 1
Optics module status is absence
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 1000M
Ethernet port does not support flow control
Ethernet port does not support line-selfadaptive
Context
l The duplex of an Ethernet port can be full duplex, half duplex, or auto-negotiation. When
setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet port
must be the same as that of the interconnected port on the peer device. This prevents
communication failure.
l When a port is in auto-negotiation mode, to change its duplex mode to full duplex, disable
the auto-negotiation mode of the port first.
l This operation takes effect on the electrical port only.
l By default:
– The FE electrical port is in auto-negotiation mode.
– The FE optical port is in full duplex mode.
Procedure
Step 1 Run the auto-neg command to disable the auto negotiation mode of an Ethernet port.
Step 2 Run the duplex command to set the duplex mode of the Ethernet port.
Step 3 Run the display port state command to query the duplex mode of the port.
----End
Example
To change the auto-negotiation mode of Ethernet port 0/7/1 to full duplex, do as follows:
huawei(config-if-scu-0/7)#auto-neg 1 disable
huawei(config-if-scu-0/7)#duplex 1 full
huaweii(config-if-scu-0/7)#display port state 1
Optics module status is normal
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 1000M
Ethernet port does not support flow control
Ethernet port does not support line-selfadaptive
Context
When setting the rate of an Ethernet port, make sure that the rate of the Ethernet port must be
the same as that of the interconnected port on the peer device. This prevents communication
failure.
By default:
l The rate of the FE/GE electrical port is auto-negotiation.
l The rate of the GE optical port is 1000 Mbit/s.
l The rate of the FE optical port is 100 Mbit/s.
l When a port is in auto-negotiation mode, to change its rate to a specific value, disable the
auto-negotiation mode first.
l The rate of the 1000 Mbit/s electrical port is not compulsorily 1000 Mbit/s but can be auto-
negotiated to 1000 Mbit/s.
Procedure
Step 1 Run the auto-neg command to set the rate of an Ethernet port.
Step 2 Run the speed command to query the configured rate of the Ethernet port.
----End
Example
To set the rate of a GE optical port to 1000 Mbit/s, do as follows:
huawei(config-if-scu-0/7)#auto-neg 1 disable
huawei(config-if-scu-0/7)#speed 1 1000
huawei(config-if-scu-0/7)#display port state 1
Optics module status is normal
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 1000M
Ethernet port does not support flow control
Ethernet port does not support line-selfadaptive
Context
l The Ethernet electrical port uses a straight-through cable or a crossover cable. To set the
type of the network cable of the Ethernet port, run the mdi command.
l The default network cable type is auto (auto-adaptive).
l Such setting only applies to the Ethernet electrical port.
l When the Ethernet electrical port is not in auto-negotiation mode, the network cable type
cannot be configured as auto.
Procedure
Step 1 Run the mdi command to set the network cable type of an Ethernet port.
Step 2 Run the display port state command to query the configured network cable type.
----End
Example
To set the network cable type of Ethernet electrical port 0/7/0 as straight-through cable, do as
follows:
huawei(config-if-scu-0/7)#mdi 1 normal
huawei(config-if-scu-0/7)#display port state 1
The port is active
Native VLAN ID is 1
Ethernet port is online
Ethernet port is full duplex
Ethernet port rate is 100M
Ethernet port does not support flow control
Line-adaptive function of the ethernet port is normal
Context
When the traffic exceeds a certain level (> 1 Gbit/s for the GE port or > 100 Mbit/s for the FE
port), the MA5600 sends PAUSE frames to inform the remote PC to reduce the traffic so as to
reduce the packet loss rate, and response to the PAUSE frames sent from remote PC. The process
involved is called flow control.
l The control function requires the supports from both the MA5600 and the peer device. If
the peer device supports flow control, enable the flow control of the MA5600 If the peer
device does not support the flow control, disable the flow control of the MA5600.
l By default, the flow control on the Ethernet port is disabled.
Procedure
Step 1 Run the flow-control command to enable the flow control on an Ethernet port.
Step 2 Run the display port state command to query the set flow control.
----End
Example
To enable the flow control on all ports, do as follows:
huawei(config-if-scu-0/7)#flow-control all
huawei(config-if-scu-0/7)#display port state all
-----------------------------------------------------------------------------
Port Port Optic Native MDI Speed Duplex Flow- Active Link
Type Status VLAN (Mbps) Ctrl State
-----------------------------------------------------------------------------
0 GE absence 1 - 1000 full on active offline
1 GE absence 1 - 1000 full on active offline
-----------------------------------------------------------------------------
Related Operation
Table 25-3 lists the related operation for enabling the flow control of an Ethernet port.
Table 25-3 Related operation for enabling the flow control of an Ethernet port
Context
There are three traffic suppression modes available:
l Broadcast storm suppression
l By default, the level of broadcast storm suppression and unknown unicast suppression is
7.
l It is suggested to enable broadcast storm suppression according to network conditions.
l When IGMP Proxy or IGMP Snooping is enabled, unknown multicast packets are not
suppressed. When IGMP proxy and IGMP snooping are disabled, unknown multicast
packets are suppressed. By default, the level of unknown multicast suppression is 7.
Procedure
Step 1 Run the traffic-suppress command to enable the traffic suppression on a port.
Step 2 Run the display traffic-suppress command to query the configuration of the traffic suppression.
----End
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
Current traffic suppression ID of broadcast : 1
Current traffic suppression ID of multicast : 1
Current traffic suppression ID of unicast : 1
Related Operation
Table 25-4 lists the related operations for enabling traffic suppression.
Context
Port aggregation means aggregation of multiple ports together to expand the bandwidth. The
input and output load can be distributed among the member ports.
l The SCU board supports up to 3 port aggregation groups.
l One aggregation group supports up to 6 Ethernet ports.
l Link Aggregation Control Protocol (LACP) is run in the static port aggregation but not in
the manual port aggregation.
When configuring the port aggregation, pay attention to the following points:
Procedure
Step 1 Run the duplex command to set the duplex mode of the Ethernet port.
Step 2 Run the speed command to set the port rate.
Step 3 Run the link-aggregation command to set the port aggregation.
Step 4 Run the display link-aggregation command to query the related information about the
aggregated ports.
----End
Example
To set the Ethernet port aggregation, do as follows:
huawei(config-if-scu-0/7)#duplex 0 full
huawei(config-if-scu-0/7)#duplex 1 full
huawei(config-if-scu-0/7)#speed 0 1000
huawei(config-if-scu-0/7)#speed 1 1000
huawei(config-if-scu-0/7)#quit
huawei(config)#link-aggregation 0/7 0-1 ingress
huawei(config)#display link-aggregation all
------------------------------------------------------
Master port link-aggregation mode Port NUM
------------------------------------------------------
0/7/1 egress-ingress 2
------------------------------------------------------
Total: 1 link-aggregation(s)
Related Operation
Table 25-5 lists the related operation for enabling the Ethernet port aggregation.
Table 25-5 Related operation for enabling the Ethernet port aggregation
To... Run the command...
Context
l You can configure only one mirroring destination port on the SCU board or ETH board.
l You can mirror multiple ports to one destination port.
l The mirroring destination port cannot be the aggregated port.
Procedure
Step 1 Run the mirror port command to enable the mirroring function of an Ethernet port.
Step 2 Run the display mirror command to query the configuration of the Ethernet port.
----End
Example
To mirror the transmit and receive packets of port 0 to port 1, do as follows:
huawei(config-if-scu-)#mirror port 0 1 all
Run the display mirror command and you can find that the port mirroring function is enabled.
huawei(config-if-scu-)#display mirror
------------------------------------------------
Source port Direction Destination port
------------------------------------------------
0 all 1
------------------------------------------------
Related Operation
Table 25-6 lists the related operation for enabling the mirroring function of an Ethernet port.
Table 25-6 Related operation for enabling the mirroring function of an Ethernet port
To... Run the command...
Procedure
Step 1 Run the port vlan command to add an Ethernet Port to a VLAN.
Step 2 Run the display vlan command to query the upstream port of a VLAN.
----End
Example
To add Ethernet port 0/7/0 to VLAN 2, do as follows:
huawei(config)#port vlan 2 0
Run the display vlan command to query the upstream port of the VLAN.
huawei(config)#display vlan 2
{ <cr>|to<K> }:
Command:
display vlan 2
VLAN ID: 2
VLAN type: MUX
VLAN attribute: common
------------------------------
Related Operation
Table 25-7 lists the related operation for adding an Ethernet Port to a VLAN.
Context
When the ETH board adopts the private line access, the ETH board works in QinQ mode. In this
case, you need to configure the QinQ VLAN of the port. For how to configure the working mode
of the ETH board, refer to "25.5 Configuring the Working Mode of the ETH Board."
l If the ETH board works in normal mode, the QinQ VLAN of the port cannot be configured
and queried.
l If the ETH board works in QinQ mode, the QinQ VLAN of the port cannot be configured
and queried.
l If the specified port is not in the specified VLAN, the QinQ VLAN cannot be configured.
Procedure
Step 1 Run the interface eth command to enter the ETH mode.
Step 2 Run the qinq-vlan command to configure the QinQ VLAN of the ETH port.
----End
Example
To configure the QinQ VLAN of port 0 in slot 0/6 as 100, do as follows:
huawei(config)#interface eth 0/6/0
huawei(config-if-eth-0/6)#qinq-vlan 0 vlan 100
Related Operation
Table 25-8 lists the related operation for configuring the outer QinQ VLAN of the Ethernet port.
Table 25-8 Related operation for configuring the outer QinQ VLAN of the Ethernet port
To... Run the Command...
Context
l The default Native VLAN of the Ethernet ports is VLAN 1.
l When the Ethernet port is used as the upstream port:
– If the native VLAN of the Ethernet port is the same as the VLAN to which this Ethernet
port belongs, the Ethernet port will remove the VLAN Tag of the upstream packets.
– If the native VLAN of the Ethernet port is different from the VLAN to which this
Ethernet port belongs, the Ethernet port will keep the VLAN Tag of the upstream
packets.
l Before specifying the native VLAN of an Ethernet port, the VLAN must be included in the
port.
l Whether the native VLAN must be set for the upstream port depends on the upper-layer
equipment connected to the port.
– If the upper-layer equipment supports the packets containing the VLAN tag, the native
VLAN of the upstream port of the MA5600 must be different from the VLAN to which
the upstream port belongs.
– If the upper-layer equipment does not support the packets containing the VLAN tag,
the native VLAN of the upstream port of the MA5600 must be the same as the VLAN
to which the upstream port belongs.
l If the working mode of the ETH board is normal mode, the QinQ VLAN value of the port
cannot be configured or queried.
l If the working mode of the ETH board is QinQ mode, the Native VLAN value of the port
cannot be configured or queried.
Procedure
Step 1 Run the native-vlan command to set the native VLAN of an Ethernet port.
Step 2 Run the display port state command to query the configuration of the Native VLAN.
----End
Example
To set the native VLAN of Ethernet port0/7/0 as VLAN 10, do as follows:
huawei(config-if-scu-0/7)#native-vlan 0 vlan 10
huawei(config-if-scu-0/7)#display port state 0
Optics module status is normal
This chapter describes how to configure the ATM-DSLAM service supported by the MA5600.
26.1 Overview
This section describes ATM-DSLAM access service and specification on the MA5600.
26.2 Configuration Example of the ATM-DSLAM Access
This example shows how to configure the ATM-DSLAM so that the user can access the Internet
in OPTIC, IMA and E3 modes.
26.3 Setting the OPTIC Port Mode
This operation enables you to set the OPTIC port mode.
26.4 Setting the OPTIC Port Type
This operation enables you to set the optical port type.
26.5 Adding an IMA Group
This operation enables you to add an IMA group.
26.6 Setting the IMA Group Mode
This operation enables you to set the clock mode, CRC4 multiframe and scramble of the IMA
group.
26.7 Adding an IMA Link
This operation enables you to add an IMA link.
26.8 Setting the Line Type for an E3 Port
This operation enables you to set the line type for an E3 port.
26.9 Setting the E3 Port Type
This operation enables you to set the E3 port type.
26.10 Setting the Tx Clock of an E3 Port
This operation enables you to set the Tx clock of an E3 port.
26.11 Clearing the Statistics of an E3 Port
This operation enables you to clear the statistics of an E3 port.
26.1 Overview
This section describes ATM-DSLAM access service and specification on the MA5600.
Service Description
In the evolution from ATM networks to IP networks, carriers will replace their ATM-DSLAM
network devices in the access layer with IP network devices. In this evolution, a large number
of ATM network devices still exist in the network for a long time. The MA5600 provides ATM
ports for lower level ATM network devices to access the network.
For details on the ATM subtending, refer to the chapter "ATM Subtending" in the Feature
Description.
Service Specifications
The MA5600 supports ATM access through the subboards on the AIUG board. The subboards
provide 155M ATM ports, IMA E1 port or IMA E3 port to connect to the ATM-DSLAM devices
in the downstream direction.
FE/GE
MA5600
Ethernet
MPLS switching
GE bus
ATM access
Service traffic B
The MA5600 provides two upstream modes: through FE/GE ports on the SCU board or through
the MPLS module.
In the upstream direction, service traffic A from the ATM-DSLAM is directly sent to
the upper layer device through the Ethernet switching module on the SCU.
l Through the MPLS module
In ATM over Ethernet mode, MPLS upstream supports mapping between PVC and
Pseudo Wire (PW); while in Ethernet mode, MPLS supports mapping between VLAN
and PW.
This chapter describes the configuration through the GE ports on the SCU board. For the
configuration through the MPLS, refer to the chapter "27 Configuring MPLS Access."
Networking
Figure 26-2 shows a sample network for configuring the ATM-DSLAM access.
CON
ETH
A MON
I
U
G
SCU MA5600
ATM-DSLAM
Modem
PC
Data Plan
Table 26-1 shows the data plan for configuring the ATM-DSLAM access.
Item Data
Item Data
NOTE
Configuration Flowchart
Figure 26-3 shows the flowchart for configuring the ATM-DSLAM access.
Start
Create VLAN
End
Procedure
Step 1 Configure the OPTIC port.
1. Select the command mode.
huawei(config)#interface aiu 0/5
huawei(config-if-aiu-0/5)#sub-interface optic
huawei(config-if-aiu-0/5.optic)#
4. Create a VLAN.
huawei(config)#vlan 10 mux
5. Create a VLAN.
huawei(config-if-aiu-0/5.ima)#quit
huawei(config-if-aiu-0/5)#quit
huawei(config)#vlan 10 mux
In this example, the default line type is used, so you do not need to set the line type.
3. Set the clock mode.
huawei(config-if-aiu-0/5.e3)#tx clock 0 line
5. Create a VLAN.
huawei(config-if-aiu-0/5.e3)#quit
huawei(config-if-aiu-0/5)#quit
huawei(config)#vlan 10 mux
----End
Result
After the configuration, the users of the ATM-DSLAM can access the Internet in OPTIC , IMA
or E3 mode.
Context
155M ATM port supports C-3c/STS-3c mode and STM-1 mode.
l OC-3c is a signal rate level at the optical port of the Synchronous Optical Network
(SONET), the rate is 155 Mbit/s. STS-3c is the signal rate at the electrical port that
corresponds to OC-3c level.
l STM-1 is a signal rate level of the STM (Synchronous Transport Module) defined in SDH
(Synchronous Digital Hierarchy). The rate is 155 Mbit/s.
Procedure
Step 1 Run the port mode command to configure the OPTIC port mode.
Step 2 Run the display board command to query the configured OPTIC port mode.
----End
Example
To set port AIUG 0/5/0 mode as STM-1, do as follows:
huawei(config)#interface aiu 0/5
huawei(config-if-aiu-0/5)#sub-interface optic
huawei(config-if-aiu-0/5.optic)#port mode 1 stm-1
Run the display board command and you can find the OPTIC port mode is set successfully.
huawei(config-if-aiu-0/5.optic)#quit
huawei(config-if-aiu-0/5)#quit
huawei(config)#display board 0/5
---------------------------------------
Board Name : H561AIUG
Board Status : Normal
---------------------------------------
Subboard[0]: H511O1CTG Status: Failed
--------------------------------------------------------------------
Port Port Port Line Port Loop Optical Phy Line Rate IF
Type Status Signal Clock Type Type Type Type (Mbps) Type
--------------------------------------------------------------------
0 ATM Fail No System No Single Optical STM-1 155 UNI
--------------------------------------------------------------------
Related Operation
Table 26-2 lists the related operation for setting the OPTIC port mode.
Table 26-2 Related operation for setting the OPTIC port mode
To... Run the Command...
Prerequisite
The port type shall be the same as that of the peer.
Context
The MA5600 supports User Network Interface (UNI) and Network Node Interface (NNI).
l When you set the port type as UNI, the VPI value of the port shall be from 0 to 255, the
VCI value of the port shall be from 32 to 1023.
l When you set the port type as NNI, the VPI value of the port shall be from 0 to 4095, the
VCI value of the port shall be from 32 to 1023.
Procedure
Step 1 Run the uni-nni-set command to set the OPTIC port type.
Step 2 Run the display board command to query the configured OPTIC port type.
----End
Example
To set the type of port AIUG 0/5/0 as UNI, do as follows:
huawei(config-if-aiu-0/5.optic)#uni-nni-set 0 uni
Run the display board command and you can find the OPTIC port type is set successfully.
huawei(config-if-aiu-0/5.optic)#quit
huawei(config-if-aiu-0/5)#quit
huawei(config)#display board 0/5
---------------------------------------
Board Name : H561AIUG
Board Status : Normal
---------------------------------------
Subboard[0]: H511O1CTG Status: Failed
--------------------------------------------------------------------
Port Port Port Line Port Loop Optical Phy Line Rate IF
Type Status Signal Clock Type Type Type Type (Mbps) Type
--------------------------------------------------------------------
0 ATM Fail No System No Single Optical STM-1 155 UNI
--------------------------------------------------------------------
Related Operation
Table 26-3 lists the related operation for setting the OPTIC port type.
Table 26-3 Related operation for setting the OPTIC port type
To... Run the Command...
Context
The AIUG provides IMA ports through the subboards on the AIUG board.
l The AIUG board supports up to four IMA groups through the E8IT subboard.
l Each IMA group can be configured with one to eight E1 links.
l Each E1 link belongs to one IMA group only.
Procedure
Step 1 Run the ima group add command to add an IMA group.
Step 2 Run the display ima group parameter command to query the IMA group configuration.
----End
Example
To add IMA group 0, do as follows:
huawei(config)#interface aiu 0/5
huawei(config-if-aiu-0/5)#sub-interface ima
huawei(config-if-aiu-0/5.ima)#ima group add
{ groupIndex<U><0,7> }:0
{ version<E><version1.1,version1.0> }:version1.0
{ minTxLinks<U><1,8> }:2
{ minRxLinks<U><1,8> }:2
{ clock<E><ctc,itc> }:itc
{ imaId<U><0,255> }:0
{ framelength<E><32,64,128,256> }:256
{ <cr>|alpha_value<U><1,2> }:
Command:
ima group add 0 version1.0 2 2 itc 0 256
Run the display ima group command to query the configuration of the IMA group.
huawei(config-if-aiu-0/5.ima)#display ima group parameter 0
Command:
display ima group parameter 0
--------------------------------------------------------------------
NE symmetry : both config and operation symmetry
FE symmetry : NULL
Min Tx link : 2
Min Rx link : 2
NE clock : ITC
FE clock : NULL
Tx reference link : NULL
Rx reference link : NULL
Tx IMA ID : 0
Rx IMA ID : NULL
Tx frame length : 256
Rx frame length : NULL
Maximum differential delay(ms): 40
Alpha : 2
Beta : 2
Gamma : 1
Tx protocol version : 1.0
Rx protocol version : NULL
--------------------------------------------------------------------
Parameter Description
Table 26-4 lists parameters of an IMA group.
Version Version 1.0 and version 1.1 are two IMA protocol versions defined by
ATM Forum. IMA groups supporting different versions cannot
interoperate with each other.
Link number MinTxLinks and minRxLinks represent the minimum number of links for
sending and receiving signals in the IMA group. When the number of
activated links reaches the minimum link number you set for an IMA
group, the IMA group is activated. The value of minTxLinks and
minRxLinks must be the same.
Frame length Framelength is the size of an IMA frame. It represents the number of cells
carried in an IMA frame. The value can be 32, 64, 128, or 256. You are
recommended to set it to 128.
Parameter Description
Invalid ICP cells Alpha_value indicates the number of invalid ICP cells, and the
recommended setting is 2.
Beta_value indicates the number of errored ICP cells, and the
recommended setting is 2.
Gamma_value indicates the number of valid ICP cells, and the default
setting is 1.
Related Operation
Table 26-5 lists the related operations for add an IMA group.
Block an IMA ima group block Make sure that an IMA group
group contains links before blocking it.
Delete an IMA ima link delete If a link is the last one in an IMA
link group, the ima link delete command
cannot delete the link. Run the ima
group delete command to delete the
IMA group and the link.
Prerequisite
The IMA subboard clock comes from the line recovery clock.
Context
The clock mode of the IMA subboard includes are system and line.
l System
– This is the default clock mode for an IMA subboard. If there is a clock subboard, the
clock subboard provides clock signals for the IMA subboard. If there is no clock
subboard, an IMA subboard itself provides clock signals.
l Line
Procedure
Step 1 Run theima group mode command to set the IMA group mode.
Step 2 Run the display ima config command to query the configuration of the IMA group mode.
----End
Run the display ima config command and you can find the IMA group mode is set successfully.
huawei(config-if-aiuu-0/5.ima)#display ima config
-------------------------------------------------------------------
GroupIndex State Loopback CRC4 Scramble TxClock Links
-------------------------------------------------------------------
0 Config - On On Line -
1 - - - - - -
2 - - - - - -
3 - - - - - -
------------------------------------------------------------------
------------------------------
Link ID Tx state Rx state
------------------------------
0 - -
1 - -
2 - -
3 - -
4 - -
5 - -
6 - -
7 - -
------------------------------
Related Operation
Table 26-6 lists the related operations for setting the IMA group mode.
Table 26-6 Related operations for setting the IMA group mode
To... Run the Command...
Context
l On the E1 cables of the MA5600 you can see signs of T0, R0, T1, R1, and so on. Tx and
Rx belong to the same E1 link. When you configure IMA links, make sure that Tx at the
local end connects with Ry at the remote end, while Rx at the local end connects with Ty
at the remote end (x and y indicate link numbers).
l Add an IMA group before adding IMA links.
l If an IMA group has no links, you cannot add PVC to the group, loopback or block the
group.
Procedure
Step 1 Run the ima link add command to add an IMA link.
Step 2 Run the display ima config command to query the configuration of the IMA link.
----End
Example
To add a link 0 to IMA group 0, do as follows:
huawei(config-if-aiu-0/5.ima)#ima link add 0 0
IMA link add successfully
Run the display ima config command and you can find that the system prompts the IMA link
is added successfully.
huawei(config-if-aiu-0/5.ima)#display ima config
-------------------------------------------------------------------
GroupIndex State Loopback CRC4 Scramble TxClock Links
-------------------------------------------------------------------
0 Config - On On Line 0
1 - - - - - -
2 - - - - - -
3 - - - - - -
------------------------------------------------------------------
------------------------------
Link ID Tx state Rx state
------------------------------
0 Config Config
1 - -
2 - -
3 - -
4 - -
5 - -
6 - -
7 - -
------------------------------
Related Operation
Table 26-7 lists the related operations for adding an IMA link.
Delete an IMA link ima link delete l To delete a link from one group
and add the link to another group,
first delete the link from both the
local and remote ends, and then
add the link again.
l If a link is the last one in an IMA
group, the ima link delete
command cannot delete the link.
Run the ima group delete
command to delete the IMA
group and the link.
Context
The E3 port supports three line types: e3other, e3Framed and e3Plcp.
Procedure
Step 1 Run the linetype command to set the line type for an E3 port.
Step 2 Run the display board command to query the configured line type of the E3 port.
----End
Example
To set the line type of the E3 port as e3plcp, do as follows:
huawei(config-if-aiu-0/5.e3)#linetype 0 e3plcp
Run the display board command and you can find the line type of the E3 port is configured
successfully.
huawei(config-if-aiu-0/5.e3)#display board 0/5
---------------------------------------
Board Name : H561AIUG
Board Status : Failed
---------------------------------------
Related Operation
Table 26-8 lists the related operations for setting the line type of the E3 port.
Table 26-8 Related operations for setting the line type of an E3 port
Context
The MA5600 supports User Network Interface (UNI) and Network Node Interface (NNI).
l When you set the port type as UNI, the VPI value of the port shall be from 0 to 255.
l When you set the port type as NNI, the VPI value of the port shall be from 0 to 4095.
l When you set the port type as UNI or NNI, the VCI value of the port shall be from 32 to
1023.
l The E3 port type shall be the same as that of the peer end.
Procedure
Step 1 Run the uni-nni-set command to set the E3 port type.
Step 2 Run the display board command to query the configuration the E3 port.
----End
Example
To set the E3 port type as UNI, do as follows:
huawei(config-if-aiu-0/5.e3)#uni-nni-set 0 uni
Run the display board command and you can find the E3 port type is set successfully.
huawei(config-if-aiu-0/5.e3)#display board 0/5
---------------------------------------
Board Name : H561AIUG
Board Status : Failed
---------------------------------------
Related Operation
Table 26-9 lists the related operation for setting the E3 port type.
Context
l The Tx clock includes two types: system and line.
l By default, the Tx clock is system.
Procedure
Step 1 Run the tx clock command to set the Tx clock of an E3 port.
Step 2 Run the display board 0/5 command to query the configured Tx clock of the port.
----End
Example
To set the Tx clock for port 0 as line, do as follows:
Run the display board command and you can find that the Tx clock of the E3 port is set
successfully.
huawei(config-if-aiu-0/5.e3)#display board 0/5
---------------------------------------
Board Name : H561AIUG
Board Status : Failed
---------------------------------------
Related Operation
Table 26-10 lists the related operations for setting the Tx clock of an E3 port.
Procedure
Step 1 Run the clear statistic command to clear the statistics of an E3 port.
Step 2 Run the display statistic command to query the port statistics.
----End
Example
To clear the statistics of port 0, do as follows:
huawei(config-if-aiu-0/5.e3)#clear statistics 0
Run the display statistics command and you can find that the E3 port performance statistics is
cleared successfully.
huawei(config-if-aiu-0/5.e3)#display statistics 0
--------------------------------------------
Line coding violation events :0
Frame head bit errored events :0
Excessive zero of frame events :0
Parity check errored events :0
This chapter describes the MPLS technology and how to configure the MPLS service on the
MA5600.
27.1 Overview
This section describes MPLS access service and its specifications on the MA5600.
27.2 Configuration Example of MPLS - Based on Binding the PVC with the PW Profile
The example shows how to set up the label distribution protocol (LDP) remote session, label
switching paths (LSP) and PW between the MA5600 and the router.
27.3 Configuration Example of MPLS- Based on Binding the VLAN with the PW Profile
The example shows how to set up the LDP remote session, LSP and PW between the
MA5600 and the router.
27.4 Basic Configuration of MPLS
This section describes basic configuration of MPLS.
27.5 Static LSP Configuration
This section describes how to configure a static LSP.
27.6 MPLS LDP Configuration
This section describes how to configure MPLS LDP.
27.7 PW Configuration
This section describes how to configure a PW template.
27.1 Overview
This section describes MPLS access service and its specifications on the MA5600.
Service Description
Multiprotocol Label Switching (MPLS) is derived from Internet Protocol version 4 (IPv4). The
core technology of MPLS involves multiple network protocols, including:
l Internet Protocol version 6 (IPv6)
l Internet Packet Exchange (IPX)
l Appletalk
l DECnet
l Connectionless Network Protocol (CLNP)
For details on the MPLS protocol, refer to the chapter "MPLS" in the Feature Description.
Service Specifications
The MA5600 provides the MPLS function through the MPLS subboard attached to the SCU
board. MPLS architecture consists of the following two planes:
l Control Plane:
The Control Plane is connectionless. It distributes labels by using the current IP network.
l Forwarding Plane (also known as Data Plane):
The forwarding plane is connection-oriented. Through layer 2 network, such as ATM
network, this plane forwards packets rapidly based on the label forwarding table.
For more details, refer to RFC3031 Multiprotocol Label Switching Architecture.
NOTE
l To provide the MPLS function, the MA5600 can serve as only a provider edge (PE) device.
l For the MA5600, to subtend slave shelves,
l Only the master shelf supports MPLS function.
l The master shelf supports the ETH PWE3 and the ATM PWE3 services, and the slave shelf supports
only the ETH PWE3 service. (To support the ATM PWE3 service, a slave shelf must be separately
configured with the and the AIUG subboard, so as to serve as an independent PE to provide MPLS
upstream function.)
Networking
Figure 27-1 shows a sample network for configuring the multiprotocol label switching (MPLS)
based on binding the PVC with the PW profile.
Figure 27-1 Sample network for configuring the MPLS based on binding the PVC with the PW
profile
ISP
BRAS
Router
(lsr-id 3.3.3.8/32)
MPLS Network
5# 7#
A
S
I
C MA5600
U
U (lsr-id 4.4.4.4/32)
G
Data Plan
Table 27-1 lists the data plan for configuring the MPLS based on binding the PVC with the PW
profile.
Table 27-1 Data plan for configuring the MPLS based on binding the PVC with the PW profile
Item Data
Configuration Flowchart
Figure 27-2 shows the flowchart for configuring the MPLS based on binding the PVC with the
PW profile.
Figure 27-2 Flowchart for configuring the MPLS based binding the PVC with the PW profile
Start
Configure OSPF
Enable MPLS
Create a VLAN
Create a PW template
End
Procedure
Step 1 Configure the open shortest path first (OSPF).
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 4.4.4.4 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#network 10.11.0.0 0.0.255.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
Step 3 Configure the label switch router (LSR) ID for the MPLS.
huawei(config)#mpls lsr-id 4.4.4.4
----End
Result
After the configuration, LDP remote session, LSP and PW can be set up between the
MA5600 and the router.
Networking
Figure 27-3 shows a sample network of the MPLS based on binding the VLAN with the PW
template.
Figure 27-3 Sample network of the MPLS based on binding the VLAN with the PW template
ISP
BRAS
Router
(lsr-id 3.3.3.8/32)
MPLS Network
A
S MA5600
D
C (lsr-id 4.4.4.4/32)
G
U
G
Data Plan
Table 27-2 shows the data plan for configuring the MPLS based on binding the VLAN with the
PW profile.
Table 27-2 Data plan for configuring the MPLS based on binding the VLAN with the PW profile
Item Data
Item Data
Configuration Flowchart
Figure 27-4 shows the flowchart for configuring the MPLS based on binding the VLAN with
the PW template.
Figure 27-4 Flowchart for configuring the MPLS based on binding the VLAN with the PW
profile
Start
Configure OSPF
Enable MPLS
Create VLAN
Create PW profile
End
Procedure
Step 1 Configure OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 4.4.4.4 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#network 10.11.0.0 0.0.255.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
----End
Result
After the configuration, the MA5600 can set up the LDP remote session with the router.
Context
NOTE
Before you configure other MPLS features, you must perform basic MPLS configuration on all routers
involved in MPLS forwarding in the MPLS domain.
Context
l In general, the address of the loopback interface is used as the LSR ID.
l An LSR has no default ID. Therefore, you must configure it manually.
l After configuring the LSR ID, you must enable MPLS. Then you can configure the other
MPLS features.
l You must enable the global MPLS first, and then enable the interface MPLS.
l The LSR ID is unique in the MPLS domain. By combining with the 2-byte label space
serial number, it forms the LDP identifier, which is used to identify the label space used
by the LSR, and to set up and maintain LDP session between LSRs.
Procedure
Step 1 Run the mpls lsr-id command to configure the LSR ID.
Step 2 Run the display current-configuration command and you can find the configuration of LSR
ID is successful.
----End
Example
To configure the LSR ID as 4.4.4.4, do as follows:
huawei(config)#mpls lsr-id 4.4.4.4
huawei(config)#display current-configuration section mpls
{ <cr>||<K> }:
Command:
display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
Related Operation
Table 27-3 shows the related operations for configuring the LSR ID.
Context
l You must enable the global MPLS first and then enable the interface MPLS.
l You can only enable the MPLS of the standard VLAN.
Procedure
l In global config mode, run the mpls command to enable the MPLS globally.
l In global config mode, run the mpls vlan command to enable the MPLS of the VALN.
1. Run the mpls command to enable the MPLS of the VLAN.
2. Run the display mpls vlan command to query the MPLS state of the VLAN.
l In VLAN interface mode, run the mpls command to enable the MPLS of an interface.
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the mpls command to enable the MPLS.
3. Run the display mpls interface command to query the information about the interface
whose MPLS function is enabled.
----End
huawei(config-if-vlanif140)#mpls
huawei(config-if-vlanif140)#quit
huawei(config)#display mpls interface vlanif 140 verbose
No : 1
Interface : vlanif140
Status : Down
TE Attribute : Disable
LSPCount : 0
CR-LSPCount : 0
MPLS Config MTU : 1500
Interface MTU : 1500
MPLS Effective MTU : 1500
TE FRR : Disabled
Related Operation
Table 27-4 shows the related operations for enabling MPLS.
27.5.1 Overview
This section describes LSP types and commands for configuring the static LSP.
There are two types of LSPs: static LSP and dynamic LSP.
Table 27-5 lists the related commands for configuring the static LSP.
Context
If you specify the next hop address when configuring the static LSP, then you must specify the
next hop address when configuring the IP static route. Similarly, if you specify the egress when
configuring the static LSP, then you must specify the egress when configuring the IP static route.
Procedure
Step 1 Run the static-lsp ingress command to configure the ingress LSR of the static LSP.
Step 2 Run the display mpls static-lsp command to query the configured ingress LSR of the static
LSP.
----End
Example
To configure ingress LSR of the static LSP, do as follows:
huawei(config)#static-lsp ingress staticlsp1 destination 3.3.3.3 32 nexthop
10.11.11.213 out-label 8500
huawei(config)#display mpls static-lsp
<cr>|string<S><1,15>|verbose<K>|include<K>|exclude<K> }:
Command:
display mpls static-lsp
Name FEC I/O Label I/O If Stat
staticlsp1 3.3.3.3/32 NULL/8500 -/- Down
Related Operation
Table 27-6 lists the related operations for configuring ingress LSR of the static LSP.
Table 27-6 Related operations for configuring ingress LSR of the static LSP
Procedure
Step 1 Run the static-lsp egress command to configure the egress LSR of the static LSP.
Step 2 Run the display mpls static-lsp command to query the configured egress LSR of the static LSP.
----End
Example
To configure egress LSR of the static LSP, do as follows:
huawei(config)#static-lsp egress staticslp3 incoming-interface vlanif 140 in-label
8400
huawei(config)#display mpls static-lsp
{ <cr>|string<S><1,15>|verbose<K>|include<K>|exclude<K> }:
Command:
display mpls static-lsp
Name FEC I/O Label I/O If Stat
staticlsp1 3.3.3.3/32 NULL/8500 -/- Down
staticslp3 -/- 8400/NULL Vlanif140/- Up
Related Operation
Table 27-7 lists the related operations for configuring egress LSR of the static LSP.
Table 27-7 Related operations for configuring egress LSR of the static LSP
Procedure
Step 1 Run the mpls car-lsp static command to configure the LSP CAR.
Step 2 Run the display mpls car-lsp command and you can find the configuration of the LSP CAR is
successful.
----End
Example
To configure the bandwidth of static LSP staticlsp1 as 1000×64 kbit/s, do as follows. And the
system determines the burst value automatically based on the bandwidth.
huawei(config)#mpls car-lsp static lspname staticlsp1 burst 0 bandwidth 1000
huawei(config)#display mpls car-lsp static lspname staticlsp1
Static Lsp CAR Table
Total: 1
----------------------------------------------------
Lsp Name Burst(2KB) Bandwidth(64kbps)
----------------------------------------------------
*staticlsp1 AUTO 1000
----------------------------------------------------
Note: A '*' before an LSP-CAR means the CAR is invalid.
Related Operation
Table 27-8 lists the related operations for configuring the LSP CAR.
This operation enables you to configure the LDP LSP triggering policy.
27.6.8 Configuring the LDP Label Retention Mode
This operation enables you to configure the LDP label retention mode.
27.6.9 Configuring the LDP Loopback Detection
This operation enables you to configure the LDP loopback detection.
27.6.10 Configuring the LDP MD5 Authentication
This operation enables you to configure the LDP MD5 authentication.
27.6.11 Enable the LDP MTU Signaling Function
This operation enables the LDP MTU signaling function.
27.6.1 Overview
This section describes the LDP protocol.
If the LDP is adopted as the label distribution protocol in an MPLS domain to set up LSP, LDP
sessions should be established between LSRs along the LSP to perform information exchange
such as label mapping and release.
The LDP uses Hello hold timer to maintain the LDP adjacency and session hold timer to maintain
the LDP session. In most applications, you can adopt the default value of the two timers. In some
special cases, you can modify the parameter as required. Modifying the hold timer may cause
the original session to be recreated. The LSP originally created on the basis of this session will
be deleted and needs to be recreated.
Context
l You must enable the MPLS first and then enable the MPLS LDP.
l You can only enable the MPLS of the standard VLAN.
Procedure
l In the global config mode:
1. Run the mpls ldp command to enable the MPLS LDP globally.
2. Run the display current-configuration command and you can query the global
MPLS LDP is enabled successfully.
l In VLAN interface mode:
1. Run the mpls ldp command to enable the MPLS LDP of a VLAN interface.
2. Run the display mpls interface command and you can query the MPLS LDP of the
VLAN interface is enabled successfully.
----End
#
[mpls]
<mpls>
mpls lsr-id 4.4.4.4
mpls
#
[mpls-ldp]
<mpls-ldp>
mpls ldp
#
return
Command:
display mpls interface vlanif 140
Interface Status TE Attr LSP Count CRLSP Count Effective MTU
Vlanif140 Down Dis 0 0 1500
Related Operation
Table 27-9 lists the related operations for enabling the MPLS LDP.
Disable the MPLS undo mpls ldp Disabling LDP on the interface
LDP will interrupt all LDP sessions
on the interface. All the LSPs
based on these sessions will be
deleted accordingly.
Context
l In the VLAN interface, the link Hello timer can be configured. In remote peer mode, the
target Hello timer can be configured.
l By default, the link Hello duration is 15s, and the target Hello duration is 45s.
l Generally, the default can meet the requirement. Modifying the Hello timer duration will
result in recreating the original session, and all the LSPs based on the session will be deleted
and needs to be recreated.
l Run the mpls ldp transport-address command to configure the LDP transmission address.
By default, the address is the local LSR ID.
Procedure
l Set the Hello timer duration.
1. Run the mpls ldp timer command to set the Hello timer duration.
2. Run the display mpls ldp command to query the configuration of the Hello timer
duration.
l Configure the LDP transmission address.
1. Run the mpls ldp transport-address command to configure the LDP transmission
address.
2. Run the display mpls ldp command to query the configuration of the LDP
transmission address.
----End
Related Operation
Table 27-10 lists the related operations for configuring parameters of the LDP basic discovery.
Table 27-10 Related operations for configuring parameters of LDP basic discovery
Context
Only one local session or one remote session can exist between two LSRs. The local session has
a higher priority than the remote session.
l When a local adjacency already exists with the remote peer, the remote adjacency will not
be created.
l When a remote adjacency exists and a local adjacency is created for the remote peer, the
remote peer will be deleted.
Procedure
l Set the Hello timer duration.
1. Run the mpls ldp remote-peer remotepeer command to enter MPLS LDP remote
peer mode.
2. Run the mpls ldp timer hello-hold command to set the Hello timer duration.
l Configure the LDP transmission address.
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the mpls ldp transport-address command to configure the LDP transmission
address.
----End
Verification
After you specify the remote LSR ID as the remote-ip, the local LSR will send LDP Targeted
Hello message to the remote-ip, thus discovering the LDP neighbor and establishing the remote
session.
Related Operation
Table 27-11 lists the related operations for configuring the parameters of the LDP extended
discovery.
Table 27-11 Related operations for configuring the parameters of the LDP extended discovery
To... Run the Command...
Context
l By default, the value of the timer keepalive-hold is 45s.
l If there are more than one enabled LDP links between two LSRs, the keepalive-hold time
of all links must be the same. Otherwise, the session may be unstable.
Procedure
Step 1 Run the interface vlanif command to enter vlan interface mode.
Step 2 Run the mpls ldp timer keepalive-hold command to configure the timer keepalive-hold
duration.
Step 3 Run the display mpls ldp command to query the configuration of the timer keepalive-hold
duration.
----End
Example
To set the Hello timer duration, do as follows:
huawei(config)#interface vlanif 140
huawei(config-if-vlanif140)#mpls ldp timer keepalive-hold 45
huawei(config)#display mpls ldp interface vlanif 140
{ <cr>||<K> }:
Command:
display mpls ldp interface vlanif 140
LDP Interface Information
--------------------------------------------------------------------
Interface Name : vlanif120
LDP ID : 4.4.4.4:0 Transport Address : 10.10.10.1
Entity Status : Inactive Interface MTU : 1500
Configured Hello Timer : 15 Sec
Negotiated Hello Timer : 15 Sec
Configured Keepalive Timer : 45 Sec
Label Advertisement Mode : Downstream Unsolicited
Hello Message Sent/Rcvd : 0/0 (Message Count)
--------------------------------------------------------------------
Related Operation
Table 27-12 lists the related operations for configuring parameters of the LDP basic session.
Table 27-12 Related operations for configuring parameters of the LDP basic session
Procedure
Step 1 Run the mpls ldp remote-peer remotepeer command to enter MPLS LDP remote peer mode.
Step 2 Run the mpls ldp timer keepalive-hold command to set the Hello timer duration.
----End
Example
To set the Hello timer duration, do as follows:
huawei(config)#mpls ldp remote-peer remotepeer
huawei(config-mpls-ldp-remote-remotepeer)#mpls ldp timer keepalive-hold 45
Related Operation
Table 27-13 lists the related operations for configuring parameters of the LDP extended session.
Table 27-13 Related operations for configuring parameters of the LDP extended session
Context
l The IGP route entry that is included in the host or IP address prefix list can trigger LDP to
set up an LSP.
l By default, no route entry can trigger LDP to set up an LSP.
l The host or IP address prefix list is only effective on the static route and the IGP route.
Procedure
Step 1 Run the mpls command to enter MPLS mode.
Step 2 Run the lsp-trigger command to configure the LDP LSP triggering policy.
Step 3 Run the display current-configuration command to query the configuration of the LDP LSP
triggering policy.
----End
Example
To configure the triggering policy based on the host, do as follows:
huawei(config)#mpls
huawei(config-mpls)#lsp-trigger host
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 4.4.4.4
mpls
lsp-trigger host
#
[mpls-ldp]
<mpls-ldp>
mpls ldp
#
[mpls-ldp-remote]
<mpls-ldp-remote-remotepeer>
mpls ldp remote-peer remotepeer
#
return
Related Operation
Table 27-14 lists the related operations for configuring the LDP LSP triggering policy.
Table 27-14 Related operations for configuring the LDP LSP triggering policy
To... Run the Command...
Context
There are two label retention modes:
l liberal: For the label mapping received from the neighboring LSR, the LSR will retain it,
no matter whether the neighboring LSR is at its next hop. Therefore, the LSR can
accommodate itself to the route changes rapidly.
l conservative: For the label mapping received from the neighboring LSR, the LSR will
retain it only when the neighboring LSR is at its next hop. Therefore, the LSR can distribute
and retain fewer labels.
Procedure
Step 1 Run the mpls ldp command to enable the MPLS LDP globally.
Step 2 Run the label-retention command to configure the LDP label retention mode.
Step 3 Run the display mpls ldp command to query the configuration of the LDP label retention mode.
----End
Related Operation
Table 27-15 lists the related operations for configuring the LDP label retention mode.
Table 27-15 Related operations for configuring the LDP label retention mode
Prerequisite
There are two types of the LDP loopback detection: maximum hops and path vectors.
l Maximum hops: If the specified value is exceeded, the system considers that the loopback
occurs, and the LSP fails to set up. By default, the maximum hop is 32.
l Path vectors: The maximum value of LSP shall be specified. By default, the maximum path
vector is 32.
Context
l Before starting the loopback detection for the MPLS domain, it is required that all LSRs
be configured with loopback detection function. However, in setting up an LDP session,
the loopback detection configuration of both sides can be different.
l By default, the loopback detection is disabled.
l The loopback detection configuration is only effective on the established LSP.
l The system considers that the loopback occurs in any of the following conditions, and the
LSP fails to set up:
– The LSR record already exists in the path vector table.
– The maximum value of the path hop is exceeded.
Procedure
Step 1 Run the mpls ldp command to enable the MPLS LDP globally.
Step 3 Run the hops-count command to set the maximum hops for the loopback detection.
Step 4 Run the path-vectors command to set the maximum value of path vectors.
Step 5 Run the display mpls ldp command to query the configuration of the LDP loopback detection.
----End
Example
To configure the LDP loopback detection with the maximum hop of 30 and the maximum path
vector of 30, do as follows:
huawei(config)#mpls ldp
huawei(config-mpls-ldp)#loop-detect
huawei(config-mpls-ldp)#hops-count 30
huawei(config-mpls-ldp)#path-vectors 30
huawei(config)#display mpls ldp
{ <cr>||<K>|all<K>|verbose<K>|interface<K>|peer<K>|session<K>|remote-peer<K>|lsp
<K> }:
Command:
display mpls ldp
LDP Global Information
--------------------------------------------------------------------
Protocol Version : V1 Neighbor Liveness : 600 Sec
Graceful Restart : Off FT Reconnect Timer : 300 Sec
MTU Signaling : On Recovery Timer : 300 Sec
LDP Instance Information
--------------------------------------------------------------------
Instance ID : 0 VPN-Instance :
Instance Status : Active LSR ID : 4.4.4.4
Hop Count Limit : 30 Path Vector Limit : 30
Loop Detection : On
DU Re-advertise Timer : 10 Sec DU Re-advertise Flag : On
DU Explicit Request : Off Request Retry Flag : On
Label Distribution Mode : Independent Label Retention Mode : Liberal
--------------------------------------------------------------------
Related Operation
Table 27-16 lists the related operations for configuring the LDP loopback detection.
Table 27-16 Related operations for configuring the LDP loopback detection
Context
l To enhance the security of the LDP session connection, you can configure MD5
authentication to the TCP used by the LDP.
l By default, the LDP MD5 authentication is not configured.
Procedure
Step 1 Run the mpls ldp command to enable the MPLS LDP globally.
Step 2 Run the md5-password command to configure the LDP MD5 authentication.
Step 3 Run the display current-configuration command to query the configuration of the LDP MD5
authentication.
----End
Example
To configure the connection password of the TCP used by the LDP as password, which is
displayed in cipher text, and the peer LSR ID as 3.3.3.3, do as follows:
huawei(config)#mpls ldp
huawei(config-mpls-ldp)#md5-password cipher 3.3.3.3 password
huawei(config-mpls-ldp)#quit
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
[device-config]
<device-config>
board add 0/4 ADE
[vlan-config]
<vlan-config>
vlan 140 mux
port vlan 2 0/7 2
[config]
<config>
mplsvlan 2
stp enable
[mpls]
<mpls>
mpls lsr-id 4.4.4.2
mpls
label advertisenon-null
lsp-triggerhost
mplsl2vpn
[mpls-ldp]
<mpls-ldp>
mpls ldp
md5-password cipher 3.3.3.3 S;IKAY5^0NWQ=^Q`MAF4<1!!
[vlanif]
<vlanif2>
interface vlanif2
description
HUAWEI, MA5600 Series, Vlanif2 Interface
ipaddress 10.1.1.2 255.255.255.0
mpls
mpls ldp
[meth]
<meth0>
interfacemeth0
descriptionHUAWEI, MA5600 Series, MEth0 Interface
ip
address 192.168.1.2 255.255.255.0
#
return
Related Operation
Table 27-17 lists the related operations for configuring the LDP MD5 authentication.
Table 27-17 Related operations for configuring the LDP MD5 authentication
To... Run the Command...
Context
l To detect path MTU correctly, the IP router needs to know the MTU of each link connected
to it.
l The LDP can automatically calculate the minimum MTU value of all the interfaces on each
LSP. At the ingress LSR, the MPLS determines the size of the forwarded packets based on
the calculated minimum MTU value. In this way, the system can avoid sending larger
packets at the ingress LSR, which may result in forwarding failure at the transit LSR.
l By default, the LDP MTU signaling is enabled.
l Enabling/Disabling MTU signaling function may result in recreating original session. LSPs
that are created based on this session will be deleted and needs to be recreated.
Procedure
Step 1 Run the mpls ldp command to enable the MPLS LDP globally.
Step 2 Run the mtu-signalling command to enable the LDP MTU signaling function.
Step 3 Run the display mpls ldp command and you can query the configuration of the LDP MTU
signaling function.
----End
Example
To enable the LDP MTU signaling function, do as follows:
huawei(config)#mpls ldp
huawei(config-mpls-ldp)#mtu-signaling
huawei(config)#display mpls ldp
{ <cr>||<K>|all<K>|verbose<K>|interface<K>|peer<K>|session<K>|remote-peer<K>|lsp
<K> }:
Command:
display mpls ldp
LDP Global Information
--------------------------------------------------------------------
Protocol Version : V1 Neighbor Liveness : 600 Sec
Graceful Restart : Off FT Reconnect Timer : 300 Sec
MTU Signaling : On Recovery Timer : 300 Sec
LDP Instance Information
--------------------------------------------------------------------
Instance ID : 0 VPN-Instance :
Instance Status : Active LSR ID : 4.4.4.4
Hop Count Limit : 30 Path Vector Limit : 30
Loop Detection : On
DU Re-advertise Timer : 10 Sec DU Re-advertise Flag : On
DU Explicit Request : Off Request Retry Flag : On
Label Distribution Mode : Independent Label Retention Mode : Liberal
--------------------------------------------------------------------
Related Operation
Table 27-18 lists the related operation for enabling the LDP MD5 MTU signaling function.
Table 27-18 Related operation for enabling the LDP MD5 MTU signaling function
To... Run the Command...
27.7 PW Configuration
This section describes how to configure a PW template.
27.7.1 Enable the MPLS L2VPN
This operation enables the MPLS L2VPN.
27.7.2 Configuring a PW Template
This operation enables you to configure a PW template.
27.7.3 Binding a PVC with a PW Template
This operation enables you to bind a PVC with a PW template.
27.7.4 Binding a VLAN with a PW Template
This operation enables you to bind a VLAN with a PW template.
Procedure
Step 1 Run the mpls l2vpn command to enable the MPLS L2VPN.
Step 2 Run the display current-configuration command and you can find the MPLS L2VPN is
enabled successfully.
----End
Example
To enable the MPLS L2VPN, do as follows:
huawei(config)#mpls l2vpn
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 4.4.4.4
mpls
lsp-trigger host
mpls l2vpn
#
[mpls-ldp]
<mpls-ldp>
mpls ldp
loop-detect
hops-count 30
path-vectors 30
#
[mpls-ldp-remote]
<mpls-ldp-remote-remotepeer>
mpls ldp remote-peer remotepeer
#
return
Related Operation
Table 27-19 lists the related operation for enabling the MPLS L2VPN.
Procedure
Step 1 Run the pw-template command to create a PW template.
Step 2 Run the peer-address command to specify the peer IP address.
Step 3 Run the pw-type command to specify the PW template type.
Step 4 Run the display pw-template command to query the PW template.
----End
Example
To create PW profile pwt1 with the peer IP address of 3.3.3.3 and the profile type of ATM in
SDU mode, do as follows:
huawei(config)#pw-template pwt1
huawei(config-pw-template-pwt1)#peer-address 3.3.3.3
huawei(config-pw-template-pwt1)#pw-type atm sdu
huawei(config)#display pw-template
{ <cr>|string<S><1,19> }:
Command:
display pw-template
Context
You can bind a PVC with a PW template in the following two modes:
l NTO1 mode: One PW template can be bound with multiple PVCs. To differentiate PVCs,
the VPI and VCI values must be changed at the egress of the PW template.
l SDU mode: One PW template can be bound with a PVC. The VPI and VCI values remain
unchanged at the egress of the PW template.
Procedure
Step 1 Run the pw-ac-binding pvc command to bind a PVC with a PW profile.
Step 2 Run the display pw-ac-binding command and you can find a PVC is bound with a PW template
successfully.
----End
Example
To bind the PVC between the ADSL port 0/2/0 and the control board with PW template
PWT1, do as follows:
huawei(config)#pw-ac-binding pvc
{ frame/slot/port<S><1,15>|frame/slot<S><1,15> }:0/2/0
{ vpi<K> }:vpi 0
{ vci<K> }:vci 35
{ pw<K>|outvpi<K> }:pw
{ pw-id<U><1,4294967294> }:10
{ pw-template<K> }:pw-template
{ pw-template-name<S><1,19> }:pwt1
huawei(config)#display pw-ac-binding pw 10
Total : 1 (Up/Down : 1/0 Static/Dynamic : 0/1)
-------------------------------------------------------------------------
AC PW PW PW RECEIVE TRNS TEMPLATE
ID ID STATE TYPE LABEL LABEL NAME
--------------------------------------------------------------------------
0/2/0 0 35 10 up dynamic 9351 19 pwt1
--------------------------------------------------------------------------
Note : AC ID should be:
F/S/P VPI VCI (F--Frame, S--Slot, P--Port)
F/S/G VPI VCI (F--Frame, S--Slot, G--IMA GROUPINDEX)
VLAN ID
Related Operation
Table 27-20 lists the related operations for binding a PVC with a PW template.
Procedure
Step 1 Run the pw-ac-binding vlan command to bind a VLAN with a PW profile.
Step 2 Run the display pw-ac-binding command and you can find the VLAN is bound with the PW
template successfully.
----End
Example
To bind standard VLAN 20 with PW template PWT1, do as follows:
huawei(config)#pw-ac-binding vlan 20 pw 100 pw-template pwt1
huawei(config)#display pw-ac-binding pw 100
Total : 1 (Up/Down : 1/0 Static/Dynamic : 0/1)
-------------------------------------------------------------------------
AC PW PW PW RECEIVE TRNS TEMPLATE
ID ID STATE TYPE LABEL LABEL NAME
--------------------------------------------------------------------------
0/2/0 0 35 100 up dynamic 9351 19 pwt1
--------------------------------------------------------------------------
Note : AC ID should be:
F/S/P VPI VCI (F--Frame, S--Slot, P--Port)
F/S/G VPI VCI (F--Frame, S--Slot, G--IMA GROUPINDEX)
VLAN ID
Related Operation
Table 27-21 lists the related operations for binding a VLAN with a PW template.
This chapter describes the MPLS RSVP-TE technology and how to configure MPLS RSVP-TE
on the MA5600
28.1 Overview
This section describes applications of extended Resource ReSerVation Protocol (RSVP-TE) to
the MA5600.
28.2 Configuration Example for Establishing an MPLS TE Tunnel by Using RSVP-TE
This example shows how to establish an MPLS TE tunnel by using RSVP-TE.
28.3 Configuring Basic MPLS TE Capability
This operation enables you to configure the basic capability of MPLS TE.
28.4 Configuring an MPLS TE Tunnel by Using Dynamic Signaling
This operation enables you to configure an MPLS TE tunnel by using dynamic signaling.
28.5 Configuring Advanced RSVP-TE Features
This operation enables you to configure the advanced RSVP-TE features.
28.6 Tuning the Establishment of CR-LSP
This operation enables you to tune the establishment of CR-LSP.
28.7 Tuning the Establishment of an MPLS TE Tunnel
This operation enables you to tune the establishment of an MPLS TE tunnel.
28.1 Overview
This section describes applications of extended Resource ReSerVation Protocol (RSVP-TE) to
the MA5600.
Service Description
MPLS TE is a technology that integrates TE with MPLS. Using this technology, you can create
an LSP tunnel to a specified path, to reserve resources and implement re-optimization.
Service Specification
In the case of scarcity of resources, MPLS TE helps to preempt the bandwidth resource of the
LSP tunnels with low priority based on the priority and preemption parameter. This meets the
demands for the LSPs with large bandwidth or VIP customers. MPLS TE also provides
protection against link or node failure through the use of path backup and fast reroute (FRR).
With MPLS TE, administrators must create some LSPs and bypass congestion nodes. Thus, this
eliminates network congestion.
The major functions of MPLS TE are as follows:
l Static LSP processing: It creates and deletes LSPs.
l Constrained Route-Label Switched Path (CR-LSP) processing: It processes various kinds
of CR-LSPs.
NOTE
For details of MPLS TE, refer to the Requirements for Traffic Engineering Over MPLS (RFC2702).
l To provide the MPLS function, the MA5600 can serve as only a PE device.
l For the MA5600, to subtend slave shelves,
l Only the master shelf supports MPLS function.
l The master shelf supports the ETH PWE3 and the ATM PWE3 services, and the slave shelf supports
only the ETH PWE3 service. (To support the ATM PWE3 service, a slave shelf must be separately
configured with the and the AIUG subboard, so as to serve as an independent PE to provide MPLS
upstream function.)
Networking
Figure 28-1 shows the sample network for establishing an MPLS TE tunnel by using RSVP-
TE.
Figure 28-1 Sample network for establishing an MPLS TE tunnel by using RSVP-TE
Router
10.1.1.2/24 10.1.2.1/24
LSR-id
2.2.2.2/32
LSR-id LSR-id
10.1.1.1/24 10.1.2.2/24
1.1.1.1/32 3.3.3.3/32
MA5600_A MA5600_B
Data Plan
Table 28-1 lists the data plan for establishing an MPLS TE tunnel by using RSVP-TE.
Table 28-1 Data plan for establishing an MPLS TE tunnel by using RSVP-TE
Item Data
Port: 0/7/2
VLAN: 10
IP address of layer 3 interface (interface connected with router):
10.1.1.1/24
Port: 0/7/2
VLAN: 20
IP address of layer 3 interface (interface connected with router):
10.1.2.2/24
l The network device and the line are in the normal state.
l The IP addresses and masks of interfaces are configured as a sample network. After the
configuration, LSRs can ping each other successfully.
l The OSPF protocol is configured on all MA5600 devices and routers, and the configured
routes are advertised successfully. Otherwise, the static routes are configured.
Configuration Flowchart
Figure 28-2 shows the flowchart for establishing an MPLS TE tunnel.
Start
Configure OSPF TE
End
Procedure
Step 1 Configure the MPLS basic capability, and enable the MPLS TE, RSVP-TE and CSPF.
1. Enable globally the MPLS basic functions and the MPLS TE basic functions.
MA5600_A(config)#mpls lsr-id 1.1.1.1
MA5600_A(config)#mpls
MA5600_A(config-mpls)#mpls te
MA5600_A(config-mpls)#mpls rsvp-te
MA5600_A(config-mpls)#mpls te cspf
MA5600_A(config-mpls)#quit
2. Enable the MPLS basic functions and the MPLS TE functions on interfaces.
MA5600_A(config)#vlan 10 standard
MA5600_A(config)#mpls vlan 10
MA5600_A(config)#port vlan 10 0/7 0
MA5600_A(config)#interface vlanif 10
MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24
MA5600_A(config-if-vlanif10)#mpls
MA5600_A(config-if-vlanif10)#mpls te
MA5600_A(config-if-vlanif10)#mpls rsvp-te
MA5600_A(config-if-vlanif10)#mpls te cspf
NOTE
The configuration of MA5600_B is the same as that of MA5600_A. So, it is not described here.
NOTE
The configuration of MA5600_B is the same as that of MA5600_A. So, it is not described here.
Step 3 Configure the MPLS TE attribute of links on MA5600_A and MA5600_B respectively.
MA5600_A(config)#interface vlanif 10
MA5600_A(config-if-vlanif10)#mpls te max-link-bandwidth 2048
MA5600_A(config-if-vlanif10)#mpls te max-reservable-bandwidth 1024
MA5600_A(config-if-vlanif10)#quit
MA5600_B(config)#interface vlanif 20
MA5600_B(config-if-vlanif20)#mpls te max-link-bandwidth 2048
MA5600_B(config-if-vlanif20)#mpls te max-reservable-bandwidth 1024
MA5600_B(config-if-vlanif20)#quit
----End
Result
After the configuration, do as follows to display the configuration result on MA5600_A:
Run the display mpls te tunnel-interface tunnel command and you can find the configuration
of the tunnel.
Context
The configuration of basic MPLS TE capability is required in various MPLS TE feature
configurations. To use the MPLS TE features, you must perform further configuration besides
basic configuration.
28.3.1 Enabling MPLS TE Feature
This operation enables the MPLS TE feature.
28.3.2 Creating an MPLS TE Tunnel
This operation enables you to create an MPLS TE tunnel.
Context
l You must enable the basic MPLS TE capability before enabling the MPLS TE feature.
l You must globally enable MPLS TE and then enable the feature on corresponding
interfaces.
l In the MPLS view, when the MPLS TE feature is disabled, the feature on corresponding
interfaces is also disabled and the CR-LSP tunnels are deleted.
l The CR-LSPs on the interface are deleted when the MPLS TE feature is disabled in the
interface view.
l By default, the MPLS TE feature is disabled.
Procedure
l In the MPLS view, run the mpls te command to globally enable the MPLS TE feature.
1. Enter the MPLS mode.
2. In the MPLS view, run the mpls te command to globally enable the MPLS TE feature.
l In the interface view, run the mpls te command to enable the MPLS TE feature on the
interface.
1. Enter VLAN interface mode.
2. Run the mpls te command to enable the MPLS TE feature on the interface.
3. Run the display mpls interface command to display information about the interface
whose MPLS TE feature has been enabled.
----End
Command:
mpls
huawei(config-mpls)#mpls te
{ tie-breaking<K>|path<K>|cspf<K>|<cr> }:
Command:
mpls te
Info: Mpls te starting, please wait... OK!
To enter the interface mode and enable the MPLS TE feature of the VLAN interface, do as
follows:
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls te
{ max-reservable-bandwidth<K>|max-link-bandwidth<K>|link<K>|bandwidth<K>|metric<
K>|<cr> }:
Command:
mpls te
huawei(config)#display mpls interface vlanif 20
{ <cr>|verbose<K> }:verbose
Command:
display mpls interface vlanif 20 verbose
No : 1
Interface : vlanif20
Status : Up
TE Attribute : Enable
LSPCount : 0
CR-LSPCount : 0
MPLS Config MTU : Please set the MPLS MTU!
Interface MTU : 1500
MPLS Effective MTU : 1500
TE FRR : Disabled
Related Operation
Table 28-2 lists the related operation for enabling MPLS TE feature.
Context
l The tunnel interface must have an IP address to implement the traffic forwarding feature.
No peer address exists because the MPLS TE tunnel is unidirectional.
l The destination address of the tunnel is LSR ID of the egress node.
l If MPLS TE parameters on a tunnel interface change, run the mpls te commit command
to validate them.
Procedure
Step 1 Run the interface tunnel command to create a tunnel interface and enter tunnel interface mode.
Step 2 Run the tunnel-protocol mpls te command to configure tunnel protocol to be MPLS TE.
Step 3 Run the destination command to configure the destination address of the tunnel.
Step 4 Run the mpls te tunnel-id command to configure tunnel ID.
Step 5 Run the mpls te commit command to commit the current tunnel configuration.
Step 6 Run the display current-configuration command to display information about the tunnel.
----End
Example
Assume that:
l Destination address: 202.100.100.100
l Tunnel name: 10
l Tunnel ID: 10
To create the MPLS TE tunnel, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#tunnel-protocol mpls te
huawei(config-if-tunnel10)#destination 202.100.100.100
NOTE
The destination address of the tunnel is recommended to be configured as the address of the loopback port
of the peer device.
huawei(config-if-tunnel10)#mpls te tunnel-id 10
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
#
return
Related Operation
Table 28-3 lists the related operation for creating an MPLS TE tunnel.
Context
The dynamic signaling protocol adjusts the path of a TE tunnel based on dynamic changes of
the network, and applies advanced features, such as backup and FRR.
The process for configuring an MPLS TE through the dynamic signaling protocol is as follows:
28.4.1 Configuring Bandwidth of Links
This operation enables you to configure bandwidth of links.
28.4.2 Enabling OSPF TE
This operation enables you to enable OSPF TE.
28.4.3 Configuring the MPLS TE Explicit Path
Context
l The mpls te max-link-bandwidth bandwidth-value command is used to set the maximum
bandwidth of MPLS TE links. The bandwidth applies to both MPLS traffic and common
Best-Effort traffic.
l The mpls te max-reservable-bandwidth command is used to configure the maximum
reservation bandwidth of MPLS TE links. The bandwidth applies to only MPLS traffic.
Procedure
l Configure the maximum bandwidth of MPLS TE links.
1. Run the mpls te max-link-bandwidth command to configure the maximum
bandwidth of MPLS TE links.
2. Run the display current-configuration command to display the maximum bandwidth
of MPLS TE links.
l Configure the maximum reservation bandwidth.
1. Run the mpls te max-reservable-bandwidth command to configure the maximum
reservation bandwidth of MPLS TE links.
2. Run the display current-configuration command to display maximum reservation
bandwidth of MPLS TE links.
----End
To set the maximum bandwidth of both MPLS TE links 4096 kbit/s and BC1 as 2048 kbit/s, do
as follows:
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls te max-link-bandwidth 4096 bc1 2048
huawei(config-if-vlanif20)#quit
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 4096 bc1 2048
#
<vlanif30>
interface vlanif30
#
return
To set the maximum reservation bandwidth of both MPLS TE links 1024 kbit/s and BC1 as 512
kbit/s, do as follows:
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls te max-reservable-bandwidth 1024 bc1 512
huawei(config-if-vlanif20)#quit
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 4096 bc1 2048
mpls te max-reservable-bandwidth 1024 bc1 512
#
<vlanif30>
interface vlanif30
#
return
Related Operation
Table 28-4 lists the related operations for configuring bandwidth of links.
Context
By default, the OSPF TE capability is disabled.
Procedure
Step 1 Run the ospf command to enter OSPF mode.
Step 2 Run the opaque-capability enable command to enable the OSPF opaque capability.
Step 3 Run the area command to enter the OSPF area view.
Step 4 Run the mpls-te enable command to enable TE in current OSPF area.
Step 5 Run the display current-configuration command to display the configuration of the current
OSPF.
----End
Example
To enable TE in OSPF area 100, do as follows:
huawei(config)#ospf 100
huawei(config-ospf-100)#opaque-capability enable
huawei(config-ospf-100)#area 100
huawei(config-ospf-100-area-0.0.0.100)#mpls-te enable standard-complying
huawei(config)#display current-configuration section ospf
[MA5600V300R003: 3002]
#
[ospf]
<ospf-100>
ospf 100
opaque-capability enable
area 0.0.0.100
mpls-te enable standard-complying
#
return
Related Operation
Table 28-5 lists the related operations for enabling OSPF TE.
Disable the MPLS TE feature undo mpls-te In the OSPF area view
in the current OSPF area
Context
l MPLS TE explicit path is configured on the ingress node.
l The explicit path consists of a series of nodes. An IP address in the explicit path is the IP
address of interface on the node. In general, the address of the loopback interface on a node
is used as the destination address.
l The two kinds of relations that exist between adjacent nodes on an explicit path are as
follows:
– Strict next-hop: Two nodes must be connected directly.
Procedure
Step 1 Run the explicit-path enable command to create an explicit path and enter explicit path view.
Step 2 Run the next hop command to specify the next hop of the explicit path.
Step 3 Run the list hop command to display the configuration of the MPLS TE explicit path.
----End
Example
To configure an MPLE TE path named huaweipath with IP addresses 202.100.100.100 and
202.100.200.200, do as follows:
huawei(config)#explicit-path huaweipath enable
huawei(config-explicit-path-huaweipath)#next hop 202.100.100.100 include strict
huawei(config-explicit-path-huaweipath)#next hop 202.100.200.200 include loose
huawei(config-explicit-path-huaweipath)#list hop
{ <cr>|ip_addr<I><X.X.X.X> }:
Command:
list hop
Path Name : huaweipath Path Status : Enabled
1 202.100.100.100 Strict Include
2 202.100.200.200 Loose Include
Related Operation
Table 28-6 lists the related operations for configuring the MPLS TE explicit path.
Table 28-6 Related operations for configuring the MPLS TE explicit path
Procedure
Step 1 Run the interface tunnel command to create or enter the tunnel interface view of the MPLS TE
tunnel.
Step 2 Run the mpls te bandwidth command to configure bandwidth for the tunnel.
Step 3 Run the mpls te path explicit-path command to configure the explicit path used for the MPLS
TE tunnel.
Step 4 Run the mpls te commit command to commit the current tunnel configuration.
Step 5 Run the display current-configuration command to display the information about the tunnel.
----End
Example
To configure the constraints for an MPLS TE tunnel, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te bandwidth bc0 8192
huawei(config-if-tunnel10)#mpls te path explicit-path huaweipath
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
#
return
Related Operation
Table 28-7 lists the related operations for configuring constraints for an MPLS TE tunnel.
Table 28-7 Related operations for configuring constraints for an MPLS TE tunnel
To... Run the Command...
Context
l You must enable CSPF first and then you can configure relevant CSPF functions.
l Whenever a link is Down, a CSPF failed link timer starts. If the IGP deletes or modifies
this link before the timer expires, the CSPF is notified of this deletion and modification.
The CSPF then updates the link in the TEDB and stops the timer. If the timer expires and
the IGP does not delete the link, the status of the link is Up.
l By default, CSPF of an MPLS area is disabled and the interval for starting up the failed
timer is 10s.
Procedure
Step 1 Run the mpls command to enter the MPLS view.
Step 2 Run the mpls te cspf command to enable CSPF of the node.
Step 3 Run the mpls te cspf timer failed-link command to set the interval for starting up to the failed
timer.
Step 4 Run the display current-configuration command to display CSPF configuration of the MPLS.
----End
Example
To enable CSPF of an MPLS and set the interval for starting up the failed timer as 100s, do as
follows:
huawei(config)#mpls
huawei(config-mpls)#mpls te cspf
huawei(config-mpls)#mpls te cspf timer failed-link 100
huawei(config-mpls)#quit
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls te cspf
mpls te cspf timer failed-link 100
#
return
Related Operation
Table 28-8 lists the related operations for configuring the CSPF of an MPLS.
Restore the default interval for undo mpls te cspf timer failed-link
starting up the failed timer
Context
l In the MPLS view, run the mpls rsvp-te command to enable the RCVP-TE feature. In the
VLAN interface view, run the mpls rsvp-te command to enable the RSVP-TE feature of
interfaces.
l In the MPLS view, once the RSVP-TE feature is disabled globally, the RSVP-TE feature
on each interface is disabled at the same time.
l By default, the RSVP-TE feature is disabled.
l To run the mpls rsvp-te command, run the mpls command and the mpls te command to
enable the MPLS and the MPLS TE features. Enable RSVP-TE feature first before
configuring other RSVP-TE functions.
Procedure
Step 1 Run the mpls command to enter the MPLS view.
Step 2 Run the mpls rsvp-te command to enable RSVP-TE.
Step 3 In VLAN interface mode, run the mpls rsvp-te command to enable RSVP-TE on the VLAN
interface.
Step 4 In tunnel interface mode, run the mpls te signal-protocol rsvp-te command to specify RSVP-
TE as the signaling of the tunnel.
Step 5 In tunnel interface mode, run the mpls te commit command to commit the current tunnel
configuration.
----End
Example
To establish an MPLS TE tunnel by using RSVP-TE, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te
huawei(config-mpls)#quit
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls rsvp-te
huawei(config-if-vlanif20)#quit
huawei(config)#interface tunnel 100
huawei(config-if-tunnel100)#mpls te signal-protocol rsvp-te
Related Operation
Table 28-9 lists the related operation for establishing an MPLS TE tunnel by using RSVP-TE.
Table 28-9 Related operation for establishing an MPLS TE tunnel by using RSVP-TE
To... Run the Command...
Context
RSVP-TE provides diversified configuration options. It guarantees reliability and network
resource availability, and offers some applications of MPLS TE advanced features.
Context
l The RSVP Hello extension is used to detect the reachability of RSVP neighboring nodes.
Before enabling RSVP Hello extension, you must enable RSVP-TE feature first. Only after
the RSVP Hello extension is enabled, you can configure parameters.
l In the MPLS view, run the mpls rsvp-te hello command to globally enable the RSVP Hello
mechanism. Run the mpls rsvp-te hello command to enable the RSVP Hello mechanism
in the VLAN interface view.
l By default, the RSVP Hello extension is disabled. When the RSVP Hello extension is
enabled, the refresh interval of Hello message is 3 seconds.
Procedure
Step 1 Run the mpls command to enter the MPLS view.
Step 2 Run the mpls rsvp-te hello command to globally enable RSVP Hello extension.
Step 3 Run the mpls rsvp-te hello-lost command to configure the maximum loss times of Hello
message.
Step 4 Run the mpls rsvp-te timer hello command to configure the refresh interval of Hello message.
Step 5 In the VLAN interface view, run the mpls rsvp-te hello command to enable the RSVP Hello
extension of the VLAN interface.
Step 6 Run the display current-configuration command to display the configuration.
----End
Example
Assume that:
l VLAN interface: 20
l Maximum times for consecutively receiving no Hello message: 6
l Refresh interval of Hello message: 10s
To configure the RSVP Hello extension, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te hello
huawei(config-mpls)#mpls rsvp-te hello-lost 6
huawei(config-mpls)#mpls rsvp-te timer hello 10
huawei(config-mpls)#quit
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls rsvp-te hello
huawei(config-if-vlanif20)#quit
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te timer hello 10
mpls rsvp-te hello-lost 6
mpls te cspf
mpls te cspf timer failed-link 100
#
return
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 4096 bc1 4096
Related Operation
Table 28-10 lists the related operations for configuring RSVP Hello extension.
Restore the default refresh interval of undo mpls rsvp-te timer hello
Hello message
Context
l By default, the resource reservation style is Shared-Explicit (SE) style.
l Only the RSVP-TE protocol has resource reservation style and styles available are: SE style
and fixed filter (FF) style.
Procedure
Step 1 Run the interface tunnel command to enter the tunnel interface view.
Step 2 Run the mpls te resv-style command to specify resource reservation style for the tunnel.
Step 3 Run the mpls te commit command to commit the current tunnel configuration.
Step 4 In global config mode, run the display current-configuration command to display the
configuration.
----End
Example
To specify resource reservation style FF for establishing a CR-LSP tunnel, do as follows:
huawei(config)#interface tunnel 20
huawei(config-if-tunnel20)#mpls te resv-style ff
huawei(config-if-tunnel20)#mpls te commit
huawei(config-if-tunnel20)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
<tunnel10>
interface tunnel10
description tunnel-10
#
<tunnel20>
interface tunnel20
tunnel-protocol mpls te
destination 100.10.10.10
mpls te tunnel-id 20
mpls te resv-style ff
mpls te commit
#
return
Related Operation
Table 28-11 lists the related operation for configuring the resource reservation style.
Table 28-11 Related operation for configuring the resource reservation style
Context
l RSVP maintains path and resource through refresh message. The mpls rsvp-te timer
refresh command is used to configure refresh interval, that is, the interval for sending a
refresh message.
l ResvErr message creates blockade state on a node to solve the problem of "killer
reservation" and forward or create smaller requests. Blockade state timeout = Blockstate
timeout multiplier x Path/Resv message refresh-time.
l The mpls rsvp-te keep-multiplier command is used to configure timeout multiplier of
PSB and RSB. Timeout time = (keep-multiplier + 0.5) x 1.5 x refresh-time. If no refresh
message is received within the timeout time, a fault occurs to the link and the reserved
resource must be deleted.
l By default, the refresh interval of Path/Resv message is 30 seconds; the timeout multiplier
of PSB and RSB is 3; the timeout multiplier of blockade state is 4.
Procedure
Step 1 Run the mpls command to enter the MPLS view.
Step 2 Run the mpls rsvp-te timer refresh command to configure the refresh interval for Path and
Resv messages.
Step 3 Run the mpls rsvp-te keep-multiplier command to configure the timeout multiplier of PSB and
RSB.
Step 4 Run the mpls rsvp-te blockade-multiplier command to configure the timeout multiplier of
blockade state.
----End
Example
To set the refresh interval for Path and Resv message to 50s, the timeout multiplier of PSB and
RSB to 5 and the timeout multiplier of blockade state to 5, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te timer refresh 50
huawei(config-mpls)#mpls rsvp-te keep-multiplier 5
huawei(config-mpls)#mpls rsvp-te blockade-multiplier 5
huawei(config-mpls)#quit
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te timer refresh 50
mpls rsvp-te timer hello 10
mpls rsvp-te hello-lost 6
mpls rsvp-te keep-multiplier 5
mpls rsvp-te blockade-multiplier 5
mpls te cspf
mpls te cspf timer failed-link 100
#
return
Related Operation
Table 28-12 lists the related operations for configuring RSVP timers.
Restore the default refresh interval undo mpls rsvp-te timer refresh
for Path and Resv messages
Context
l Reliability refers to the Message_ID extension mechanism and it is used to confirm the
RSVP message. Thus, the transmission reliability of the RSVP message is improved. Before
enabling the Message-ID mechanism, you must enable RSVP-TE feature first. After
enabling the Message_ID mechanism on the interface, configure the retransmission
parameters.
l By default, the reliability function of an interface is disabled; the retransmission interval
and increment are 600 ms and 1 ms respectively.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the mpls rsvp-te reliability command to enable reliability on the interface.
Step 3 Run the mpls rsvp-te timer retransmission command to configure retransmission parameters.
----End
Example
To enable the reliability on the VLAN interface 20 and set the retransmission interval and
increment to 600 ms and 2 ms respectively, do as follows:
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls rsvp-te reliability
huawei(config-if-vlanif20)#mpls rsvp-te timer retransmission retransmit-value
600 increment-value 2
huawei(config-if-vlanif20)#quit
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 4096 bc1 4096
mpls te max-reservable-bandwidth 1024 bc1 1024
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te reliability
mpls rsvp-te timer retransmission retransmit-value 600 increment-value 2
#
<vlanif30>
interface vlanif30
#
return
Related Operation
Table 28-13 lists the related operations for configuring RSVP message transmission reliability.
Table 28-13 Related operations for configuring RSVP message transmission reliability
To... Run the Command...
Context
l Enabling Srefresh prohibits the traditional time-driving refresh on the current interface.
Srefresh message is used to refresh the state of path and reserved resources.
l By default, Srefresh is disabled on the interface.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the mpls rsvp-te srefresh command to enable Srefresh on the interface.
Step 3 Run the display current-configuration command to display the configuration.
----End
Example
To enable RSVP-TE Srefresh on VLAN interface 20, do as follows:
huawei(config)#interface vlanif 20
huawei(config-if-vlanif20)#mpls rsvp-te srefresh
huawei(config-if-vlanif20)#quit
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 4096 bc1 4096
mpls te max-reservable-bandwidth 1024 bc1 1024
mpls rsvp-te
mpls rsvp-te hello
Related Operation
Table 28-14 lists the related operation for enabling RSVP-TE Srefresh.
Context
l The reservation confirmation is initiated by the receiver of Path message. An object that
requires confirming the reservation is carried along the Resv message sent by the receiver.
l By default, RSVP-TE reservation confirmation function is disabled.
NOTE
Receiving the ResvConf message does not mean that resource reservation succeeds. It only means that
resources are reserved successfully on the farthest upstream node where this Resv message arrives. These
resources may still be preempted by other applications later.
Procedure
Step 1 Run the mpls command to enter the MPLS view.
Step 2 Run the mpls rsvp-te resvconfirm command to enable the reservation confirmation mechanism
of the node.
Step 3 Run the display current-configuration command to display the configuration.
----End
Example
To enable the reservation confirmation mechanism on a node, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te resvconfirm
huawei(config-mpls)#quit
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
Related Operation
Table 28-15 lists the related operation for enabling RSVP-TE reservation confirmation
mechanism.
Table 28-15 Related operation for enabling RSVP-TE reservation confirmation mechanism
To... Run the Command...
Context
l Before enabling RSVP authentication on a VLAN interface, enable the RSVP-TE feature
first.
l After RSVP authentication is enabled, RSVP-TE transmits authentication summary
generated by authentication key and hash algorithm. A summary of all messages received
at or sent from the interface is calculated by using the authentication key.
l By default, the RCVP authentication is disabled.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the mpls rsvp-te authentication command to enable RSVP authentication.
Step 3 Run the display current-configuration command to display the configuration.
----End
Example
To enable the RSVP authentication on a node, do as follows:
huawei(config)#interface vlanif 20
Related Operation
Table 28-16 lists the related operation for enabling RSVP authentication.
Context
CSPF uses the TEDB and constraints to calculate the appropriate paths and establishes CR-LSP
through the signaling protocol. MPLS TE provides many ways to influence the CSPF
computation for tuning the CR-LSP establishment.
l Tie-breaking
CSPF only calculates the shortest path to reach the tunnel destination. During the path
computation, if there are several paths with the same metric, you can select one of them.
l Route pinning
The feature that a CR-LSP is not reestablished as routes change is called route pinning.
l Administrative group and affinity property
The affinity property of the MPLS TE tunnel determines the links that the tunnel uses.
The affinity property coordinates with link administrative group to decide what links
the tunnel uses.
l Reoptimization
The configuration described in this section must be used together with the CSPF and the CR-LDP or RSVP-
TE protocol.
Context
l The default setting in the MPLS view is random.
l The tunnel takes the tie-breaking policy configured in its tunnel interface view as a priority.
If there is no related configuration in that view, it uses the method in the MPLS view.
Procedure
Step 1 Run the mpls command to enter MPLS view.
Step 2 Run the mpls te tie-breaking command to configure tie-breaking methods on the current node
for selecting the path policy when there are several paths with the same metric.
Step 3 In tunnel interface mode, run the mpls te tie-breaking command to configure tie-breaking
methods on the tunnel interface for selecting the path policy when there are several paths with
the same metric.
Step 4 Run the mpls te commit command to commit the current configuration.
Step 5 Run the display current-configuration command to display the configuration.
----End
Example
To set the tie-breaking method on the current node to random and that on tunnel 100 as maximal
ratio of the idle bandwidth, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls te tie-breaking random
huawei(config-mpls)#quit
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te tie-breaking least-fill
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te resvconfirm
mpls rsvp-te timer refresh 50
mpls rsvp-te timer hello 10
mpls rsvp-te hello-lost 6
mpls rsvp-te keep-multiplier 10
mpls rsvp-te blockade-multiplier 10
mpls te cspf
mpls te cspf timer failed-link 100
#
return
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 2002]
#
[tunnel]
<tunnel100>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te tie-breaking least-fill
mpls te commit
#
return
Related Operation
Table 28-17 lists the related operation for configuring tie-breaking of CSPF.
Context
l By default, route pinning is disabled.
l If the route pinning is enabled, then the MPLS TE reoptimization or auto bandwidth
adjustment cannot be used at the same time.
Procedure
Step 1 Run the interface tunnel command to enter the tunnel interface view of the MPLS TE tunnel.
Step 2 Run the mpls te route-pinning command to enable the route pining function.
Step 3 In the Tunnel interface view, run the mpls te commit command to commit the current
configuration.
----End
Example
To enable the tunnel pining of tunnel 100, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te route-pinning
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te tie-breaking least-fill
mpls te commit
#
return
Related Operation
Table 28-18 lists the related operation for configuring route pining.
Context
l By default, the values of administrative group, affinity property and mask are all 0x0.
l The modification of administrative group and affinity attribute is valid only for new LSPs
but not for the established ones. Modifying the affinity property of the tunnel affects the
established LSP after the modification is committed, and TE tunnel path is recalculated.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode.
Step 2 Run the mpls te link administrative group command to configure administrative group of the
VLAN interface.
Step 3 In tunnel interface mode, run the mpls te affinity property command to configure affinity
property for the tunnel.
Step 4 In tunnel interface mode, run the mpls te commit command to commit the current configuration.
Step 5 Run the display current-configuration command to display the configuration.
----End
Example
To set the values of administrative group and affinity property to 0x0101 and the mask to 0x303,
do as follows:
huawei(config)#interface vlan 20
huawei(config-if-vlanif20)#mpls te link administrative group 0x0101
Info: The configuration will take into effect ONLY for the newly created LSP.
huawei(config-if-vlanif20)#quit
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te affinity property 0x101 mask 0x303
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te link administrative group 101
mpls te max-link-bandwidth 4096 bc1 4096
mpls te max-reservable-bandwidth 1024 bc1 1024
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te srefresh
mpls rsvp-te authentication cipher TBESB1:RIXa"..$6++O5YQ!!
mpls rsvp-te reliability
mpls rsvp-te timer retransmission retransmit-value 600 increment-value 2
#
<vlanif30>
interface vlanif30
---- More ( Press 'Q' to break ) ----
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te affinity property 101 mask 303
mpls te tie-breaking least-fill
mpls te commit
#
return
Related Operation
Table 28-19 lists the related operations for configuring administrative group and affinity
property.
Table 28-19 Related operations for configuring administrative group and affinity property
To... Run the Command...
Restore the default administrative group undo mpls te link administrative group
Context
l By default, reoptimization is disabled. The default timing reoptimization interval is 3600s.
l After configuring the timing reoptimization in the tunnel view, return to the user view and
run the mpls te reoptimization command to re-optimize the optimized tunnels
immediately. When the mpls te reoptimization command is executed, the reoptimization
timer resets and starts to count the time again.
l The CR-LSP reoptimization cannot be configured when the route pining is enabled.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the mpls te reoptimization command to enable periodic reoptimization of the MPLS TE
tunnel.
Step 3 Run the mpls te commit command to commit the current tunnel configuration.
Step 4 Run the mpls te reoptimization command to reoptimize the TE tunnel. (Optional)
Step 5 Run the display current-configuration command to display the configuration.
----End
Example
To reoptimize the tunnel 100 and set the periodic reoptimization interval to 1000s, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te reoptimization frequency 1000
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te affinity property 101 mask 303
mpls te tie-breaking least-fill
mpls te reoptimization frequency 1000
mpls te commit
#
return
Related Operation
Table 28-20 lists the related operation for configuring reoptimization of CR-LSP.
Context
During the establishment of the MPLS TE tunnel, certain specific configuration is required for
practical application to ensure the security and stability of data transmission.
NOTE
The configurations introduced in this section must be used together with the CR-LDP or the RSVP-TE
protocol. The MA5600 supports only the RSVP-TE protocol.
Context
l By default, loop detection is disabled.
l The loop detection mechanism of TE allows a maximum hop count of 32. If the path
information table contains the record of the local LSR, or the hop count of the path exceeds
the maximum value, it is considered that a loop occurs and the establishment of LSP fails.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the mpls te loop-detection command to enable loop detection on tunnel creation.
Step 3 Run the mpls te commit command to commit the current tunnel configuration.
----End
Example
To enable loop detection on tunnel 100, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te loop-detection
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.10
mpls te tunnel-id 10
mpls te loop-detection
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te affinity property 101 mask 303
mpls te tie-breaking least-fill
mpls te reoptimization frequency 1000
mpls te commit
#
return
Related Operation
Table 28-21 lists the related operation for configuring loop detection.
Context
By default, the route record and the label record are disabled.
Procedure
Step 1 Run the interface tunnel command to enter the tunnel interface view of the MPLS TE tunnel.
Step 2 Run the mpls te record-route command to enable the route record and the label record on tunnel
establishment.
Step 3 Run the mpls te commit command to commit the current tunnel configuration.
Step 4 Run the display current-configuration command to display the configuration.
----End
Example
To enable the route record and label record for tunnel 100 on tunnel establishment, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te record-route lable
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te loop-detection
mpls te record-route label
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te affinity property 101 mask 303
mpls te tie-breaking least-fill
mpls te reoptimization frequency 1000
mpls te commit
#
return
Related Operation
Table 28-22 lists the related operation for configuring route record and label record.
Table 28-22 Related operation for configuring route record and label record
To... Run the Command...
Context
l If the establishment of a tunnel fails, the system attempts to re-establish the tunnel within
a certain interval until the attempts exceed the maximum reestablishment times.
l By default, the creation retry times are 5 and the interval for tunnel reestablishment is 10
seconds.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the mpls te retry command to specify the retry times for tunnel reestablishment.
Step 3 Run the mpls te timer retry command to specify the interval for tunnel reestablishment.
Step 4 Run the mpls te commit command to commit the current tunnel configuration.
Step 5 Run the display current-configuration command to display the configuration.
----End
Example
To specify the retry times for tunnel establishment as 3 and the interval for tunnel reestablishment
as 5s, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te retry 3
huawei(config-if-tunnel10)#mpls te timer retry 5
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
mpls te loop-detection
mpls te record-route label
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
mpls te retry 3
mpls te timer retry 5
mpls te affinity property 101 mask 303
Related Operation
Table 28-23 lists the related operations for configuring parameters of tunnel reestablishment.
Restore the default retry times for tunnel undo mpls te retry
reestablishment
Restore the default interval for tunnel undo mpls te timer retry
reestablishment
Context
l Both the setup priority and the hold priority range from 0 to 7. The smaller the value is, the
higher the priority is. By default, the setup priority and the hold priority are 7.
l If only the tunnel setup priority is configured, the hold priority is the same as the setup
priority.
l The setup priority should not be higher than the hold priority.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the mpls te priority command to configure the setup priority and hold priority for the MPLS
TE tunnel.
Step 3 Run the mpls te timer retry command to configure the interval for tunnel reestablishment.
Step 4 Run the mpls te commit command to commit the current tunnel configuration.
Step 5 Run the display current-configuration command to display the configuration.
----End
Example
To configure the setup priority as 6 and hold priority as 3 for tunnel 100, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#mpls te priority 6 3
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
Related Operation
Table 28-24 lists the related operation for configuring tunnel priority.
Restore the default setup priority and hold undo mpls te priority
priority of an MPLS TE tunnel
This chapter describes the VLAN stacking wholesale service and how to configure the service
on the MA5600.
29.1 Overview
This section describes how to use the VLAN stacking attribute to implement the wholesale
service and to extend the VLAN ID function.
29.2 Configuration Example of the Wholesale Service
This example shows how to configure the wholesale service so that the services provisioned by
the ISP can be quickly delivered to the specified user group.
29.1 Overview
This section describes how to use the VLAN stacking attribute to implement the wholesale
service and to extend the VLAN ID function.
Service Description
The MA5600 provides two tags (one is an inner tag and the other is an outer tag) in the 802.1Q
format for a packet through the VLAN stacking attribute. The packet carries two VLAN tags
and accesses the layer 2 switch network. The system forwards the packet in the layer 2 switch
network according to the outer VLAN tag of the packet.
l Wholesale service
In a layer 2 metropolitan area network (MAN), there may exist multiple Internet service
providers (ISPs). To quickly deliver the services provided by the ISPs to a specified user
group, you can use the outer VLAN tag of the packet to identify the ISP and use the inner
VLAN tag of the packet to identify the user. In this way, different user groups can access
the specified ISP network in batches based on different outer VLAN tags, and obtain the
corresponding services provided by the ISP.
NOTE
In the wholesale service, the upper layer device must work in the layer 2 mode, and forward packets
based on the VLAN and the MAC address.
l VLAN ID extension
In the VLAN ID extension, the outer VLAN tag is used to identify the access device and
the inner VLAN tag is used to identify the access users. The BRAS identifies access users
according to the layer 2 VLAN tags. In this way, the number of users identified by VLAN
IDs increases. Meanwhile, the number of the users accessing the BRAS increases.
NOTE
For the features of the VLAN stacking and the details on the features, refer to the chapter "VLAN
Stacking" in the MA5600 Feature Description.
Service Specifications
The MA5600 supports up to 4000 VLANs configured with the VLAN stacking attribute.
The following VLANs cannot be configured with the VLAN stacking attribute:
l Super VLANs
l Sub VLANs
l VLANs configured with the layer 3 interface
l System default VLAN
Networking
Figure 29-1 shows a sample network for configuring the wholesale service
ISP1 provides the broadband services for users 1 and 2, and ISP2 provides the broadband services
for users 3 and 4. Based on the VLAN stacking feature, the MA5600 adds the outer VLAN tag
to differentiate ISPs and the inner VLAN tag to differentiate users, and forwards the user packets
to the layer 2 network. Then the layer 2 switch forwards the user packets to the specified ISP
BRAS based on the outer VLAN tag. The ISP BRAS peels the outer VLAN tag and identifies
the user based on the inner VLAN tag. After passing the ISP BRAS authentication, the user can
obtain the services provided by the ISPs.
Internet
BRAS BRAS
MA5600
Modem
Data Plan
Table 29-1 lists the data plan for configuring the wholesale service.
Item Data
Item Data
User 1:
l ADSL2+ port: 0/2/0
l VPI/VCI: 0/35 (the same as that of the modem)
l Inner VLAN tag: 11
User 2:
l ADSL2+ port: 0/2/1
l VPI/VCI: 0/35 (the same as that of the modem)
l Inner VLAN tag: 12
User 3:
l ADSL2+ port: 0/3/0
l VPI/VCI: 0/35 (the same as that of the modem)
l Inner VLAN tag: 11
User 4:
l ADSL2+ port: 0/3/1
l VPI/VCI: 0/35 (the same as that of the modem)
l Inner VLAN tag: 12
Configuration Flowchart
Figure 29-2 shows the flowchart for configuring the wholesale service.
Start
Create a VLAN
End
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 60-61 smart
----End
Result
After passing the ISP1 BRAS authentication, users 1 and 2 can obtain the services provided by
ISP1.
After passing the ISP2 BRAS authentication, users 3 and 4 can obtain the services provided by
ISP2.
This chapter describes the QinQ VLAN leased line service and how to configure the service on
the MA5600.
30.1 Overview
This section describes the application of the QinQ feature to the leased line access service.
30.2 Configuration Example of the QinQ VLAN Leased Line Service
This example shows how to configure the leased line access based on the QinQ feature to provide
a secure channel for data transmission between private networks of the enterprise.
30.3 Enabling Transparent Transmission of BPDUs
This operation enables transparent transmission of Bridge Protocol Data Units (BPDUs). Then,
the BPDUs of private networks (upstream/downstream packets with the MAC addresses ranging
from 01-80-c2-00-00-00 to 01-80-c2-00-00-2f) can be transparently transmitted based on the
QinQ function of the public network.
30.1 Overview
This section describes the application of the QinQ feature to the leased line access service.
Service Description
The QinQ feature is applied to the broadband leased line access service. By using the resources
of the public network, the QinQ feature provides a transparent and secure data channel for the
private network of an enterprise.
The MA5600 uses the QinQ feature to add a VLAN tag of the public network (QinQ VLAN)
for the packet that accesses the local device and carries the tag of the private network. Carrying
the VLAN tag of the private network, the packet is forwarded in the public network based on
the VLAN tag of the public network and then the packet reaches the remote MA5600. The remote
MA5600 peels the outer VLAN tag of the packet, and then sends the packet to the remote private
network of the enterprise.
For the features of QinQ and the details on the features, refer to the chapter "QinQ VLAN" in
the MA5600 Feature Description.
Service Specifications
l Lease line access mode
The MA5600 uses the SHDSL access mode to provide a symmetric upstream/downstream
bandwidth of 2 Mbit/s for the enterprise.
l Transparent transmission of a BPDU packet
The MA5600 can transparently transmit a BPDU packet of a private network to a remote
private network through the QinQ leased line access service.
l Connection type of the lease line access service
– Single PVC for single service
– Single PVC for multiple services (differentiated by encapsulation types)
l QinQ VLAN application limitation
The MA5600 supports up to 4000 QinQ VLANs.
The following VLANs cannot be configured as QinQ VLANs:
– Super VLANs
– Sub VLANs
– VLANs configured with the layer 3 interface
– System default VLAN
Prerequisite
l The network devices and lines are in the normal state.
l The service boards are in the normal state.
l The upper layer network is in layer 2 mode, and forwards packets based on the VLAN and
the MAC address.
Networking
Figure 30-1 shows a sample network for configuring the QinQ VLAN leased line service.
The two branches of enterprise A are connected to the MAN through MA5600_A and
MA5600_B respectively. Configure the QinQ leased line access for enterprise A on
MA5600_A and MA5600_B respectively so that the private services and BPDU packets of
enterprise A can be transparently transmitted through the public network.
Figure 30-1 Sample network for configuring the QinQ VLAN leased line service
MAN
L2/L3 L2/L3
S CON S CON
ETH ETH
H ESC
H ESC
E E
B B GE 0/7/0
GE 0/7/0
LSW LSW
Enterprise A Enterprise B
Data Plan
Table 30-1 lists the data plan for configuring the QinQ VLAN leased line service.
Table 30-1 Data plan for configuring the QinQ VLAN leased line service
Item Data
MA5600_A SHEBPort:0/5/0
Item Data
Configuration Flowchart
Figure 30-2 shows the flowchart for configuring the QinQ VLAN leased line service.
Figure 30-2 Flowchart for configuring the QinQ VLAN leased line service
Start
Create a VLAN
End
The configuration of MA5600_A is the same as that of MA5600_B. In this section, the
configuration of MA5600_A is taken as an example to describe how to configure the QinQ
VLAN leased line service.
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 50 smart
----End
Result
The private networks of enterprise A, which is located on two sites, can communicate with each
other in the normal state and the services can be transmitted between the two networks.
Context
l When the transparent transmission of BPDUs is enabled, the layer 2 BPDUs under the
QinQ VLAN can be transparently transmitted.
l Otherwise, these BPDUs cannot be transparently transmitted.
Procedure
Step 1 Run the bpdu tunnel enable command to enable transparent transmission of BPDUs.
Step 2 Run the display bpdu tunnel config command to display transparent transmission status of
BPDUs.
----End
Example
To enable transparent transmission of the L2 BPDUs, do as follows:
huawei(config)#bpdu tunnel enable
huawei(config)#display bpdu tunnel config
BPDU tunnel function is enabled
Related Operation
Table 30-2 lists the related operation for enabling transparent transmission of BPDUs.
This chapter describes the multicast service and how to configure the service on the MA5600.
31.1 Overview
This chapter describes multicast and its application to the MA5600.
31.2 Configuration Example of IGMP Proxy Multicast Service
This example shows how to realize the IGMP proxy multicast service.
31.3 Configuration Example of IGMP Snooping
This example shows how to configure the IGMP snooping multicast service.
31.4 Configuration Example of Multicast Service in Subtending Mode
This example shows how to configure the multicast service in subtending mode.
31.5 Configuring Multicast Service in MSTP Networking
This operation enables you to configure multicast service in MSTP networking.
31.6 Setting the IGMP Mode
This operation enables you to set the IGMP mode, including IGMP proxy and IGMP snooping.
31.7 Configuring an IGMP Upstream Port
This operation enables you to add an IGMP upstream port and set its mode and assigned
bandwidth rate.
31.8 Specifying a Subtending Port
This operation enables you to specify a subtending port. To subtend the MA5600 to a slave shelf
with multicast service users, you need to define the port connecting to the slave shelf as a
subtending port.
31.9 Configuring a Program for a Static Subtending Port
This operation enables you to add a program for a static subtending port.
31.10 Configuring IGMP Global Parameters
This section describes how to configure the IGMP global parameters.
31.11 Adding a Program
This operation enables you to add one or more programs to the program library.
31.1 Overview
This chapter describes multicast and its application to the MA5600.
Service Description
With the advent of multimedia, video, and data warehouse in the Internet, the multicast service
is becoming increasingly popular in service applications. It is widely applied in streaming,
remote learning, video conferencing, video on demand (VOD), net gaming, internet data center
(IDC), and other point-to-multipoint fields.
For details on the multicast service, refer to the chapter "Multicast" in the Feature
Description.
Service Specification
Designed with carrier-class multicast operability, the MA5600 supports multicast protocols
(from user to network), paving the way for provisioning value-added broadband multicast
services.
The MA5600 supports operable and manageable controlled multicast services. The MA5600
supports two modes: IGMP proxy and IGMP snooping. In IGMP proxy mode, the MA5600
supports V2/V3. In IGMP snooping mode, the MA5600 supports V2.
Networking
Figure 31-1 shows the sample network the IGMP proxy application.
Internet
Video server
Router
A CON
D ETH
MON
G
E
GE0/7/1
MA5600
Modem Modem
PC PC
Data Plan
Table 31-1 lists the data plan for configuring IGMP proxy.
Program library The multicast server provides three programs. Uplink port 0/7/1
and VLAN 2 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
User Multicast user 1, with service port of 0/2/0, VPI/VCI of 0/35 and
bound with authority profile 0
Multicast user 2, with service port of 0/2/1, VPI/VCI of 0/35, with
no authentication.
Item Data
Configuration Flowchart
Figure 31-2 shows the flowchart for configuring IGMP proxy.
Configure IGMP
Configure the xDSL port upstream port
(Optional) Configure
Create a Smart VLAN
IGMP global parameters
End
Procedure
Step 1 Configure the xDSL port.
In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do
not have to configure a line profile.
huawei(config)#vlan 2 smart
NOTE
By default, the multicast mode is proxy. Therefore, you do not have to set it usually.
2. Configure the IGMP upstream port.
huawei(config-btv)#igmp uplink-port-mode program
huawei(config-btv)#igmp uplink-port 0/7/1 100
----End
Result
After the configuration:
l User 1 can watch program 1 and program 2, but cannot watch program 3.
l User 2 can watch all programs.
Prerequisite
Before configuring IGMP snooping, make sure that:
l The network devices and lines are normal.
l There exists the multicast source in the network and its IP address is known.
l The related service boards are normal.
Networking
Figure 31-3 shows a sample network for configuring the IGMP snooping.
Internet
Video server
Router
A CON
D ETH
MON
G
E
GE0/7/1
MA5600
Modem Modem
PC PC
Data Plan
Table 31-2 lists the data plan for configuring IGMP snooping.
Item Data
Program library The multicast server provides three programs. Uplinnk port
0/7/1 and VLAN 2 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
User Multicast user 1, with service port of 0/2/0, VPI/VCI of 0/35, and
bound with authority profile 0.
Multicast user 2, with service port of 0/2/1, VPI/VCI of 0/35, with
no authentication.
Configuration Flowchart
Figure 31-4 shows the flowchart for configuring the IGMP snooping.
(Optional) Configure
Create a Smart VLAN IGMP Snooping global
parameters
End
Procedure
Step 1 Configure the xDSL port.
In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do
not have to configure a line profile.
----End
Result
After the configuration:
l User 1 can watch program 1 and program 2, but cannot watch program 3.
l User 2 can watch all programs.
Networking
Figure 31-5 shows a sample network for configuring the subtended multicast service.
Figure 31-5 Sample network for configuring the subtended multicast service
Internet
Video server
Router
CON
ETH
MON
GE0/7/0
GE0/7/1
MA5600_A
A CON
D ETH
MON
G
E
GE0/7/0
GE0/7/1
MA5600_B
Modem Modem
PC PC
Data Plan
Table 31-3 lists the data plan for configuring the subtended multicast service.
Table 31-3 Data plan for configuring the subtended multicast service
Item Data
VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
Add port 1 on the SCU board to VLAN 100 as the subtending port.
Item Data
The multicast server provides three programs. Uplink port 0/7/0 and
VLAN 100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
The IP address of the port of the upper layer router that is interconnected
to the MA5600 is 10.0.0.254.
MA5600_B VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
The multicast server provides three programs. Uplink port 0/7/0 and
VLAN 100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
Authority profile
Set profile 0 as the authority profile. Based on this profile, users can watch
program 1 (224.1.1.1) and program 2 (224.1.1.2) in the program library.
ADSL board
In slot 0/2, the ADSL board is bound with the default line profile (profile
1). The VPI/VCI of the modem connected to the ADSL port is 0/35
(default).
User
Add two users 0/2/0 and 0/2/1. Bind port 0/2/0 with profile 0 and port
0/2/1 does not need authentication.
Configuration Flowchart
Figure 31-6 and Figure 31-7 show the flowchart for configuring multicast service in subtending
mode.
Figure 31-6 Flowchart for configuring multicast service in subtending mode (MA5600_A)
End
Figure 31-7 Flowchart for configuring multicast service in subtending mode (MA5600_B)
Configure IGMP
Configure the xDSL port upstream port
(Optional) Configure
Create a VLAN IGMP global parameters
End
Procedure
l Procedure for configuring MA5600_A
1. Configure a VLAN.
– Create a VLAN.
huawei(config)#vlan 100 standard
In this example, the ADSL port is bound with the default line profile (profile 1002).
2. Configure a VLAN.
– Create a VLAN.
huawei(config)#vlan 100 smart
----End
Result
l User 1 can watch program 1 and program 2, but cannot watch program 3.
l User 2 can watch all programs.
Prerequisite
l The network devices and lines are normal.
l There exists the multicast source in the network and its IP address is known.
l The related service boards are normal.
Networking
Figure 31-8 shows the sample network of the multicast service in MSTP networking.
Three MA5600 devices (MA5600_A, MA5600_B and MA5600_C) make up the MSTP ring
network. All services are transmitted upstream to the IP network through MA5600_A.
MA5600_C subtends MA5600_D through the GE port.
In this figure:
MA5600_A, MA5600_B and MA5600_C are configured in a same MSTP region named hwrg.
Instance 1 is created, the VLAN to which the upstream ports and subtending ports of the devices
belong is mapped to instance 1. MA5600_A is configured as the CIST root, and as the region
root of instance 1.
Multicast
Server
IP
Router
2 3 7
0
A A
1
D D
G G 2
E E 3
SCU MA5600_A
2 3 7 2 7
A A 0 A 0
D D D 1
1 G 2
G G
E E 2 E 3
2 7
A 0
D
G
E
SCU MA5600_D
ADSL2+
Modem
PC
Data Plan
Table 31-4 lists the data plan for the sample network of the multicast service in MSTP
networking.
Table 31-4 Data plan for the sample network of the multicast service in MSTP networking
Item Data
VLAN:
Add the ports 0/7/0, 0/7/1 and 0/7/2 on the SCU board to VLAN 100, which
are used as the upstream port of the VLAN.
The native VLAN of the port is set to 100.
The multicast server provides three programs. Uplink port 0/7/0 and VLAN
100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
VLAN:
l Add the ports 0/7/0 and 0/7/1 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.
Item Data
VLAN:
l Add the ports 0/7/0 and 0/7/1 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
l Provides the port 0/7/2 to connect with MA5600_D.
l The native VLAN of the port is set to 100.
l Add the ports 0/7/0, 0/7/1 and 0/7/2 on the SCU board to VLAN 100, which
are used as the upstream port of the VLAN.
MA5600_D VLAN:
Add the port 0/7/0 on the SCU board to VLAN 100, which is used as the
upstream port of the VLAN.
The multicast server provides three programs. Uplink port 0/7/0 and VLAN
100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
Authority profile: Users bound with authority profile profile0 can watch
program1 and program2, and preview program3.
Multicast user:
l Multicast user 1: The service virtual port is 0/2/0, VPI/VCI is 0/35, and
authority profile profile0 is bounded.
l Multicast user 2: The service virtual port is 0/2/1, VPI/VCI is 0/35, without
authentication.
Configuration Flowchart
Figure 31-9 and Figure 31-10 show the flowchart for configuring the multicast service in
MSTP networking mode.
Figure 31-9 Flowchart for configuring multicast service in MSTP networking on MA5600_A,
MA5600_B and MA5600_C
Multicast service
configuration
End
Figure 31-10 Flowchart for configuring multicast service in MSTP networking on MA5600_D
End
Procedure
l Configuration of MA5600_A.
1. Enable MSTP.
– Enable the MSTP function.
huawei(config)#stp enable
l Configuration of MA5600_B.
1. Enable MSTP.
– Enable the MSTP function.
huawei(config)#stp enable
huawei(stp-region-configuration)#active region-configuration
STP actives region configuration, it may take several minutes,are
you sure to active region configuration? [Y/N][N]y
l Configuration of MA5600_C.
1. Enable MSTP.
– Enable the MSTP function.
huawei(config)#stp enable
l Configuration of MA5600_D.
1. Configure the xDSL port.
In this example, the ADSL2+ port uses the system default line profile (profile 1002).
2. Configure the VLAN.
– Create the VLAN.
huawei(config)#vlan 100 standard
l Configure the preview parameters as follows: The preview time for program 3 is 150s,
the preview attempts are 6 times, and the permitted interval for preview is 60s.
l Run the igmp preview auto-reset-time command to set the time to reset the preview
attempt. In this example, set the time to 00:00:00 every day.
huawei(config-btv)#igmp preview program name program3 preview-duration
150
huawei(config-btv)#igmp preview program name program3 preview-times 6
huawei(config-btv)#igmp preview program name program3 preview-interval
60
huawei(config-btv)#igmp preview auto-reset-time 00:00:00
----End
Result
l User 1 can watch program 1 and program 2, and can preview program 3.
l User 2 can watch all programs.
Context
l The configuration in IGMP snooping is the same as that in IGMP proxy. The difference
only lies in the internal protocol processing.
l In IGMP snooping mode, the host function, prejoin function, unsolicited report function
and static program adding function are not available.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp mode command to set the IGMP mode.
Step 3 Run the display igmp proxy command to query the current multicast mode.
----End
Example
To set the IGMP proxy mode, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]: y
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
Specific query response time(0.1s) : 8
Specific query number : 2
V1 router present timeout(s) : 400
Unsolicited report interval(s) : 10
Uplink port mode : program
Log switch : enable
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Right mode : profile mode
Bandwidth management switch : enable
Bandwidth assigned for user(%) : 100
Report proxy switch : disable
Leave proxy switch : disable
Context
The IGMP upstream port works in any of the following modes:
In program mode, the IGMP upstream port is the port that is specified when you configure the
program.
In MSTP mode, the IGMP upstream port is the root port used by MSTP.
In broadcast mode, the IGMP packets are transmitted from the specified VLAN to upstream
direction, and the upper layer device specifies the upstream port that receives the multicast
stream.
In protect mode, the IGMP upstream port supports the port protection group function.
If you set a port to a subtending port, then it cannot be used as an upstream port that works in
program or protect mode, but it can work in broadcast or MSTP mode.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp uplink-port-mode command to set the working mode of the upstream port.
Step 3 Run the igmp uplink-port command to add an IGMP upstream port.
Step 4 Run the display igmp uplink-port command to query the details of the IGMP upstream port.
----End
Example
To set that the IGMP upstream port works in program mode, set port 0/7/0 as the upstream port,
and set the assigned bandwidth rate as 100%, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode program
huawei(config-btv)#igmp uplink-port 0/7/0 100
huawei(config-btv)#display igmp uplink-port 0/7/0
----------------------------------------
IGMP version : IGMP V2
Program number : 2
V1 router present timer(s) : 0
Assigned bandwidth(%) : 100%
Used bandwidth(%) : 0.5000%
----------------------------------------
Related Operation
Table 31-5 lists the related operations for configuring the IGMP upstream port.
Table 31-5 Related operations for configuring the IGMP upstream port
Context
l An upstream port that works in program, broadcast or protect mode cannot be specified as
a subtending port.
l If a subtending port is configured with the static attribute, the MA5600 does not process
any leave packet because the programs added to the port are not subject to aging, unless
the subtending port or the program is deleted manually.
l If a subtending port is configured with the quick leave attribute, when receiving leave
packets, the MA5600 cuts off the video stream, instead of sending specific group queries.
l The priority of the static attribute is higher than that of the quick leave attribute.
l The mode mode parameter of the command igmp cascade-port is used to configure the
application mode of the subtending port in IGMP snooping.
– In snooping mode, the IGMP packets reported by user will be processed in normal
snooping mode.
– In forward mode, the IGMP packets are forwarded without process.
– In discard mode, the IGMP packets are denied for process.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp cascade-port command to configure a static subtending port.
Step 3 Run display igmp cascade-port command to query the IGMP subtending port.
----End
Example
To specify a subtending port of port 0/7/1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp cascade-port 0/7/1 static enable
huawei(config-btv)#display igmp cascade-port 0/7/1
Command:
display igmp cascade-port all
----------------------------------------------------------------------------
Port | Active | IGMP | V2 Port Present | Static | Quick | Port
| Program | Version | Timer(0.1s) | Join | Leave | Mode
----------------------------------------------------------------------------
0/7/1 0 IGMP V3 0 Yes No snooping
----------------------------------------------------------------------------
Total: 1
Related Operation
Table 31-6 lists the related operation for specifying a subtending port.
Context
To add or delete a program to or from a subtending port, make sure that the subtending port is
configured with static attributes.
Procedure
Step 1 Run the igmp static-join cascade-port command to configure a program for a static subtending
port.
Step 2 Run the display igmp cascade-port command to display the settings of the IGMP subtending
port, as well as the number of programs sent to the port.
----End
Example
To add program 224.1.1.1 to static subtending port 0/7/1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.1 sourceid
192.168.1.1
huawei(config-btv)#display igmp cascade-port 0/7/1
-------------------------------------------
Port : 0/7/1
IGMP version : IGMP V2
V1 router present timer(0.1s) : 0
Static join : enable
Quick leave : disable
Port Mode : snooping
-------------------------------------------
Active Program list:
Index Program Name IP sourceip
------------------------------------------------------
1 PROGRAM-1 224.1.1.1 192.168.1.1
-------------------------------------------------------
Total: 1
Related Operation
Table 31-7 lists the related operation for configuring a program for a static subtending port.
Table 31-7 Related operation for configuring a program for a static subtending port
To... Run the Command...
Delete a program from the static subtending port undo igmp static-join cascade-port
Context
By default, the IGMP proxy authorization is enabled.
To enable authentication of the "auth" users, you need to enable the IGMP proxy authorization
first.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy authorization enable command to enable the IGMP proxy authorization.
Step 3 Run the display igmp proxy command to check whether the IGMP proxy authorization is
enabled.
----End
Example
To enable the IGMP proxy authentication, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy authorization enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-8 lists the related operation for enabling the IGMP proxy authorization.
Table 31-8 Related operation for enabling the IGMP proxy authorization
To... Run the Command...
Context
l The robustness variable defines the reliability of a system. It determines the aging time of
a member and the packet retransmit count. If a subnet is unstable, and prone to packet loss,
you need to enhance the robustness.
l By default, the variable is 2.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router robustness command to set the robustness variable of the system.
Step 3 Run the display igmp proxy command to query the robustness variable.
----End
Example
To set the robustness variable of the system as 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router robustness 5
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 5
General query interval(s) : 125
Related Operation
Table 31-9 lists the related operation for setting the robustness variable.
Restore the default robustness variable undo igmp proxy router robustness
Context
By default, the general query interval is 125s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router gen-query-interval command to set the interval of the general
query issued by the querier.
Step 3 Run the display igmp proxy to display the interval of the general query issued by the querier.
----End
Example
To set the query interval as 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-query-interval 200
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 200
Related Operation
Table 31-10 lists the related operation for setting the general query interval.
Table 31-10 Related operation for setting the general query interval
To… Run the Command…
Restore the default general query interval undo igmp proxy router gen-query-interval
Context
The maximum response time determines the time taken by a multicast user in responding to a
query packet. By increasing the maximum response time, you can reduce the burst of response
packet traffic.
The default setting is 100 in the unit of 0.1s, that is, 10s.
The maximum response time to the general query must be smaller than the general query interval.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router gen-response-time command to set the maximum response time
to the general query.
Step 3 Run the display igmp proxy to display the maximum response time to the general query.
----End
Example
To set the maximum response time as 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-response-time v2 200
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
Related Operation
Table 31-11 lists the related operation for setting the maximum response time to the general
query.
Table 31-11 Related operation for setting the maximum response time to the general query
Restore the default maximum response undo igmp proxy router gen-response-time
time for the general query
Context
After receiving a leave packet from a user, the MA5600 sends a query packet to the user, as long
as the attribute of such a leave packet is not "fast leave". With the set query number, the
MA5600 considers that the user has left if response is not received after it has queried the user
according to the set specific query count and has waited for a period equal to the maximum
response time.
Procedure
Step 1 Run the igmp proxy router sp-query-number command to set the number of specific queries.
Step 2 Run the display igmp proxy command to display the number of specific queries.
----End
Example
To set the specific query count as 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-number 5
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-12 lists the related operation for setting the number of specific queries.
Table 31-12 Related operation for setting the number of specific queries
Restore the default number of specific undo igmp proxy router sp-query-number
queries
Context
The default setting is 10 in the unit of 0.1s, that is, 1s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router sp-query-interval command to set the specific query interval.
Step 3 Run the display igmp proxy command to display the specific query interval.
----End
Example
To set the specific query interval as 2s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-interval 20
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-13 lists the related operation for setting the specific query interval.
Table 31-13 Related operation for setting the specific query interval
To… Run the Command…
Restore the default specific query interval undo igmp proxy router sp-query-interval
Context
The default setting is 8 in the unit of 0.1s, that is, 0.8s.
The maximum response time to a specific query must be smaller than the specific query interval.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router sp-response-time command to set the maximum response time to
a specific query.
Step 3 Run the display igmp proxy command to display the maximum response time to a specific
query.
----End
Example
To set the maximum response time for a specific query as 5 (0.5s), do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-response-time v2 5
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-14 lists the related operation for setting the maximum response time for the specific
query.
Table 31-14 Related operation for setting the maximum response time for the specific query
To… Run the Command…
Restore the default maximum response undo igmp proxy router sp-response-time
time for the specific query
Context
When the IGMP proxy works in unsolicited report mode, it sends reports to the upper layer
router at the set interval.
By default, the report interval is 10s.
Procedure
Step 1 Run the igmp proxy router report-interval command to set the unsolicited report interval.
Step 2 Run the display igmp proxy command to display the unsolicited report interval.
----End
Example
To set the unsolicited report interval as 200s, do as follows:
huawei(config-btv)#igmp proxy router report-interval 200
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
General query response time(0.1s) : 100
Related Operation
Table 31-15 lists the related operation for setting the unsolicited report interval.
Table 31-15 Related operation for setting the unsolicited report interval
To… Run the Command…
Restore the default unsolicited report undo igmp proxy router report-interval
interval
Context
By default, the TTL for a V2 router is 400s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router time-to-live command to set the TTL for a V2 router.
Step 3 Run the display igmp proxy command to query the TTL for the V2 router.
----End
Example
To set the TTL of the V2 router as 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router timeout v2 200
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-16 lists the related operation for setting the TTL for a V2 router.
Table 31-16 Related operation for setting the TTL for a V2 router
Restore the default TTL for a V2 router undo igmp proxy router timeout v2
Context
By default, the recognition time is 30s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy recognition-time command to set the preview recognition time.
Step 3 Run the display igmp proxy command to display the preview recognition time.
----End
Example
To set the preview recognition time to 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy recognition-time 20
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-17 lists the related operation for setting the preview recognition time.
Table 31-17 Related operation for setting the preview recognition time
To… Run the Command…
Context
By default, the action report function for the BTV user is disabled.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user-action-report command to set the user action report function.
Step 3 Run the display igmp proxy command to display the status of the user action report function.
----End
Example
To enable the BTV user action report function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user-action-report enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-18 lists the related operation for enabling the user action report function.
Table 31-18 Related operation for enabling the user action report function
To… Run the Command…
Prerequisite
The proxy of the IGMP report packet takes effect only in IGMP snooping mode.
Context
l With the proxy of the IGMP report packet enabled, when the report packet of the user is
sent, the system checks whether this user is the first to order the program.
– If yes, the packet is forwarded to the upstream direction.
– If no, the packet is dropped.
l When the proxy is enabled, the proxy substitutes the user to create the IGMP report packet
in response to the upstream query packet, and only forwards the packet of adding the first
user.
l When the proxy is disabled, all the legal user's IGMP report packets are forwarded to the
upstream direction.
l The proxy can only create and forward the IPoE IGMP report packet.
Procedure
Step 1 Run the igmp report-proxy command to enables the proxy of the IGMP report packets.
Step 2 Run the display igmp proxy command to display status of the proxy of the IGMP report packets.
----End
Example
To enable the proxy of the IGMP report packet, do as follows:
huawei(config-btv)#igmp report-proxy enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
Specific query response time(0.1s) : 8
Specific query number : 2
V1 router present timeout(s) : 400
Unsolicited report interval(s) : 10
Uplink port mode : program
Log switch : enable
Related Operation
Table 31-19 lists the related operation for enabling the proxy of the IGMP report packet.
Table 31-19 Related operation for enabling the proxy of the IGMP report packet
To… Run the Command…
Context
l When the proxy is enabled, only the IPoE leave packets of the user are created and
forwarded.
l When the proxy is disabled, all of the IPoE packets of the user are forwarded.
l The proxy of the IGMP leave packet has no effect on the PPPoE packets.
Procedure
Step 1 Run the igmp leave-proxy command to enable the proxy of the IGMP leave packet.
Step 2 Run the display igmp proxy command to display the status of the proxy of the IGMP leave
packet.
----End
Example
To enable the proxy of the IGMP leave packet, do as follows:
huawei(config-btv)#igmp leave-proxy enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
Related Operation
Table 31-20 lists the related operation for enabling the proxy of the IGMP leave packet.
Table 31-20 Related operation for enabling the proxy of the IGMP leave packet
Context
l By default, the default encapsulation mode of IGMP packets is all, that is, the permitted
encapsulation modes of user-side packets are: PPPoE, IPoA and IPoE.
l When the permitted encapsulation mode of IGMP packets is PPP, the permitted
encapsulation mode of user-side packets is PPPoE.
l When the permitted encapsulation mode of IGMP packets is IP, the permitted encapsulation
mode of user-side packets is IPoA and IPoE.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp encapsulation command to set the permitted encapsulation mode of IGMP
packets.
Step 3 Run the display igmp proxy command to query the permitted encapsulation mode of IGMP
packets.
----End
Example
To set the permitted encapsulation mode of IGMP packets as ppp, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp encapsulation ppp
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Context
l By default, the IGMP echo function is disabled.
l The IGMP echo function takes effect only in snooping mode.
– When the IGMP echo is enabled, the system sends IGMP over PPP message and IGMP
over IP message to the upper layer device.
– When the IGMP echo is disabled, the system sends only IGMP over PPP message to
the upper layer device.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp echo command to enable the IGMP echo function.
Step 3 Run the display igmp proxy command to query the state of the IGMP echo function.
----End
Example
To enable the IGMP echo function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp echo enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Context
l When adding a program, configure the attributes of the program. The configurable
attributes include program name, multicast IP address, uplink port bound to a program,
VLAN ID of the program and so on.
Procedure
Step 1 Run the igmp program add command to add a program.
Step 2 Run the display igmp program command to display the program.
----End
Example
Assume that:
l Program name: BTV-100
l IP address of the program: 224.1.1.2
l VLAN ID of the program: 1
l Upstream port bound: 0/7/0
l Bandwidth of the program: 2 Mbit/s
l Host function: enabled
l Prejoin function: enabled
l Unsolicited report: disabled
l Logging function: enabled
l Other parameters: default settings
Related Operation
Table 31-21 lists the related operations for adding a program.
Modify a program igmp program modify l You can modify only one
program attribute at a time.
l Batch modification of the
program name is not
allowed.
l Modification of program IP
address is not allowed.
l Modifying the VLAN,
upstream port or priority
bound with a program will
get the associated user
offline.
Context
l Multicast bandwidth management involves:
– Upstream port bandwidth
– User bandwidth
l When the multicast bandwidth management function is disabled, the system does not check
the upstream port bandwidth and user bandwidth.
– If the number of the programs being watched is smaller than the maximum number of
the programs that can be watched, the user can get online even if the user bandwidth
exceeds the limited value.
– If the number of programs being watched exceeds the maximum number of the programs
that can be watched, the user cannot get online.
l When the multicast bandwidth management function is enabled, the system checks only
the upstream port bandwidth. When the user gets online and the CAC function is enabled,
the system checks the user bandwidth.
– If the bandwidth used by the upstream port exceeds the allocated value, the program
ordered by the user will be suspended in descending order of the program index. Once
the bandwidth used by the upstream port is equal to the allocated one, the suspended
program can be replayed.
– If the bandwidth used by the upstream port does not exceed the allocated value, the
system checks the user bandwidth when the user gets online. The user can get online
only when the used bandwidth is less than the allocated one.
l If the used bandwidth exceeds the allocated one, the system checks as follows.
– If the number of the programs being watched exceeds the maximum value, the system
delivers the specific group query message to all the programs being watched. If there
are some programs which are not being watched (while the MA5600 has regarded them
being watched), the system deletes them from the user program list. In this case, the
number of programs being watched can be released.
– If the user's residual bandwidth is not enough, the system delivers the specific group
query message to all the programs being watched. If there are some programs which
are not being watched while the MA5600 has regarded them being watched for some
reason, the system deletes them from the user program list. In this case, some occupied
bandwidth can be released.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp bandwidthcac command to enable the bandwidth management function.
Step 3 Run the display igmp proxycommand to display the bandwidth management function.
----End
Example
To enable bandwidth management of IGMP proxy, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp bandwidthcac enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Table 31-22 lists the related operation for enabling the bandwidth management function.
Table 31-22 Related operation for enabling the bandwidth management function
Context
This function takes effect when the multicast CAC function is enabled. The utilization is the
ratio of the multicast CAC bandwidth to the physical port line rate.
l For an ADSL user, the utilization is the ratio of multicast CAC bandwidth to the activation
rate of the ADSL port.
l For an SHDSL user, the utilization is the ratio of multicast CAC bandwidth to the maximum
downstream rate specified in the line profile of the SHDSL port.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user-bandwidth-utilization command to set the user bandwidth.
Step 3 Run the display igmp proxy command to display the user bandwidth.
----End
Example
To set user bandwidth utilization to 50%, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user-bandwidth-utilization 50
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Context
The MA5600 supports two authority modes:
l User mode (usermode): used for multicast user management.
l Profile mode (profilemode): used for multicast profile management.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp right-mode command to set the authority mode.
Step 3 Run the display igmp proxy command to display the authority mode.
----End
Example
To set the authority mode as profile mode, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp right-mode profilemode
The profile data will lose after this operation,
are you sure to change the right mode?(y/n)[n]:y
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Context
By default, the system names the 2000 profiles as profile 1, profile 2, …, and profile N.
The program authority can only be any one of watch, preview, forbidden and idle.
When modifying the program authority of an authority profile, make sure that the authority mode
is profile mode.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp profile command to add the authority to watch program “BTV-1” to profile 1.
Step 3 Run the display igmp profile command to display the configuration of the authority profile.
----End
Example
To add program “BTV1” with authority of watch to profile 1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp profile profile-name profile1 program-name BTV-1 watch
huawei(config-btv)#display igmp profile profile-name profile1
Profile index : 1
Profile name : Profile1
Program number : 1
User Reference Number : 0
Program list
-----------------------------------------------
Program name IP address Right
-----------------------------------------------
BTV-1 224.1.1.1 watch
-----------------------------------------------
Total:1
Related Operation
Table 31-23 lists the related operation for modifying an authority profile.
Context
l When renaming the program authority of an authority profile, make sure that the authority
mode is profile mode.
l The new authority profile name cannot be identical to an existing one.
l The authority profile name is not case sensitive.
Procedure
Step 1 Run the igmp profile rename command to rename an authority profile.
Step 2 Run the display igmp profile command to display the authority profile.
----End
Example
To rename profile 1 as “VIP-channel”, do as follows:
huawei(config-btv)#igmp profile rename profile1 VIP-channel
huawei(config-btv)#display igmp profile all
----------------------------------------------------------------------
index Profile name Program number User Reference Number
----------------------------------------------------------------------
0 Profile0 1 0
1 VIP-channel 0 0
2 Profile2 0 0
3 Profile3 0 0
4 Profile4 0 0
5 Profile5 0 0
6 Profile6 0 0
7 Profile7 0 0
8 Profile8 0 0
9 Profile9 0 0
10 Profile10 0 0
11 Profile11 0 0
12 Profile12 0 0
13 Profile13 0 0
14 Profile14 0 0
15 Profile15 0 0
16 Profile16 0 0
17 Profile17 0 0
18 Profile18 0 0
19 Profile19 0 0
---- More ( Press 'Q' to break ) ----
Context
l When adding a BTV user, you must specify a PVC for carrying IGMP packets for this user.
l Each BTV user can watch up to eight programs at the same time. By default, a BTV user
can watch eight programs at the same time.
l An authentication (auth) user must be bound with some authority profiles to watch the
programs. The user who does not need authentication (no-auth) can watch all programs in
the multicast server. In this case, no authority needs to be configured for the user.
l To authorize a user with the authority to watch a program:
– Select profilemode if you bind the line profile to the user port.
– Select usermode if you bind the program to the user port.
l The configured authority profiles will be removed if you change the authority mode from
the profile mode to the user mode.
l You can add a user only when both the PVC for carrying IGMP packets and the PVC for
carrying the program stream exist.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user add command to add a BTV user.
Step 3 Run the display igmp user command to display the BTV user.
----End
Example
To add a user under port 0/2/0 as a BTV user (no-auth user), do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 no-auth
huawei(config-btv)#display igmp user all
Command:
display igmp user all
Operation is running, please waiting...
-----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Video Log Available
profiles leave Interface Interface switch programs
-----------------------------------------------------------------------------
0/2/0 - offline no-auth enable 0/35 0/35 enable 8
-----------------------------------------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operation
Table 31-24 lists the related operations for adding a BTV user.
Context
The user attributes include PVC, authorization, quick leave, log switch, and maximum number
of channel programs to be watched.
Procedure
Step 1 Run the btv to enter BTV mode.
Step 2 Run the igmp user modify command to modify the attributes of a user.
Step 3 Run the display igmp user command to query the multicast user information.
----End
Example
To define user 0/2/0 as a user who needs authorization, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user modify port 0/2/0 auth
Are you sure to modify user by port?(y/n)[n]:y
Operation is running, please waiting...
huawei(config-btv)#display igmp user all
Operation is running, please waiting...
-----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Video Log Available
profiles leave Interface Interface switch programs
-----------------------------------------------------------------------------
0/2/0 0 offline auth enable 0/35 0/35 enable 8
-----------------------------------------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operation
Table 31-25 lists the related operations for modifying the attributes of a user.
Context
After a BTV user is blocked, the user is disconnected from the program that the user is watching.
l If the IP address or index of the program being watched is not specified, the system will
block the user port. In addition, the user's access requests for any program after he goes
offline will be denied until the user is unblocked.
l If the IP address or index of the program being watched is specified, the system will only
block the specified program. After the user gets offline, the user still can demand any
program except the blocked one.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user block command to block a BTV user.
Step 3 Run the display igmp user command to display the information on the BTV user.
----End
Example
To block user 0/2/0, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user block port 0/2/0
huawei(config-btv)#display igmp user port 0/2/0
{ <cr>|grant-program-list<K> }:
Command:
display igmp user port 0/2/0
User : 0/2/0
State : block
Authentication : no-auth
Quick leave : enable
IGMP flow Type : -
IGMP flow Parameter : -
Video Interface : 0/35
Video flow Type : -
Video flow Parameter : -
Log switch : enable
Grant programs : -
IGMP version : -
Available programs : 8
Mode : snooping
Process After Auth Fail : forward
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%) : 0
quick leave time(0.1s) : 0
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operation
Table 31-26 lists the related operation for blocking a BTV user.
Context
A user port can be bound with multiple profiles. However, "no-auth" user cannot be bound with
any profile.
When binding an authority profile with a BTV user, make sure that the authority mode is profile
mode.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user bind-profile command to bind an authority profile.
Step 3 Run the display igmp user command to display the authority profile bound with the user.
----End
Example
To bind user 0/2/0with “profile0”, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user bind-profile port 0/2/0 profile-name profile0
huawei(config-btv)#display igmp user port 0/2/0
{ <cr>|epon<K>|grant-program-list<K> }:
Command:
display igmp user port 0/2/0
User : 0/2/0
State : offline
Authentication : auth
Quick leave : enable
IGMP Interface : 0/35
Type of service port : -
Parameter of service port: -
Log switch : enable
Bind profiles : 1
IGMP version : -
Available programs : 1
Mode : snooping
Process After Auth Fail : discard
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%): 0
quick leave time(0.1s) : 0
Bind profile list
---------------------------------------------
index Profile name Program number
---------------------------------------------
0 Profile0 0
---------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID
Related Operation
Table 31-27 lists the related operation for binding a user with an authority profile.
Table 31-27 Related operation for binding a user with an authority profile
To... Run the Command...
Context
l You can grant program authorities to a user based on the port, slot or Smart VLAN. Or you
can grant program authorities to all users using the igmp user grant-program all
command.
l In terms of the validity preference, program authorities can be divided into forbidden,
preview, watch and idle.
l When granting program authorities to a user or when modifying the granted program
authorities, make sure that the authority mode is user mode.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp user grant-program command to grant program authorities to a user.
Step 3 Run the display igmp user port grant-program-list command to display the user program
authorities.
----End
Example
To grant users under port 0/2/0 with the authorities to watch programs from 224.1.1.1 to
224.1.2.1, do as follows:
huawei(config-btv)#igmp user grant-program port 0/2/0 ip 224.1.1.1 to-ip 224.1.2.1
sourceip 192.168.1.1 watch
huawei(config-btv)#igmp proxy authorization enable
huawei(config-btv)#display igmp user port 0/2/0 grant-program-list
---------------------------------------------
Program name IP address sourceip Right
---------------------------------------------
PROGRAM-0 224.1.1.1 192.168.1.1 watch
PROGRAM-1 224.1.2.1 192.168.1.1 watch
---------------------------------------------
Total:2
Context
Before enabling the function of monitoring the BTV user, you must perform the following
operations:
l Run the terminal debugging command to enable the debugging information output
function.
l Run the debugging igmp all to enable the function of monitoring all BTV users.
Procedure
Run the debugging igmp command to enable the function of monitoring the BTV user.
----End
Example
To monitor a BTV user port, do as follows:
huawei(config)#debugging igmp port 0/2/0
Related Operation
Table 31-28 lists the related operation for enabling the function of monitoring BTV users.
Table 31-28 Related operation for enabling the function of monitoring BTV users
Context
With the preview function disabled, users with preview authority cannot view any program.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp preview enable command to enable the IGMP preview function.
Step 3 Run the display igmp proxy command to check whether the preview function is enabled.
----End
Example
To enable the IGMP preview function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-29 lists the related operation for enabling the preview function.
Context
When the preview function is disabled, all the users with the preview authority cannot watch
any program.
By default:
l The preview duration is 120s.
l The preview times are eight.
l The preview interval is 120s.
Procedure
Step 1 Run the igmp preview program command to configure the preview parameters.
Step 2 Run the display igmp program command to display the preview parameters.
----End
Example
To set the preview duration of program1 to 150s, do as follows:
huawei(config-btv)#igmp preview program index 1 preview-duration 150
huawei(config-btv)#igmp preview program index 1 preview-times 5
huawei(config-btv)#igmp preview program index 1 preview-interval 100
huawei(config-btv)#display igmp program index 1
---------------------------------------------
Program index : 1
Validity : valid
Program name : cctv-1
IP address : 224.1.1.1
Uplink Port : 0/7/0
VLAN ID : 1
Host attribute : enable
Log attribute : enable
Prejion attribute : disable
Across VLAN attribute : enable
Unsolicited attribute : disable
Preivew duration(s) : 150
Preivew times : 5
Preivew interval(s) : 100
Priority : 0
Numbers of watching : 0
---------------------------------------------
Watching IGMP cascade port :
0/7/1
---------------------------------------------
Context
By default, the preview auto reset time is 04:00:00 am each day.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp preview auto-reset-time command to set the preview auto reset time.
Step 3 Run the display igmp proxy command to display the display the preview auto reset time.
----End
Example
To set the preview auto reset time as 05:00:00 am each day, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview auto-reset-time 05:00:00
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-30 lists the related operation for setting the preview auto reset time.
Table 31-30 Related operation for setting the preview auto reset time
Restore the default preview auto reset undo igmp preview auto-reset-time
time
Reset the record of the preview logout igmp preview reset record
time manually
Reset the record of the preview logout igmp preview reset count
count manually
Context
The system records the previous preview logout time automatically. If a user previews a program
at an interval smaller than the value preset by running the igmp preview program command,
the user will not be allowed to preview the program again.
Procedure
l Reset the record of the preview logout time manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset record command to clear all the records of the preview
logout time manually.
l Reset the record of the preview logout count manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset countcommand to clear all the records of the preview
logout count manually.
----End
Example
To clear all the records of the preview logout time manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
To clear all the records of the preview logout count manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
Related Operation
Table 31-31 lists the related operation for resetting the preview record.
Context
By default, the logging function is enabled.
Procedure
Step 1 Run the igmp proxy log enable command to enable the logging function.
Step 2 Run the display igmp proxy command to display the status of the logging switch.
----End
Example
To enable the IGMP proxy logging function, do as follows:
huawei(config-btv)#igmp proxy log enable
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-32 lists the related operations for enabling the logging function.
Disable the IGMP proxy logging function igmp proxy log disable
Context
The MA5600 can record the logs automatically. When a user watches a program for a long time,
and the time exceeds the time interval for generating the log, the system generates a log
automatically. This log can be used for billing in case that no log is generated when a user
becomes offline abnormally after watching a program for a long time.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy log-interval command to set the logging interval.
Step 3 Run the display igmp proxy command to display the set logging interval.
----End
Example
To set the log generation interval as one hour, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy log-interval 1
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
Related Operation
Table 31-33 lists the related operation for setting the logging interval.
Context
The logs are reported based on the combination of port, program IP address, and time range.
Procedure
Run the igmp log report command to configure the log reporting function.
----End
Example
To report the logs of the program with IP address 225.1.1.1, and multicast source IP address
192.168.1.1 that are generated during the period from 2006-1-10 9:00:00 to 2006-1-10 18:30:00,
do as follows:
huawei(config)#btv
huawei(config-btv)#igmp log report ip 225.1.1.1 sourceip 192.168.1.1 time 2006-1-10
9:00:00 end 2006-1-10 18:30:00
Reporting log has finished
Reported log number: 50
Related Operation
Table 31-34 lists the related operations for configuring log reporting.
Stopping log reporting igmp log stop-report If the system is reporting the
user log, the command stops
the log reporting. If not, the
system prompts errors.
Context
The log statistics mainly include the programs ordered and related time parameters, can be
regarded as the dynamic on-demand information.
You can collect the statistics based on a pot, an IP address, or all users.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the display igmp log command to display the logs.
----End
Example
To collect statistics on all user logs, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp log all
{ <cr>||<K> }:
Command:
display igmp log all
-----------------------------------------------------------------------------
Port Program-IP sourceip Mode Join-time Leave-time
----------------------------------------------------------------------------
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 19:29:48 2006-04-15
19:39:32
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 19:26:25 2006-04-15
19:29:46
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 18:51:58 2006-04-15
19:26:24
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 18:43:14 2006-04-15
18:51:57
-----------------------------------------------------------------------------
Total: 4
Note: P(Mode) indicates preview, W(Mode) indicates watch,
N(Mode) indicates no authority
F(Mode) indicates preview times full out
This chapter describes the triple play service and how to configure the service on the
MA5600.
32.1 Overview
This section describes the description and specifications of the triple play service.
32.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services
This example shows how to configure the triple play service - multiple PVCs for multiple
services.
32.3 Configuration Example of Triple Play - Based on the User-Side VLAN
This example shows how to configure the triple play service - single PVC for multiple services
(based on the user-side VLAN).
32.4 Configuration Example of Triple Play - Based on 802.1p
This operation shows how to configure the triple play service by means of single PVC for
multiple services based on 802.1p.
32.5 Configuration Example of the Triple Play Service - Based on the Service Encapsulation
Type
This operation enables you to configure the triple play service - single PVC for multiple services
(based on the service encapsulation type). Users connect to multiple terminals through the home
gateway to implement multiple services, such as Internet, VoIP and IPTV services.
32.1 Overview
This section describes the description and specifications of the triple play service.
Service Description
With the rapid development of the broadband services, more and more users demand high
bandwidth for abundant services such as video service, voice service, and data service.
For details on the triple play service, refer to the chapter "Triple Play" in the Feature
Description.
Service Specifications
The MA5600 can support the triple play service.
In the triple play application, the VoIP, IPTV, and Internet services are transmitted over one
cable to the MA5600 through the home gateway or the optical access modem in a centralized
manner.
l The VoIP and IPTV services adopt DHCP method. The DHCP option60 domain is used to
identify different terminals. The MA5600 can identify different DHCP option60 domains,
and transmit packets of different terminals to different DHCP servers. In this way, the
terminals can obtain IP addresses from the corresponding DHCP servers.
l Point-to-Point over Ethernet (PPPoE) is used for Internet service access.
Table 32-1 shows the modes supported by the MA5600 to provide the triple player service.
Mode Description
Single PVC for multiple It is unnecessary to configure the existing modem. The PVC
services resources are saved.
l When it differentiates the service traffic based on user-side
VLAN:
Prerequisite
Before configuring the triple play service, make sure that:
l The network devices and lines are normal.
l All kinds of boards of the device run in the normal state.
Networking
Figure 32-1 shows a sample network for configuring the triple play service-multiple PVCs for
multiple services.
Figure 32-1 Sample network for configuring the triple play service -multiple PVCs for multiple
services
Internet
I NM
S
TG
IP IPTV DHCP server
Softswitch
Router VoIP DHCP server
BRAS
LAN switch
A A CON
ETH
D D
E E
GE0/7/0
F F
SCU MA5600
HG 1 HG 2
STB STB
IP Phone PC TV IP Phone PC TV
In Figure 32-1, both user 1 (home gateway 1) and user 2 (home gateway 2) adopt triple play
networking.
Data Plan
Table 32-2shows the data plan for configuring the triple play service -multiple PVCs for multiple
services.
Table 32-2 Data plan for configuring the triple play service -multiple PVCs for multiple services
Item Data
ADGE board Downstream ports 0/2/0 and 0/2/1. The ports use the default line
profile.
Item Data
IPTV: no restriction
Program library Program BTV-1, multicast address 224.1.1.1, bind upstream port
0/7/0 with VLAN 4.
IGMP user User 1 connected to port 0/2/0 can watch all programs.
Context
l DHCP option60 domain value of the Set Top Box (STB) and Ethernet Phone (Ephone)
varies with the terminals. In the actual application, refer to the user guides of the STB and
the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The configured domain
name is a character string containing no space.
l Ensure that before configuring triple play service, the service board and the upstream board
have been added correctly.
l In the configuration process, when the VoIP and the IPTV services are used in a same
VLAN, you need to add the service ports of the VoIP and the IPTV services to the same
VLAN, configure the master/slave IP address for the VLAN, and bind different DHCP
domains and DHCP-server groups to the VLAN to decide how to allocate IP addresses.
That is, the VLAN is configured with two gateway. The IPTV and VoIP services coexist.
l In the configuration process, when the VoIP and IPTV services are used in different VLANs
(this configuration example considers this condition as an example), you need to make sure
that the DHCP servers used by the VoIP and IPTV services interconnect with the DHCP
L3 interface.
Configuration Flowchart
Figure 32-2 shows the flowchart for configuring the triple play service-multiple PVCs for
multiple services.
Figure 32-2 Flowchart for configuring the triple play service-multiple PVCs for multiple
services
Start
Internet IPTV
Select service
type
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and the upstream port.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/7 0
Add the service port to the VLAN and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 37 rx-cttr 7 tx-
cttr 7
huawei(config)#service-port vlan 2 adsl 0/3/0 vpi 0 vci 37 rx-cttr 7 tx-
cttr 7
Set the traffic profile index as 8, and the priority of the VoIP service as 6.
huawei(config)#traffic table index 8 ip car 1024 priority 6 priority-
policy pvc-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 3 adsl 0/2/0 vpi 0 vci 36 rx-cttr 8 tx-
cttr 8
huawei(config)#service-port vlan 3 adsl 0/3/0 vpi 0 vci 36 rx-cttr 8 tx-
cttr 8
The VoIP service and the video service adopt DHCP mode. The DHCP option60
domain is used to differentiate the service type. In this example, set the DHCP
option60 domain of the VoIP service as voice.
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3 //The IP addresses of
the DHCP server used by the VoIP service are 20.1.1.2 and 20.1.1.3.
huawei(config)#dhcp domain voice //Please refer to the actual domain
value of the DHCP option 60
huawei(config-dhcp-domain-voice)#dhcp-server 1
huawei(config-dhcp-domain-voice)#quit
huawei(config)#interface vlanif 3
huawei(config-if-vlanif3)#ip address 10.1.1.1 24
huawei(config-if-vlanif3)#dhcp domain voice gateway 10.1.1.1 //The IP
address of the DHCP L3 interface is 10.1.1.1. The IP address of the DHCP
server can be either a master IP address or a slave IP address. In this
example, the master IP address 20.1.1.2 is configured. The master IP
address 20.1.1.3 must interconnect with the DHCP L3 interface.
huawei(config-if-vlanif3)#quit
In this example, set the traffic profile index as 9 and the priority of IPTV service as
5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting
CAUTION
On the MA5600, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
Add the service port to the VLAN and use traffic profile 9.
huawei(config)#service-port vlan 4 adsl 0/2/0 vpi 0 vci 35 rx-cttr 9 tx-
cttr 9
huawei(config)#service-port vlan 4 adsl 0/2/1 vpi 0 vci 35 rx-cttr 9 tx-
cttr 9
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in the PPPoE mode.
l The VoIP user can make VoIP phones.
l The IPTV user connected to port 0/2/0 can watch all programs. and the user connected to
port 0/2/1 can watch program1 only.
Prerequisite
Before configuring the triple play service, make sure that:
l The network devices and lines are normal.
l All kinds of boards of the device run in the normal state.
Networking
Figure 32-3 shows a sample network for configuring the triple play service - single PVC for
multiple services.
Figure 32-3 Sample network for configuring the triple play service - single PVC for multiple
services
OSS & RADIUS Server/
Multicast Server
RADIUS Proxy
Internet NMS
TG
IP
IPTV DHCP Server
Softswitch
Router VoIP DHCP Server
BRAS
LAN Switch
A A CON
ETH
D D
G G
GE0/7/0
G G
SCU MA5600
STB STB
IP Phone PC TV IP Phone PC TV
In the Figure 32-3, both user1 (home gateway 1) and user2 (home gateway 2) adopt the triple
play networking.
Data Plan
Table 32-3 shows the data plan for configuring the triple play service - single PVC for multiple
services.
Table 32-3 Data plan for configuring the triple play service - single PVC for multiple services
Item Data
ADGE board Service port 0/2/0 and 0/3/0. The ports use the default line profile.
VPI/VCI: 0/35
Item Data
DHCP VoIP:
DHCP option60 domain voice, gateway 10.1.1.1. DHCP server
group 1, IP addresses are 20.1.1.2 and 20.1.1.3.
IPTV:
DHCP option60 domain for STB video, gateway 10.2.2.1. DHCP
server group 2, IP addresses are 20.2.2.2 and 20.2.2.3.
Program library Program BTV-1, multicast address 224.1.1.1, bind upstream port
0/7/0 with VLAN 4.
Program BTV-2, multicast address 224.1.1.2, bind upstream port
0/7/0 and VLAN 4.
Authority profile Profile 0, profile 0 can watch program BTV-1 in the program library.
IGMP user User 1 connected to port 0/2/0 can watch all programs.
User 2 connected to port 0/3/0 can watch program BTV-1 only.
Context
l DHCP option60 domain value of the STB and Ephone varies with the terminals. In the
actual application, refer to the user guides of the STB and the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The configured domain
name is a character string containing no space.
l Before configuring the triple play services, make sure that the service boards and the
upstream board are added correctly.
Configuration Flowchart
NOTE
In this configuration, the service traffic is differentiated based on the user-side VLAN.
Figure 32-4 shows the flowchart for configuring the triple play service - single PVC for multiple
services.
Figure 32-4 Flowchart for configuring the triple play service - single PVC for multiple services
Start
Internet IPTV
Selet service
type
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
upstream port upstream port upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the virtual port Configure the virtual port Configure the virtual port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/7 0
Because the VoIP, IPTV, and Internet services are transmitted through the same port,
it is necessary to set the 802.1p priority for each service.
In general, the VoIP service has the highest priority, and the Internet service has the
lowest priority. In this example, set the traffic profile index as 7, and the priority of
the Internet service as 1.
huawei(config)#traffic table index 7 ip car 1024 priority 1 priority-
policy pvc-Setting
Add the service port to the VLAN and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 102 adsl 0/2/0 vpi 0 vci 35 multi-service
user-vlan 2 rx-cttr 7 tx-cttr 7
huawei(config)#service-port vlan 102 adsl 0/3/0 vpi 0 vci 35 multi-service
user-vlan 2 rx-cttr 7 tx-cttr 7
CAUTION
On the MA5600, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in PPPoE mode.
l The VoIP user can make VoIP phones.
l The IPTV user connected to port 0/2/0 can watch all programs. The user connected to port
0/3/0 can watch program BTV-1 only.
Prerequisite
Before configuring the triple play service, make sure that:
l The network device and the line are in the normal state.
l All boards are in the normal state.
Networking
Figure 32-5 shows a sample network for configuring the triple play service by means of single
PVC for multiple services.
Figure 32-5 Sample network for configuring the triple play service by means of single PVC for
multiple services
OSS & RADIUS Server/
Multicast Server
RADIUS Proxy
Internet NMS
TG
IP
IPTV DHCP Server
Softswitch
Router VoIP DHCP Server
BRAS
LAN Switch
A A CON
ETH
D D
G G
GE0/7/0
G G
SCU MA5600
STB STB
IP Phone PC TV IP Phone PC TV
In Figure 32-5, both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play
networking.
Data Plan
Table 32-4 shows the data plan for configuring the triple play service by means of single PVC
for multiple services.
Table 32-4 Data plan for configuring the triple play service by means of single PVC for multiple
services
Item Data
ADGE Service ports 0/2/0 and 0/3/0 applies the default line profile.
VPI/VCI: 0/35
DHCP VoIP:
l DHCP option60 domain: voice gateway: 10.1.1.1
l DHCP server group: 1
l IP addresses of DHCP server group 1: 20.1.1.2 and 20.1.1.3
IPTV:
l DHCP option60 domain of STB: video
l Gateway: 10.2.2.1
l DHCP server group: 2
l IP addresses of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program library Program BTV-1, multicast address 224.1.1.1, bind upstream port
0/7/0 with VLAN 4.
Program BTV-2, multicast address 224.1.1.2, bind upstream port
0/7/0 and VLAN 4.
Authority profile Profile 0: Profile 0 has the authority to watch program BTV-1.
Item Data
IGMP user User1: Port 0/2/0 can watch all the programs.
User2: Port 0/3/0 can watch only BTV-1.
Context
l DHCP option60 domain value of the STB and IP phone varies with the terminals. In the
actual application, refer to the user guides of the STB and the IP phone.
l Run the dhcp domain command to set the DHCP domain name. The domain name is a
character string containing no space.
l Before configuring the service, make sure that service boards and the upstream board have
been added correctly.
Configuration Flowchart
NOTE
In this configuration, the service traffic is differentiated based on the user-side VLAN.
Figure 32-6 shows the flowchart for configuring the triple play service-single-PVC for multi-
service.
Figure 32-6 Flowchart for configuring the triple play service-single-PVC for multi-service
Start
Internet IPTV
Selet service
type
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
upstream port upstream port upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the virtual port Configure the virtual port Configure the virtual port
End
Procedure
l Configure the Internet service.
1. Configure the VLAN and its upstream port.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/7 0
CAUTION
On the MA5600, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
huawei(config)#btv
huawei(config-btv))#igmp mode proxy
huawei(config-btv)#igmp uplink-port-mode program
huawei(config-btv)#igmp uplink-port 0/7/0 100
----End
Result
After the configuration, the triple play service (Internet, VoIP, and IPTV) is available.
l Internet users can access the Internet through PPPoE dial-up.
l VoIP users can set conversation to each other.
l IPTV users: the user connected at port 0/2/0 can watch all the programs, and the user
connected at 0/3/0 can watch BTV-1 only.
Prerequisite
l The network devices and lines are in the normal state.
l All boards of the device run in the normal state.
Networking
Figure 32-7 shows the sample network for configuring the triple play service - single PVC for
multiple services (based on the service encapsulation type).
In this figure, both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play
networking. The Internet, VoIP, and IPTV services use the same PVC to carry the service stream.
After different service stream accesses the MA5600, the MA5600 differentiates the services
based on the service encapsulation type. The MA5600 provides different QoS for the service
streams based on the traffic priorities in the PVC. The Internet service adopts the PPPoE mode.
The VoIP and IPTV services adopt the DHCP mode and obtain IP addresses in DHCP standard
mode from the DHCP server.
Figure 32-7 Sample network for configuring the triple play service - single PVC for multiple
services (based on the service encapsulation type)
Internet
I NM
S
TG
IP IPTV DHCP server
Softswitch
Router VoIP DHCP server
BRAS
LAN switch
A A CON
ETH
D D
E E
GE0/7/0
F F
SCU MA5600
HG 1 HG 2
STB STB
IP Phone PC TV IP Phone PC TV
Data Plan
Table 32-5 lists the data plan for configuring the triple play service - single PVC for multiple
services (based on the service encapsulation type).
Table 32-5 Data plan for configuring the triple play service - single PVC for multiple services
(based on the service encapsulation type)
Item Data
ADGE Service ports 0/2/0 and 0/3/0 adopt the default line profile.
VPI/VCI: 0/35
Item Data
IPTV: DHCP option60 domain for the set top box (STB) is "video", and
gateway is 10.2.2.1
IP addresses of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program Program BTV-1, with the multicast address of 224.1.1.1. It is bound with
library uplink port 0/7/0 and VLAN 4.
Program BTV-2, with the multicast address of 224.1.1.2. It is bound with
uplink port 0/7/0 and VLAN 4.
IGMP user User 1 connecting to port 0/2/0 can watch all programs.
User 2 connecting to port 0/3/0 can watch only program TV-1.
Priority 802.1p priority is adopted. The priority of the VoIP service is 6. The priority
of the IPTV service is 5. The priority of the Internet service is 1.
Configuration Flowchart
Figure 32-8 shows the flowchart for configuring the triple play service - single PVC for multiple
services (based on the service encapsulation type).
Figure 32-8 Flowchart for configuring the triple play service - single PVC for multiple services
(based on the service encapsulation type)
Start
Internet IPTV
Select service
type
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure the Internet service.
1. Configure a VLAN and add it to the uplink port.
huawei(config)#vlan 102 smart
huawei(config)#port vlan 102 0/7 0
Since the VoIP, IPTV, and Internet services are transmitted through the same port, it
is necessary to set the 802.1p priority for each service.
In general, the VoIP service has the highest priority, and the Internet service has the
lowest priority. In this example, set the traffic profile index as 7, and the priority of
the Internet service as 1.
huawei(config)#traffic table index 7 ip car 1024 priority 1 priority-
policy pvc-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 102 adsl 0/2/0 vpi 0 vci 35 multi-service
user-encp pppoe rx-cttr 7 tx-cttr 7
huawei(config)#service-port vlan 102 adsl 0/3/0 vpi 0 vci 35 multi-service
user-encp pppoe rx-cttr 7 tx-cttr 7
Set the traffic profile index as 8, and the 802.1p priority of the VoIP service as 6.
huawei(config)#traffic table index 8 ip car 1024 priority 6 priority-
policy pvc-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 103 adsl 0/2/0 vpi 0 vci 35 multi-service
user-encp ipoe rx-cttr 8 tx-cttr 8
huawei(config)#service-port vlan 103 adsl 0/3/0 vpi 0 vci 35 multi-service
user-encp ipoe 3 rx-cttr 8 tx-cttr 8
The voice and the video services adopt the DHCP access mode. The DHCP option60
domain is used to classify different service types. In this example, set the DHCP
domain of the VoIP service as "voice".
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3
huawei(config)#dhcp domain voice //Refer to the actual domain value of
DHCP Option 60
huawei(config-dhcp-domain-voice)#dhcp-server 1
huawei(config-dhcp-domain-voice)#quit
huawei(config)#interface vlanif 103
huawei(config-if-vlanif103)#ip address 10.1.1.1 24
huawei(config-if-vlanif103)#dhcp domain voice gateway 10.1.1.1
huawei(config-if-vlanif103)#quit
In this example, set the traffic profile index as 9 and the 802.1p priority of the VoIP
service as 5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting
Add the service port to the VLAN and use traffic profile 9.
huawei(config)#service-port 100 vlan 104 adsl 0/2/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 9 tx-cttr 9
huawei(config)#service-port 101 vlan 104 adsl 0/3/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 9 tx-cttr 9
CAUTION
On the MA5600, if the PVC is configured with a priority, the priority of the multicast
packets carried by the PVC takes no effect.
huawei(config)#btv
huawei(config-btv))#igmp mode proxy
huawei(config-btv)#igmp uplink-port-mode program
huawei(config-btv)#igmp uplink-port 0/7/0 100
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV services) is available.
l The Internet user can access the Internet in PPPoE dialup mode.
l The VoIP user can make and receive phone calls.
l The IPTV user: The user connecting to port 0/2/0 can watch all the programs, and the user
connecting to port 0/3/0 can watch only program BTV-1.
This chapter describes the Ethernet OAM technology and how to configure Ethernet OAM on
the MA5600.
33.1 Overview
This chapter describes Ethernet Operation Administration & Maintenance (OAM) and its
application to the MA5600.
33.2 Configuration Example of Ethernet OAM
This example shows how to configure the Ethernet OAM on the MA5600.
33.3 Creating an MD
This operation enables you to create an Maintenance Domain (MD).
33.4 Creating an MA
This operation enables you to create a Maintenance Association (MA).
33.5 Creating an MEP
This operation enables you to create an Maintenance association End Point (MEP).
33.6 Creating an RMEP
This operation enables you to create a Remote Maintenance association End Point (RMEP).
33.7 Enabling the CFM Globally
This operation enables the Connectivity Fault Management (CFM) globally.
33.8 Enabling the CFM Alarm Globally
This operation enables the CFM alarm globally.
33.9 Enabling the Administration Function of an MEP
This operation enables the administration function of an MEP.
33.10 Enabling the CC Transmission of an MEP
This operation enables the Continuity Check (CC) transmission of an MEP.
33.11 Enabling the Global Detection Function of an RMEP
This operation enables the global detection function of a Remote Maintenance association End
Point (RMEP).
33.1 Overview
This chapter describes Ethernet Operation Administration & Maintenance (OAM) and its
application to the MA5600.
Service Description
OAM is an effective method to reduce the cost on network maintenance and it connects to the
access convergence network through the upstream network port. OAM starts from or terminates
at the upstream network port. You can perform OAM configuration management through NMS.
NMS maintains the network based on the reported information on OAM status and alarms.
For details on the Ethernet OAM protocol, refer to the chapter "Ethernet OAM" in the Feature
Description.
Service Specification
IEEE P802.1ag CFM provides an end-to-end fault detection method.
CFM defines the process for diagnosing a fault in an Ethernet domain. CFM is a multipoint-to-
multipoint application scenario and it provides end-to-end fault detection and diagnosis for the
entire Ethernet network.
The MA5600 supports Ethernet OAM mechanism of CFM protocol, including fault detection
and diagnosis methods, including connectivity check, loop detection and link trace.
Networking
Figure 33-1 shows a sample network for configuring Ethernet OAM.
Router
0 / 7/ 0 0 / 7 /1
MA5600_A MA5600_B
Data Plan
Table 33-1 lists the data plan for configuring Ethernet OAM.
Context
Before configuring the Ethernet OAM, make sure that:
l The network devices and the lines are normal.
l The router supports Ethernet OAM.
Configuration Flowchart
Figure 33-2 shows the flowchart for configuring Ethernet OAM.
Start
Configure an MD
Configure an MA
Configure an MEP
Configure a RMEP
End
Procedure
Step 1 Create and configure a VLAN.
huawei(config)#vlan 100 smart
huawei(config)#port vlan 100 0/7 0
NOTE
Configuration on MA5600_B is the same as that on MA5600_A and it is not repeated here.
----End
Result
After the configuration, run the display cfm statistics mep command on the MA5600_A or
MA5600_B and you can find packet statistics. Of the statistics, neither "CCM Sent Pkt Num"
nor "CCM Received Pkt Num" values zero.
33.3 Creating an MD
This operation enables you to create an Maintenance Domain (MD).
Context
l Ethernet CFM provides a fault diagnosis process in an Ethernet domain. It divides the
network into up to eight levels. Multiple levels can exist on a bridge simultaneously to
manage different MDs.
l Up to three MDs can be created in the system.
l The administration domain of CFM comprises bridges while the maintenance domain is
combined by bridges and maintenance levels.
TIP
Huawei recommends classifying the administrator domain into three levels: customer domain, provider
domain and operator domain that use 7-5, 4-3 and 2-0 levels respectively.
Procedure
Step 1 Run the cfm md command to create an MD.
Step 2 Run the display cfm md command to query the configuration state of the MD.
----End
Example
Assume that:
l MD index: 2
l Name type: string
l Name: huawei
l Level: 3
To create the MD, do as follows:
huawei(config)#cfm md 2 name-format string huawei level 3
huawei(config)#display cfm md
{ <cr>|mdindex<U><0,2> }:
Command:
display cfm md
-----------------------------------------------------------------------
MD MD MD MD
Index NameType Name Level
-----------------------------------------------------------------------
0 dns 1 7
1 dns feifei 6
2 string huawei 3
-----------------------------------------------------------------------
Total: 3
Related Operation
Table 33-2 lists the related operation for creating an MD.
33.4 Creating an MA
This operation enables you to create a Maintenance Association (MA).
Context
l The created MA must belong to an existing MD and associate with an existing VLAN. The
VLAN must not associate with any other MA.
l By default, the interval for sending a CCM is 60s.
l By default, detection of the remote MEP in an MA is enabled.
l The system supports 48 MAs and each MD can be configured with up to 48 MAs.
Procedure
Step 1 Run the cfm ma command to create an MA.
Step 2 Run the display cfm md command to query the configuration state of the MA.
----End
Example
Assume that:
l MA index: 2/47
l MA name type: string
l MA name: huawei-ma-10
l MA VLAN ID: 20
To create the MA, do as follows:
huawei(config)#cfm ma 2/10 name-format string huawei-ma-10 vlan 20
huawei(config)#display cfm ma 2/10
MA Index : 2/10
MA NameType : string
MA Name : huawei-ma-10
MA VlanID : 20
MA CC Interval : 1m
MA Remote-mep-detect : enable
Related Operation
Table 33-3 lists the related operations for creating an MA.
Configure the interval cfm ma cc-interval You can configure only the
for an MA to send CCMs created MA.
Context
l MA consists of Maintenance Points (MPs) and MP is defined to be on bridge ports.
Therefore, MP is a combination of bridge port, VLAN and maintenance level.
l MP can be an MEP or an MIP. MEP initiates and responds to CFM messages while MIP
does not initiate CFM messages but transparently transmits or responds to CFM messages.
l Currently, ports on the MA5600 can function only as MEP.
l Only one MEP can be created within an MA.
l By default, the administrative state of MEP is enabled, the priority of CFM message is 7
and the transmission of CCMs is enabled.
l To create an MEP, the associated MD and MA must be created successfully. Moreover, on
the VLAN that associates with the MA, there must be a port to be associated with the created
MEP.
Procedure
Step 1 Run the cfm mep command to create an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
Assume that:
l MEP index: 2/4/0
l MEP ID: 100
l MEP direction: outward
l MEP port: 0/15/0
l MEP priority: 5
To create the MEP, do as follows:
huawei(config)#cfm mep 2/4/0 mepid 100 direction outward port 0/15/0 priority 5
huawei(config)#display cfm mep
2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/15/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 5
MEP Alarm Status : -
Related Operation
Table 33-4 lists the related operation for creating an MEP.
Context
l Unique MEP IDs must exist in an MA.
l A local MEP can be associated with up to six RMEPs.
l MEPs that are mutually remote to each other must be in the same MA.
Procedure
Step 1 Run the cfm remote-mep command to create an RMEP.
Step 2 Run the display cfm ma command to query the configuration state of the MEP.
----End
Example
To create an RMEP with remote-mepid 200 for local MEP 2/4/0, do as follows:
huawei(config)#cfm remote-mep 2/4/5 remote-mepid 200
huawei(config)#display cfm ma 2/4
MA Index : 2/4
MA NameType : string
MA Name : huawei-ma-4
MA VlanID : 50
MA CC Interval : 1m
MA Remote-mep-detect : enable
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/7/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-5 lists the related operation for creating an RMEP.
Context
l When the CFM is enabled, the CFM packets are to be captured and the functions of
Continuity Check, loop detection and linktrace are enabled.
l When the CFM is disabled, the CFM packets should not be captured and the functions of
Continuity Check, loop detection and linktrace are enabled.
l By default, the CFM is disabled.
Procedure
Step 1 Run the cfm enable command to enable the CFM globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End
Example
To enable the CFM globally, do as follows:
huawei(config)#cfm enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-6 lists the related operation for enabling the CFM globally.
Context
l When the CFM alarm is enabled, alarms detected by the CFM are reported.
l When the CFM is disabled, alarms detected by the CFM are not reported.
l By default, the CFM alarm is enabled globally.
Procedure
Step 1 Run the cfm alarm enable command to enable the CFM alarm globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End
Example
To enable the CFM alarm globally, do as follows:
huawei(config)#cfm alarm enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-7 lists the related operation for enabling CFM alarm globally
Context
l MEP administrative state identifies the availability of MEP function. When the
administrative function of an MEP is disabled, the MEP is unable to send and receive
CCMS. The loop detection function and linktrace functions are not permitted.
l By default, the administration function of an MEP is enabled.
Procedure
Step 1 Run the cfm mep enable command to enable the administration function of an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
To enable the administration function of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 enable
huawei(config)#display cfm mep 2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/7/0
Related Operation
Table 33-8 lists the related operation for enabling the administration function of an MEP.
Table 33-8 Related operation for enabling the administration function of an MEP
Context
By default, the CC transmission of an MEP is enabled.
Procedure
Step 1 Run the cfm mep cc enable command to enable the CC transmission of an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
To enable the CC transmission of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 cc enable
huawei(config)#display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/7/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 5
MEP Alarm Status : -
Related Operation
Table 33-9 lists the related operation for enabling the CC transmission of an MEP.
Context
l The global detection function of an RMEP is used to avoid unnecessary alarm at the period
of network CFM configuration, due to that the CFM function is enabled on each node at
different times.
l By default, the global detection function of an RMEP is disabled.
l The system detects the RMEP configured in the MA of the MEP, and generates alarm on
the CC packet loss and RDI, when the following four conditions are met:
– CFM is enabled globally.
– The global detection function of the RMEP is enabled.
– MEP of each administrative state is enabled.
– The detection function of the remote MEP of the MA corresponding to each
administrative state is enabled.
Procedure
Step 1 Run the cfm remote-mep-detect enable command to enable the global detection function of
an RMEP.
Step 2 Run the display cfm command to query the configuration of the CFM.
----End
Example
To enable the global detection function of an RMEP, do as follows:
huawei(config)#cfm remote-mep-detect enable
huawei(config)#display cfm { <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : disable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-10 lists the related operation for enabling the global detection function of an RMEP.
Table 33-10 Related operation for enabling the global detection function of an RMEP
Context
l When the detection function of the RMEP is enabled, the RMEP configured in the MA is
detected. Alarms are generated when the CC loss or RDI error occurs.
l When the detection function of the RMEP is disabled, the RMEP configured in the MA is
not detected.
l By default, the detection function of the RMEP is enabled.
Procedure
Step 1 Run the cfm ma remote-mep-detect enable command to enable the detection function of the
RMEP.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To enable the detection function of MA 2/4, do as follows:
huawei(config)#cfm ma 2/4 remote-mep-detect enable
huawei(config)#display cfm ma 2/4
MA Index : 2/4
MA NameType : string
MA Name : huawei-ma-4
MA VlanID : 50
MA CC Interval : 1m
MA Remote-mep-detect : enable
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/7/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-11 lists the related operation for enabling detection function of the RMEP.
Table 33-11 Related operation for enabling detection function of the RMEP
To... Run the Command...
Context
The priority for transmitting CCMs/LTMs of an MEP ranges 0-7. The smaller the priority value,
the higher priority. By default, the priority for transmitting CCMs/LTMs of an MEP is 7.
Procedure
Step 1 Run the cfm mep priority command to configure the priorities for transmitting CCMS/LTMs
of an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
To set the priorities for transmitting CCMs/LTMs of MEP 2/4/0 to 3, do as follows:
huawei(config)#cfm mep 2/4/0 priority 3
huawei(config)#display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/7/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 3
MEP Alarm Status : -
Related Operation
Table 33-12 lists the related operation for configuring the priorities for transmitting CCMs/
LTMs of an MEP.
Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of
an MEP
Prerequisite
Before you configure the interval, the CC transmission state of MEPs in the MA must be disabled.
Context
l By default, the interval for an MA management entity to transmit a CC is 1 minute.
l At present, the MA5600 supports intervals of 1 minute and 10 minutes.
Procedure
Step 1 Run the cfm ma cc-interval command to configure the interval for an MA to transmit a CC.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To set the interval for an MA to send a CC to 10 minutes, do as follows:
huawei(config)#cfm ma 2/4 cc-interval 10m
huawei(config)#display cfm ma 2/4
MA Index : 2/4
MA NameType : string
MA Name : huawei-ma-4
MA VlanID : 50
MA CC Interval : 10m
MA Remote-mep-detect : enable
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/7/0 enable disable 3 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-13 lists the related operation for configuring the interval for an MA to transmit a CC.
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC
To... Run the Command...
Context
l By default, the base multicast destination MAC address is 0180-C200-0000.
l Currently, the format of the base MAC address is 0180-C2xx-xxx0. The part of 0180-C2
is specified in the protocol and the part of xxx-xxx in the middle must be configured.
NOTE
The base address of multicast destination MAC addresses refers to the addresses of MEPs in different MDs.
The multicast addresses used for sending the CCMs/LTMs are derived from the base multicast destination
MAC address by changing the last digit of it. The last digit of the multicast address used by MEP to send
CCMs should be consistent with the MD level (0–7)to which it beglogs, while that used by the MEP to
LTMS match the MD level plus 8 (8–F).
Procedure
Step 1 Run the cfm base-mac-address command to configure the base multicast destination MAC
address.
Step 2 Run the display cfm command to query the configuration status of the CFM.
----End
Example
To configure the base multicast destination MAC address as 0180-C211-1110, do as follows:
huawei(config)#cfm base-mac-address 0180-C211-1110
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c211-1110
Prerequisite
Before enabling the MEP loop detection function, you must enable the CFM function globally
and enable the administrative state of the corresponding MEP.
Context
l LBM is a unicast message and the unicast MAC address is the address of MEP or MIP
discovered by CC or linktrace (LT). The MEP at the source end generates an LBM and the
index of destination MEP is added into the LBM. By generating an LBM, the MEP activates
the timer to calculate the time. When the destination MEP receives the LBM, it sends a
Loopback Reply (LBR) to the source MEP. The loopback is successful.
l By default, the count of LBMs to be sent is 4; the interval for sending LBMs is 1 x 100 ms;
the priority of LBM is the same as that of CCM.
Procedure
Step 1 Run the cfm loopback command to configure the loop detection function.
Step 2 Run the display cfm statistics command to query the statistics of CFM.
----End
Example
Assume that:
l Count of LBMs: 5
l Interval: 1000 ms
l Priority: 6
To configure that LBM from MEP 2/4/0 is sent to the equipment with the MAC address
0000-0000-0009, do as follows:
huawei(config)#cfm loopback mep 2/4/0 dst-mac-address 0000-0000-0009 count 5
interval 10 priority 6
LBR Lost : Sequence-Num = 1
LBR Lost : Sequence-Num = 2
LBR Lost : Sequence-Num = 3
LBR Lost : Sequence-Num = 4
LB Operation: LBM-Sent = 4 , LBR-Received = 0 , LBR-Lost = 4
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0
Related Operation
Table 33-14 lists the related operations for configuring loop detection function.
Context
l An LTM is the message with a known multicast address. But LTM is not multicasted and
additional information on the message indicates the destination MAC address of the MEP.
When the LTM is forwarded by MPs to the destination MEP in a unicast way, each MP
along the path responds an LTR to the source MEP. In this way, the source MEP obtains
the information on MPs along the transmission path and records the MAC addresses of
these MPs.
l By default, the priority of an LTM is the same as that of a CCM.
l Before enabling the loop detection of an MEP, you must enable CFM function globally
and enable the administration of the corresponding MEP.
Procedure
Step 1 Run the cfm link-trace command to configure Linktrace function.
Step 2 Run the display cfm statistics command to query the statistics of CFM packets.
----End
Example
To set that LT packet from MEP 0/2/4 is sent to the equipment with MAC address
0000-0000-0001 and the priority is 6, do as follows:
huawei(config)#cfm link-trace mep 2/4/0 dst-mac-address 0000-0000-0001 priority
6
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0
LBM DstMac Mismatch Drop Num : 0
LBR Sent Pkt Num : 0
LBR Received Pkt Num : 0
LBR Out of Order Num : 0
LBR Wrong Pattern Drop Num : 0
LBR Not Work Drop Num : 0
LBR DstMAC Mismatch Drop Num : 0
LBR SrcMAC Mismatch Drop Num : 0
LBR Wrong TransID Drop Num : 0
LBR Level Mismatch Drop Num : 0
LTM Sent Pkt Num : 1
LTM Received Pkt Num : 0
---- More ( Press 'Q' to break ) ----
Related Operation
Table 33-15 lists the related operations for configuring Linktrace function.
This chapter describes the MPLS OAM technology and how to configure the service on the
MA5600.
34.1 Overview
This section describes the MPLS OAM function and its applications on the MA5600.
34.2 Configuration Example of Detection of MPLS OAM for Static LSP Connectivity
This example shows how to configure the function of MPLS OAM to detect the static LSP
connectivity.
34.3 Configuration Example of MPLS OAM Protection Switchover
This example shows how to configure MPLS OAM protection switchover.
34.4 Configuring the MPLS OAM Function of the Ingress
This operation enables you to configure the MPLS OAM function of the ingress.
34.5 Configuring the MPLS OAM Function of the Egress
This operation enables you to configure the MPLS OAM function of the egress.
34.6 Configuring the Tunnel Protection Group
This operation enables you to configure the tunnel protection group.
34.7 Switching Over Protection Group Manually
This operation enables you to switch over the protection group manually. In this case, the traffic
in the protection group can be switched over to the related channel.
34.8 Enabling the Protection Group to Output the Debugging Information
This operation enables the protection group to output the debugging information.
34.1 Overview
This section describes the MPLS OAM function and its applications on the MA5600.
Service Description
Operation Administration & Maintenance (OAM) is a key method to reduce the network
maintenance cost. The MPLS OAM mechanism is designed for this purpose.
Service Specification
MPLS supports multiple layer 2 (L2) and layer 3 (L3) protocols. It provides the OAM mechanism
independent of any upper or lower layer.
By the MPLS OAM mechanism, the MA5600 detects and locates effectively the defects inside
the network at the MPLS layer. Then, it reports and handles the defects. When the fault occurs,
the system triggers the protection switchover.
Networking
Figure 34-1 shows a sample network of detection of MPLS OAM for static LSP connectivity.
Figure 34-1 Sample network of detection of MPLS OAM for static LSP connectivity
Tunnel 10
Tunnel-id 10
LSR-id
4.4.4.4/32
10.1.1.2/24 10.1.4.1/24
Router B
Data Plan
Table 34-1 shows the data plan for detection of MPLS OAM for static LSP connectivity.
Table 34-1 Data plan for detection of MPLS OAM for static LSP connectivity
Item Data
Port: 0/7/2
VLAN: 10
IP address of the port connecting to Router A: 10.1.2.1/24
Port: 0/7/3
VLAN: 11
IP address of the port connecting to Router B: 10.1.1.1/24
Port: 0/7/2
VLAN: 30
IP address of the port connecting to Router A: 10.1.3.2/24
Port: 0/7/3
VLAN: 31
IP address of the port connecting to Router B: 10.1.4.2/24
Prerequisite
Before the configuration, make sure that:
l The network device and the line are in the normal state.
l Set the IP addresses and the masks of the ports based on the sample network. After that,
LSRs can ping the peer LSRs.
l Configure the OSPF protocol on all MA5600 devices and routers, and the configured routes
are declared successfully.
Configuration Flowchart
Figure 34-2 shows the flowchart for detection of MPLS OAM for static LSP connectivity.
Figure 34-2 Flowchart for detection of MPLS OAM for static LSP connectivity
Start
End
Procedure
Step 1 Enable the basic function of MPLS and the function of MPLS TE.
1. Enable the basic function of MPLS and the function of MPLS TE globally.
MA5600_A(config)#mpls lsr-id 1.1.1.1
MA5600_A(config)#mpls
MA5600_A(config-mpls)#mpls te
MA5600_A(config-mpls)#quit
2. Enable the basic function of MPLS and the function of MPLS TE of the interface.
MA5600_A(config)#vlan 10 standard
MA5600_A(config)#mpls vlan 10
MA5600_A(config)#port vlan 10 0/7 0
MA5600_A(config)#interface vlanif 10
MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24
MA5600_A(config-if-vlanif10)#mpls
MA5600_A(config-if-vlanif10)#mpls te
MA5600_A(config-if-vlanif10)#quit
MA5600_A(config)#vlan 11 standard
MA5600_A(config)#mpls vlan 11
MA5600_A(config)#port vlan 11 0/7 1
MA5600_A(config)#interface vlanif 11
NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses
MA5600_A as an example
Step 2 Configure the static LSP to be detected. The ingress is MA5600_A, the intermediate node of the
LSP is Router A, and the egress is MA5600_B.
1. On MA5600_A, use the static LSP to configure the MPLS TE tunnel targeting
MA5600_B.
MA5600_A(config)#interface tunnel 20
MA5600_A(config-if-tunnel20)#tunnel-protocol mpls te
MA5600_A(config-if-tunnel20)#destination 3.3.3.3
MA5600_A(config-if-tunnel20)#mpls te tunnel-id 20
MA5600_A(config-if-tunnel20)#mpls te signal-protocol static
MA5600_A(config-if-tunnel20)#mpls te commit
MA5600_A(config-if-tunnel20)#quit
3. Configure Router A as the intermediate node of the static LSP. The configuration of the
router is not described here.
4. Configure MA5600_B as the egress of the static LSP.
MA5600_B(config)#static-lsp egress 200 incoming-interface vlanif 30
in-label 8210
Step 3 Configure the revertive tunnel static LSP, with the ingress of MA5600_B, The intermediate node
of the LSP is Router B, and the egress of the CR-LSP is MA5600_A.
1. On MA5600_B, use the static LSP to configure the MPLS TE tunnel that targets
MA5600_A.
MA5600_B(config)#interface tunnel 10
MA5600_B(config-if-tunnel10)#tunnel-protocol mpls te
MA5600_B(config-if-tunnel10)#destination 1.1.1.1
MA5600_B(config-if-tunnel10)#mpls te tunnel-id 100
MA5600_B(config-if-tunnel10)#mpls te signal-protocol static
MA5600_B(config-if-tunnel10)#mpls te commit
MA5600_B(config-if-tunnel10)#quit
3. Configure Router B as the intermediate node of the static LSP. The configuration of the
router is not described here.
4. Configure MA5600_A as the egress of the static LSP.
MA5600_A(config)#static-lsp egress 10 incoming-interface vlanif 10
in-label 8230
Step 4 Configure the MPLS OAM function of the ingress of the LSP to be detected.
MA5600_A(config)#mpls
MA5600_A(config-mpls)#mpls oam
MA5600_A(config-mpls)#quit
MA5600_A(config)#mpls oam ingress tunnel 20 type ffd frequency 100
backward-lsp lsr-id 3.3.3.3 tunnel-id 10
MA5600_A(config)#mpls oam ingress enable all
Step 5 Configure the MPLS OAM function of the egress of the LSP to be detected.
MA5600_B(config)#mpls
MA5600_B(config-mpls)#mpls oam
MA5600_B(config-mpls)#quit
MA5600_B(config)#mpls oam egress lsp-name 20 type ffd frequency 100
backward-lsp tunnel 10 private
MA5600_A(config)#mpls oam egress enable all
----End
Result
After the configuration, run the shutdown command on Router A to disable the port connected
to MA5600_B to simulate the link fault. Run the display mpls oam egress all command on
MA5600_B and you can find that MA5600_B detects the fault.
Networking
Figure 34-3 shows a sample network of the MPLS OAM protection switchover.
Tunnel 10
Tunnel-id 10
LSR-id
4.4.4.4/32
10.1.1.2/24 10.1.4.1/24
Router B
Tunnel 10
10.1.1.1/24 Tunnel-id 10
10.1.4.2/24
Tunnel-id 20
Data Plan
Table 34-2 shows the data plan for the MPLS OAM protection switchover.
Table 34-2 Data plan for the MPLS OAM protection switchover
Item Data
Port: 0/7/2
VLAN: 10
IP address of the port connecting to Router A: 10.1.2.1/24
Port: 0/7/3
VLAN: 11
IP address of the port connecting to Router B: 10.1.1.1/24
Port: 0/7/2
VLAN: 30
IP address of the port connecting to Router A: 10.1.3.2/24
Port: 0/7/3
VLAN: 31
IP address of the port connecting to Router B: 10.1.4.2/24
Prerequisite
l The network device and the line are in the normal state.
l Set the IP addresses and the masks of the ports based on the sample network. After that,
LSRs can ping the peer LSRs.
l Configure the OSPF protocol on all MA5600 devices and routers, and the configured routes
are declared successfully. Otherwise, the static routes are configured.
Configuration Flowchart
Figure 34-4 shows the flowchart for configuring MPLS OAM protection switchover.
Start
Enable OSPF TE
End
Procedure
Step 1 Enable the basic function of MPLS, and the functions of MPLS TE, RSVP-TE and CSPF.
1. Enable the basic function of MPLS, and the function of MPLS TE globally.
MA5600_A(config)#mpls lsr-id 1.1.1.1
MA5600_A(config)#mpls
MA5600_A(config-mpls)#mpls te
MA5600_A(config-mpls)#mpls rsvp-te
MA5600_A(config-mpls)#mpls te cspf
MA5600_A(config-mpls)#quit
2. Enable the basic function of MPLS and the function of MPLS TE of the interface.
MA5600_A(config)#vlan 10 standard
MA5600_A(config)#mpls vlan 10
MA5600_A(config)#port vlan 10 0/7 0
MA5600_A(config)#interface vlanif 10
NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses
MA5600_A as an example
NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses MA5600_A as
an example
NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses MA5600_A as
an example
1. Configure the active tunnel from MA5600_A to MA5600_B. The intermediate node is
Router A.
MA5600_A(config)#interface tunnel 20
MA5600_A(config-if-tunnel20)#tunnel-protocol mpls te
MA5600_A(config-if-tunnel20)#destination 3.3.3.3
MA5600_A(config-if-tunnel20)#mpls te tunnel-id 20
MA5600_A(config-if-tunnel2)#mpls te path explicit-path 1a2
MA5600_A(config-if-tunnel20)#mpls te signal-protocol rsvp-te
MA5600_A(config-if-tunnel20)#mpls te bandwidth bc0 1500
MA5600_A(config-if-tunnel20)#mpls te commit
MA5600_A(config-if-tunnel20)#quit
2. Configure the standby tunnel from MA5600_A to MA5600_B. The intermediate node is
Router B.
MA5600_A(config)#interface tunnel 10
MA5600_A(config-if-tunnel10)#tunnel-protocol mpls te
MA5600_A(config-if-tunnel10)#destination 3.3.3.3
MA5600_A(config-if-tunnel10)#mpls te tunnel-id 10
MA5600_A(config-if-tunnel10)#mpls te path explicit-path 1b2
MA5600_A(config-if-tunnel10)#mpls te signal-protocol rsvp-te
MA5600_A(config-if-tunnel10)#mpls te bandwidth bc0 1500
MA5600_A(config-if-tunnel10)#mpls te commit
MA5600_A(config-if-tunnel10)#quit
3. Configure the revertive tunnel from MA5600_B to MA5600_A. The intermediate node is
Router B.
MA5600_B(config)#interface tunnel 10
MA5600_B(config-if-tunnel10)#tunnel-protocol mpls te
MA5600_B(config-if-tunnel10)#destination 1.1.1.1
MA5600_B(config-if-tunnel10)#mpls te tunnel-id 10
MA5600_B(config-if-tunnel10)#mpls te path explicit-path 2b1
MA5600_B(config-if-tunnel10)#mpls te signal-protocol rsvp-te
MA5600_B(config-if-tunnel10)#mpls te bandwidth bc0 1500
MA5600_B(config-if-tunnel10)#mpls te commit
MA5600_B(config-if-tunnel10)#quit
----End
Result
After the configuration, run the shutdown command on Router A to disable the port connected
to MA5600_B to simulate the link fault. Run the display mpls oam egress all command on
MA5600_B, and you can find that MA5600_B detects the fault and implements protection based
on the configuration.
Context
l By default, the MPLS OAM function is disabled globally. Therefore, you must enable it
before configuring the MPLS OAM function of the ingress.
l After the MPLS OAM function is enabled globally, you can configure the MPLS OAM
instance.
l For a same LSP, the parameters of the MPLS OAM of the egress must be the same as those
of the ingress.
l After the MPLS OAM parameters are set, enable the OAM function of the ingress first.
Otherwise, the egress generates alarms.
Procedure
Step 1 Run the mpls command to switch over to MPLS mode.
Step 2 In MPLS mode, run the mpls oam command to enable the MPLS OAM function globally.
Step 3 In global config mode, run the mpls oam ingress command to set the MPLS OAM parameters
of the ingress.
Step 4 In global config mode, run the mpls oam ingress enable command to enable the MPLS OAM
function of the ingress.
Step 5 In global config mode, run the display mpls oam ingress command to query the instance of the
source MPLS OAM of the LSP.
----End
Example
Assume that the detection type is FFD, the detection frequency is 100 ms, the LSR ID of the
reverse tunnel is 80.80.80.80, the ID of the reverse tunnel is 20, the sources of all MPLS OAM
are enabled, to enable the MPLS OAM protection function for LSP tunnel 10, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls oam
huawei(config-mpls)#quit
huawei(config-mpls)#mpls oam ingress tunnel 10 type ffd frequency 100
backward-lsp lsr-id 80.80.80.80 tunnel-id 20
huawei(config)#mpls oam ingress enable all
huawei(config)#display mpls oam ingress
{ all<K>|Tunnel<K> }:all
{ <cr>|verbose<K>|slot<K> }:
Command:
display mpls oam ingress all
--------------------------------------------------------------------------------
No. Tunnel-name Ttsi Type Frequency Status
--------------------------------------------------------------------------------
1 tunnel10 -- FFD 100 ms Non-defect
2 tunnel20 -- FFD 10 ms Stop
--------------------------------------------------------------------------------
Total Oam Num: 1
Total Start Oam Num: 0
Total Defect Oam Num: 0
Related Operation
Table 34-3 lists the related operations for configuring the MPLS OAM function of the ingress.
Table 34-3 Related operations for configuring the MPLS OAM function of the ingress
To... Run the Command...
Context
l By default, the MPLS OAM function is disabled globally. Therefore, you must enable it
before configuring the MPLS OAM function of the egress.
l After the MPLS OAM function is enabled globally, you can configure the MPLS OAM
instance.
l For a same LSP, the parameters of the MPLS OAM of the egress must be the same as those
of the ingress.
l After the MPLS OAM parameters are set, enable the OAM function of the ingress first.
Otherwise, the egress generates alarms.
Procedure
Step 1 Run the mpls command to switch over to MPLS mode.
Step 2 In MPLS mode, run the mpls oam command to enable the MPLS OAM function globally.
Step 3 In global config mode, run the mpls oam egress command to set the MPLS OAM parameters
of the egress.
Step 4 In global config mode, run the mpls oam egress enable command to enable the MPLS OAM
function of the egress.
Step 5 In global config mode, run the display mpls oam egress command to query the instance of the
source MPLS OAM of the LSP.
----End
Example
Assume that the detection type is FFD, the detection frequency is 100 ms, and the ID of the
reverse tunnel is 20, to enable the MPLS OAM protection function for LSP named tunnel 10,
do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls oam
huawei(config-mpls)#quit
huawei(config-mpls)#mpls oam egress lsr-id 100.100.100.100 tunnel-id 10
type ffd frequency 100 backward-lsp tunnel 20 private
huawei(config)#mpls oam engress enable all
huawei(config)#display mpls oam egress
{ all<K>|lsp-name<K>|lsr-id<K> }:all
{ <cr>|verbose<K>|slot<K> }:
Command:
display mpls oam egress all
Related Operation
Table 34-4 lists the related operations for configuring the MPLS OAM function of the egress.
Table 34-4 Related operations for configuring the MPLS OAM function of the egress
Context
l The following section lists the default settings of the parameters for configuring the tunnel
protection group.
– Revertive: It is enabled.
– Wait to Restore (WTR): It is 720s. The value ranges from 0 to 60, with the step of 30s.
l Before configuring the protection group, you must set the protocol for the tunnel interface
as mpls te, and set the Tunnel-ID and peer address.
l After configuring or deleting the protection group, you must run the mpls te commit
command to make it take effect.
NOTE
In protection group revertive mode, the traffic reverts from the standby tunnel to the active tunnel. After
the traffic reverts from the active tunnel to the standby tunnel, if the active tunnel restores to the normal
state, the traffic reverts to the active tunnel for transmission when the WTR times out.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the tunnel-protocol mpls te command to enable the encapsulation protocol of the tunnel
interface.
Step 3 Run the mpls te protection tunnel command to configure the tunnel protection group.
Step 4 Run the mpls te commit command to deliver the configuration of the tunnel interface.
Step 5 In privilege mode, run the display mpls te protection tunnel command to query the state of the
tunnel protection group.
----End
Example
Assume that tunnel ID is 10, revertive mode is enabled and WTR is 900s, to configure a standby
tunnel for tunnel 20, do as follows:
huawei(config)#interface tunnel 20
huawei(config-if-tunnel20)#tunnel-protocol mpls te
huawei(config-if-tunnel20)#mpls te protection tunnel 10 mode revertive wtr 30
huawei(config-if-tunnel20)#mpls te commit
huawei(config-if-tunnel20)#quit
huawei(config)#display mpls te protection tunnel 20
Related Operation
Table 34-5 lists the related operations for configuring the tunnel protection group.
Table 34-5 Related operations for configuring the tunnel protection group
Context
The parameters for protection group switchover are clear, lock, force, manual work-lsp and
manual protect-lsp. Their switchover has priority restriction. The priorities in descending order
are clear, lock, force, and manual. The manual work-lsp and manual protect-lsp have the
same priority.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the tunnel-protocol mpls te command to enable the encapsulation protocol of the tunnel
interface.
Step 3 Run the mpls te protect-switch command to switch over the protection group manually.
Step 4 Run the mpls te commit command to deliver the configuration of the tunnel interface.
Step 5 In global config mode, run the display mpls te protection tunnel command to query the state
of the tunnel protection group.
----End
Example
To switch over the traffic from the standby channel to the active channel, do as follows:
huawei(config)#interface tunnel 20
huawei(config-if-tunnel20)#tunnel-protocol mpls te
huawei(config-if-tunnel20)#mpls te protect-switch manual work-lsp
huawei(config-if-tunnel20)#mpls te commit
huawei(config-if-tunnel20)#quit
huawei(config)#display mpls te protection tunnel 20
Related Operation
Table 34-6 lists the related operation for switching over the protection group manually.
Table 34-6 Related operation for switching over the protection group manually
To... Run the Command...
Context
Before enabling the protection group to output the debugging information, you must enable the
terminal to send the debugging information, log and alarm, and enable its debugging information
output.
Procedure
In privilege mode, run the debugging mpls te protect-switch command to enable the protection
group to output the debugging information.
----End
Example
To enable the protection group to output the debugging information, do as follows:
huawei(config)#debugging mpls te protect-switch
{ all<K>|error<K>|process<K>|timer<K>|inter<K> }:all
Command:
debugging mpls te protect-switch all
Related Operation
Table 34-7 lists the related operations for enabling the protection group to output the debugging
information.
Table 34-7 Related operations for enabling the protection group to output the debugging
information
To... Run the Command...
This chapter describes the environment monitoring unit (EMU) supported by the MA5600 and
how to configure the EMU.
35.1 Overview
This chapter describes environment monitoring configuration on the MA5600.
35.2 Configuration Example of an EMU
This operation enables you to Configure an EMU.
35.3 Adding an EMU
This operation enables you to add an EMU.
35.4 Configuring the H303ESC/H304ESC EMU
This operation enables you to configure the H303ESC/H304ESC EMU.
35.5 Configuring an H561ESC EMU
This operation enables you to configure an H561ESC EMU.
35.6 Configuring a POWER4845 EMU
This operation enables you to configure a POWER4845 EMU.
35.7 Configuring the FAN Alarm Report
This operation enables the report of the FAN running alarms to the EMU.
35.8 Setting the FAN Speed Adjustment Mode
This operation enables you to set the fan speed adjustment mode.
35.9 Configuring the FAN Speed
This operation enables you to configure the FAN speed.
35.1 Overview
This chapter describes environment monitoring configuration on the MA5600.
Service Description
The MA5600 provides an environment monitor serial port to connect the serial port on a
monitored device. By running master-slave node protocol or access network protocol between
the two serial ports, you can monitor the environment of the device from a remote end.
The environment parameters such as temperature, humidity, and power supply can be monitored
to guarantee that the MA5600 can work reliably in a suitable environment.
Service Specifications
Monitoring the environment of a device involves two aspects:
l Environment parameters:
Environment parameters refer to factors that may cause failure or even damage to the
device. The parameters include: temperature, humidity, door-status switch, smoke, water,
MDF, and door status sensor.
l Power supply status:
Power supply status covers the status of the mains input, the DC distribution, the rectifier
module, and the battery.
The environment monitor module of the MA5600 comprises multiple EMUs, such as:
Hardware Connection
NOTE
Before the delivery, the EMU has been connected with the shelf. Do not change the connection. To install
the EMU into other shelves or to connect EMU again, refer to the following description.
l The POWER4845, and ESC boards are connected almost in the same way to the
MA5600. Connect the environment monitoring cable from the EMU to the environment
monitoring port (MON) on the SCU board of the MA5600. EMUs report their states to the
SCU board through the MON port, and receive commands from the SCU board.
l The FAN EMU is connected to the backplane through the interface on the rear panel, and
communicates with the MA5600 through the backplane.
EMUs communicate with the MA5600 in master/slave node mode. Ensure the sub node numbers
of the EMUs are consistent with the settings of their DIP switches.
Table 35-1 shows the correspondence between the POWER4845 DIP switch and the slave node
number. ON means 1 and OFF means 0.
Table 35-1 Correspondence between the POWER4845 DIP switch and the slave node number
…… …… …… …… ……
ON ON ON ON 15
Table 35-2 shows the correspondence between the H801ESC DIP switch and the slave node
number. ON means 0 and OFF means 1.
Table 35-2 Correspondence between the H801ESC DIP switch and the slave node number
ON ON ON ON ON 0
ON ON ON ON OFF 1
ON ON ON OFF ON 2
…… …… …… …… …… ……
Table 35-3 shows the correspondence between the FAN DIP switch and the slave node number.
ON means 0 and OFF means 1.
Table 35-3 Correspondence between the FAN DIP switch and the slave node number
ON ON ON ON 0
ON ON ON OFF 1
ON ON OFF ON 2
…… …… …… …… ……
Slave node: 30 -
Name: mdesc -
Digital parameter Level of the door state sensor: high For other digital parameters,
use the default settings.
Start
FAN EMU
End
Three procedures are used to configure the EMU for the MA5600:
l With DC power supply, Start > H303ESC/H304ESC > DIS EMU > FAN EMU > End.
l With DC power supply, Start > H561ESC > FAN EMU > End.
l With AC power supply, Start > POWER4845 EMU > FAN EMU > End.
Procedure
Step 1 Add an H303ESC EMU.
huawei(config)#emu add 0 H303ESC 0 30 fore mdesc
NOTE
----End
EMU ID: 1
FAN configration parameter:
--------------------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 4
--------------------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
--------------------------------------------------------------------
NOTE
If the EMU state is fault, following these steps to check the configuration:
l Make sure that the physical connection is correct.
l Make sure that the DC distribution module is connected properly to the MA5600.
l Make sure that the DIP switches S1-1 to S1-5 on the environment monitor board of the module are set
to ON.
l Make sure that the EMU type, shelf ID, subnode number and serial port are correct.
You can configure the environment parameters of the DC distribution module according to the
display.
Step 4 Set the upper and lower limit for temperature alarm.
Run the distribution temperature command to set the temperature alarm thresholds.
Run the display distribution environment info command to query the DIS environment
information.
----End
Procedure
Step 1 Add a POWER4845 EMU.
huawei(config)#emu add 0 POWER4845 0 10 fore
In ESC mode, run the display power run info command to query the running state of the
POWER4845 module.
In ESC mode, run the display power environment info command to query the environment
information about the POWER4845 module.
You can configure the environment parameters of the AC power module according to the display.
NOTE
Procedures for configuring all these types of EMUs are similar. Refer to the above examples to configure
the EMUs. Note that the key words used in the commands are different.
----End
Context
l There are several EMU types, including FAN, POWER4845, H303ESC, H304ESC and
H561ESC.
l The slave nodes of the H303ESC, H304ESC and H561ESC are always 30.
l By default, the slave nodes of the FAN and the POWER4845 are 0. You can set the slave
node. Make sure that the setting is consistent with that of the DIP switch. In this case, the
EMU can communicate with the control board correctly.
l When the system monitors several EMUs at a time, make sure that their slave nodes are
different.
l For the communication serial port, select back mode for FAN, select fore mode for the
control board. For other EMUs, select the mode according to the requirements.
Procedure
Step 1 Run the emu add command to add an EMU.
Step 2 Run the display emu command to query the EMU state.
----End
Example
To add an H303ESC, do as follows:
huawei(config)#emu add 0 H303ESC 0 30 fore mdpower
huawei(config)#dispaly emu 0
EMU ID: 0
--------------------------------------------------------------------
EMU name : mdpower
EMU type : H303ESC
Used or not : Used
EMU state : Normal
Frame ID : 0
Subnode : 30
COM Port : Fore
Related Operation
Table 35-5 lists the related operations for adding an EMU.
Context
NOTE
Compared with the H303ESC, the H304ESC provides management function on batteries, but does not
provide the humidity monitor function.
Table 35-6 lists the commands for configuring the H303ESC/H304ESC EMU.
Set the fan control esc fan l The status of the fan tray can be
parameters opened, closed or auto.
l The default control status of the fan tray
is auto. It means that you need to set the
temperatures at which the fans start and
stop working.
l By default, the fans start to work at 45°
C, and stop working at 30°C.
Set the analog esc analog This command is used to set the upper and
parameters lower alarm thresholds of analog
parameters, such as temperature and
humidity.
Set the digital esc digital l This command is used to set the digital
parameters parameters, such as MDF state and door
status sensor, and normal state of the
digital parameters.
l The state of a digital parameter can be in
a high level or low level. If an alarm is
reported but the system is normal, you
can run the esc digital command to
change the level of the digital parameter
in order to eliminate the alarm. For
example, if the digital parameter is at a
high level (1) when an alarm is reported,
you can run the command to set the high
level as normal state.
Set the extended esc com This command is used to set the serial port
serial port parameters, including the port ID, key
parameters word, baud rate, data bit, stop bit, and
parity check methods.
When you set the baud rate, make sure the
setting is consistent with the DIP switch
setting of S7-4 at the lower right side of the
board. If S7-4=ON, the serial port rate is
19200 bit/s; if S7-4=OFF, the rate is 9600
bit/s. The default DIP setting is ON.
Specify the power esc power This command is used to add a power
module monitored module before setting the parameters. The
by the H303ESC/ power module supported at present is
304ESC power4810.
Set 4810 power esc 810 This command is used to set power-off
parameters voltages for transmission unit or subscriber
lines, as well as whether to limit the current.
Set battery esc battery This command is used to set the battery
parameters capacity, allowed power-off state, power-
(H304ESC only) off voltage, and timed even charging
duration. The settings shall cover battery
groups 0 and 1.
Procedure
Run the esc analog command to configure the H303ESC/H304ESC EMU.
----End
Example
To set the upper and lower limits of the temperature of the H303ESC EMU, do as follows:
huawei(config-if-h303esc-0)#esc analog 0 alarm-upper-limit 60 alarm-lower-limit 5
Related Operation
Table 35-7 lists the related operations for configuring the H303ESC/H304ESC EMU.
Context
Table 35-8 lists the commands for configuring an H561ESC EMU.
Set the digital parameters esc digital The digital parameters include the
MDF and cabinet door status
sensor, or user defined alarms.
Procedure
Run the mapping command to configure an H561ESC EMU.
----End
Example
To run the esc digital command to set the level of the MDF, do as follows:
huawei(config-if-h561esc-0)#esc digital 1 available-level high-level
Related Operation
Table 35-9 lists the related operations for configuring an H561ESC EMU.
Context
Table 35-10 lists the commands for configuring a POWER4845 EMU.
Set the POWER4845 power battery parameter This command is used to set the
battery parameters battery charging current-limit
coefficient, equalized-charging
time, the number of the battery
group and the battery capacity.
Set the POWER4845 power environment This command is used to set the
environment parameters upper/lower alarm thresholds and
upper/lower test limits for the
environment humidity or
temperature, to ensure the power
to generate an alarm when it
works in an environment that
does not match the set conditions.
Set the POWER4845 power module-parameter This command is used to set the
module parameters switch-on and switch-off control
of the POWER4845 module. By
default, the power modules are
switched on, which means the
modules supply power for the
system.
Set the POWER4845 power off Power off occurs in two cases:
power-off parameters load power off and battery power
off.
l When the mains input stops
working, the batteries provide
power for the system.
l When the output voltage from
the batteries drops below the
load power off voltage, the
power supply for service load
will be disconnected.
l When the output voltage from
the batteries drops below the
battery power off voltage, the
batteries will stop working.
Set the POWER4845 power supply-parameter This command is used to set the
supply parameters AC over-voltage, AC under-
voltage, DC over-voltage and DC
under-voltage alarm thresholds
for a power, to enable the rectifier
module to power off
automatically when the AC
voltage or DC voltage is
abnormal.
Set the backup power outside_digital This command is used to set such
parameters of the extended digital parameters as
POWER4845 valid level, name to identify the
digit and self-defined alarm to
monitor the device digits timely.
Set the battery charging power charge This command is used to set the
parameters charging mode and charging
voltage for batteries connected
with POWER4845.
Set the power4845 test power battery-test This command is used to set the
parameters battery auto-test period
parameters and the discharging
end-voltage to implement the
battery auto-discharging test.
Set the high temperature power temperature-off This command is used to set the
power-off parameter load or battery high temperature
power-off parameters and then to
protect the load or battery.
Procedure
Run the command in Table 35-10 to configure a POWER4845 EMU.
----End
Example
To set the POWER4845 battery parameters, do as follows:
huawei(config-if-power4845-3)#power battery parameter 0.2 60 1 130
Related Operation
Table 35-11 lists the related operations for configuring a POWER4845 EMU.
Prerequisite
The FAN EMU has existed and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan alarmset command to configure the FAN alarm report.
Step 3 Run the display fan system parameter command to query information about FAN alarm.
----End
Example
To disable the report of FAN block alarm, do as follows:
huawei(config)#interface emu 1
huawei(config-if-fan-1)#fan alarmset block forbid
huawei(config-if-fan-1)#display fan system parameter
EMU ID: 0
FAN configration parameter:
--------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 4
--------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
--------------------------------------------------------
Related Operation
Table 35-12 lists the related operations for configuring the FAN alarm report.
Table 35-12 Related operations for configuring the FAN alarm report
Query the running information display fan environment FAN environment monitor
about the fans info mode
Query the alarm information display fan alarm FAN environment monitor
about the fans mode
Prerequisite
The FAN EMU has existed and works in the normal state.
Context
There are two fan speed adjustment modes:
l Automatic
l Manual
By default, the mode is manual with the fan speed level of 5. It is recommended that you change
the mode to automatic.
If the mode is not set to automatic, the air flow increases in case of low or normal temperature.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan speed command to set the fan speed adjustment mode.
Step 3 Run the display fan system parameter command to query the parameter setting.
----End
Example
To set the fan speed adjustment mode as automatic, do as follows:
huawei(config)#interface emu 0
huawei(config-if-fan-0)#fan speed mode automatic
huawei(config-if-fan-0)#display fan system parameter
EMU ID: 0
FAN configration parameter:
--------------------------------------------------------
FAN timing mode: Auto timing
FAN speed level: 4
--------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
--------------------------------------------------------
Related Operation
Table 35-13 lists the related operations for setting the fan speed adjustment mode.
Table 35-13 Related operations for setting the fan speed adjustment mode
Set the fan speed fan speed adjust Set the fan speed in manual
mode, use this command.
Prerequisite
The FAN EMU has existed and works in the normal state.
Context
FAN speed level ranges from 0 to 5. Level 0 refers to the lowest and level 5 refers to the highest
fan speed level.
l The nominated fan speed is enough for heat dissipation when the system works in the
permitted highest temperature.
l Low-speed running of fans can prolong the lifetime of the fans.
l When abnormality occurs or one of the fans fails, other fans can run at high speed to
compensate the air flow.
l Low-speed running of fans can reduce dust concentration in the air filter.
l Set the fan speed in manual mode.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan speed command to configure the FAN speed.
Step 3 Run the display fan system parameter command to query the setting of the FAN speed.
----End
Example
To set the FAN speed as 3, do as follows:
huawei(config)#interface emu 0
huawei(config-if-fan-0)#fan speed adjust 3
huawei(config-if-fan-0)#display fan system parameter
EMU ID: 0
FAN configration parameter:
--------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 3
--------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
-------------------------------------------------------
Related Operation
Table 35-14 lists the related operations for setting the FAN speed.
This chapter describes the MSTP networking example supported by the MA5600.
36.1 Networking
The section describes the typical networking in MSTP mode.
36.2 Data Plan
This section describes the data plan for the sample MSTP network.
36.3 Configuring MA5600-1
The following shows how to configure MA5600-1.
36.4 Configuring MA5600-2
The following shows how to configure MA5600-2.
36.5 Configuring MA5600-3
The following shows how to configure MA5600-3.
36.6 Configuring MA5600-4
The following shows how to configure MA5600-4.
36.7 Configuring MA5600-5
The following shows how to configure MA5600-5.
36.8 Verification
All services configured on all DSLAMs run in the normal state.
36.1 Networking
The section describes the typical networking in MSTP mode.
Three MA5600s (MA5600-1, MA5600-2, and MA5600-3) form an MSTP ring network.
l The MA5600-1 is connected to the IP network.
l The MA5600-3, through its GE port, is subtended with the MA5600-4.
l The MA5600-1 works together with the MA5600-5 to provide QinQ service through IP
network.
Figure 36-1 shows a sample MSTP network of the MA5600.
IP
LAN switch
BRAS
2 3 5 7 5 7
0
A A S 0 S
D D H H
G G E 1 E
E E A A
2
2 3 5 7 1 5 7
0 0
A A S A S
D D H D H 1
G G E 1 G E
2
E E A E A
0
A A S
HG
D D H
G G E
E E A
STB
SCU MA5600-4
ADSL2+ modem
Ephone TV PC
PC
Slot ADSL2+: 0/3 ADSL2+: 0/3 ADSL2+: ADSL2+: 0/3 QinQ: 0/5/31
SHDSL: 0/5 SHDSL: 0/5 0/3 SHDSL: 0/5
QinQ: 0/5/31 Stacking: SHDSL: 0/5 Multicast:
Multicast: 0/2/0-10 (map 0/2/2, 0/2/3
0/2/2, 0/2/3 VLAN 60, ISP1)
0/2/11-20 (map
VLAN 61, ISP2)
0/2/21-30 (map
VLAN 62, ISP3)
Triple Play:
0/2/31
User PVC VPI/ VPI/VCI of PVC VPI/ PVC VPI/ PVC VPI/
PVC VCI of all triple play: VCI of all VCI of all VCI of all
users: 0/35 l Video service: users: 0/35 users: 0/35 users: 0/35
0/35
l Internet
service: 0/36
l Voice service:
0/37
Upper The upper layer device supports the DHCP option82 function.
layer The BRAS supports the PITP, Stacking VLAN and QinQ VLAN function.
device
The BRAS supports inner and outer VLAN Tags.
The VLAN ID of the traffic flow sent from the IP network to the DSLAM is 100.
The upper layer device classifies the downstream traffic. Different service carries
different 802.1p labels.
The VLAN mapping to the DSLAN is configured in the upper layer IP network.
The IP address of LAN switch at the MA5600 side is 10.10.10.1/24.
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of NMS. In this example, the NMS
version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
<ATU-C >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1
> The number of failed fast retrain seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
<ATU-R >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
Add profile 10 successfully
The configuration of the upstream port of the SCU board shall be the same as that
of the peer end.
Run the auto-neg command to set the port to work in auto negotiation mode.
If the port works in non auto negotiation mode, change to the SCU config mode and
run the speed command to change the port rate, and run the duplex command duplex
to change the port duplex mode.
l Configure the VLAN.
The ADSL2+ users of MA5600-1 adopt the VLAN authentication. In this case, the
MUX VLAN is used to identify the users.
huawei(config)#vlan 1000 to 1063 mux
huawei(config)#port vlan 1000 to 1063 0/7 0-2
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the SHDSL service. For other encapsulation modes, see the chapter "22
Configuring the SHDSL Service."
1. Configure the SHDSL line profile.
To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile
quickadd command.
huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd
symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr
10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
l Users of port 0/2/2 must be authenticated, and have rights to watch two programs and to
preview one program.
l Users of port 0/2/3 do not need authenticating.
1. Configure the xDSL.
In this example, it is unnecessary to configure the xDSL. The default line profile (profile
1002) is used.
2. Configure the VLAN.
l Create a VLAN.
huawei(config)#vlan 100 smart
In this example, set the preview duration for program 3 as 150s, the number of
preview attempts as 6 each day and the preview interval as 60s.
huawei(config-btv)#igmp preview program name program3 preview-duration 150
huawei(config-btv)#igmp preview program name program3 preview-times 6
huawei(config-btv)#igmp preview program name program3 preview-interval 60
To set the time to clear the previous preview attempts, run the igmp preview auto-
reset-time command. In this example, set the time to 00:00:00.
huawei(config-btv)#igmp preview auto-reset-time 00:00:00
In the MSTP ring network, MA5600-1 is subtended with MA5600-3, and MA5600-3 is
subtended with MA5600-4. According to the data plan, MA5600-4 provides the multicast
service. In this way, it is necessary to configure the multicast subtending on MA5600-1 first.
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of NMS. In this example, the NMS
version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
to configure the ADSL2+ service. For other encapsulation modes, see the chapter "21
Configuring the ADSL2+ Service."
The configuration of the upstream port of the SCU board shall be the same as that
of the peer end.
Run the auto-neg command to set the port to work in auto negotiation mode.
If the port works in non auto negotiation mode, change to the SCU config mode and
run the speed command to change the port rate, and run the duplex command duplex
to change the port duplex mode.
l Configure the VLAN.
The ADSL2+ users of MA5600-2 adopt the PPPoE authentication. In this case, the
smart VLAN is used to identify the users.
huawei(config)#vlan 1000 smart
huawei(config)#port vlan 1000 0/7 0-1
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the SHDSL service. For other encapsulation modes, see the chapter "22
Configuring the SHDSL Service."
1. Configure the SHDSL line profile.
To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile
quickadd command.
huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd
symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr
10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
6
tx-cttr 6
In the MSTP ring network, MA5600-1 is subtended with MA5600-3, and MA5600-3 is
subtended with MA5600-4. According to the data plan, MA5600-4 provides the multicast
service. In this way, it is necessary to configure the multicast subtending on MA5600-2 first.
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of NMS. In this example, the NMS
version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
<ATU-C >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1
> The number of failed fast retrain seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~31968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
<ATU-R >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
Add profile 10 successfully
The configuration of the upstream port of the SCU board shall be the same as that
of the peer end.
Run the auto-neg command to set the port to work in auto negotiation mode.
If the port works in non auto negotiation mode, change to the SCU config mode and
run the speed command to change the port rate, and run the duplex command duplex
to change the port duplex mode.
l Configure the VLAN.
The ADSL2+ users of MA5600-3 adopt the VLAN authentication. In this case, the
MUX VLAN is used to identify the users.
huawei(config)#vlan 1000 to 1063 mux
huawei(config)#port vlan 1000 to 1063 0/7 0-1
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 195.71.131.38 0.0.0.0
destination 10.8.176.2 0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 195.71.131.39 0.0.0.0
destination 10.8.176.2 0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 193.189.251.38 0.0.0.0
destination 10.8.176.2 0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 193.189.251.42 0.0.0.0
destination 10.8.176.2 0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 217.188.56.40 0.0.0.0
destination 10.8.176.2 0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 217.188.57.40 0.0.0.0
destination 10.8.176.2 0.0.0.0
huawei(config-acl-adv-3010)#quit
huawei(config)#packet-filter inbound ip-group 3010 port 0/7/0
huawei(config)#packet-filter inbound ip-group 3010 port 0/7/1
Here, the SNMP version must be the same as that of NMS. In this example, the NMS
version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
huawei(config)#interface emu 0
huawei(config-if-power4845-0)#power module-num 2 1 2
huawei(config-if-power4845-0)#quit
<ATU-C >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1
> The number of failed fast retrain seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~31968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~31968kbps) [0]:
<ATU-R >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
The configuration of the upstream port of the SCU board shall be the same as that
of the peer end.
Run the auto-neg command to set the port to work in auto negotiation mode.
If the port works in non auto negotiation mode, change to the SCU config mode and
run the speed command to change the port rate, and run the duplex command duplex
to change the port duplex mode.
l Configure the VLAN.
The ADSL2+ users of MA5600-4 adopt the PPPoE authentication. In this case, the
smart VLAN is used to identify the users.
huawei(config)#vlan 1000 smart
huawei(config)#port vlan 1000 0/7 0
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the SHDSL service. For other encapsulation modes, see the chapter "22
Configuring the SHDSL Service."
huawei(config)#btv
huawei(config-btv)#igmp mode proxy
In this example, set the preview duration for program 3 as 150s, the number of
preview attempts as 6 each day and the preview interval as 60s.
huawei(config-btv)#igmp preview program name program3 preview-duration 150
huawei(config-btv)#igmp preview program name program3 preview-times 6
huawei(config-btv)#igmp preview program name program3 preview-interval 60
To set the time to clear the previous preview attempts, run the igmp preview auto-
reset-time command. In this example, set the time to 00:00:00.
huawei(config-btv)#igmp preview auto-reset-time 00:00:00
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of NMS. In this example, the NMS
version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
MA5600-1 and MA5600-5 serve two branches of a company to provide the QinQ leased line
service.
----End
36.8 Verification
All services configured on all DSLAMs run in the normal state.
This chapter describes the subtending networking example supported by the MA5600.
37.1 Networking
The section describes a sample subtended network.
37.2 Data Plan
The section describes the data plan for the sample subtended network.
37.3 Configuring MA5600-1
The section describes how to configure the MA5600-1.
37.4 Configuring MA5600-2
The section describes how to configure the MA5600-2.
37.5 Configuring MA5600-3
The section describes how to configure the MA5600-3.
37.6 Configuring MA5600-4
The section describes how to configure the MA5600-4.
37.7 Verification
All services configured on all DSLAMs run in the normal state.
37.1 Networking
The section describes a sample subtended network.
As shown in Figure 37-1:
l The MA5600-1 is subtended with MA5600-2 through the GE port on the SCU board.
l The MA5600-2 is subtended with MA5600-3 through the GE port on the SCU board.
IP
LAN switch
BRAS
2 3 5 6 7 5 7
0 0
A A S A S
1
D D H I H
G G E U E
E E A G A
6 7 14 2 3 5 7
0 0
A A A A S
1 1
I D D D H
U L G G E
A A E E A
2 3 5 7
HG 0
A A S
D D H
G G E
STB
E E A
SCU MA5600-3
Ephone TV PC
ADSL2+ modem
PC
Slot ADSL2+: 0/3 ADSL2+: 0/3 ADSL2+: 0/3 QinQ: 0/5/31 ADSL: 0/14
and SHDSL: 0/5 SHDSL: 0/5 SHDSL: 0/5
port
QinQ: 0/5/31 Stacking:
Multicast: 0/2/0-10 (map
0/2/2, 0/2/3 VLAN 60,
ISP1)
0/2/11-20
(map VLAN
61, ISP2)
0/2/21-30
(map VLAN
62, ISP3)
Triple Play:
0/2/31
Upper The upper layer device supports the DHCP Option82 function.
layer The BRAS supports the PITP, Stacking, and QinQ function.
device
The BRAS supports inner and outer VLAN tags.
The VLAN ID of the traffic flow sent from the IP network to the DSLAM is 100.
The upper layer device classifies the downstream traffic. Different services carry
different 802.1p labels.
The VLAN mapping to the DSLAM is configured at the upper layer device.
The IP address of the LAN switch at the MA5600 side is 10.10.10.1/24.
NOTE
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of the NMS. In this example, the
SNMP version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
<ATU-R >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
Add profile 10 successfully
By default, the GE optical port of the GIU board works in full duplex mode with the
rate of 1000 Mbit/s.
To change the port working mode and the port rate, run the speed and duplex
command in SCU board config mode.
The settings must be the same as those of the peer end.
l Configure the VLAN.
The ADSL2+ users of MA5600-1 adopt the VLAN authentication. In this case, the
MUX VLAN is used to identify the users.
huawei(config)#vlan 1000 to 1063 mux
huawei(config)#port vlan 1000 0/7 0-1
huawei(config)#port vlan 1001 to 1063 0/7 0
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the SHDSL service. For other encapsulation modes, see the chapter 22 Configuring
the SHDSL Service.
MA5600-1 and MA5600-4 serve two branches of a company to provide the QinQ leased line
service.
To add the virtual port, run the service-port command. Note that the VPI and VCI values
of the virtual port must be the same as those on the modem.
The QinQ VLAN supports the PVC-priority scheduling policy only. In this case, select the
profile that supports PVC-priority policy.
huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvc-
Setting
huawei(config)#service-port vlan 50 shdsl 0/5/31 vpi 0 vci 35 rx-cttr 7
tx-cttr 7
l Users of port 0/2/2 need to be authenticated, and have rights to watch two programs and to
preview one program.
l Users of port 0/2/3 do not need to be authenticated.
1. Configure the xDSL.
In this example, it is unnecessary to configure the xDSL. The default line profile (profile
1002) is used.
2. Configure the VLAN.
l Create a VLAN.
huawei(config)#vlan 100 smart
In this example, set the preview duration for program 3 as 150s, the number of
preview attempts as 6 each day, and the preview interval as 60s.
huawei(config-btv)#igmp preview program name program3 preview-duration 150
huawei(config-btv)#igmp preview program name program3 preview-times 6
huawei(config-btv)#igmp preview program name program3 preview-interval 60
To set the time to clear the previous preview attempts, run the igmp preview auto-
reset-time command. In this example, set the time to 00:00:00.
huawei(config-btv)#igmp preview auto-reset-time 00:00:00
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of the NMS. In this example, the
SNMP version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
The MA5600 supports the ADSL2+ service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the ADSL2+ service. For other encapsulation modes, see the chapter 21
Configuring the ADSL2+ Service.
<ATU-C >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1
> The number of failed fast retrain seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~31968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~31968kbps) [0]:
<ATU-R >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
Add profile 10 successfully
By default, the GE optical port of the GIU board works in full duplex mode with the
rate of 1000 Mbit/s.
To change the port working mode and the port rate, run the speed and duplex
command in SCU board config mode.
The settings must be the same as those of the peer end.
l Configure the VLAN.
The ADSL2+ users of MA5600-1 adopt the VLAN authentication. In this case, the
MUX VLAN is used to identify the users.
huawei(config)#vlan 1000 smart
huawei(config)#port vlan 1000 0/7 0-1
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the SHDSL service. For other encapsulation modes, see the chapter "22
Configuring the SHDSL Service."
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of the NMS. In this example, the
SNMP version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
<ATU-C >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1
> The number of failed fast retrain seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
<ATU-R >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of positive difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~2968kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in interleaved mode (0~2968kbps) [0]:
Add profile 10 successfully
By default, the GE optical port of the GIU board works in full duplex mode with the
rate of 1000 Mbit/s.
To change the port working mode and the port rate, run the speed and duplex
command in SCU board config mode.
The settings must be the same as those of the peer end.
l Configure the VLAN.
The ADSL2+ users of MA5600-1 adopt the VLAN authentication. In this case, the
MUX VLAN is used to identify the users.
huawei(config)#vlan 1000 smart
huawei(config)#port vlan 1000 0/7 0
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the SHDSL service. For other encapsulation modes, see the chapter 22 Configuring
the SHDSL Service.
l Users of port 0/2/2 need to be authenticated, and have rights to watch two programs and to
preview one program.
l Users of port 0/2 do not need to be authenticated.
1. Configure the xDSL.
In this example, it is unnecessary to configure the xDSL. The default line profile (profile
1002) is used.
2. Configure the VLAN.
l Create a smart VLAN.
huawei(config)#vlan 100 smart
In this example, set the preview duration for program 3 as 150s, the number of
preview attempts as 6 each day, and the preview interval as 60s.
huawei(config-btv)#igmp preview program name program3 preview-duration 150
huawei(config-btv)#igmp preview program name program3 preview-times 6
huawei(config-btv)#igmp preview program name program3 preview-interval 60
To set the time to clear the previous preview attempts, run the igmp preview auto-
reset-time command. In this example, set the time to 00:00:00.
huawei(config-btv)#igmp preview auto-reset-time 00:00:00
----End
Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Here, the SNMP version must be the same as that of the NMS. In this example, the
SNMP version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
The QinQ VLAN supports the PVC-priority scheduling policy only. In this case, select the
profile that supports PVC-priority policy.
huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvc-
Setting
huawei(config)#service-port vlan 50 shdsl 0/5/31 vpi 0 vci 35 rx-cttr 7 tx-cttr
7
----End
37.7 Verification
All services configured on all DSLAMs run in the normal state.
A
AAA Authentication, Authorization and Accounting
ABR Area Border Router
ACL Access Control List
B
BDR Backup Designated Router
BMS HUAWEI iManager N2000 broadband integrated network management
system
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
BRAS Broadband Remote Access Server
BRAS Broadband Remote Access Server
BTV Broadband TV
C
CAR Committed Access Rate
CC Connection Confirm
CFM Connectivity Fault Management
CIDR Classless Inter-Domain Routing
CLI Command Line Interface
COS Class of Service
CPE Customer Premises Equipment
D
DHCP Dynamic Host Configuration Protocol
DHCP
DHCP relay agent option 82
option82
DoD Downstream on Demand
DoS Denial of Service
DR Designated Router
DSLAM Digital Subscriber Line Access Multiplexer
DU Downstream Unsolicited
D-V Distance Vector Routing Algorithm
E
EMU Environment Monitoring Unit
F
FE Fast Ethernet
FEC Forward Error Correction
FTP File Transfer Protocol
FIFO First In First Out
G
GE Gigabit Ethernet
I
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IMA Inverse Multiplexing for ATM
IP Internet Protocol
IPoA Internet Protocol Over ATM
IPoE IP over Ethernet
L
LAN Local Area Network
LSA Link State Advertisement
LSDB Link State DataBase
LSP Label Switched Path
M
MA Maintenance Association
MAC Medium Access Control
MBS Maximum Burst Size
MD Maintenance Domain
MDU Multi-dwelling Unit
MEP Maintenance association End Point
MIB Management Information Base
MIP Maintenance association Interspace Point
MRU Maximum Receive Unit
MSTP Multiple Spanning Tree Protocol
MTU Maximum Transmission Unit
N
NBMA Non Broadcast Multiple Access
NHLFE Next Hop Label Forwarding Entry
NIC Network Information Center
NMS Network Management System
O
OSPF Open Shortest Path First
P
PITP Policy Information Transfer Protocol
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RARP Reverse Address Resolution Protocol
RFC Remote Feature Control
RIP Routing Information Protocol
RMON Remote Network Monitoring
S
SNMP Simple Network Management Protocol
SSH Secure Shell
STB Set Top Box
STP Spanning Tree Protocol
T
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP Trivial File Transfer Protocol
TOS Type of Service
TTL Time To Live
U
UDP User Datagram Protocol
V
VLAN Virtual LAN
VOD Video On Demand
VT Virtual Terminal
VTP VLAN Trunk Protocol
VTY Virtual Type Terminal
W
WRR Weighted Round Robin
Index
A definition, 4-3
anti DoS attack, enabling, 20-3
AAA, 8-2 anti ICMP attack, enabling, 20-5
advantage, 8-3 anti IP attack, enabling, 20-4
configuring authentication scheme, 8-16 anti IP spoofing, enabling, 19-11
creating domain, 8-17 anti MAC spoofing, enabling, 19-10
AAA, configuring, 8-16 apply cause of route policy, defining, 12-63
accessible address segment, configuring, 20-11 ARP, 11-2
ACL, 17-3 ARP proxy
activating, 17-25 configuring, 11-2
advanced ACL, 17-11 enabling, 11-6
basic ACL, 17-10 ARP, static ARP entry, 11-5
categories, 17-3 ATM-DSLAM, configuring, 26-3
configuring time range, 17-18 authentication scheme
creating, 17-16 configuring, 8-16
customized ACL, 17-15 specifying, 8-19
layer 2 ACL, 17-13 authority mode, setting, 31-52
ACL rule authority of program, granting, 31-60
advanced ACL rule, 17-21 authority profile
basic ACL rule, 17-20 binding with a user, 31-58
customized ACL rule, 17-23 modifying, 31-53
layer 2 ACL rule, 17-22 renaming, 31-54
setting step, 17-19 unbinding from a user, 31-59
adding user, 6-5 authority profile configuration
ADSL2+ modifying authority profile, 31-53
activating ADSL2+ port, 21-33 renaming authority profile, 31-54
adding alarm profile, 21-28 setting authority mode, 31-52
adding extended line profile, 21-25
adding line profile, 21-18 B
ADSL2+ port rate threshold, configuring, 21-35
configuring IPoA/IPoE conversion, 21-36 backup root bridge, specifying, 13-14
configuring port rate measurement threshold, 21-35 bandwidth management
enabling IPoA conversion, 21-36 disabling, 31-50
querying port information, 21-43 enabling, 31-48
ADSL2+ alarm profile,adding, 21-28 enabling bandwidth management, 31-48
ADSL2+ line profile, adding, 21-18 setting upstream port bandwidth, 31-50
ADSL2+ port, activating, 21-33 setting user bandwidth, 31-50
ADSL2+, definition, 21-3 basic ACL
advanced ACL configuring, 17-10
configuring, 17-11 basic ACL rule, creating, 17-20
advanced ACL rule, creating, 17-21 basic MPLS TE capability, configuring, 28-5
advanced RSVP-TE feature, configuring, 28-16 binding
agent SHDSL EFM multi-port, 22-29
configuration, 4-8 SHDSL multi-Pair, 22-28
PVC and PW template, binding, 27-30 disabling receiving host route, 12-25
disabling RIP packet transmission, 12-30
Q enabling packet receive/transmit , 12-32
enabling poison reverse, 12-34
QoS enabling process, 12-18
traffic entry, 18-2 enabling split horizon, 12-33
importing route of other protocol, 12-24
R resetting, 12-29
setting version, 12-19
RADIUS summary route IP address, 12-32
ANS port, 8-14 RIP packet transmission, disabling, 12-30
introduction, 8-3 RIP preference, configuring, 12-26
maximum retransmit count of RADIUS request, RIP process statistic, clearing, 12-30
8-12 RIP process, enabling, 12-18
RADIUS request RIP timer, configuring, 12-36
maximum retransmit count, 8-12 RIP version, setting, 12-19
specifying server template, 8-8 RIP-2 authentication mode, configuring, 12-35
RADIUS server RMEP
IP address & port number, 8-9 creating, 33-9
shared key, 8-10 enabling detection, 33-15
type, 8-13 robustness variable
user name format, 8-14 restoring to default value, 31-31
RADIUS server template setting, 31-30
specifying, 8-18 root bridge, specifying, 13-14
RADIUS serverresponse timeout interva of RADIUS route additional metric, configuring, 12-35
server route filtering policy, configuring, 12-27
response timeout interval, 8-11 route of other protocol, importing, 12-24
setting, 8-11 route policy
RADIUS, configuring, 8-7 defining, 12-60
read/write authorities, setting, 4-10 defining apply clause, 12-63
receiving host route, disabling, 12-25 defining if-match clause, 12-62
recognition time of preview route policy, configuring, 12-13
restoring to default value (30s), 31-40 route summarization
setting, 31-39 between areas, 12-56
remote serial port terminal routes imported by OSPF, 12-57
network topology, 2-8 rt-VBR, 17-6
setting parameter, 2-9
remote serial port terminalmodem requirement
, 2-7
S
remote serial portstarting HyperTerminal service board
, 2-10 confirming, 7-6
remote user authentication deleting, 7-6
configuring, 8-1 prohibiting, 7-7
report proxy switch see proxy of IGMP report packet, resetting, 7-7
31-42 service port
response time to general query adding to VLAN, 9-18
restoring to default value (10s), 31-33 adding to VLAN in batches, 9-20
setting, 31-32 setting description, 9-22
response time to specific query shared key of RADIUS server
restoring to default value (0.8s), 31-37 setting, 8-10
setting, 31-36 SHDSL
RIP activating SHDSL port, 22-30
clearing process statistic, 12-30 adding alarm profile, 22-24
configuring additional metric, 12-35 adding line profile, 22-21
configuring preference, 12-26 binding alarm profile, 22-27
configuring RIP-2 authentication mode, 12-35 configuring clock mode, 22-32
configuring timer, 12-36 querying port information, 22-31
configuring zero field check, 12-20 SHDSL alarm profile, adding, 22-24
V
VDSL
adding line profile, 23-24
VDSL2
activating port, 23-46
adding alarm template, 23-43
adding channel alarm profile, 23-40
adding channel profile, 23-31
adding line alarm profile, 23-37
adding line template, 23-35
binding alarm template, 23-45
definition, 23-3
querying port information, 23-47
VDSL2 alarm template, adding, 23-43
VDSL2 alarm template, binding, 23-45
VDSL2 channel alarm profile, adding, 23-40
VDSL2 channel profile, adding, 23-31
VDSL2 line alarm profile,adding, 23-37
VDSL2 line profile
adding, 23-24
VDSL2 line template,adding, 23-35
VDSL2 port activating, 23-46
VDSL2 port information, querying, 23-47
VLAN, 9-3
adding service port, 9-18
adding service port in batches, 9-20
adding upstream port, 9-17
attribute, 9-4
configuring attribute, 9-15