Manual Dslam Huawei PDF

SmartAX MA5600/MA5603 Multi-service Access Module
V300R003
Configuration Guide
Issue 04
Date 2007-11-30
Part Number 31500234
Huawei Technologies Proprietary

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Copyright © 2007 Huawei Technologies Co., Ltd. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Proprietary

Configuration Guide Contents
Contents
About This Document.....................................................................................................................1

1 Managing the License................................................................................................................1-1
1.1 Overview of the License.................................................................................................................................1-2
1.2 License Principles...........................................................................................................................................1-2
1.3 Configuration Example of the License Application........................................................................................1-3
1.4 Configuring the License Server.......................................................................................................................1-6
1.5 Configuring the ESN.......................................................................................................................................1-7
2 Configuring the Maintenance Terminal ...............................................................................2-1

2.1 Overview.........................................................................................................................................................2-2
2.2 Configuring the Terminal Through the Local Serial Port...............................................................................2-3
2.3 Configuring the Terminal Through the Remote Serial Port............................................................................2-7
2.4 Configuring the Terminal Through the Outband Management Channel .....................................................2-12
2.5 Configuring the Terminal Through the Inband Management Channel.........................................................2-15
2.6 Configuring the Terminal Through SSH.......................................................................................................2-19
3 Getting Started With CLI..........................................................................................................3-1

3.1 Overview.........................................................................................................................................................3-2
3.2 CLI Characteristics..........................................................................................................................................3-2
3.2.1 Command Modes...................................................................................................................................3-3
3.2.2 Intelligent Matching...............................................................................................................................3-5
3.2.3 Edit Characteristics................................................................................................................................3-6
3.2.4 Interaction Characteristics......................................................................................................................3-7
3.2.5 Parameter Prompt...................................................................................................................................3-7
3.2.6 Display Characteristics...........................................................................................................................3-8
3.2.7 Saving and Showing History Commands...............................................................................................3-9
3.2.8 CLI Error Prompts................................................................................................................................3-10
3.3 Basic Operations Through CLI.....................................................................................................................3-10
3.3.1 Obtaining Online Help Information.....................................................................................................3-11
3.3.2 Enabling Interactive Command Execution...........................................................................................3-13
3.3.3 Enabling CLI Trap Reporting..............................................................................................................3-13
3.3.4 Switching Terminal Language.............................................................................................................3-14
3.3.5 Setting System Time............................................................................................................................3-15
3.3.6 Setting System Name...........................................................................................................................3-16
Issue 04 (2007-11-30) Huawei Technologies Proprietary i

Contents Configuration Guide
3.3.7 Setting Terminal Type..........................................................................................................................3-16

3.3.8 Setting Timeout Exit Time...................................................................................................................3-17
3.3.9 Locking the Terminal...........................................................................................................................3-18
3.3.10 Clearing Terminal Screen...................................................................................................................3-18
3.3.11 Showing Version................................................................................................................................3-19
3.3.12 Showing CPU Usage..........................................................................................................................3-19
3.3.13 Showing the Memory Usage..............................................................................................................3-20
3.3.14 Testing Network State........................................................................................................................3-20
4 Configuring the Network Management................................................................................4-1

4.1 Overview.........................................................................................................................................................4-2
4.2 Basic Concepts................................................................................................................................................4-2
4.3 Configuration Example of an Outband NMS..................................................................................................4-3
4.4 Configuration Example of an Inband NMS....................................................................................................4-5
4.5 SNMP Agent Configuration............................................................................................................................4-8
4.5.1 Setting the SNMP Version.....................................................................................................................4-9
4.5.2 Adding a Community Name and Setting Its Read/Write Authorities..................................................4-10
4.5.3 Enabling Trap Sending.........................................................................................................................4-11
4.5.4 Setting the IP address of a Destination Host of Traps..........................................................................4-11
4.5.5 Setting the Source Interface for Sending Traps....................................................................................4-12
4.5.6 Setting the System Contact Information..............................................................................................4-13
4.5.7 Setting the System Location Information.............................................................................................4-13
4.5.8 Configuring an SNMP V3 User...........................................................................................................4-14
4.5.9 Configuring an SNMP V3 Group.........................................................................................................4-15
4.5.10 Configuring an SNMP MIB View.....................................................................................................4-16
4.5.11 Configuring the Local SNMP Engine ID...........................................................................................4-17
4.5.12 Enabling the Handshake Function between the MA5600 and the N2000.........................................4-18
4.5.13 Setting the Handshake Interval..........................................................................................................4-19
4.6 Configuring the IP Address of the Outband NMS Interface.........................................................................4-20
4.7 Configuring an NMS Route..........................................................................................................................4-21
4.8 Configuring the IP Address of the Inband NMS Interface............................................................................4-22
5 Configuring the Log Host.........................................................................................................5-1

5.1 Overview.........................................................................................................................................................5-2
5.2 Configuration Example of a Log Host............................................................................................................5-2
5.3 Configuring a Log Host...................................................................................................................................5-3
5.4 Deleting a Log Host........................................................................................................................................5-4
5.5 Deactivating a Log Host..................................................................................................................................5-5
5.6 Querying Logs.................................................................................................................................................5-6
6 Managing Users..........................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2
6.2 Adding a User Profile......................................................................................................................................6-2
6.3 Adding a User..................................................................................................................................................6-5
ii Huawei Technologies Proprietary Issue 04 (2007-11-30)

6.4 Modifying the User Attributes........................................................................................................................6-7

6.4.1 Modifying the Profile Bound with a User..............................................................................................6-7
6.4.2 Modifying a User Level.........................................................................................................................6-8
6.4.3 Changing a User Password.....................................................................................................................6-9
6.4.4 Modifying the Permitted Reenter Number...........................................................................................6-10
6.4.5 Modifying the Appended Information.................................................................................................6-11
6.5 Disconnecting an Online User.......................................................................................................................6-12
6.6 Deleting a User..............................................................................................................................................6-13
7 Managing the Device.................................................................................................................7-1

7.1 Overview.........................................................................................................................................................7-2
7.2 Setting the Description of a Shelf...................................................................................................................7-3
7.3 Resetting the Control Boards..........................................................................................................................7-3
7.4 Adding a Service Board Offline......................................................................................................................7-4
7.5 Confirming a Service Board............................................................................................................................7-6
7.6 Deleting a Service Board.................................................................................................................................7-6
7.7 Resetting a Service Board...............................................................................................................................7-7
7.8 Prohibiting a Service Board............................................................................................................................7-7
7.9 Managing a Subboard......................................................................................................................................7-8
8 Configuring the Remote User Authentication.....................................................................8-1

8.1 Overview.........................................................................................................................................................8-2
8.2 Related Concepts.............................................................................................................................................8-2
8.2.1 Introduction to AAA..............................................................................................................................8-2
8.2.2 Introduction to RADIUS........................................................................................................................8-3
8.2.3 Introduction to SSH................................................................................................................................8-3
8.3 Configuration Example of Remote User Authentication................................................................................8-4
8.4 Configuring RADIUS.....................................................................................................................................8-7
8.4.1 Overview................................................................................................................................................8-7
8.4.2 Specifying the RADIUS Server Template.............................................................................................8-8
8.4.3 Setting the IP Address and Port Number of a RADIUS Server.............................................................8-9
8.4.4 Setting the Shared Key of the RADIUS Server...................................................................................8-10
8.4.5 Setting the Response Timeout Interval of a RADIUS Server..............................................................8-11
8.4.6 Setting the Maximum Retransmit Count of RADIUS Request Packets..............................................8-12
8.4.7 Setting the RADIUS Server Type........................................................................................................8-13
8.4.8 Configuring an NAS Port and Its ID Format.......................................................................................8-14
8.4.9 Setting the Format of User Name Sent to a RADIUS Server..............................................................8-14
8.5 Configuring AAA..........................................................................................................................................8-16
8.5.1 Configuring an Authentication Scheme...............................................................................................8-16
8.5.2 Creating a Domain...............................................................................................................................8-17
8.5.3 Specifying the RADIUS Server Template...........................................................................................8-18
8.5.4 Specifying the Authentication Scheme................................................................................................8-19
8.6 Configuring SSH...........................................................................................................................................8-21
8.6.1 Creating the Local RSA Key Pair........................................................................................................8-21
Issue 04 (2007-11-30) Huawei Technologies Proprietary iii

8.6.2 Configuring the SSH User Public Key.................................................................................................8-22

8.6.3 Configuring an SSH User.....................................................................................................................8-24
9 Configuring the VLAN ............................................................................................................9-1

9.1 Overview.........................................................................................................................................................9-3
9.2 Configuration Example of a Standard VLAN.................................................................................................9-5
9.3 Configuration Example of a Smart VLAN..................................................................................................... 9-5
9.4 Configuration Example of a MUX VLAN......................................................................................................9-7
9.5 Configuration Example of the Super VLAN...................................................................................................9-9
9.6 Creating a VLAN..........................................................................................................................................9-13
9.7 Configuring the VLAN Attribute..................................................................................................................9-15
9.8 Setting the Inner and Outer Ethernet Protocols Type of a Stacking VLAN.................................................9-16
9.9 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN..................................................9-17
9.10 Adding an Upstream Port to a VLAN.........................................................................................................9-17
9.11 Adding a Service Port to a VLAN..............................................................................................................9-18
9.12 Adding Service Ports in Batches.................................................................................................................9-20
9.13 Setting the Description of a Service Port....................................................................................................9-22
10 Configuring the DHCP Relay..............................................................................................10-1

10.1 Overview.....................................................................................................................................................10-3
10.2 Configuration Example of DHCP Standard Mode......................................................................................10-4
10.3 Configuration Example of DHCP Option60 Mode.....................................................................................10-6
10.4 Configuration Example of DHCP MAC Address Segment Mode..............................................................10-9
10.5 Creating a DHCP Server Group................................................................................................................10-12
10.6 Setting Working Mode of a DHCP Server................................................................................................10-13
10.7 Setting DHCP Relay Mode.......................................................................................................................10-14
10.8 Binding a DHCP Server Group with a VLAN Interface...........................................................................10-15
10.9 Creating an Option60 Domain..................................................................................................................10-16
10.10 Binding a DHCP Server Group with a DHCP Option60 Domain..........................................................10-17
10.11 Configuring the Gateway of a DHCP Option60 Domain.......................................................................10-17
10.12 Creating a DHCP MAC Address Segment.............................................................................................10-18
10.13 Setting the Range of a DHCP MAC Address Segment..........................................................................10-19
10.14 Binding a DHCP Server Group with a DHCP MAC Address Segment.................................................10-20
10.15 Configuring the Gateway of a DHCP MAC Address Segment..............................................................10-21
11 Configuring the ARP & ARP Proxy....................................................................................11-1

11.1 Overview.....................................................................................................................................................11-2
11.2 Configuration Example of the ARP Proxy..................................................................................................11-2
11.3 Adding a Static ARP Entry.........................................................................................................................11-5
11.4 Enabling the ARP Proxy.............................................................................................................................11-6
12 Configuring the Routing Protocol......................................................................................12-1

12.1 Routing Protocol Configuration..................................................................................................................12-3
12.2 Configuration Example of the Static Route................................................................................................12-3
12.3 Configuration Example of RIP....................................................................................................................12-6
iv Huawei Technologies Proprietary Issue 04 (2007-11-30)

12.4 Configuration Example of OSPF................................................................................................................12-9

12.5 Configuration Example of a Route Policy................................................................................................12-13
12.6 Adding a Static Route...............................................................................................................................12-16
12.7 Configuring RIP........................................................................................................................................12-17
12.7.1 Enabling RIP Process.......................................................................................................................12-18
12.7.2 Setting the RIP Version....................................................................................................................12-19
12.7.3 Configuring Zero Field Check for RIP-I Packets.............................................................................12-20
12.7.4 Setting the Cost of the Default Route...............................................................................................12-21
12.7.5 Enabling Route Summarization.......................................................................................................12-22
12.7.6 Specifying Default Routing Metric..................................................................................................12-23
12.7.7 Importing Routes of Other Protocols...............................................................................................12-24
12.7.8 Disabling Receiving Host Routes....................................................................................................12-25
12.7.9 Configuring the RIP Preference.......................................................................................................12-26
12.7.10 Configuring the Route Filtering Policy..........................................................................................12-27
12.7.11 Verifying the Source IP Address of a RIP Route Update..............................................................12-28
12.7.12 Resetting RIP..................................................................................................................................12-29
12.7.13 Clearing RIP Process Statistics......................................................................................................12-30
12.7.14 Disabling RIP Packet Transmission on an Interface......................................................................12-30
12.7.15 Configuring the IP Address of a Peer Router.................................................................................12-31
12.7.16 Configuring a Summary Route IP Address....................................................................................12-32
12.7.17 Enabling an Interface to Receive/Transmit RIP Packets................................................................12-32
12.7.18 Enabling the Split Horizon Function..............................................................................................12-33
12.7.19 Enabling the Poison Reverse Function...........................................................................................12-34
12.7.20 Configuring the RIP-2 Authentication Mode.................................................................................12-35
12.7.21 Configuring the Additional Metric of a Route...............................................................................12-35
12.7.22 Configuring the RIP Timer............................................................................................................12-36
12.7.23 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN............12-37
12.8 Configuring OSPF.....................................................................................................................................12-38
12.8.1 Enabling OSPF Process....................................................................................................................12-39
12.8.2 Configuring DR Priority...................................................................................................................12-40
12.8.3 Setting an OSPF Router ID..............................................................................................................12-40
12.8.4 Entering OSPF Area Config Mode..................................................................................................12-41
12.8.5 Configuring Subnets for an Area.....................................................................................................12-42
12.8.6 Configuring the OSPF Stub Area.....................................................................................................12-43
12.8.7 Configuring an NBMA Adjacent Router.........................................................................................12-43
12.8.8 Setting OSPF Preference..................................................................................................................12-44
12.8.9 Disabling OSPF Packet Transmission on an Interface.....................................................................12-45
12.8.10 Configuring the Maximum OSPF Route Count.............................................................................12-46
12.8.11 Enabling OSPF Logging Function.................................................................................................12-47
12.8.12 Setting the VLAN-Based Transparent Transmission for OSPF Packets.......................................12-47
12.9 Configuring OSPF on a VLAN Interface..................................................................................................12-48
12.9.1 Configuring the Network Type on an OSPF Interface.....................................................................12-48
Issue 04 (2007-11-30) Huawei Technologies Proprietary v

12.9.2 Configuring OSPF Cost...................................................................................................................12-49

12.9.3 Configuring OSPF Packet Authentication.......................................................................................12-50
12.9.4 Configuring the MTU of the DD Packet..........................................................................................12-50
12.10 Configuring OSPF Timer........................................................................................................................12-51
12.10.1 Setting the Interval for Sending the Hello Packets........................................................................12-52
12.10.2 Setting the Dead Time Between Adjacent Routers........................................................................12-52
12.10.3 Setting the Hello Packet Poll Interval............................................................................................12-53
12.10.4 Setting the LSA Transmit Delay....................................................................................................12-54
12.10.5 Setting the LSA Retransmit Interval between Adjacent Routers...................................................12-55
12.10.6 Setting the SPF Calculation Interval for OSPF..............................................................................12-55
12.11 Configuring Route Summarization.........................................................................................................12-56
12.11.1 Configuring Route Summarization Between Areas.......................................................................12-56
12.11.2 Configuring the Summarization of Routes Imported by OSPF.....................................................12-57
12.12 Configuring OSPF Route Import............................................................................................................12-58
12.12.1 Importing Routes from Other Protocols into OSPF.......................................................................12-58
12.12.2 Setting the Default Parameters of OSPF Imported Routes............................................................12-59
12.13 Configuring a Route Policy.....................................................................................................................12-60
12.13.1 Defining a Route Policy.................................................................................................................12-60
12.13.2 Defining the if-match Clause of a Route Policy............................................................................12-62
12.13.3 Defining the apply Clause of a Route Policy.................................................................................12-63
13 Configuring MSTP.................................................................................................................13-1
13.1 Overview.....................................................................................................................................................13-3
13.2 Enabling the MSTP Function......................................................................................................................13-3
13.3 Setting the Working Mode of MSTP..........................................................................................................13-5
13.4 Setting the MST Region Parameters...........................................................................................................13-6
13.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region............13-7
13.4.2 Configuring the MST Region Name..................................................................................................13-8
13.4.3 Mapping the Specified VLAN to the Specified MSTP Instance........................................................13-9
13.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic............................................13-10
13.4.5 Setting the MSTP Revision Level....................................................................................................13-11
13.4.6 Restoring the Default Settings for All Parameters of the MST Region...........................................13-13
13.5 Activating the Configuration of the MST Region.....................................................................................13-13
13.6 Specifying the Device as a Root Bridge or a Backup Root Bridge...........................................................13-14
13.7 Setting the Priority of the Device in the Specified Spanning Tree Instance.............................................13-15
13.8 Setting the Maximum Hop of the MST Region........................................................................................13-17
13.9 Setting the Diameter of the Switching Fabric...........................................................................................13-18
13.10 Setting the Calculation Standard for the Path Cost.................................................................................13-19
13.11 Setting the Time Parameters of the Specified Network Bridge..............................................................13-20
13.11.1 Setting the Forward Delay of the Specified Network Bridge........................................................13-21
13.11.2 Setting the Hello Time of the Specified Network Bridge..............................................................13-22
13.11.3 Setting the Max Age of the Specified Network Bridge..................................................................13-23
13.11.4 Setting the Timeout Time Factor of the Specified Network Bridge..............................................13-25
vi Huawei Technologies Proprietary Issue 04 (2007-11-30)

13.12 Setting the Parameters of the Specified Port...........................................................................................13-26

13.12.1 Setting the Maximum Transmission Rate of the Specified Port....................................................13-26
13.12.2 Setting the Specified Port as an Edge Port.....................................................................................13-27
13.12.3 Setting the Path Cost of the Port in the Specified Spanning Tree Instance....................................13-28
13.12.4 Setting the Priority of the Specified Port.......................................................................................13-30
13.12.5 Setting the Point-to-Point Link Connection of the Specified Port.................................................13-31
13.13 Setting the mCheck Variable...................................................................................................................13-32
13.14 Configuring the Device Protection Function..........................................................................................13-33
13.14.1 Enabling the BPDU Protection Function of the Device.................................................................13-33
13.14.2 Enabling the Loop Protection Function of the Device...................................................................13-34
13.14.3 Enabling the Root Protection Function of the Device....................................................................13-35
13.15 Clear the MSTP Protocol Statistics.........................................................................................................13-36
14 Configuring NTP....................................................................................................................14-1
14.1 Overview.....................................................................................................................................................14-3
14.2 Configuration Example of NTP Broadcast Mode.......................................................................................14-3
14.3 Configuration Example of NTP Multicast Mode........................................................................................14-6
14.4 Configuration Example of NTP Server/Client Mode..................................................................................14-9
14.5 Configuration Example of NTP Peer Mode..............................................................................................14-13
14.6 Configuring the NTP ID Authentication...................................................................................................14-16
14.7 Configuring the NTP Master Clock..........................................................................................................14-18
14.8 Configuring NTP Broadcast Mode...........................................................................................................14-19
14.8.1 Configuring NTP Broadcast Server Mode.......................................................................................14-19
14.8.2 Configuring NTP Broadcast Client Mode........................................................................................14-20
14.9 Configuring the NTP Multicast Mode......................................................................................................14-21
14.10 Configuring NTP Server/Client Mode....................................................................................................14-23
14.11 Configuring NTP Peer Mode..................................................................................................................14-24
14.12 Configuring the Authority of Access to a Local Device's NTP Service.................................................14-25
14.13 Configuring an Interface for Transmitting/Receiving NTP Packets.......................................................14-26
15 Configuring MAC Address..................................................................................................15-1

15.1 Overview.....................................................................................................................................................15-2
15.2 Adding a Static MAC Address....................................................................................................................15-2
15.3 Setting the Maximum MAC Address Number Learned by a Service Port.................................................15-3
15.4 Configuring the Aging Time of a Dynamic MAC Address........................................................................15-4
15.5 Binding the MAC Address..........................................................................................................................15-5
15.6 Configuring MAC Address Filtering..........................................................................................................15-5
15.7 Configuring the MAC Address Pool...........................................................................................................15-6
16 Configuring TCP/IP Connection.........................................................................................16-1

16.1 Overview.....................................................................................................................................................16-2
16.2 Basic Concepts............................................................................................................................................16-2
16.3 Configuring the Synwait Timer...................................................................................................................16-2
16.4 Configuring the Finwait Timer...................................................................................................................16-3
Issue 04 (2007-11-30) Huawei Technologies Proprietary vii

16.5 Configuring the Socket Buffer....................................................................................................................16-3

16.6 Enabling the TCP Debugging.....................................................................................................................16-4
16.7 Enabling the IP Packets Debugging............................................................................................................16-5
17 Configuring ACL....................................................................................................................17-1
17.1 Overview.....................................................................................................................................................17-3
17.2 Related Concepts.........................................................................................................................................17-6
17.3 Configuring the Basic ACL.......................................................................................................................17-10
17.4 Configuring the Advanced ACL...............................................................................................................17-11
17.5 Configuring the Layer 2 ACL...................................................................................................................17-13
17.6 Configuration Example of the Customized ACL......................................................................................17-15
17.7 Creating an ACL.......................................................................................................................................17-16
17.8 Configuring a Time Range........................................................................................................................17-18
17.9 Setting the Step..........................................................................................................................................17-19
17.10 Creating a Basic ACL Rule.....................................................................................................................17-20
17.11 Creating an Advanced ACL Rule............................................................................................................17-21
17.12 Creating a Layer 2 ACL Rule.................................................................................................................17-22
17.13 Creating a Customized ACL Rule...........................................................................................................17-23
17.14 Activating an ACL..................................................................................................................................17-25
18 Configuring the QoS.............................................................................................................18-1

18.1 Overview.....................................................................................................................................................18-2
18.2 Configuring the Traffic Entry.....................................................................................................................18-2
18.3 Configuring the Queue Scheduling.............................................................................................................18-5
18.3.1 Configuring the Queue Scheduling....................................................................................................18-6
18.4 Managing the Traffic Based on the ACL Rule............................................................................................18-7
18.4.1 Restricting the Traffic That Matches the ACL Rule..........................................................................18-8
18.4.2 Adding a Priority Tag to the Traffic That Matches the ACL Rule....................................................18-9
18.4.3 Measuring the Traffic That Matches the ACL Rule.........................................................................18-10
18.4.4 Mirroring the Traffic That Matches the ACL Rule..........................................................................18-11
18.4.5 Redirecting the Traffic That Matches the ACL Rule.......................................................................18-12
18.5 Setting the Rate Limit for an Upstream Port.............................................................................................18-13
19 Configuring User Security....................................................................................................19-1

19.1 Overview.....................................................................................................................................................19-3
19.2 Enabling the PITP.......................................................................................................................................19-3
19.3 Setting the RAIO Working Mode...............................................................................................................19-4
19.4 Setting the Ethernet Encapsulation Type....................................................................................................19-5
19.5 Enabling the DHCP Option82 Function......................................................................................................19-6
19.6 Setting the Maximum Length of DHCP Packets........................................................................................19-7
19.7 Binding the IP Address...............................................................................................................................19-8
19.8 Binding the MAC Address..........................................................................................................................19-9
19.9 Enabling Anti MAC Spoofing...................................................................................................................19-10
19.10 Enabling Anti IP Spoofing......................................................................................................................19-11
viii Huawei Technologies Proprietary Issue 04 (2007-11-30)

20 Configuring System Security...............................................................................................20-1

20.1 Overview.....................................................................................................................................................20-3
20.2 Enabling Anti DoS Attack...........................................................................................................................20-3
20.3 Enabling Anti IP Attack..............................................................................................................................20-4
20.4 Enabling Anti ICMP Attack........................................................................................................................20-5
20.5 Enabling Source Route Filtering.................................................................................................................20-5
20.6 Configuring MAC Address Filtering..........................................................................................................20-6
20.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE/DHCP Users..................................20-7
20.8 Configuring the Black List..........................................................................................................................20-8
20.9 Configuring the Firewall Function..............................................................................................................20-9
20.10 Configuring an Accessible Address Segment.........................................................................................20-11
20.11 Configuring the Inaccessible Address Segment......................................................................................20-12
21 Configuring the ADSL2+ Service.......................................................................................21-1

21.1 Overview.....................................................................................................................................................21-3
21.2 Configuration Example of the ADSL2+ PPPoE/IPoE Service...................................................................21-4
21.3 Configuration Example of the ADSL2+ IPoA Service...............................................................................21-8
21.4 Configuration Example of the ADSL2+ PPPoA Service..........................................................................21-13
21.5 Adding an ADSL2+ Line Profile..............................................................................................................21-18
21.6 Adding an Extended ADSL2+ Line Profile..............................................................................................21-25
21.7 Adding an ADSL2+ Alarm Profile...........................................................................................................21-28
21.8 Activating an ADSL2+ Port......................................................................................................................21-33
21.9 Configuring the Port Rate Measurement Thresholds for an ADSL2+ Port..............................................21-35
21.10 Configuring IPoA/IPoE Protocol Conversion.........................................................................................21-36
21.10.1 Enabling IPoA Protocol Conversion..............................................................................................21-36
21.10.2 Setting the Aging time of IPoA Forwarding Entry........................................................................21-37
21.10.3 Setting the Default Gateway of the IPoA User..............................................................................21-38
21.10.4 Configuring the Encapsulation Type of the IPoA User.................................................................21-38
21.11 Configuring PPPoA/PPPoE Protocol Conversion...................................................................................21-40
21.11.1 Enabling PPPoA Protocol Conversion...........................................................................................21-40
21.11.2 Configuring the Encapsulation Type of the PPPoA User..............................................................21-41
21.11.3 Enabling PPPoA/PPPoE MRU Negotiation...................................................................................21-42
21.12 Querying an ADSL2+ Port......................................................................................................................21-43
21.13 Enabling the Auto PVC Configuration of an ADSL Modem.................................................................21-44
22 Configuring the SHDSL Service.........................................................................................22-1

22.1 Overview.....................................................................................................................................................22-3
22.2 Configuration Example of the SHDSL IPoE/PPPoE Service.....................................................................22-4
22.3 Configuration Example of the SHDSL IPoA Service.................................................................................22-9
22.4 Configuration Example of the SHDSL PPPoA Service............................................................................22-15
22.5 Adding an SHDSL Line Profile................................................................................................................22-21
22.6 Adding an SHDSL Alarm Profile.............................................................................................................22-24
22.7 Binding an SHDSL Alarm Profile............................................................................................................22-27
22.8 Configuring the SHDSL Multi-Pair Binding............................................................................................22-28
Issue 04 (2007-11-30) Huawei Technologies Proprietary ix

22.9 Configuring the SHDSL EFM Multi-port Binding...................................................................................22-29

22.10 Activating an SHDSL Port......................................................................................................................22-30
22.11 Querying an SHDSL Port........................................................................................................................22-31
22.12 Configuring the Clock Mode...................................................................................................................22-32
23 Configuring the VDSL2 Service..........................................................................................23-1

23.1 Overview.....................................................................................................................................................23-3
23.2 Configuration Example of the VDSL2 PPPoE/IPoE Service.....................................................................23-3
23.3 Configuration Example of the VDSL2 IPoA Service...............................................................................23-10
23.4 Configuration Example of the VDSL2 PPPoA Service............................................................................23-17
23.5 Adding a VDSL2 Line Profile..................................................................................................................23-24
23.6 Adding a VDSL2 Channel Profile............................................................................................................23-31
23.7 Adding a VDSL2 Line Template..............................................................................................................23-35
23.8 Adding a VDSL2 Line Alarm Profile.......................................................................................................23-37
23.9 Adding a VDSL2 Channel Alarm Profile.................................................................................................23-40
23.10 Adding a VDSL2 Alarm Template.........................................................................................................23-43
23.11 Binding an VDSL2 Alarm Template......................................................................................................23-45
23.12 Activating a VDSL2 Port........................................................................................................................23-46
23.13 Querying a VDSL2 port..........................................................................................................................23-47
24 Configuring Protection for Upstream Link.......................................................................24-1

24.1 Overview.....................................................................................................................................................24-2
24.2 Configuration Example of the Upstream Link Protection...........................................................................24-3
24.3 Configuring a Protection Group..................................................................................................................24-5
24.4 Configuring the Protection Group Weight..................................................................................................24-6
25 Configuring Device Subtending.........................................................................................25-1

25.1 Overview.....................................................................................................................................................25-3
25.2 Configuration Example of the Ethernet Access Service.............................................................................25-3
25.3 Configuration Example of the Subtended Network Through the SCU Board............................................25-5
25.4 Configuration Example of Subtending Device Through the ETHA Board................................................25-7
25.5 Configuring the Working Mode of the ETH Board....................................................................................25-9
25.6 Configuring the Physical Attributes of an Ethernet Port...........................................................................25-10
25.6.1 Setting the Auto-negotiation Mode of an Ethernet Port...................................................................25-10
25.6.2 Setting the Duplex Mode of an Ethernet Port..................................................................................25-11
25.6.3 Setting the Rate of an Ethernet Port.................................................................................................25-12
25.6.4 Setting the Network Cable Type of an Ethernet Port.......................................................................25-13
25.7 Enabling the Flow Control on an Ethernet Port........................................................................................25-13
25.8 Enabling the Traffic Suppression..............................................................................................................25-14
25.9 Enabling the Ethernet Port Aggregation...................................................................................................25-16
25.10 Mirroring an Ethernet Port......................................................................................................................25-17
25.11 Adding an Ethernet Port to a VLAN.......................................................................................................25-18
25.12 Configuring the Outer QinQ VLAN of the Ethernet Port.......................................................................25-19
25.13 Setting the Native VLAN for an Ethernet Port.......................................................................................25-20
x Huawei Technologies Proprietary Issue 04 (2007-11-30)

26 Configuring ATM-DSLAM Access....................................................................................26-1

26.1 Overview.....................................................................................................................................................26-2
26.2 Configuration Example of the ATM-DSLAM Access...............................................................................26-3
26.3 Setting the OPTIC Port Mode.....................................................................................................................26-6
26.4 Setting the OPTIC Port Type......................................................................................................................26-7
26.5 Adding an IMA Group................................................................................................................................26-8
26.6 Setting the IMA Group Mode...................................................................................................................26-10
26.7 Adding an IMA Link.................................................................................................................................26-12
26.8 Setting the Line Type for an E3 Port.........................................................................................................26-13
26.9 Setting the E3 Port Type...........................................................................................................................26-14
26.10 Setting the Tx Clock of an E3 Port.........................................................................................................26-15
26.11 Clearing the Statistics of an E3 Port........................................................................................................26-16
27 Configuring MPLS Access....................................................................................................27-1

27.1 Overview.....................................................................................................................................................27-2
27.2 Configuration Example of MPLS - Based on Binding the PVC with the PW Profile................................27-2
27.3 Configuration Example of MPLS- Based on Binding the VLAN with the PW Profile..............................27-6
27.4 Basic Configuration of MPLS...................................................................................................................27-10
27.4.1 Configuring the LSR ID...................................................................................................................27-10
27.4.2 Enabling MPLS................................................................................................................................27-11
27.5 Static LSP Configuration..........................................................................................................................27-12
27.5.1 Overview..........................................................................................................................................27-12
27.5.2 Configuring the Ingress LSR of the Static LSP...............................................................................27-13
27.5.3 Configuring the Egress LSR of the Static LSP................................................................................27-14
27.5.4 Configuring the LSP CAR...............................................................................................................27-14
27.6 MPLS LDP Configuration........................................................................................................................27-15
27.6.1 Overview..........................................................................................................................................27-16
27.6.2 Enabling the MPLS LDP..................................................................................................................27-16
27.6.3 Configuring Parameters of the LDP Basic Discovery.....................................................................27-17
27.6.4 Configuring Parameters of the LDP Extended Discovery...............................................................27-19
27.6.5 Configuring Parameters of the LDP Basic Session..........................................................................27-20
27.6.6 Configuring Parameters of the LDP Extended Session...................................................................27-21
27.6.7 Configuring the LDP LSP Triggering Policy...................................................................................27-22
27.6.8 Configuring the LDP Label Retention Mode...................................................................................27-23
27.6.9 Configuring the LDP Loopback Detection......................................................................................27-24
27.6.10 Configuring the LDP MD5 Authentication....................................................................................27-25
27.6.11 Enable the LDP MTU Signaling Function.....................................................................................27-27
27.7 PW Configuration.....................................................................................................................................27-28
27.7.1 Enable the MPLS L2VPN................................................................................................................27-28
27.7.2 Configuring a PW Template............................................................................................................27-29
27.7.3 Binding a PVC with a PW Template...............................................................................................27-30
27.7.4 Binding a VLAN with a PW Template............................................................................................27-31
28 Configuring MPLS RSVP-TE..............................................................................................28-1
Issue 04 (2007-11-30) Huawei Technologies Proprietary xi

28.1 Overview.....................................................................................................................................................28-2
28.2 Configuration Example for Establishing an MPLS TE Tunnel by Using RSVP-TE..................................28-2
28.3 Configuring Basic MPLS TE Capability....................................................................................................28-5
28.3.1 Enabling MPLS TE Feature...............................................................................................................28-6
28.3.2 Creating an MPLS TE Tunnel............................................................................................................28-7
28.4 Configuring an MPLS TE Tunnel by Using Dynamic Signaling...............................................................28-8
28.4.1 Configuring Bandwidth of Links.......................................................................................................28-9
28.4.2 Enabling OSPF TE...........................................................................................................................28-10
28.4.3 Configuring the MPLS TE Explicit Path.........................................................................................28-11
28.4.4 Configuring Constraints of an MPLS TE Tunnel............................................................................28-12
28.4.5 Configuring CSPF............................................................................................................................28-13
28.4.6 Establishing an MPLS TE Tunnel by Using RSVP-TE...................................................................28-15
28.5 Configuring Advanced RSVP-TE Features..............................................................................................28-16
28.5.1 Configuring RSVP Hello Extension................................................................................................28-16
28.5.2 Configuring RSVP Resource Reservation Style..............................................................................28-18
28.5.3 Configuring RSVP Timers...............................................................................................................28-19
28.5.4 Enabling RSVP Message Transmission Reliability.........................................................................28-21
28.5.5 Enabling RSVP-TE Srefresh Function.............................................................................................28-22
28.5.6 Enabling RSVP-TE Reservation Confirmation Mechanism............................................................28-23
28.5.7 Enabling RSVP Authentication........................................................................................................28-24
28.6 Tuning the Establishment of CR-LSP.......................................................................................................28-25
28.6.1 Configuring Tie-Breaking of CSPF.................................................................................................28-26
28.6.2 Configuring Route Pinning of CSPF................................................................................................28-27
28.6.3 Configuring Administrative Group and Affinity Property...............................................................28-28
28.6.4 Configuring Reoptimization for CR-LSP........................................................................................28-30
28.7 Tuning the Establishment of an MPLS TE Tunnel...................................................................................28-31
28.7.1 Configuring Loop Detection............................................................................................................28-32
28.7.2 Configuring the Route Record and the Label Record......................................................................28-33
28.7.3 Configuring Parameters of Tunnel Reestablishment.......................................................................28-34
28.7.4 Configuring Tunnel Priority.............................................................................................................28-35
29 Configuring the VLAN Stacking Wholesale Service......................................................29-1

29.1 Overview.....................................................................................................................................................29-2
29.2 Configuration Example of the Wholesale Service......................................................................................29-2
30 Configuring the QinQ VLAN Leased Line Service.........................................................30-1

30.1 Overview.....................................................................................................................................................30-2
30.2 Configuration Example of the QinQ VLAN Leased Line Service.............................................................30-2
30.3 Enabling Transparent Transmission of BPDUs..........................................................................................30-5
31 Configuring the Multicast Service......................................................................................31-1

31.1 Overview.....................................................................................................................................................31-3
31.2 Configuration Example of IGMP Proxy Multicast Service........................................................................31-3
31.3 Configuration Example of IGMP Snooping................................................................................................31-6
xii Huawei Technologies Proprietary Issue 04 (2007-11-30)

31.4 Configuration Example of Multicast Service in Subtending Mode..........................................................31-10

31.5 Configuring Multicast Service in MSTP Networking...............................................................................31-15
31.6 Setting the IGMP Mode............................................................................................................................31-23
31.7 Configuring an IGMP Upstream Port.......................................................................................................31-24
31.8 Specifying a Subtending Port....................................................................................................................31-25
31.9 Configuring a Program for a Static Subtending Port................................................................................31-26
31.10 Configuring IGMP Global Parameters....................................................................................................31-27
31.10.1 Enabling the IGMP Proxy Authorization.......................................................................................31-28
31.10.2 Setting the Robustness Variable.....................................................................................................31-30
31.10.3 Setting the General Query Interval.................................................................................................31-31
31.10.4 Setting the Maximum Response Time to the General Query.........................................................31-32
31.10.5 Setting the Number of Specific Queries.........................................................................................31-33
31.10.6 Setting the Specific Query Interval................................................................................................31-35
31.10.7 Setting the Maximum Response Time to the Specific Query........................................................31-36
31.10.8 Setting the Unsolicited Report Interval..........................................................................................31-37
31.10.9 Setting the TTL for a V2 Router....................................................................................................31-38
31.10.10 Setting the Preview Recognition Time.........................................................................................31-39
31.10.11 Enabling the User Action Report Function..................................................................................31-41
31.10.12 Enabling the Proxy of the IGMP Report Packet..........................................................................31-42
31.10.13 Enabling the Proxy of the IGMP Leave Packet...........................................................................31-43
31.10.14 Set the Permitted Encapsulation Mode of IGMP Packets............................................................31-44
31.10.15 Enabling IGMP Echo Function....................................................................................................31-45
31.11 Adding a Program...................................................................................................................................31-46
31.12 Managing Multicast Bandwidth..............................................................................................................31-48
31.12.1 Enabling the Bandwidth Management Function............................................................................31-48
31.12.2 Setting Upstream Port Bandwidth..................................................................................................31-50
31.12.3 Setting User Bandwidth.................................................................................................................31-50
31.13 Configuring an Authority Profile............................................................................................................31-51
31.13.1 Setting the Authority Mode............................................................................................................31-52
31.13.2 Modifying an Authority Profile......................................................................................................31-53
31.13.3 Renaming an Authority Profile......................................................................................................31-54
31.14 Configuring Multicast Users...................................................................................................................31-55
31.14.1 Adding a BTV User........................................................................................................................31-55
31.14.2 Modifying the Attributes of a User................................................................................................31-56
31.14.3 Blocking a BTV User.....................................................................................................................31-57
31.14.4 Binding a User with an Authority Profile......................................................................................31-58
31.14.5 Granting Program Authorities to a User........................................................................................31-59
31.14.6 Enabling the Function of Monitoring the BTV User.....................................................................31-60
31.15 Configuring the Preview Function..........................................................................................................31-61
31.15.1 Enabling the Preview Function......................................................................................................31-61
31.15.2 Setting the Preview Parameters......................................................................................................31-62
31.15.3 Setting the Preview Auto Reset Time............................................................................................31-63
Issue 04 (2007-11-30) Huawei Technologies Proprietary xiii

31.15.4 Clearing the Preview Records Manually........................................................................................31-65

31.16 Configuring the Logging Function..........................................................................................................31-66
31.16.1 Enabling the Logging Function......................................................................................................31-66
31.16.2 Setting the Logging Interval...........................................................................................................31-67
31.16.3 Configuring Log Reporting............................................................................................................31-69
31.16.4 Collecting Log Statistics................................................................................................................31-70
32 Configuring the Triple Play Service...................................................................................32-1

32.1 Overview.....................................................................................................................................................32-2
32.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services..........................................32-3
32.3 Configuration Example of Triple Play - Based on the User-Side VLAN...................................................32-9
32.4 Configuration Example of Triple Play - Based on 802.1p........................................................................32-14
32.5 Configuration Example of the Triple Play Service - Based on the Service Encapsulation Type.............32-20
33 Configuring the Ethernet OAM..........................................................................................33-1

33.1 Overview.....................................................................................................................................................33-3
33.2 Configuration Example of Ethernet OAM..................................................................................................33-3
33.3 Creating an MD...........................................................................................................................................33-6
33.4 Creating an MA...........................................................................................................................................33-7
33.5 Creating an MEP.........................................................................................................................................33-8
33.6 Creating an RMEP...................................................................................................................................... 33-9
33.7 Enabling the CFM Globally......................................................................................................................33-10
33.8 Enabling the CFM Alarm Globally...........................................................................................................33-11
33.9 Enabling the Administration Function of an MEP....................................................................................33-12
33.10 Enabling the CC Transmission of an MEP.............................................................................................33-13
33.11 Enabling the Global Detection Function of an RMEP............................................................................33-14
33.12 Enabling RMEP Detection Function.......................................................................................................33-15
33.13 Configuring Priorities for Transmitting CCMs/LTMs ...........................................................................33-16
33.14 Configuring the Interval for an MA to Transmit a CC...........................................................................33-17
33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs..................33-18
33.16 Configuring Loop Detection Function....................................................................................................33-19
33.17 Configuring Linktrace Function..............................................................................................................33-20
34 Configuring the MPLS OAM...............................................................................................34-1

34.1 Overview.....................................................................................................................................................34-2
34.2 Configuration Example of Detection of MPLS OAM for Static LSP Connectivity...................................34-2
34.3 Configuration Example of MPLS OAM Protection Switchover................................................................ 34-6
34.4 Configuring the MPLS OAM Function of the Ingress..............................................................................34-11
34.5 Configuring the MPLS OAM Function of the Egress...............................................................................34-12
34.6 Configuring the Tunnel Protection Group................................................................................................34-13
34.7 Switching Over Protection Group Manually.............................................................................................34-14
34.8 Enabling the Protection Group to Output the Debugging Information.....................................................34-15
35 Configuring the Environment Monitoring.......................................................................35-1

35.1 Overview.....................................................................................................................................................35-2
xiv Huawei Technologies Proprietary Issue 04 (2007-11-30)

35.2 Configuration Example of an EMU............................................................................................................35-4

35.2.1 Data Plan............................................................................................................................................35-4
35.2.2 Configuration Flowchart....................................................................................................................35-5
35.2.3 Procedure for Configuring an H303ESC...........................................................................................35-5
35.2.4 Verification for Configuring an H303ESC........................................................................................35-6
35.2.5 Procedure for Configuring a DIS EMU.............................................................................................35-7
35.2.6 Procedure for Configuring POWER4845 EMU.................................................................................35-8
35.3 Adding an EMU..........................................................................................................................................35-8
35.4 Configuring the H303ESC/H304ESC EMU.............................................................................................35-10
35.5 Configuring an H561ESC EMU...............................................................................................................35-12
35.6 Configuring a POWER4845 EMU............................................................................................................35-13
35.7 Configuring the FAN Alarm Report ........................................................................................................35-16
35.8 Setting the FAN Speed Adjustment Mode................................................................................................35-17
35.9 Configuring the FAN Speed......................................................................................................................35-18
36 MSTP Networking Example................................................................................................36-1

36.1 Networking..................................................................................................................................................36-2
36.2 Data Plan.....................................................................................................................................................36-3
36.3 Configuring MA5600-1...............................................................................................................................36-6
36.4 Configuring MA5600-2.............................................................................................................................36-12
36.5 Configuring MA5600-3.............................................................................................................................36-19
36.6 Configuring MA5600-4.............................................................................................................................36-24
36.7 Configuring MA5600-5.............................................................................................................................36-29
36.8 Verification................................................................................................................................................36-32
37 Subtending Networking Example......................................................................................37-1

37.1 Networking..................................................................................................................................................37-2
37.2 Data Plan.....................................................................................................................................................37-3
37.3 Configuring MA5600-1...............................................................................................................................37-6
37.4 Configuring MA5600-2.............................................................................................................................37-12
37.5 Configuring MA5600-3.............................................................................................................................37-19
37.6 Configuring MA5600-4.............................................................................................................................37-24
37.7 Verification................................................................................................................................................37-27
A Acronyms and Abbreviations................................................................................................A-1

Index.................................................................................................................................................i-1
Issue 04 (2007-11-30) Huawei Technologies Proprietary xv

Configuration Guide Figures
Figures
Figure 1-1 Sample network for configuring the license application....................................................................1-4

Figure 1-2 Flowchart for configuring the license application..............................................................................1-5
Figure 2-1 Networking for configuring the MA5600 through the local serial port.............................................2-3
Figure 2-2 Flowchart for configuring the MA5600 through the local serial port................................................2-4
Figure 2-3 Setting parameters of the terminal......................................................................................................2-5
Figure 2-4 Setting the terminal emulation type....................................................................................................2-6
Figure 2-5 Setting ASCII code.............................................................................................................................2-7
Figure 2-6 Networking for configuring the MA5600 through the remote serial port..........................................2-8
Figure 2-7 Flowchart for configuring the MA5600 through the remote serial port.............................................2-8
Figure 2-8 Setting the parameters of the HyperTerminal...................................................................................2-11
Figure 2-9 Networking for local configuration through a LAN.........................................................................2-12
Figure 2-10 Connection between a WAN and the maintenance network port of the control board..................2-13
Figure 2-11 Flowchart for configuring the MA5600 through the outband management channel.....................2-14
Figure 2-12 Running the telnet application........................................................................................................2-15
Figure 2-13 Networking for the maintenance through the GE port over a LAN...............................................2-16
Figure 2-14 Networking for the maintenance through the GE port over a WAN..............................................2-16
Figure 2-15 Flowchart for configuring the MA5600 through the inband management channel.......................2-17
Figure 2-16 Running the telnet application........................................................................................................2-18
Figure 2-17 Setting up the SSH configuration environment in LAN outband mode.........................................2-19
Figure 2-18 Setting up the SSH configuration environment in WAN outband mode........................................2-20
Figure 2-19 Setting up the SSH configuration environment in LAN inband mode...........................................2-21
Figure 2-20 Setting up the SSH configuration environment in WAN inband mode..........................................2-21
Figure 2-21 Flowchart for configuring in SSH mode........................................................................................2-23
Figure 2-22 Interface of the key generator.........................................................................................................2-25
Figure 2-23 Generating the client key................................................................................................................2-26
Figure 2-24 Interface of converting the client public key into the RSA public key..........................................2-27
Figure 2-25 Interface of the SSH client software...............................................................................................2-28
Figure 2-26 Interface for connecting to the system............................................................................................2-29
Figure 2-27 Interface for logging in the SSH client...........................................................................................2-29
Figure 3-1 Switching over among the command modes......................................................................................3-4
Figure 4-1 Sample network for configuring the outband NMS...........................................................................4-3
Figure 4-2 Flowchart for configuring the outband NMS.....................................................................................4-4
Figure 4-3 Sample network for configuring the inband NMS.............................................................................4-6
Issue 04 (2007-11-30) Huawei Technologies Proprietary xvii

Figures Configuration Guide
Figure 4-4 Flowchart for configuring the inband NMS.......................................................................................4-7

Figure 5-1 Sample network for configuring a log host........................................................................................5-2
Figure 8-1 Sample network for configuring the remote user authentication........................................................8-5
Figure 8-2 Flowchart for configuring the remote user authentication.................................................................8-6
Figure 8-3 Flowchart for configuring the SSH user public key.........................................................................8-23
Figure 9-1 Sample network for configuring a smart VLAN................................................................................9-6
Figure 9-2 Flowchart for configuring a smart VLAN..........................................................................................9-7
Figure 9-3 Sample network for configuring a MUX VLAN................................................................................9-8
Figure 9-4 Flowchart for configuring a MUX VLAN.........................................................................................9-9
Figure 9-5 Sample network for configuring a super VLAN..............................................................................9-10
Figure 9-6 Flowchart for configuring a super VLAN........................................................................................9-12
Figure 10-1 MA5600 DHCP relay.....................................................................................................................10-3
Figure 10-2 Sample network for configuring DHCP standard mode.................................................................10-4
Figure 10-3 Flowchart for configuring DHCP standard mode...........................................................................10-5
Figure 10-4 Sample network for configuring DHCP option60 mode................................................................10-7
Figure 10-5 Flowchart for configuring the DHCP option60 mode....................................................................10-8
Figure 10-6 Sample network for configuring MAC address segment mode......................................................10-9
Figure 10-7 Flowchart for configuring MAC address segment mode.............................................................10-11
Figure 11-1 Sample network for configuring the ARP proxy............................................................................11-3
Figure 11-2 Flowchart for configuring the ARP proxy......................................................................................11-4
Figure 12-1 Sample network for configuring the static route............................................................................12-4
Figure 12-2 Flowchart for configuring the static route......................................................................................12-5
Figure 12-3 Sample network for configuring RIP..............................................................................................12-7
Figure 12-4 Flowchart for configuring RIP.......................................................................................................12-8
Figure 12-5 Sample network for configuring OSPF........................................................................................12-10
Figure 12-6 Flowchart for configuring OSPF..................................................................................................12-11
Figure 12-7 Sample network for configuring the route policy.........................................................................12-13
Figure 12-8 Flowchart for configuring the route policy...................................................................................12-14
Figure 14-1 Sample network for configuring the NTP broadcast mode............................................................14-4
Figure 14-2 Flowchart for configuring NTP broadcast mode............................................................................14-5
Figure 14-3 Sample network for configuring NTP multicast mode...................................................................14-7
Figure 14-4 Flowchart for configuring NTP multicast mode.............................................................................14-8
Figure 14-5 Sample network for configuring NTP server/client mode............................................................14-10
Figure 14-6 Flowchart for configuring NTP server/client mode......................................................................14-11
Figure 14-7 Sample network for configuring NTP peer mode.........................................................................14-13
Figure 14-8 Flowchart for configuring NTP peer mode..................................................................................14-14
Figure 14-9 Flowchart for configuring the NTP server/client mode with ID authentication...........................14-16
Figure 17-1 Flowchart for configuring a basic ACL........................................................................................17-11
Figure 17-2 Flowchart for configuring an advanced ACL...............................................................................17-12
Figure 17-3 Flowchart for configuring a layer 2 ACL.....................................................................................17-14
Figure 17-4 Flowchart for configuring a customized ACL..............................................................................17-16
Figure 17-5 First 64 bytes of a layer 2 frame...................................................................................................17-23
xviii Huawei Technologies Proprietary Issue 04 (2007-11-30)

Configuration Guide Figures
Figure 20-1 Flowchart for configuring the firewall function...........................................................................20-10

Figure 21-1 Sample network for configuring the ADSL2+ PPPoE/IPoE service..............................................21-4
Figure 21-2 Flowchart for configuring the ADSL2+ PPPoE/IPoE service........................................................21-6
Figure 21-3 Sample network for configuring the ADSL2+ IPoA service......................................................... 21-9
Figure 21-4 Flowchart for configuring the ADSL2+ IPoA service.................................................................21-11
Figure 21-5 Sample network for configuring the ADSL2+ PPPoA service....................................................21-14
Figure 21-6 Flowchart for configuring the ADSL2+ PPPoA service..............................................................21-16
Figure 21-7 Flowchart for configuring an ADSL2+ line profile-1..................................................................21-20
Figure 21-8 Flowchart for configuring an ADSL2+ line profile-2..................................................................21-21
Figure 21-9 Flowchart for adding an ADSL2+ alarm profile..........................................................................21-30
Figure 21-10 Status conversion of the ADSL2+ port.......................................................................................21-43
Figure 22-1 Sample network for configuring the SHDSL IPoE/PPPoE service................................................22-5
Figure 22-2 Flowchart for configuring the SHDSL IPoE/PPPoE service..........................................................22-7
Figure 22-3 Sample network for configuring the SHDSL IPoA service..........................................................22-10
Figure 22-4 Flowchart for configuring the SHDSL IPoA service...................................................................22-12
Figure 22-5 Sample network for configuring the SHDSL PPPoA service......................................................22-16
Figure 22-6 Flowchart for configuring the SHDSL PPPoA service................................................................22-18
Figure 22-7 Flowchart for adding an SHDSL line profile...............................................................................22-22
Figure 22-8 Flowchart for adding an SHDSL alarm profile............................................................................22-25
Figure 22-9 Inter-conversion between the SHDSL port states.........................................................................22-32
Figure 23-1 Sample network for configuring the VDSL2 PPPoE/IPoE service................................................23-4
Figure 23-2 Flowchart for configuring the VDSL2 PPPoE/IPoE service..........................................................23-6
Figure 23-3 Sample network for configuring the VDSL2 IPoA service..........................................................23-11
Figure 23-4 Flowchart for configuring the VDSL2 IPoA service....................................................................23-13
Figure 23-5 Sample network for configuring the VDSL2 PPPoA service.......................................................23-18
Figure 23-6 Flowchart for configuring the VDSL2 PPPoA service................................................................23-20
Figure 23-7 Flowchart for adding a VDSL2 line profile..................................................................................23-25
Figure 23-8 Flowchart for adding a VDSL2 channel profile...........................................................................23-32
Figure 23-9 Flowchart for adding a VDSL2 line alarm profile........................................................................23-38
Figure 23-10 Flowchart for adding a VDSL2 channel alarm profile...............................................................23-41
Figure 23-11 Inter-conversion between these states........................................................................................23-47
Figure 24-1 Sample network for configuring the upstream link protection.......................................................24-3
Figure 24-2 Flowchart for configuring the upstream link protection.................................................................24-4
Figure 25-1 Sample network for configuring the Ethernet access service.........................................................25-4
Figure 25-2 Flowchart for configuring the Ethernet access service...................................................................25-5
Figure 25-3 Sample network for configuring the subtended network................................................................25-6
Figure 25-4 Flowchart for configuring the subtended network..........................................................................25-7
Figure 25-5 Sample network for subtending devices.........................................................................................25-8
Figure 25-6 Flowchart for configuring subtending devices...............................................................................25-9
Figure 26-1 Sample network of the ATM-DSLAM access................................................................................26-2
Figure 26-2 Sample network for configuring the ATM-DSLAM access...........................................................26-3
Figure 26-3 Flowchart for configuring the ATM-DSLAM access.................................................................... 26-4
Issue 04 (2007-11-30) Huawei Technologies Proprietary xix

Figures Configuration Guide
Figure 27-1 Sample network for configuring the MPLS based on binding the PVC with the PW profile........27-3
Figure 27-2 Flowchart for configuring the MPLS based binding the PVC with the PW profile.......................27-4
Figure 27-3 Sample network of the MPLS based on binding the VLAN with the PW template......................27-6
Figure 27-4 Flowchart for configuring the MPLS based on binding the VLAN with the PW profile..............27-8
Figure 28-1 Sample network for establishing an MPLS TE tunnel by using RSVP-TE...................................28-3
Figure 28-2 Flowchart for establishing an MPLS TE tunnel.............................................................................28-4
Figure 29-1 Sample network for configuring the wholesale service..................................................................29-3
Figure 29-2 Flowchart for configuring the wholesale service............................................................................29-5
Figure 30-1 Sample network for configuring the QinQ VLAN leased line service...........................................30-3
Figure 30-2 Flowchart for configuring the QinQ VLAN leased line service.....................................................30-4
Figure 31-1 Sample network of the IGMP proxy application............................................................................31-4
Figure 31-2 Flowchart for configuring IGMP proxy.........................................................................................31-5
Figure 31-3 Sample network for configuring the IGMP snooping....................................................................31-7
Figure 31-4 Flowchart for configuring the IGMP snooping..............................................................................31-9
Figure 31-5 Sample network for configuring the subtended multicast service................................................31-11
Figure 31-6 Flowchart for configuring multicast service in subtending mode (MA5600_A).........................31-13
Figure 31-7 Flowchart for configuring multicast service in subtending mode (MA5600_B).........................31-13
Figure 31-8 Sample network of the multicast service in MSTP networking...................................................31-16
Figure 31-9 Flowchart for configuring multicast service in MSTP networking on MA5600_A, MA5600_B and
MA5600_C........................................................................................................................................................31-19
Figure 31-10 Flowchart for configuring multicast service in MSTP networking on MA5600_D...................31-19
Figure 32-1 Sample network for configuring the triple play service -multiple PVCs for multiple services.....32-4
Figure 32-2 Flowchart for configuring the triple play service-multiple PVCs for multiple services................32-6
Figure 32-3 Sample network for configuring the triple play service - single PVC for multiple services........32-10
Figure 32-4 Flowchart for configuring the triple play service - single PVC for multiple services..................32-12
Figure 32-5 Sample network for configuring the triple play service by means of single PVC for multiple services
...........................................................................................................................................................................32-15
Figure 32-6 Flowchart for configuring the triple play service-single-PVC for multi-service.........................32-17
Figure 32-7 Sample network for configuring the triple play service - single PVC for multiple services (based on
the service encapsulation type)..........................................................................................................................32-21
Figure 32-8 Flowchart for configuring the triple play service - single PVC for multiple services (based on the
service encapsulation type)...............................................................................................................................32-23
Figure 33-1 Sample network for configuring Ethernet OAM............................................................................33-3
Figure 33-2 Flowchart for configuring Ethernet OAM......................................................................................33-5
Figure 34-1 Sample network of detection of MPLS OAM for static LSP connectivity....................................34-2
Figure 34-2 Flowchart for detection of MPLS OAM for static LSP connectivity.............................................34-4
Figure 34-3 Sample network of MPLS OAM protection switchover................................................................34-6
Figure 34-4 Flowchart for configuring MPLS OAM protection switchover.....................................................34-8
Figure 35-1 Flowchart for configuring an EMU................................................................................................35-5
Figure 36-1 Sample MSTP network of the MA5600.........................................................................................36-3
Figure 37-1 Sample subtended network of the MA5600...................................................................................37-3
xx Huawei Technologies Proprietary Issue 04 (2007-11-30)

Configuration Guide Tables
Tables
Table 1-1 Data plan for configuring the license application................................................................................1-4

Table 1-2 Related operation for configuring the license server...........................................................................1-7
Table 1-3 Related operation for configuring the ESN for the device...................................................................1-8
Table 2-1 Features of the different maintenance modes.......................................................................................2-2
Table 2-2 Data plan for the network ..................................................................................................................2-13
Table 2-4 Data plan for the network...................................................................................................................2-16
Table 3-1 Features of the interface config modes................................................................................................3-4
Table 3-2 Edit functions.......................................................................................................................................3-6
Table 3-3 Meaning of the CLI characters supported by the MA5600..................................................................3-7
Table 3-4 Options for viewing information displayed on multiple screens.........................................................3-9
Table 3-5 Common CLI error prompts...............................................................................................................3-10
Table 3-6 Related operation for obtaining online help information...................................................................3-12
Table 3-7 Related operation for enabling or disabling interactive command execution....................................3-13
Table 3-8 Related operation for enabling or disabling CLI trap reporting.........................................................3-14
Table 3-9 Related operation for switching the terminal language......................................................................3-15
Table 3-10 Related operation for setting the timeout exit time..........................................................................3-17
Table 3-11 Related operation for locking the terminal.......................................................................................3-18
Table 4-1 Data plan for configuring the outband NMS........................................................................................4-4
Table 4-2 Data plan for configuring the inband NMS..........................................................................................4-6
Table 4-3 Related operation for setting the SNMP version................................................................................4-10
Table 4-4 Related operation for adding a community and setting its read/write authorities..............................4-10
Table 4-5 Related operation for enabling traps sending.....................................................................................4-11
Table 4-6 Related operation for setting the IP address of a destination host of traps........................................ 4-12
Table 4-7 Related operation for setting the source interface for traps sending..................................................4-13
Table 4-8 Related operation for setting the system contact information............................................................4-13
Table 4-9 Related operation for setting the system location information.......................................................... 4-14
Table 4-10 Related operation for configuring an SNMP V3 user......................................................................4-15
Issue 04 (2007-11-30) Huawei Technologies Proprietary xxi

Tables Configuration Guide
Table 4-11 Related operation for configuring an SNMP V3 group...................................................................4-16

Table 4-12 Related operation for configuring an SNMP MIB view..................................................................4-17
Table 4-13 Related operations for configuring the local SNMP engine ID.......................................................4-18
Table 4-14 Related operations for enabling the handshake function between the MA5600 and the N2000
.............................................................................................................................................................................4-19
Table 4-15 Related operation for setting the handshake interval.......................................................................4-20
Table 4-16 Related operation for configuring the IP address of the outband NMS interface............................4-21
Table 4-17 Related operation for configuring an NMS route.............................................................................4-22
Table 4-18 Related operation for configuring the IP address of the inband NMS interface..............................4-23
Table 5-1 Data plan for configuring a log host....................................................................................................5-3
Table 5-2 Related operations for configuring a log host......................................................................................5-4
Table 5-3 Related operations for configuring a log host......................................................................................5-5
Table 5-4 Related operations for deactivating a log host.....................................................................................5-5
Table 6-1 User authorities....................................................................................................................................6-2
Table 6-2 Parameter descriptions of a user profile...............................................................................................6-3
Table 6-3 Related operations for adding a user profile........................................................................................6-5
Table 6-4 User Attributes.....................................................................................................................................6-6
Table 6-5 Related operations for adding a user....................................................................................................6-7
Table 6-6 Related operations for modifying the profile bound with a user..........................................................6-8
Table 6-7 Related operations for modifying a user level.....................................................................................6-9
Table 6-8 Related operations for changing a user password..............................................................................6-10
Table 6-9 The related operations for modifying the permitted reenter number.................................................6-11
Table 6-10 Related operations for modifying the appended information...........................................................6-12
Table 6-11 Related operation for disconnection an online user.........................................................................6-13
Table 6-12 Related operations for deleting a user..............................................................................................6-14
Table 7-1 Service board status..............................................................................................................................7-2
Table 7-2 Related operation for setting the description of a shelf........................................................................7-3
Table 7-3 Related operations for resetting the control boards..............................................................................7-4
Table 7-4 Related operation for adding a service board offline...........................................................................7-5
Table 7-5 Related operation for confirming a service board................................................................................7-6
Table 7-6 Related operation for prohibiting a service board................................................................................7-8
Table 7-7 Related operation for managing a subboard.......................................................................................7-10
Table 8-1 Data plan for configuring the remote user authentication....................................................................8-5
Table 8-2 Related operation for specifying the RADIUS server template...........................................................8-9
Table 8-3 Related operation for setting the IP address and port number of a server.........................................8-10
Table 8-4 Related operation for setting the response timeout interval of a RADIUS server.............................8-12
Table 8-5 Related operation for setting the maximum retransmit count of the RADIUS request packets........8-13
Table 8-6 Related operations for configuring an authentication scheme...........................................................8-17
Table 8-7 Related operations for creating a domain...........................................................................................8-18
Table 8-8 Related operation for specifying the RADIUS server template.........................................................8-19
Table 8-9 Related operations for specifying the authentication scheme............................................................8-21
Table 8-10 Related operation for creating a local RSA key pair........................................................................8-22
Table 8-11 Related operations for configuring an SSH user..............................................................................8-24
xxii Huawei Technologies Proprietary Issue 04 (2007-11-30)

Table 9-1 VLAN types and applications..............................................................................................................9-3

Table 9-2 VLAN attributes...................................................................................................................................9-4
Table 9-3 Data plan for configuring a smart VLAN............................................................................................9-6
Table 9-4 Data plan for configuring a MUX VLAN............................................................................................9-8
Table 9-5 Data plan for configuring a super VLAN...........................................................................................9-10
Table 9-6 Related operations for creating a VLAN............................................................................................9-15
Table 9-7 Related operation for configuring the VLAN attribute......................................................................9-16
Table 9-8 Related operation for adding an upstream port to a VLAN...............................................................9-18
Table 9-9 Related operations for adding a service port to a VLAN...................................................................9-19
Table 9-10 Related operations for adding service ports in batches....................................................................9-21
Table 9-11 Related operation for setting the description of a service port.........................................................9-22
Table 10-1 Data plan for configuring DHCP standard mode.............................................................................10-4
Table 10-2 Data plan for configuring DHCP option60 mode............................................................................10-7
Table 10-3 Data plan for configuring MAC address segment mode................................................................10-10
Table 10-4 Related operation for creating a DHCP server group....................................................................10-13
Table 10-5 Related operations for setting working mode of a DHCP server...................................................10-14
Table 10-6 Related operations for binding a DHCP server group with a VLAN interface..............................10-15
Table 10-7 Related operations for creating a DHCP option60 domain............................................................10-16
Table 10-8 Related operations for binding a DHCP server group with a DHCP option60 domain.................10-17
Table 10-9 Related operation for configuring the gateway of a DHCP option60 domain...............................10-18
Table 10-10 Related operations for creating a DHCP MAC address segment.................................................10-19
Table 10-11 Related operation for setting the range of a DHCP MAC address segment................................10-20
Table 10-12 Related operations for binding a DHCP server group with a DHCP MAC address segment......10-21
Table 10-13 Related operations for configuring the gateway of a DHCP MAC address segment..................10-22
Table 11-1 Data plan for configuring the ARP proxy........................................................................................11-3
Table 11-2 Related operations for adding a static ARP entry............................................................................11-6
Table 11-3 Data plan of the ARP proxy.............................................................................................................11-6
Table 11-4 Related operation for enabling the ARP proxy................................................................................11-7
Table 12-1 Data plan for configuring the static route at the user side................................................................12-4
Table 12-2 Data plan for configuring RIP..........................................................................................................12-7
Table 12-3 Data plan for configuring OSPF....................................................................................................12-10
Table 12-4 Data plan for configuring the route policy.....................................................................................12-14
Table 12-5 Related operation for adding a static route.....................................................................................12-17
Table 12-6 Related operation for enabling RIP process...................................................................................12-19
Table 12-7 Related operation for setting the RIP version................................................................................12-20
Table 12-8 Related operation for configuring zero field check for RIP-1 packets..........................................12-21
Table 12-9 Related operation for setting the cost of the default route.............................................................12-22
Table 12-10 Related operation for enabling route summarization...................................................................12-23
Table 12-11 Related operation for specifying default routing metric..............................................................12-24
Table 12-12 Related operation for importing routes of other protocols...........................................................12-25
Table 12-13 Related operation for disabling receiving host routes..................................................................12-26
Table 12-14 Related operation for configuring the RIP preference.................................................................12-27
Issue 04 (2007-11-30) Huawei Technologies Proprietary xxiii

Table 12-15 Related operation for configuring the route filtering policy........................................................12-28
Table 12-16 Related operation for verifying the source IP address of a RIP route update..............................12-29
Table 12-17 Related operation for disabling RIP packet transmission on an interface....................................12-31
Table 12-18 Related operation for configuring the IP Address of a Peer router..............................................12-32
Table 12-19 Related operation for configuring a summary route IP address...................................................12-32
Table 12-20 Related operation for enabling an interface to receive and transmit RIP packets........................12-33
Table 12-21 Related operation for enabling the split horizon function............................................................12-34
Table 12-22 Related operation for enabling the poison reverse function.........................................................12-34
Table 12-23 Related operation for configuring the RIP-2 authentication mode..............................................12-35
Table 12-24 Related operation for configuring the additional metric of a route..............................................12-36
Table 12-25 Related operation for configuring the RIP timer..........................................................................12-37
Table 12-26 Related operation for enabling OSPF.......................................................................................... 12-39
Table 12-27 Related operation for setting an OSPF router ID.........................................................................12-41
Table 12-28 Related operation for entering OSPF area config mode.............................................................. 12-42
Table 12-29 Related operation for configuring subnets for an area.................................................................12-43
Table 12-30 Related operations for configuring a Stub area............................................................................12-43
Table 12-31 Related operation for configuring an NBMA adjacent router......................................................12-44
Table 12-32 Related operation for setting OSPF preference............................................................................12-45
Table 12-33 Related operation for prohibiting an interface from transmitting OSPF packets.........................12-46
Table 12-34 Related operation for configuring the maximum OSPF route count........................................... 12-46
Table 12-35 Related operation for enabling the OSPF logging function.........................................................12-47
Table 12-36 Description of the network types................................................................................................. 12-48
Table 12-37 Related operation for configuring the network type on an OSPF interface.................................12-49
Table 12-38 Related operation for configuring OSPF cost..............................................................................12-50
Table 12-39 Related operation for configuring OSPF packet authentication...................................................12-50
Table 12-40 Related operation for configuring the MTU of the DD packet....................................................12-51
Table 12-41 Related operation for setting the interval for sending Hello packets...........................................12-52
Table 12-42 Related operation for setting the dead time between adjacent routers.........................................12-53
Table 12-43 Related operation for setting the Hello packet poll interval.........................................................12-54
Table 12-44 Related operation for setting the LSA transmit delay..................................................................12-55
Table 12-45 Related operation for setting LSA retransmit interval between adjacent routers........................ 12-55
Table 12-46 Related operation for setting the SPF calculation interval for OSPF...........................................12-56
Table 12-47 Related operation for configuring route summarization between areas.......................................12-57
Table 12-48 Related operation for configuring summarization of routes imported by OSPF......................... 12-58
Table 12-49 Related operation for importing routes from other protocols into OSPF.....................................12-59
Table 12-50 Related operations for setting parameters for OSPF to import external routes........................... 12-60
Table 12-51 Parameters for defining a route policy.........................................................................................12-61
Table 12-52 Related operation for configuring a route policy.........................................................................12-62
Table 12-53 Related operation for defining the route policy matching rule.................................................... 12-63
Table 12-54 Related operation for modifying the attributes of the filtered route............................................ 12-64
Table 13-1 Related operations for enabling the MSTP function........................................................................13-4
Table 13-2 Related operation for setting the working mode of MSTP..............................................................13-6
xxiv Huawei Technologies Proprietary Issue 04 (2007-11-30)

Table 13-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST
region...................................................................................................................................................................13-8
Table 13-4 Related operations for configuring the MST region name...............................................................13-9
Table 13-5 Related operations for mapping the specified VLAN to the specified MSTP instance.................13-10
Table 13-6 Related operations for mapping all VLANs to the MSTP instances.............................................13-11
Table 13-7 Related operations for setting the MSTP revision level of the device...........................................13-12
Table 13-8 Related operation for activating the configuration of the MST region..........................................13-14
Table 13-9 Related operation for specifying the device as a root bridge or a backup root bridge...................13-15
Table 13-10 Related operations for setting the priority of the device in the specified spanning tree instance
...........................................................................................................................................................................13-17
Table 13-11 Related operation for setting the maximum hop of the MST region...........................................13-18
Table 13-12 Related operation for setting the diameter of the switching fabric..............................................13-19
Table 13-13 Related operation for setting the calculation standard for the path cost......................................13-20
Table 13-14 Related operations for setting the Forward Delay of the specified network bridge.....................13-22
Table 13-15 Related operations for setting the Hello Time of the specified network bridge..........................13-23
Table 13-16 Related operations for setting the Max Age of the specified network bridge..............................13-25
Table 13-17 Related operation for setting the timeout time factor of the specified network bridge................13-26
Table 13-18 Related operations for setting the maximum transmission rate of the specified port..................13-27
Table 13-19 Related operation for setting the specified port as an edge port..................................................13-28
Table 13-20 Related operation for setting the path cost of the port in the specified spanning tree instance.
...........................................................................................................................................................................13-30
Table 13-21 Related operation for setting the priority of the specified port....................................................13-31
Table 13-22 Related operation for setting the point-to-point link connection of the specified port................13-32
Table 13-23 Related operation for enabling the BPDU protection function of the device..............................13-34
Table 13-24 Related operations for enabling the loop protection function of the device................................13-35
Table 13-25 Related operations for enabling the root protection function of the device.................................13-36
Table 14-1 Data plan for configuring NTP broadcast mode..............................................................................14-4
Table 14-2 Data plan for configuring NTP multicast mode...............................................................................14-7
Table 14-3 Data plan for configuring NTP server/client mode........................................................................14-10
Table 14-4 Data plan for configuring NTP peer mode.....................................................................................14-13
Table 14-5 Related operations for configuring NTP ID authentication...........................................................14-17
Table 14-6 Related operation for configuring the NTP master clock..............................................................14-19
Table 14-7 Related operations for configuring NTP broadcast server mode...................................................14-20
Table 14-8 Related operations for configuring NTP broadcast client mode....................................................14-21
Table 14-9 Related operations for configuring the NTP multicast mode.........................................................14-23
Table 14-10 Related operations for configuring NTP server/client mode.......................................................14-24
Table 14-11 Related operation for configuring NTP peer mode......................................................................14-25
Table 14-12 Related operations for configuring the authority of access to a local device's NTP service.......14-26
Table 14-13 Related operations for configuring an interface for transmitting or receiving NTP packets.......14-27
Table 15-1 Related operation for adding a static MAC address.........................................................................15-3
Table 15-2 Related operation for configuring MAC address filtering...............................................................15-6
Table 16-1 Related operation for configuring the synwait timer.......................................................................16-3
Table 16-2 Related operation for configuring the finwait timer.........................................................................16-3
Issue 04 (2007-11-30) Huawei Technologies Proprietary xxv

Table 16-3 Related operation for configuring the socket buffer........................................................................16-4

Table 16-4 Related operations for enabling the IP packets debugging..............................................................16-5
Table 16-5 Related operations for enabling the IP packets debugging..............................................................16-6
Table 17-1 ACL types........................................................................................................................................17-3
Table 17-2 Mapping between the traffic classes and parameters.......................................................................17-7
Table 17-3 Description of traffic classes............................................................................................................17-8
Table 17-4 Data plan for configuring the basic ACL.......................................................................................17-10
Table 17-5 Data plan for configuring the advanced ACL................................................................................17-12
Table 17-6 Data plan for configuring the layer 2 ACL....................................................................................17-13
Table 17-7 Data plan for configuring the customized ACL.............................................................................17-15
Table 17-8 ACL number range.........................................................................................................................17-17
Table 17-9 Related operations for creating an ACL.........................................................................................17-17
Table 17-10 Related operation for setting the step...........................................................................................17-19
Table 17-11 Related operation for creating a basic ACL rule..........................................................................17-20
Table 17-12 Related operation for creating an advanced ACL rule.................................................................17-21
Table 17-13 Related operation for creating a layer 2 ACL rule.......................................................................17-22
Table 17-14 Description of letters and their offset values................................................................................17-23
Table 17-15 Related operation for creating a used defined ACL rule..............................................................17-24
Table 17-16 Related operation for activating the ACL of a port......................................................................17-25
Table 18-1 Related operations for configuring the traffic entry.........................................................................18-5
Table 18-2 Relationship between the weight values and the actual queues.......................................................18-6
Table 18-3 Related operations for setting the queue scheduling........................................................................18-7
Table 18-4 Related operation for configuring the traffic restriction..................................................................18-9
Table 18-5 Related operation for adding a priority tag to the traffic that matches the ACL rule.................... 18-10
Table 18-6 Related operation for collecting the statistics of the traffic that matches the ACL rule................18-11
Table 18-7 Related operation for configuring the traffic mirroring.................................................................18-12
Table 18-8 Related operation for redirecting the traffic that matches the ACL rule........................................18-13
Table 18-9 Related operation for setting the rate limit for an upstream port...................................................18-13
Table 19-1 Related operation for setting the Ethernet encapsulation type.........................................................19-6
Table 19-2 Related operations for enabling the DHCP option82.......................................................................19-7
Table 19-3 Related operation for binding the IP address...................................................................................19-9
Table 19-4 Related operations for enabling anti MAC spoofing..................................................................... 19-10
Table 19-5 Related operations for enabling anti MAC spoofing..................................................................... 19-11
Table 20-1 Related operations for enabling anti DoS attack..............................................................................20-4
Table 20-2 Related operation for enabling the function of anti IP attack..........................................................20-5
Table 20-3 Related operation for enabling the function of anti ICMP attack....................................................20-5
Table 20-4 Related operation for enabling the function of source route filtering..............................................20-6
Table 20-5 Related operation for configuring MAC address filtering...............................................................20-7
Table 20-6 Related operations for configuring the firewall black list function.................................................20-9
Table 20-7 Related operation for configuring the firewall function.................................................................20-11
Table 20-8 Related operations for configuring an accessible address segment............................................... 20-11
Table 20-9 Related operations for configuring the inaccessible address segment...........................................20-12
xxvi Huawei Technologies Proprietary Issue 04 (2007-11-30)

Table 21-1 Encapsulation mode mapping between the MA5600 and the modem.............................................21-3
Table 21-2 Data plan for configuring the ADSL2+ PPPoE/IPoE service..........................................................21-5
Table 21-3 Data plan for configuring the ADSL2+ IPoA service......................................................................21-9
Table 21-4 Data plan for configuring the ADSL2+ PPPoA service.................................................................21-14
Table 21-5 Parameters of an ADSL2+ line profile...........................................................................................21-23
Table 21-6 Related operations for adding an ADSL2+ line profile.................................................................21-25
Table 21-7 Related operations for adding an extended ADSL2+ line profile..................................................21-28
Table 21-8 Parameters of an ADSL2+ alarm profile.......................................................................................21-31
Table 21-9 Related operations for adding an ADSL2+ alarm profile..............................................................21-33
Table 21-10 Related operations for activating an ADSL2+ port......................................................................21-35
Table 21-11 Related operations for enabling IPoA protocol conversion.........................................................21-37
Table 21-12 Related operation for setting the aging time of IPoA forwarding entry.......................................21-38
Table 21-13 Related operations for setting the default gateway of the IPoA user...........................................21-38
Table 21-14 Related operations for enabling PPPoA protocol conversion......................................................21-41
Table 21-15 Related operation for enabling PPPoA/PPPoE MRU negotiation...............................................21-43
Table 21-16 Related operations for querying an ADSL2+ port.......................................................................21-44
Table 21-17 Related operation for enabling an ADSL modem to automatically configure the PVC..............21-45
Table 22-1 Encapsulation type mapping between the MA5600 and the modem...............................................22-3
Table 22-2 Data plan for configuring the SHDSL IPoE/PPPoE service............................................................22-5
Table 22-3 Data plan for configuring the SHDSL IPoA service......................................................................22-11
Table 22-4 Data plan for configuring the SHDSL PPPoA service...................................................................22-16
Table 22-5 Parameters of an SHDSL line profile.............................................................................................22-23
Table 22-6 Parameters of an SHDSL alarm profile.........................................................................................22-26
Table 22-7 Related operations for adding an SHDSL alarm profile................................................................22-27
Table 22-8 Related operation for configuring the SHDSL multi-pair binding................................................22-29
Table 22-9 Related operation for configuring the SHDSL EFM multi-port binding.......................................22-30
Table 22-10 Related operations for activating an SHDSL port........................................................................22-31
Table 23-1 Data plan for configuring the VDSL2 PPPoE/IPoE service............................................................23-4
Table 23-2 Data plan for configuring the VDSL2 IPoA service......................................................................23-11
Table 23-3 Data plan for configuring the VDSL2 PPPoA service...................................................................23-19
Table 23-4 Parameters of a VDSL2 line profile...............................................................................................23-28
Table 23-5 Related operations for adding a VDSL2 line profile......................................................................23-31
Table 23-6 Parameters of a VDSL2 channel profile........................................................................................23-34
Table 23-7 Related operations for adding a VDSL2 channel profile...............................................................23-34
Table 23-8 Parameters of a VDSL2 line template............................................................................................23-36
Table 23-9 Related operations for configuring a VDSL2 line template...........................................................23-37
Table 23-10 Parameters of a VDSL2 line alarm profile...................................................................................23-39
Table 23-11 Related operations for adding a VDSL2 line alarm profile.........................................................23-40
Table 23-12 Parameters of VDSL2 channel alarm profile...............................................................................23-42
Table 23-13 Related operations for adding a VDSL2 channel alarm profile...................................................23-42
Table 23-14 Parameters for configuring a VDSL2 alarm template..................................................................23-44
Table 23-15 Related operations for adding a VDSL2 alarm template.............................................................23-44
Issue 04 (2007-11-30) Huawei Technologies Proprietary xxvii

Table 23-16 Related operations for activating a VDSL2 port..........................................................................23-47

Table 23-17 Related operations for querying a VDSL2 port...........................................................................23-48
Table 24-1 Data plan for configuring the upstream link protection...................................................................24-4
Table 24-2 Related operation for configuring a protection group......................................................................24-6
Table 25-1 Ethernet ports of the MA5600..........................................................................................................25-3
Table 25-2 Data plan for the Ethernet access service.........................................................................................25-4
Table 25-3 Related operation for enabling the flow control of an Ethernet port.............................................25-14
Table 25-4 Related operations for enabling traffic suppression.......................................................................25-16
Table 25-5 Related operation for enabling the Ethernet port aggregation.......................................................25-17
Table 25-6 Related operation for enabling the mirroring function of an Ethernet port...................................25-18
Table 25-7 Related operation for adding an Ethernet Port to a VLAN............................................................25-19
Table 25-8 Related operation for configuring the outer QinQ VLAN of the Ethernet port.............................25-20
Table 26-1 Data plan for configuring the ATM-DSLAM access.......................................................................26-3
Table 26-2 Related operation for setting the OPTIC port mode........................................................................26-7
Table 26-3 Related operation for setting the OPTIC port type..........................................................................26-8
Table 26-4 Parameters of an IMA group............................................................................................................26-9
Table 26-5 Related operations for adding an IMA group................................................................................26-10
Table 26-6 Related operations for setting the IMA group mode......................................................................26-12
Table 26-7 Related operations for adding an IMA link....................................................................................26-13
Table 26-8 Related operations for setting the line type of an E3 port..............................................................26-14
Table 26-9 Related operation for setting the E3 port type................................................................................26-15
Table 26-10 Related operations for setting the Tx clock of an E3 port............................................................26-16
Table 27-1 Data plan for configuring the MPLS based on binding the PVC with the PW profile....................27-3
Table 27-2 Data plan for configuring the MPLS based on binding the VLAN with the PW profile.................27-6
Table 27-3 Related operations for configuring the LSR ID.............................................................................27-11
Table 27-4 Related operations for enabling MPLS..........................................................................................27-12
Table 27-5 Related commands for configuring the static LSP.........................................................................27-13
Table 27-6 Related operations for configuring ingress LSR of the static LSP................................................27-13
Table 27-7 Related operations for configuring egress LSR of the static LSP..................................................27-14
Table 27-8 Related operations for configuring LSP CAR...............................................................................27-15
Table 27-9 Related operations for enabling the MPLS LDP............................................................................27-17
Table 27-10 Related operations for configuring parameters of LDP basic discovery.....................................27-19
Table 27-11 Related operations for configuring the parameters of the LDP extended discovery...................27-20
Table 27-12 Related operations for configuring parameters of the LDP basic session....................................27-21
Table 27-13 Related operations for configuring parameters of the LDP extended session.............................27-21
Table 27-14 Related operations for configuring the LDP LSP triggering policy.............................................27-23
Table 27-15 Related operations for configuring the LDP label retention mode..............................................27-24
Table 27-16 Related operations for configuring the LDP loopback detection.................................................27-25
Table 27-17 Related operations for configuring the LDP MD5 authentication...............................................27-27
Table 27-18 Related operation for enabling the LDP MD5 MTU signaling function.....................................27-28
Table 27-19 Related operation for enabling the MPLS L2VPN......................................................................27-29
Table 27-20 Related operations for binding a PVC with a PW template.........................................................27-31
xxviii Huawei Technologies Proprietary Issue 04 (2007-11-30)

Table 27-21 Related operations for binding a VLAN with a PW template......................................................27-31

Table 28-1 Data plan for establishing an MPLS TE tunnel by using RSVP-TE................................................28-3
Table 28-2 Related operation for enabling MPLS TE feature............................................................................28-7
Table 28-3 Related operation for creating an MPLS TE tunnel.........................................................................28-8
Table 28-4 Related operations for configuring bandwidth of links..................................................................28-10
Table 28-5 Related operations for enabling OSPF TE.....................................................................................28-11
Table 28-6 Related operations for configuring the MPLS TE explicit path.....................................................28-12
Table 28-7 Related operations for configuring constraints for an MPLS TE tunnel........................................28-13
Table 28-8 Related operations for configuring CSPF of an MPLS..................................................................28-14
Table 28-9 Related operation for establishing an MPLS TE tunnel by using RSVP-TE.................................28-15
Table 28-10 Related operations for configuring RSVP Hello extension......................................................... 28-18
Table 28-11 Related operation for configuring the resource reservation style................................................ 28-19
Table 28-12 Related operations for configuring RSVP timers.........................................................................28-20
Table 28-13 Related operations for configuring RSVP message transmission reliability ..............................28-22
Table 28-14 Related operation for enabling RSVP-TE Srefresh......................................................................28-23
Table 28-15 Related operation for enabling RSVP-TE reservation confirmation mechanism........................28-24
Table 28-16 Related operation for enabling RSVP authentication.................................................................. 28-25
Table 28-17 Related operation for configuring tie-breaking of CSPF.............................................................28-27
Table 28-18 Related operation for configuring route pining............................................................................28-28
Table 28-19 Related operations for configuring administrative group and affinity property.......................... 28-30
Table 28-20 Related operation for configuring reoptimization of CR-LSP.....................................................28-31
Table 28-21 Related operation for configuring loop detection........................................................................ 28-33
Table 28-22 Related operation for configuring route record and label record.................................................28-34
Table 28-23 Related operations for configuring parameters of tunnel establishment......................................28-35
Table 28-24 Related operation for configuring tunnel priority........................................................................28-36
Table 29-1 Data plan for configuring the wholesale service..............................................................................29-3
Table 30-1 Data plan for configuring the QinQ VLAN leased line service.......................................................30-3
Table 30-2 Related operation for enabling transparent transmission of BPDUs................................................30-6
Table 31-1 Data plan for configuring IGMP proxy............................................................................................31-4
Table 31-2 Data plan for configuring IGMP snooping......................................................................................31-7
Table 31-3 Data plan for configuring the subtended multicast service............................................................31-11
Table 31-4 Data plan for the sample network of the multicast service in MSTP networking......................... 31-17
Table 31-5 Related operations for configuring the IGMP upstream port.........................................................31-25
Table 31-6 Related operation for configuring a subtending port..................................................................... 31-26
Table 31-7 Related operation for configuring a program for a static subtending port.....................................31-27
Table 31-8 Related operation for enabling the IGMP proxy authorization......................................................31-29
Table 31-9 Related operation for setting the robustness variable.....................................................................31-31
Table 31-10 Related operation for setting the general query interval..............................................................31-32
Table 31-11 Related operation for setting the maximum response time to the general query.........................31-33
Table 31-12 Related operation for setting the number of specific queries.......................................................31-34
Table 31-13 Related operation for setting the specific query interval..............................................................31-36
Table 31-14 Related operation for setting the maximum response time for the specific query.......................31-37
Issue 04 (2007-11-30) Huawei Technologies Proprietary xxix

Table 31-15 Related operation for setting the unsolicited report interval........................................................31-38
Table 31-16 Related operation for setting the TTL for a V2 router.................................................................31-39
Table 31-17 Related operation for setting the preview recognition time.........................................................31-40
Table 31-18 Related operation for enabling the user action report function....................................................31-42
Table 31-19 Related operation for enabling the proxy of the IGMP report packet..........................................31-43
Table 31-20 Related operation for enabling the proxy of the IGMP leave packet...........................................31-44
Table 31-21 Related operations for adding a program.....................................................................................31-48
Table 31-22 Related operation for enabling the bandwidth management function..........................................31-50
Table 31-23 Related operation for modifying an authority profile..................................................................31-54
Table 31-24 Related operations for adding a BTV user...................................................................................31-56
Table 31-25 Related operations for modifying the attributes of a user............................................................31-57
Table 31-26 Related operation for blocking a BTV user.................................................................................31-58
Table 31-27 Related operation for binding a user with an authority profile....................................................31-59
Table 31-28 Related operation for enabling the function of monitoring BTV users........................................31-61
Table 31-29 Related operation for enabling the preview function...................................................................31-62
Table 31-30 Related operation for setting the preview auto reset time............................................................31-64
Table 31-31 Related operation for resetting the preview record......................................................................31-66
Table 31-32 Related operations for enabling the logging function..................................................................31-67
Table 31-33 Related operation for setting the logging interval........................................................................31-69
Table 31-34 Related operations for configuring log reporting.........................................................................31-70
Table 32-1 Modes to provide the triple play service..........................................................................................32-2
Table 32-2 Data plan for configuring the triple play service -multiple PVCs for multiple services..................32-4
Table 32-3 Data plan for configuring the triple play service - single PVC for multiple services....................32-10
Table 32-4 Data plan for configuring the triple play service by means of single PVC for multiple services
...........................................................................................................................................................................32-16
Table 32-5 Data plan for configuring the triple play service - single PVC for multiple services (based on the service
encapsulation type)............................................................................................................................................32-21
Table 33-1 Data plan for configuring Ethernet OAM........................................................................................33-4
Table 33-2 Related operation for creating an MD..............................................................................................33-7
Table 33-3 Related operations for creating an MA............................................................................................33-8
Table 33-4 Related operation for creating an MEP............................................................................................33-9
Table 33-5 Related operation for creating an RMEP.......................................................................................33-10
Table 33-6 Related operation for enabling the CFM globally..........................................................................33-11
Table 33-7 Related operation for enabling CFM alarm globally.....................................................................33-12
Table 33-8 Related operation for enabling the administration function of an MEP........................................33-13
Table 33-9 Related operation for enabling the CC transmission of an MEP...................................................33-14
Table 33-10 Related operation for enabling the global detection function of an RMEP.................................33-15
Table 33-11 Related operation for enabling detection function of the RMEP.................................................33-16
Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of an MEP........33-17
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC................................33-18
Table 33-14 Related operations for configuring loop detection function.........................................................33-20
Table 33-15 Related operations for configuring Linktrace function................................................................33-21
Table 34-1 Data plan for detection of MPLS OAM for static LSP connectivity...............................................34-3
xxx Huawei Technologies Proprietary Issue 04 (2007-11-30)

Table 34-2 Data plan for the MPLS OAM protection switchover.....................................................................34-7
Table 34-3 Related operations for configuring the MPLS OAM function of the ingress................................34-12
Table 34-4 Related operations for configuring the MPLS OAM function of the egress................................. 34-13
Table 34-5 Related operations for configuring the tunnel protection group....................................................34-14
Table 34-6 Related operation for switching over the protection group manually............................................34-15
Table 34-7 Related operations for enabling the protection group to output the debugging information.........34-16
Table 35-1 Correspondence between the POWER4845 DIP switch and the slave node number......................35-3
Table 35-2 Correspondence between the H801ESC DIP switch and the slave node number............................35-3
Table 35-3 Correspondence between the FAN DIP switch and the slave node number....................................35-4
Table 35-4 Data plan for EMU configuration....................................................................................................35-4
Table 35-5 Related operations for adding an EMU............................................................................................35-9
Table 35-6 Commands for configuring the H303ESC/H304ESC EMU..........................................................35-10
Table 35-7 Related operations for configuring the H303ESC/H304ESC EMU..............................................35-12
Table 35-8 Commands for configuring an H561ESC EMU............................................................................ 35-12
Table 35-9 Related operations for configuring an H561ESC EMU.................................................................35-13
Table 35-10 Commands for configuring a POWER4845 EMU.......................................................................35-14
Table 35-11 Related operations for configuring a POWER4845 EMU...........................................................35-16
Table 35-12 Related operations for configuring the FAN alarm report...........................................................35-17
Table 35-13 Related operations for setting the fan speed adjustment mode....................................................35-18
Table 35-14 Related operations for setting the FAN speed..............................................................................35-19
Table 36-1 Data plan for the sample MSTP network.........................................................................................36-4
Table 37-1 Data plan for the sample subtended network...................................................................................37-4
Issue 04 (2007-11-30) Huawei Technologies Proprietary xxxi

Configuration Guide About This Document
About This Document
Purpose
This document describes the configuration of various services supported by the MA5600/
MA5603. The description covers the following topics:
l Purpose
l Networking
l Data plan
l Prerequisite(s)
l Note
l Configuration flowchart
l Configuration procedure
l Result
This document helps users to know the configuration of various services on the MA5600/
MA5603.
Related Versions
The following table lists the product versions related to this document.
Product Name Version
MA5600/MA5603 V300R003
N2000 BMS V200R011
This document uses the MA5600 as an example since the MA5600 and the MA5603 support
the same software functions, although their hardware is different. Particular description for the
MA5603 is not provided here.
Intended Audience
The intended audience of this document is:
Issue 04 (2007-11-30) Huawei Technologies Proprietary 1

About This Document Configuration Guide
l Installation and commissioning engineers

l System maintenance engineers
l Data configuration engineers
Organization
This document consists of the following chapters and is organized as follows.
Chapter… Describes…
1 Managing the License The license feature and its configuration process.
2 Configuring the How to configure the maintenance terminal

Maintenance Terminal
3 Getting Started With CLI The basic CLI operations on the MA5600
4 Configuring the Network How to configure the network management system

Management
5 Configuring the Log Host How to configure the log host
6 Managing Users User levels and user management operations
7 Managing the Device How to configure the hardware of the MA5600
8 Configuring the Remote How to configure the remote users authentication

User Authentication
9 Configuring the VLAN How to configure various VLANs, including standard

VLAN, smart VLAN, MUX VLAN and super VLAN
10 Configuring the DHCP How to configure DHCP relay to obtain IP addresses

Relay dynamically
11 Configuring the ARP & How to configure ARP and ARP proxy
ARP Proxy
12 Configuring the Routing How to configure the static and dynamic routing protocols
Protocol supported by the MA5600
13 Configuring MSTP How to configure MSTP
14 Configuring NTP How to configure the four NTP modes
15 Configuring MAC How to configure MAC addresses and the MAC address pool
Address
16 Configuring TCP/IP How to configure TCP and IP connections

Connection
17 Configuring ACL ACL and how to configure ACL on the MA5600
18 Configuring the QoS QoS and how to configure QoS on the MA5600
2 Huawei Technologies Proprietary Issue 04 (2007-11-30)

Chapter… Describes…
19 Configuring User How to configure user security on the MA5600

Security
20 Configuring System How to configure system security on the MA5600

Security
21 Configuring the ADSL2+ The ADSL2+ technology and how to configure the ADSL2
Service + access service on the MA5600
22 Configuring the SHDSL The SHDSL technology and how to configure the SHDSL
Service access service on the MA5600
23 Configuring the VDSL2 The VDSL2 technology and how to configure the VDSL2
Service access service on the MA5600
24 Configuring Protection The service protection on the upstream port of the MA5600
for Upstream Link
25 Configuring Device The Ethernet technology and how to subtend MA5600

Subtending devices
27 Configuring MPLS MPLS applications to the MA5600.

Access
28 Configuring MPLS MPLS RSVP-TE applications to the MA5600

RSVP-TE
29 Configuring the VLAN How to configure the wholesale service on the MA5600
Stacking Wholesale Service
30 Configuring the QinQ How to configure the private line service on the MA5600
VLAN Leased Line Service
31 Configuring the How to configure the multicast service on the MA5600

Multicast Service
32 Configuring the Triple How to configure the triple play service on the MA5600
Play Service
33 Configuring the Ethernet Applications of Ethernet OAM to the MA5600

OAM
34 Configuring the MPLS Applications of MPLS OAM to the MA5600

OAM
35 Configuring the The EMUs supported by the MA5600 and how to configure
Environment Monitoring them
36 MSTP Networking How to configure the integrated networking of MSTP

Example
37 Subtending Networking How to configure subtending integrated networking

Example
A Acronyms and Acronyms and abbreviations used in the document

Abbreviations

Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk which, if not avoided,

will result in death or serious injury.
Indicates a hazard with a medium or low level of risk which, if

not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation that, if not avoided,

could cause equipment damage, data loss, and performance
degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement

important points of the main text.
General Conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Boldface Names of files, directories, folders, and users are in boldface.

For example, log in as user root.
Italic Book titles are in italics.

Courier New Terminal display is in Courier New.
Command Conventions
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italic.
[] Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. One is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be
selected.
GUI Conventions
Boldface Buttons, menus, parameters, tabs, window, and dialog titles are
in Boldface. For example, click OK.
> Multi-level menus are in boldface and separated by the “>”

signs. For example, choose File > Create > Folder.
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt
+A means the three keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means the
two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and quickly
without moving the pointer.
Drag Press and hold the primary mouse button and move the pointer
to a certain position.

Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in 04 (2007-11-30)
This is the fourth release.
The following contents are modified:

l 31 Configuring the Multicast Service
l 32.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services
Updates in 03 (2007-10-18)
This is the third release.
The following contents are added:

l License management
l SHDSL.bis line
The following contents are modified:

l 14.1 Overview:The NTP automatically adjusts the local time through time zone settings
l 12.8.12 Setting the VLAN-Based Transparent Transmission for OSPF
Packets:VLAN-based transparent transmission of OSPF multicast packets
l 9.1 Overview:Service ports support standard VLANs for L2 interconnection
l 21.6 Adding an Extended ADSL2+ Line Profile:The ADSL2+ extended line profile
supports L2 low-consumption mode
Updates in 02 (2007-01-10)
This is the second release.
The following chapters are modified or added:

l MSTP Configuration
l 23 Configuring the VDSL2 Service
l Protection Configuration for Upstream Link
l MPLS OAM Configuration
l Ethernet OAM Configuration
Updates in 01 (2006-07-18)
This is the first release.

Configuration Guide 1 Managing the License
1 Managing the License
About This Chapter
This chapter describes the license feature and its configuration process.
1.1 Overview of the License

This section describes the license function and its application to the MA5600.
1.2 License Principles
This section describes the function principle and implementation principle of the license.
1.3 Configuration Example of the License Application
This operation enables you to configure the license application.
1.4 Configuring the License Server
This operation enables you to configure the IP address of the license server and configure the
TCP port number used for the communication between the MA5600 and the license server.
1.5 Configuring the ESN
This operation enables you to configure the equipment serial number (ESN) for the device. The
ESN uniquely identifies the device on the license server.
Issue 04 (2007-11-30) Huawei Technologies Proprietary 1-1

1 Managing the License Configuration Guide
1.1 Overview of the License

This section describes the license function and its application to the MA5600.
Service Description
With the license function enabled, the license server performs license control on the function
entries and resource entries supported by the MA5600 and provides individualized services for
customers.
Service Specifications
The control entries of the license function include function entries and resource entries.
A function entry refers to the entry whose license is controlled based on the function. The
controllable function entries supported by the MA5600 include:
l The ETH OAM function

l The G.SHDSL.bis function
l The G.SHDSL binding function
l The illegal access control function of the broadband metropolitan area network (MAN)
l The MPLS function
l The port rate measurement function
A resource entry refers to the entry whose license is controlled based on the count. The
controllable resource entries supported by the MA5600 include:
l BTV user count

l BTV program count
l Count of conversion from xPOA to xPOE
l Count of ADSL2+/SHDSL/VDSL2 port
l Count of ADSL2+ port using the Annex M feature
l Count of ADSL2+ port using the INP+ feature
NOTE
l If you need to use the license function supported by the MA5600, consider the deployment
of the license server in data planning.
l It is recommended to install the license server on a same computer with the network
management system (NMS) server. If no NMS server exists, deploy one license server in the
network.
1.2 License Principles

This section describes the function principle and implementation principle of the license.
1-2 Huawei Technologies Proprietary Issue 04 (2007-11-30)

License Function Principle

l The MA5600 adopts the network license scheme. That is, the license server is deployed in
the network. The license server can be installed on a same computer with the NMS server.
The two servers are different components. The license server can be also installed on a
separated server. Each digital subscriber line access multiplexer (DSLAM) device
functions as a license client. The license server manages the licenses of all the clients in a
centralized manner.
l In each management range of the license server, each product has one license file. In
general, a management range can be a district or a city. The license file is stored on the
license server. The license file defines the resource entries of the product. Since one license
server can manage multiple products, multiple license files can be stored on one license
server.
License Implementation Principle

l In the system initialization process of the MA5600, each service module must register their
controlled resource entries and function entries. After the system runs in the normal state,
the management module of a license client obtains the authorization information about the
license controlling entries of the license client from the license server according to the
registration information.
l When you configure a service module through the command line or NMS, the device checks
whether the resource entries of the service module are overloaded or the function entries
of the service module are authorized.
– For license-controlled resource entries, if the service entries are overloaded, the system
terminates the service configuration and prompts that the license resources are
insufficient.
– For license-controlled function entries, if the function entries are not authorized, the
system prompts you that the functions are not authorized.
– If the resource entries are not overloaded or the function entries are authorized, the
system allows you to continue the service configuration.
– For a license-controlled resource entry, the license resource applied for the service
module is released in deleting the service configuration.
1.3 Configuration Example of the License Application

This operation enables you to configure the license application.
Prerequisite
l The network devices and lines are in the normal state.
l All boards of the MA5600 are normal.
l The license function is enabled.
Networking
Figure 1-1 shows the sample network for configuring the license application.
The license function is enabled on the MA5600. The license server is installed on the same
computer as the NMS server (N2000 BMS). The license management tool installed on the N2000

client configures and manages the license file. MA5600_A communicates with the license server
through port 0/7/0. The TCP port number is 10010.
Figure 1-1 Sample network for configuring the license application
N2000 BMS&License server
100.100.100.1/24
Internet
N2000 client
Router
60.60.60.2/24
60.60.60.1/24
......
MA5600_A MA5600_B MA5600_N
Data Plan
Table 1-1 lists the data plan for configuring the license application.
Table 1-1 Data plan for configuring the license application
Item Data
License server IP address: 100.100.100.1/24
TCP port number: 10010
MA5600_A Uplink port: 0/7/0
VLAN ID: 10
IP address of the layer 3 interface: 60.60.60.1/24
Router IP address of the port connecting to MA5600_A: 60.60.60.2/24
NOTE
l The configuration at the MA5600 side is the same. This section takes the configuration of
MA5600_A as an example.
l This section describes only the configuration at the device side. For how to configure the license server,
refer to the related configuration manual of the license server.

Configuration Flowchart
Figure 1-2 shows the flowchart for configuring the license application.
Figure 1-2 Flowchart for configuring the license application
Start
Configure the interface

communicating with the license
server
Configute the device ESN
Specify the license server
Save the data
End
Procedure
Step 1 Configure the interface that is for communicating with the license server.
1. Create a VLAN.
huawei(config)#vlan 10 smart
2. Configure the uplink port.

huawei(config)#port vlan 10 0/7 0
huawei(config)#interface scu 0/7
huawei(config-if-scu-0/7)#native-vlan 0 vlan 10
3. Configure the layer 3 interface.

huawei(config-if-scu-0/7)#quit
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 60.60.60.1 24
Step 2 Configure the equipment serial number (ESN).

huawei(config-if-vlanif10)#quit
huawei(config)#license esn 60.60.60.1
Step 3 Specify the license server.

huawei(config)#license server ipaddress 100.100.100.1 tcpport 10010
Step 4 Save the data.

huawei(config)#save
----End

Result
After the configuration, run the display license info command to check whether the
communication between the device and the license server is normal. MA5600_A is initialized,
each service module can register the controlled resource entries or function entries in the normal
state.
1.4 Configuring the License Server

This operation enables you to configure the IP address of the license server and configure the
TCP port number used for the communication between the MA5600 and the license server.
Context
l The IP address of the license server and the TCP port number must be consistent with the
data in the actual network plan.
l When the IP address of the license server and the TCP port number change, you need to
re-configure the device.
l Two IP addresses of the license server can be configured at the device side. The two IP
addresses must be different from each other. Only one TCP port number can be configured
at the device side.
Procedure
Step 1 Run the license server command to configure the license server.
Step 2 Run the display license info command to query the license basic information.
----End
Example
To configure the IP address of license server 1 as 10.10.10.1, that of license server 2 as
20.20.20.1, and TCP port number as 1024, do as follows:
huawei(config)#license server ipaddress 10.10.10.1 20.20.20.1 tcpport 1024
huawei(config)#display license info
License switch: enable
ESN: 10.71.55.192
IP address of the first server: 10.10.10.1
IP address of the second server: 20.20.20.1
Communication status: abnormal
License status: unregistered
NOTE
l When the upper layer device is not connected, the communication status of the license client is
abnormal. The license status of the license client is unregistered. In this case, no controlled resource
can be configured and no controlled function can be enabled.
l When the related configuration is complete in the network, the communication status of the license
client is normal. The license status of the license client is registered. In this case, new controlled
resources can be configured and controlled functions can be enabled within the management range of
the license.

Related Operation
Table 1-2 lists the related operation for configuring the license server.
Table 1-2 Related operation for configuring the license server
To... Run the Command...
Configure the ESN license esn
Query the features controlled display license feature

by the license and the
information about the
features
1.5 Configuring the ESN

This operation enables you to configure the equipment serial number (ESN) for the device. The
ESN uniquely identifies the device on the license server.
Context
The ESN must be the IP address of the port connecting to the license server. When the IP address
of the port connecting to the license server changes, you should re-configure the ESN for the
device.
Procedure
Step 1 Run the license esn command to configure the ESN for the device.
Step 2 Run the display license info command to query the license basic information.
----End
Example
Assume that the device connects to the license server through the maintenance network port.
The IP address of the maintenance network port is 60.60.60.1. To configure the ESN for the
device, do as follows:
NOTE
Run the interface meth command to enter the MEth mode. Then run the ip address command to configure
the IP address of the maintenance network port.
huawei(config)#license esn 60.60.60.1
huawei(config)#display license info
License switch: enable
ESN: 60.60.60.1
IP address of the first server: 100.100.100.1
IP address of the second server: 200.200.200.1
Communication status: abnormal
License status: unregistered

NOTE
l When the upper layer device is not connected, the communication status of the license client is
abnormal. The license status of the license client is unregistered. In this case, no controlled resource
can be configured and no controlled function can be enabled.
l When the related configuration is complete in the network, the communication status of the license
client is normal. The license status of the license client is registered. In this case, new controlled
resources can be configured and controlled functions can be enabled within the management range of
the license.
Related Operation
Table 1-3 lists the related operation for configuring the ESN for the device.
Table 1-3 Related operation for configuring the ESN for the device
Configure the license server license server
Query the features controlled display license feature

by the license and the
information about the
features

Configuration Guide 2 Configuring the Maintenance Terminal
2 Configuring the Maintenance Terminal
About This Chapter
This chapter describes the different maintenance modes of the MA5600 through a maintenance
terminal and features of the features of the maintenance modes.
2.1 Overview
This section describes the different maintenance modes of the MA5600 through the maintenance
terminal and features of the different maintenance modes.
2.2 Configuring the Terminal Through the Local Serial Port
This operation enables you to log in to and configure the MA5600 using the HyperTerminal of
the Windows operating system.
2.3 Configuring the Terminal Through the Remote Serial Port
This operation enables you to log in to and configure the MA5600 through the remote serial
port.
2.4 Configuring the Terminal Through the Outband Management Channel
This operation enables you to connect the maintenance terminal to the MA5600 over a local area
network (LAN) or a wide area network (WAN), and configure the MA5600 through the outband
management channel.
2.5 Configuring the Terminal Through the Inband Management Channel
This operation enables you to configure the MA5600 through the inband management channel.
2.6 Configuring the Terminal Through SSH
This operation enables you to connect the maintenance terminal to the MA5600 over a LAN or
a WAN and configure the MA5600 through SSH.

2 Configuring the Maintenance Terminal Configuration Guide
2.1 Overview
This section describes the different maintenance modes of the MA5600 through the maintenance
terminal and features of the different maintenance modes.
You can maintain the SmartAX MA5600 Multi-service Access Module (the MA5600 for short)
through a maintenance terminal in command line interface (CLI) mode. The configuration of a
maintenance terminal involves:
l 2.2 Configuring the Terminal Through the Local Serial Port
l 2.3 Configuring the Terminal Through the Remote Serial Port
l 2.4 Configuring the Terminal Through the Outband Management Channel
l 2.5 Configuring the Terminal Through the Inband Management Channel
l 2.6 Configuring the Terminal Through SSH
Table 2-1 lists the features of the different maintenance modes.
Table 2-1 Features of the different maintenance modes

Maintenance mode Description Feature
Local serial port Uses the HyperTerminal of No network management software

the operating system for is needed.
configuration.
Remote serial port Uses the HyperTerminal of It connects modems at both the
the operating system for MA5600 side and the maintenance
configuration. terminal side.
Inband management Uses the service channel of l Advantages: It adopts flexible

channel the MA5600 to manage the networking, without needing
network device. extra networking device, thus
saving networking cost
l Disadvantages: The
maintenance work cannot be
carried out if the service
channel fails.
Outband management Uses the maintenance l Advantages: It provides reliable

channel network port (ETH) of the device management channel.
control board (SCU) of the The fault can be located in time
MA5600 to manage the even if the managed device
system. fails.
l Disadvantage: An extra
network device is required to
set up the maintenance channel.

Maintenance mode Description Feature
SSH mode Uses the service channel of Secure Shell (SSH) ensures
the MA5600, or the network security by the
maintenance network port authentication, encryption and
of the SCU board to identification functions. When a
manage the system. user telnets to the MA5600 from
an insecure network, SSH protects
the MA5600 from malicious
events such as IP address spoofing
and clear text password
interception.
2.2 Configuring the Terminal Through the Local Serial Port

This operation enables you to log in to and configure the MA5600 using the HyperTerminal of
the Windows operating system.
Networking
Figure 2-1 shows the networking for configuring the MA5600 through the local serial port.
Figure 2-1 Networking for configuring the MA5600 through the local serial port
RS-232 cable
CON
ETH
MON
Serial port SCU MA5600

PC
Figure 2-2 shows the flowchart for configuring the MA5600 through the local serial port.

Figure 2-2 Flowchart for configuring the MA5600 through the local serial port
Start
Connect the serial port cable
Run the HyperTerminal
Set the HyperTerminal parameters
Define the terminal type
Set ASCII code
Log in to the system
End
Procedure
Step 1 Connect the serial port cable.
Use a RS-232 serial port cable to connect the serial port of the PC to the CON port of the SCU
board, as shown in Figure 2-1.
Step 2 Start the HyperTerminal.

1. Set up a connection.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and set up a serial port connection. Input the name that is to be connected
to the MA5600. Click OK.
2. Configure the serial port.
Select the standard character terminal or PC terminal serial port that is actually connected
to the MA5600 (assuming it to be serial COM2). Click OK.
Step 3 Set the parameters of the terminal.
In Step 2, click OK. Then, set the serial port parameters in the dialog box as shown in Figure
2-3. The parameters are set as follows:
l Bits per second: 9600

l Data bits: 8

l Parity: None
l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure the baud rate of the HyperTerminal is consistent with that of
the serial port. By default, the baud rate of the serial port is 9600 bit/s.
l There may be illegible characters in the input information after you log in to the system. This is usually
due to baud rate inconsistency between the HyperTerminal and the system. In this case, use a different
baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400
bit/s, 57600 bit/s and 115200 bit/s.
Figure 2-3 Setting parameters of the terminal
Click OK.
Step 4 Define the terminal emulation type.
Select File > Properties in the HyperTerminal interface. Click the Settings tab. Select
VT100 or Auto Detection as the type of terminal emulation, as shown in Figure 2-4.

Figure 2-4 Setting the terminal emulation type
Step 5 Set ASCII code.

Click ASCII Setup. Set the line delay and character delay as 200 ms, as shown in Figure 2-5.
NOTE
When you paste text to the HyperTerminal, character delay controls the character transmit speed, and line
delay controls the interval of sending every line. A too short delay leads to the loss of characters. When
the pasted text is displayed abnormally, you can modify the setting.

Figure 2-5 Setting ASCII code
----End
Result
In the HyperTerminal interface, press Enter. The system displays a message, requesting you to
enter the user name. Enter the user name and password for user registration (by default, the super
user name is root and password is admin), and wait till the command line prompt (MA5600>)
appears.
If the login fails, click the Hang-up icon first, and then the Dial icon. If you still fail to log in,
return to the previous steps to check the parameter settings and physical connections, and then
try again.
2.3 Configuring the Terminal Through the Remote Serial

Port
This operation enables you to log in to and configure the MA5600 through the remote serial
port.
Prerequisite
Before using a serial port for remote maintenance, connect a modem at both the MA5600 and
the PC sides. In this way, you can set up a remote connection between the PC and the
MA5600 through modem dialup.
The modem at the MA5600 side is referred to as the called modem. The modem at the PC side
is referred to as the calling modem. The modems shall meet the following requirements:
l Both the calling and called modems comply with the related standards, and support AT
command set.
l The called modem must be an external modem.

l The calling modem can be either a built-in modem or an external modem. For better
compatibility and the ease of status monitoring, you are recommended to adopt an external
modem made by the vendor of the called modem.
l The following configuration is based on modems of the same type. In actual applications,
you can configure the modem by referring to the related AT command set.
Networking
Figure 2-6 shows the networking for configuring the MA5600 through the remote serial port.
Figure 2-6 Networking for configuring the MA5600 through the remote serial port
Serial port cable
Telephone line
Modem CON
ETH
MON
PSTN
Telephone line
SCU MA5600
Serial port
cable
Modem PC
Figure 2-7 shows the flowchart for configuring the MA5600 through the remote serial port.
Figure 2-7 Flowchart for configuring the MA5600 through the remote serial port
Start
Set the called Modem parameters
Set the calling Modem parameters
Set up the configuration environment
Start the HyperTerminal for dialup
End

Procedure
Step 1 Set the called modem parameters.
Only three signal lines, namely SD, RD and SG, are used for connecting the MA5600 and the
modem. Therefore, before connecting the modem with the MA5600, shield the handshake
signals and flow control signals of the modem.
The configuration of a modem needs an intelligent terminal. The following modem configuration
is based on the HyperTerminal operating under Windows.
1. Connect the serial port of the modem with that of the maintenance terminal using the
dedicated cable for the modem, and power on the system. Installing a driver is not required
at this step.
2. Assume that the modem is connected to COM2 port. Start the HyperTerminal, and select
Direct to COM2 in the column of Connect using in the dialog box that appears. Set the
serial port parameters as follows: 9600 bit/s for baud rate, 8 for data bits, 1 for stop bits,
None for parity, None for flow control.
NOTE
After the connection, you may find that the terminal cannot display anything. This is because the
display function of the modem is disabled at the previous configuration operation. To enable the
terminal to display input and output information, run the AT&F command to restore the default
settings and press Enter.
3. Check the modem.
In the HyperTerminal, enter the AT&F command to restore the default settings of the
modem. Observe if the screen displays "OK". If yes, the modem is normal.
4. In the HyperTerminal, enter the following commands:
ATS0=1 //Enable the auto replay function (ringing sound).
AT&D //Ignore DTR signals.
AT&K0 //Disable the flow control function.
AT&R1 //Ignore the RTS signals.

AT&S0 //Set DSR as high level.
ATEQ1&W //Disable the modem’s response to the command while
executing the command and saving the configurations.
NOTE
After the execution of the last command, entering the AT command disables the echo function of
the terminal and prohibits it from displaying the execution results. Due to the limitation of the bit
rate of the modem, a baud rate of 9600 bit/s or 19200 bit/s is recommended for the serial port of the
MA5600. If necessary, you can run the baudrate command to modify the baud rate of the serial port
of the MA5600. To prevent an extremely high bit rate on the line between the two modems, you can
set AT$MB=9600 (or another value) before running the ATEQ1&W command.
Step 2 Set the calling modem parameters.
After power-on, the calling modem can function in the normal state without any configuration.
However, if you connect the maintenance terminal with the modem using a standard cable, shield
the handshake signals and flow control signals of the modem before the connection. For details
on this shield operation, refer to the settings of the called modem parameters.
Step 3 Set up the configuration environment.
Figure 2-6 shows the configuration environment.
1. Connect the called modem.

Plug the telephone line into the LINE port of the called modem. Connect the serial port of
the called modem with the maintenance port CON of SCU board on the MA5600 using the
dedicated serial port cable for the MA5600, and power on the modem.
2. Connect the calling modem.
For an external modem, plug the telephone line into the LINE port of the calling modem,
connect the serial port of the calling modem with that of the maintenance terminal using
dedicated cable for the modem, and power on the modem.
For a built-in modem, you only need to plug the telephone line into the LINE port of the
calling modem.
Step 4 Start the HyperTerminal.
1. Set up a new connection.
Choose Start > Programs > Accessories > Communication > HyperTerminal to start
the HyperTerminal and input the name. Click OK.
2. Configure the serial port.
Select the standard character terminal or PC terminal serial port that is actually connected
to the MA5600 (assuming serial port COM2). Click OK.
Step 5 Set the parameters of the HyperTerminal.
In the above Step 2, click OK. Then, set the serial port parameters in the dialog box as shown
in Figure 2-8. The parameters are set as follows:
l Baud rate: 9600 bit/s
l Data bits: 8
l Parity: None
l Stop bits: 1
l Flow control: None
NOTE
l When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with that
of the serial port. By default, the baud rate of the serial port is 9600 bit/s.
l After login, illegible characters may be found among the input information. This is usually caused by
baud rate inconsistency between the HyperTerminal and the system. In this case, try to use another
baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400
bit/s, 57600 bit/s and 115200 bit/s.

Figure 2-8 Setting the parameters of the HyperTerminal
Click OK. The HyperTerminal interface appears.

Step 6 Dial up on the HyperTerminal.
1. For an external modem, follow the steps below:
To set up a connection with an external modem, select a serial port, rather than a modem,
from the Connect using drop down list in the HyperTerminal.
In the HyperTerminal interface, you can enter the AT command for dialup, for example
ATDTXXXXXXXX. XXXXXXXX represents the telephone number of the line connected
with the remote modem.
For details about the dialup commands, refer to the AT command set. ATDT0 W
020XXXXXXXX means to dial "0" for connection with the external line. Wait for the
dialing tone from the exchange, and then dial the telephone number of 020XXXXXXXX.
2. For a built-in modem, the procedure is as follows:
Run the HyperTerminal. Set the called number. Select the modem from the Connect
using drop down list. Click Configure in the properties setting interface to set the modem
properties. Select Bring up terminal window after dialing in the Options tab of the
properties setting interface. Click OK to confirm the setting. Click Dial to proceed with
the dialing. You need not use any ATDT commands for dialing.
----End
Result
After dialup, the "OH" and "RI" LEDs on the modem connecting to the PC turn on. The modem
generates a kind of sound, which indicates the progress of the connection. After the connection
is set up, the two modem CD LEDs (for carrier detection) turn on, and the HyperTerminal

interface displays "CONNECT9600 (or 19200)". This indicates that the inter-modem connection
is set up successfully.
If "NO CARRIER" is displayed, the connection fails. Check the hardware connections and the
telephone line. Press Enter until the login interface appears.
After configuring the MA5600, run the hang-up command of the HyperTerminal to break the
connection.
WARNING
l In the process of modem connection setup, pressing any key in the keyboard will interrupt
the ongoing call.
l After a remote maintenance operation, you need to disconnect the line, rather than merely
shutting down the HyperTerminal. Otherwise, modems of a certain model may remain online
all the time, causing failure in the next dialup connection.
2.4 Configuring the Terminal Through the Outband

Management Channel
This operation enables you to connect the maintenance terminal to the MA5600 over a local area
network (LAN) or a wide area network (WAN), and configure the MA5600 through the outband
management channel.
Networking-LAN
Figure 2-9 shows the networking for local configuration through a LAN.
Figure 2-9 Networking for local configuration through a LAN
CON
ETH
MON
SCU MA5600
LAN
PC PC PC

Use a straight through cable to connect the MA5600 with the LAN. Make sure that the IP address
of the maintenance network port of the control board and that of the PC used for maintaining
the MA5600 are located in the same subnet.
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal with the
maintenance network port of the control board to maintain the MA5600.
Data Plan-LAN
Table 2-2 lists the data plan for the network.
Table 2-2 Data plan for the network
Item Data
maintenance network port of the IP address: 10.10.20.2/24

MA5600
PC used for maintaining the MA5600 IP address: 10.10.20.1/24
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal with the
maintenance network port of the control board to maintain the MA5600.
Networking-WAN
Figure 2-10 shows the connection between a WAN and the maintenance network port of the
control board.
Figure 2-10 Connection between a WAN and the maintenance network port of the control board
PC
LAN CON
WAN ETH
MON
Router
PC PC
SCU MA5600
Data Plan-WAN

Item Data
maintenance network port of the IP address: 10.10.20.1/24

MA5600
Router port connecting to the MA5600 IP address: 10.10.20.254/24
Figure 2-11 shows the flowchart for configuring the MA5600 through the outband management
channel.
Figure 2-11 Flowchart for configuring the MA5600 through the outband management channel
Start
Set up the configuration environment
Set the IP address of the ETH port
Add a route for the NMS
Run Telnet
End
Procedure
Figure 2-9 and Figure 2-10 show the sample networks for configuring the MA5600 through
the outband management channel. You can set up the environment as required.
Step 2 Set the IP address of the maintenance network port.

huawei(config)#interface meth 0
huawei(config-if-meth0)#ip address 10.10.20.1 24
Step 3 Add a route for the network management system (NMS).

l If you set up the WAN configuration environment as shown in Figure 2-9, no route needs
to be added.
l If you set up the WAN configuration environment as shown in Figure 2-10, add a next hop
route to the NMS.
huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 4 Run the telnet application.

Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the MA5600 in the Open field. Click OK to run the telnet
application, as shown in Figure 2-12.
Figure 2-12 Running the telnet application
Step 5 Log in to the system.

By default, the super user uses root as the user name and admin as the password.
Huawei MA5600 Multi-service Access Module.
Copyright (C) Huawei Technologies Co., Ltd. 2002-2007. All rights reserved.
>>User name:root
>>User password:
----End
Result
After you log in to the system, you can perform the configuration successfully.
2.5 Configuring the Terminal Through the Inband

Management Channel
This operation enables you to configure the MA5600 through the inband management channel.
Networking-LAN
Figure 2-13 shows the networking for the maintenance through the GE port over a LAN.

Figure 2-13 Networking for the maintenance through the GE port over a LAN
CON
ETH
MON
GE 0/7/0
SCU MA5600
LAN
PC PC PC
Data Plan-LAN
Item Data
Inband management interface of the MA5600 IP address: 10.10.20.1/24
Networking-WAN
Figure 2-14 shows the networking for the maintenance through the GE port over a WAN.
Figure 2-14 Networking for the maintenance through the GE port over a WAN
CON
ETH
MON
IP GE 0/7/0
Router
PC
SCU MA5600
Data Plan-WAN

Item Data
GE port of the MA5600 IP address: 10.10.20.1/24
PC used for maintaining the IP address: 10.10.21.1/24

MA5600
Router port connecting to the IP address: 10.10.20.254/24

MA5600
Figure 2-15 shows the flowchart for configuring the MA5600 through the inband management
channel.
Figure 2-15 Flowchart for configuring the MA5600 through the inband management channel
Start
Set up the configuration

environment
Create an NMS VLAN
Set the IP address of the VLAN

interface
Set the inband NMS route
Run the Telnet
End
Procedure

Figure 2-13 and Figure 2-14 show the sample network for configuring the MA5600 through
the inband management channel. You can set up the environment based on your own conditions.
Step 2 Create an NMS VLAN and add the upstream port to it.
Run the vlan command to create an NMS VLAN.

huawei(config)#vlan 30 standard
Step 3 Set the IP address of the VLAN layer 3 interface.
Run the ip address command to set the IP address and subnet mask of the MA5600 VLAN layer
3 interface.
huawei(config-if-vlanif30)#ip address 10.10.20.1 255.255.255.0
Step 4 Set inband NMS route.
If the configuration environment is set up as shown in Figure 2-13, no route needs to be

configured.
If the configuration environment is set up as shown in Figure 2-14, add the route of next hop.
Step 5 Run the telnet application.
Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the
maintenance network port of the SCU board in the Open field. Click OK to run the telnet
application as shown in Figure 2-16.
Figure 2-16 Running the telnet application
Step 6 Log in the system.
By default, the Super user uses root and admin as the user name and password. When you log
in, the system prompts the following
Huawei MA5600 Multi-service Access Module.
>>User name:root
>>User password:
----End

Result
After login, you can configure the terminal for maintenance.
2.6 Configuring the Terminal Through SSH

This operation enables you to connect the maintenance terminal to the MA5600 over a LAN or
a WAN and configure the MA5600 through SSH.
Networking-LAN
Figure 2-17 shows the connection for setting up the SSH configuration environment in LAN
outband mode.
Figure 2-17 Setting up the SSH configuration environment in LAN outband mode
CON
ETH
MON
SCU MA5600
LAN
PC PC PC
Data Plan-LAN

Item Data
MA5600 IP address of the maintenance network port: 10.10.20.2/24

User name: huawei
User authentication mode: RSA public key authentication

MA5600 Client software: PuTTY.exe, PuTTYGen.exe, sshkey.exe
NOTE
You can search and download the client software from the Internet.

Networking-WAN
Figure 2-18 shows the connection for setting up the SSH configuration environment in WAN
outband mode.
Figure 2-18 Setting up the SSH configuration environment in WAN outband mode
PC
LAN CON
WAN ETH
MON
Router
PC PC
SCU MA5600
Data Plan-WAN

Item Data
MA5600 IP address of the maintenance network port: 10.10.20.2/24

User name: huawei

MA5600 Client software: PuTTY
Password conversion tool: PuTTY.exe, PuTTYGen.exe,
sshkey.exe
NOTE
Router port connecting to IP address: 10.10.20.254/24

the MA5600
Networking-LAN
Figure 2-19 shows the connection for setting up the SSH configuration environment in LAN
inband mode.

Figure 2-19 Setting up the SSH configuration environment in LAN inband mode
CON
ETH
MON
GE 0/7/0
SCU MA5600
LAN
PC PC PC
Data Plan-LAN

Item Data
MA5600 IP address of the VLAN layer 3 interface: 10.10.20.2/24

User name: huawei

MA5600 Client software: PuTTY.exe, PuTTYGen.exe, sshkey.exe
NOTE
Networking-WAN
Figure 2-20 shows the connection for setting up the SSH configuration environment in WAN
inband mode.
Figure 2-20 Setting up the SSH configuration environment in WAN inband mode
CON
ETH
MON
IP GE 0/7/0
Router
PC
SCU MA5600

Data Plan-WAN

Item Data
MA5600 IP address of VLAN layer-3 interface:

10.10.20.2/24
User name: huawei
User authentication mode: RSA public key
authentication

Client software: PuTTY
Password conversion tool: PuTTY.exe,
PuTTYGen.exe, sshkey.exe
NOTE
You can search and download the client software from
the Internet.
Figure 2-21 shows the flowchart for configuring the SSH environment. For details on
configuration, refer to "8.6 Configuring SSH."

Figure 2-21 Flowchart for configuring in SSH mode
Start
Set the IP address of the maintenance

network port/VLAN layer 3 interface
Add a route for the NMS
Create a user
password-
Set authentication authentication mode
mode for the SSH user
rsa, all, password-public
key authentication
modes
Create the key pair for the SSH server
Generate the RSA public key
Generate the public key for the SSH

user
Authorize the public key to the

SSH user
Use the SSH software to log in to the

system
End
Procedure
You can set up the configuration environment shown in Figure 2-17, Figure 2-18, Figure
2-19 and Figure 2-20.
Step 2 Set the IP address of the maintenance network port/VLAN layer 3 interface.
l To set the IP address of the maintenance network port, do as follows:

huawei(config-if-meth0)#ip address 10.10.20.2 255.255.255.0
l To set the IP address of the VLAN layer 3 interface, do as follows:

Step 3 Add a route for the NMS.

To set up a LAN configuration environment based on Figure 2-17 or Figure 2-19, you need not
add any route for the NMS.
To set up a WAN configuration environment based on Figure 2-18 or Figure 2-20, you must
add a route of next hop for the NMS as follows:
Step 4 Create a user.

To create a user of operator level with user name and password huawei and reenter log times 4,
do as follows:
huawei(config)#terminal user name
User Name(<=15 chars):huawei
User Password(<=15 chars):huawei
Confirm Password(<=15 chars): huawei
User's Level:
1. Common User 2. Operator 3. Administrator:2
Permitted Reenter Number(0--4):4
User's Appended Info(<=30 chars):
This user has been added
Repeat this operation? (y/n)[n]:n
Step 5 Set authentication mode for the SSH user.

Select the rsa authentication mode.
huawei(config)#ssh user huawei authentication-type rsa
Step 6 Create the key pair for the SSH server.
CAUTION
The first step after you succeed in logging in to the SSH is to configure and create the local RSA
key pair. Be sure to complete the "rsa local-key-pair create" operation and create the local key
pair before further SSH configurations.
huawei(config)#rsa local-key-pair create

The key name will be: huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.++++++++++++
..++++++++++++
............++++++++
...............................++++++++
Step 7 Generate the RSA public key.

1. Run the key generator PUTTYGEN.EXE

Open the key generator PUTTYGEN.EXE, as shown in Figure 2-22.
Figure 2-22 Interface of the key generator
2. Generate the client key.

Select SSH-2 RSA as the key type under Parameters. Click Generate. Move the mouse
over the blank area to generate the client key, as shown in Figure 2-23.

Figure 2-23 Generating the client key
After generating the client key, save public key and private key.
3. Generating the RSA public key.
Run sshkey.exe, the client software for converting keys, to convert the client public key
into the RSA public key, as shown in Figure 2-24.

Figure 2-24 Interface of converting the client public key into the RSA public key
Step 8 Generate the public key for the SSH user.

To generate the public key for the SSH user, copy the RSA public key to the server in config-
rsa-key-code command line mode.
huawei(config)#rsa peer-public-key key 1
huawei(config-rsa-public-key)#public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
huawei(config-rsa-key-code)#30818602 81805A01 625279EF 5E4CD503 916C9DB5 0233CF58
huawei(config-rsa-key-code)#C901D4CA 207C77D3 4EF25B04 9897BD24 997BF61B DFB9A73C
huawei(config-rsa-key-code)#F82B6F06 55ACCDB9 F7DC1474 9E6518EE B1A543FF 9147150B
huawei(config-rsa-key-code)#111BD11C 683A023B A4295550 DA13F6BE 3190A2A8 3BFCB158
huawei(config-rsa-key-code)#4FBAA365 F6E796A0 B02CB6F9 8491A373 9B4A0876 4B3189B4
huawei(config-rsa-key-code)#BBA2C7BA E1974104 AD165E98 18CF0201 25
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
Step 9 Authorize the public key to the SSH user.

In global config mode, to authorize the public key to the SSH user huawei, do as follows:
huawei(config)#ssh user huawei assign rsa-key key
Step 10 Log in to the System.

1. Run the client software.
Run the SSH client software PUTTY.EXE. Click Auth in the directory tree and assign a
file for the RSA private key, as shown in Figure 2-25. Click Browse. Select the file for the
private key and click OK.

Figure 2-25 Interface of the SSH client software
2. Log in to the system.

Click Session in the directory tree. Type in the IP address of the MA5600 in the Host Name
(or IP address) text box. Click Open to log in to the system.

Figure 2-26 Interface for connecting to the system.
Because the user authentication mode is RSA, the system will prompt message, as shown
in Figure 2-27.
Figure 2-27 Interface for logging in the SSH client

Enter the correct user name to log in to the system according to the prompt.
----End
Result
After you log in to the system, you can perform the configuration successfully.

Configuration Guide 3 Getting Started With CLI
3 Getting Started With CLI
About This Chapter
This chapter describes the CLI basic operations of the MA5600.
3.1 Overview
This chapter describes the command line interface (CLI) operation mode and how to apply it
for maintaining the MA5600.
3.2 CLI Characteristics
This section describes the CLI characteristics of the MA5600.
3.3 Basic Operations Through CLI
This section describes how to perform the basic operations on the MA5600 through the CLI.

3 Getting Started With CLI Configuration Guide
3.1 Overview
This chapter describes the command line interface (CLI) operation mode and how to apply it
for maintaining the MA5600.
Service Description
You can maintain the MA5600 through two modes: network management system (NMS) and
CLI.
l The NMS provides a graphical user interface (GUI) for easy operations, and the CLI
provides the command line interface for the same purpose.
l You can maintain the MA5600 through the CLI easily. For this purpose, you can run the
HyperTerminal or the telnet program of the Windows operating system to log in to the
MA5600 to maintain it through the CLI.
Service Specification
This chapter describes some basic CLI operations. After reading this chapter, you can perform
the basic configurations for the MA5600 through the CLI.
3.2 CLI Characteristics

This section describes the CLI characteristics of the MA5600.
3.2.1 Command Modes
This section describes the CLI command mode, the feature and the switchover among command
modes.
3.2.2 Intelligent Matching
This section describes the intelligent matching of the CLI.
3.2.3 Edit Characteristics
This section describes the edit characteristics of the CLI.
3.2.4 Interaction Characteristics
This section describes the interaction function of the CLI.
3.2.5 Parameter Prompt
This section describes the parameter prompt function of the CLI.
3.2.6 Display Characteristics
This section describes the display characteristics of the CLI.
3.2.7 Saving and Showing History Commands
The CLI provides a function like Doskey to automatically save history commands. By this
function, you can obtain history commands saved in the CLI and execute them repeatedly.
3.2.8 CLI Error Prompts
This section describes the CLI error prompts.

3.2.1 Command Modes

This section describes the CLI command mode, the feature and the switchover among command
modes.
Classification
The MA5600 provides various modes to realize hierarchical protection and avoid unauthorized
access.
The MA5600 provides the following command modes:
l User mode
l Privilege mode
l Global config mode
l Interface config Mode
l OSPF mode
l RIP mode
l MPLS-LDP mode
l Tunnel mode
l BTV mode
l Test mode
Features
l Downward compatibility
All commands in user mode can be run in privilege mode.

All commands in user mode and privilege mode can be run in global config mode.
l Hierarchical protection
Based on different command modes, the system can prevent any unauthorized access.
For users at different levels, the command modes involved are different, and the
executable commands for these users are also different even though they can enter the
same mode.

Mode Switching
Figure 3-1 shows how to switch over among the command modes.

Figure 3-1 Switching over among the command modes

ospf OSPF mode
quit huawei(config-ospf-...)#
rip RIP mode

quit huawei(config-rip-...)#
btv BTV mode

quit huawei(config-btv)#
Login User mode enable Privilege mode config Global config mode
huawei> huawei# huawei(config)#
quit disable quit
interface Interface config mode

quit huawei(config-if-...)#
test Test mode

quit huawei(config-test)#
MPLS-LDP mode
huawei(config-ospf-ldp)#
return
Table 3-1 lists the features of the interface config modes.
Table 3-1 Features of the interface config modes

Command Function Prompt Entry
Mode
SCU Configure the huawei(config-if- huawei(config)

control board. SCU-0/7)# #interface SCU
ADSL Configure ADSL huawei(config-if- huawei(config)

port parameters. adsl-0/2)# #interface adsl
SHDSL Configure SHDSL huawei(config-if-shl-0/5) huawei(config)

port parameters. # #interface shl
VDSL Configure VDSL huawei(config-if- huawei(config)

port parameters. vdsl-0/2)# #interface vdsl
Meth Configure the huawei(config-if-meth0) huawei(config)

parameters of the # #interface meth 0
maintenance
network port.
EMU Configure EMU port huawei(config-if- huawei(config)

parameters. power4845/fan/h303esc/ #interface emu
h304esc/h561esc-0)#

Command Function Prompt Entry

Mode
NULL Configure NULL huawei(config-if-null0)# huawei(config)

interface #interface null
parameters.
VLANIF Configure VLAN huawei(config-if-vlanif2) huawei(config)

parameters. # #interface vlanif
MPLS Configure MPLS huawei(config-mpls)# huawei(config)#mpls

parameters.
MPLS-LDP Configure MPLS huawei(config-mpls-ldp) huawei(config)#mpls

LDP parameters. # ldp
Tunnel Configure tunnel huawei(config-if- huawei(config)

interface tunnel10)# #interface tunnel
parameters.
OAM Configure OAM huawei(config-if- huawei(config)

port parameters. oam-0/4)# #interface oam
NOTE
To exit from a command mode, run the quit command. To exit from the current mode to privilege mode,
run the return command. To exit from the privilege mode to user mode, run the disable command. By
default, the command line prompt uses "MA5600" as its prefix. You can modify the prompt by using the
sysname command. The information in the bracket describes the current mode.
3.2.2 Intelligent Matching

This section describes the intelligent matching of the CLI.
Function
For ease of operation, you can type in an incomplete keyword, and then press the space bar. The
system returns a list of matching keywords.
For example, for the command enable, just type in en or ena.
Notes
On pressing the space bar, if the system does not return the commands, it indicates that:
l You have entered a wrong command. In this case, check the command and enter the correct
one.
For example, when you enter dip (for display), entering a space does not display the
commands.
huawei#dip
l The entered keyword conflicts with others.

For example, when you enter dis in privilege mode, the system cannot find a matched
keyword for it. This is because there are two commands that start with dis: disable and
display.
3.2.3 Edit Characteristics

This section describes the edit characteristics of the CLI.
Function
The CLI provides basic command edit functions. It allows multi-line editing, with up to 255
bytes for each command.
Specification
Table 3-2 lists the edit functions.
Table 3-2 Edit functions
Key Function
Common key If the edit buffer is not full, pressing such a key will move the
cursor rightwards from its current position.
<Backspace> Pressing this key will delete the character before the cursor and
move the cursor backwards. When reaching the beginning of the
command, the cursor stops.
Left arrow key <←> or Move the cursor leftwards for the length of one character.
<Ctrl+A>
Right arrow key <→> or Move the cursor rightwards for the length of one character.
<Ctrl+D>
Up/Down arrow key <↑ Display history commands. For some terminals which do not
><↓> support up/down arrow keys, you can use Ctrl+P to select the
previous history command.
<Ctrl+U> Delete the characters before the current cursor and move the
cursor to the beginning of the line.
<Ctrl+K> Delete the characters after the current cursor and move the cursor
to the end of the line.
<Ctrl+F> Search a string.
<Ctrl+B> Move the cursor to the end of the line.
<ESC> Pressing this key twice will delete the current input.
NOTE
Common keys refer to letter keys, number keys and mark keys.

3.2.4 Interaction Characteristics

This section describes the interaction function of the CLI.
Function
In interactive mode, when you type in an incomplete command, the system prompts you with
the next keyword and its parameter type.
Examples
l To run the load program command in interactive mode, do as follows:
huawei#load program
{ xmodem<K>|tftp<K>|ftp<K> }: tftp
{ ServerIpAddress<X.X.X.X> }: 10.10.10.1
{ frameid<0,1>|frameid/slotid<S><3,15> }: 0/3
When interactive mode is disabled, if you type in an incomplete command and press
Enter, the system will prompt error.
l To run the load program command after interactive mode is disabled, do as follows:
huawei#undo smart
huawei#load program tftp
^
% Incomplete command, and error detected at '^'
To query the command help after entering the switch command keyword by "?", do as
follows:
huawei#switch ?
---------------------------------------------
Command of user
Mode:
---------------------------------------------
language-mode Set language
parameter
3.2.5 Parameter Prompt

This section describes the parameter prompt function of the CLI.
Function
In interactive mode, the CLI characters such as K and I are used to express the parameter types
of a keyword.
Specification
Table 3-3 lists the meaning of the CLI characters supported by the MA5600.
Table 3-3 Meaning of the CLI characters supported by the MA5600
Character Meaning
<K> Keyword
<E> Enumeration. Items following it are the available options.

Character Meaning
 ULONG. Information following it is the range of the value to be

entered.
<L> LONG. Information following it is the range of the value to be

entered.
<S> Character string. Information following it is the range of the character

string to be entered.
 IP address
<M> MASK, such as the mask of an IP address.
 MMAC address
<H> Hexadecimal number. The system shall support the input of "0x".
The default setting is decimal number.
<D><yyyy-mm-dd> Date
<T><hh:mm:ss> Time
NOTE
The CLI supports the input of the hexadecimal number. However, if you do not type in "0x" when entering
a hexadecimal number, the system considers the input number as a decimal one.
3.2.6 Display Characteristics

This section describes the display characteristics of the CLI.
Function
When you query information, sometimes the CLI will fail to display the information on one
screen because it is too much. In this case, you can use the pause function to view information
displayed on multiple screens.
l One screen here refers to the one screen displayed by the HyperTerminal software of a PC,
which contains 24 lines.
l The system supports that the screen scrolls upward automatically, that is, the displayed
information cannot pause. Run the scroll command to enable the auto-scroll function, run
the undo scroll command to disable the auto-scroll function. By default, the auto-scroll
function is disabled.
Specification
Table 3-4 lists the options for viewing information displayed on multiple screens.

Table 3-4 Options for viewing information displayed on multiple screens

Key Function
Press Q or Ctrl+C Suspend the display and execution of the commands.

when the display is frozen.
Press Space when the display is Continue to display the information on the next screen.
frozen
press Enter when the display is Continue to display the information on the next line.
frozen
3.2.7 Saving and Showing History Commands

The CLI provides a function like Doskey to automatically save history commands. By this
function, you can obtain history commands saved in the CLI and execute them repeatedly.
Context
To set the maximum number of history commands saved in the buffer, run the history-command
max-size command.
To restore the default setting, run the history-command max-size command.
By default, up to 10 history commands can be saved for every user in the CLI.
The display history-command command can only show the commands executed by the current
user. After re-login, the history commands are cleared.
Procedure
Step 1 Run the history-command max-size command to set the number of history commands that can
be saved in the command buffer.
Step 2 Run the display history-command command to show history commands.
----End
Example
To set the number of history commands that can be saved in the command buffer to 20, do as
follows:
huawei(config)#history-command max-size 20
huawei#display history-command
--------------------------------------------------
No. Command
--------------------------------------------------
10 interface ?
9 history-command max-size
8 mac-pool ?
7 display current-configuration
6 ?
5 quit
4 quit
3 radius-server ?

2 ?
1 ?
--------------------------------------------------
3.2.8 CLI Error Prompts

This section describes the CLI error prompts.
Function
The system checks the syntax of each command you type in, and executes the command if it
passes the check. If the command fails to pass the check, the system prompts an error.
Specification
Table 3-5 shows the common CLI error prompts.
Table 3-5 Common CLI error prompts

Error Prompt Cause
Unknown command l Such a command cannot be found.

l Such a keyword cannot be found.
l The parameter type is not correct.
l The parameter value exceeds the threshold.
Incomplete command The command input is incomplete.
Too many parameters The parameters input are too many.
Ambiguous command The command input is ambiguous.
Parameter error The parameter is wrong and the cursor indicates the error location.
3.3 Basic Operations Through CLI

This section describes how to perform the basic operations on the MA5600 through the CLI.
3.3.1 Obtaining Online Help Information
This operation enables you to obtain online help information. If no help information is found,
the help list is empty.
3.3.2 Enabling Interactive Command Execution
This operation enables interactive command execution.
3.3.3 Enabling CLI Trap Reporting
This operation enables you to enable CLI trap reporting when displaying alarm or progress
information is needed during the execution of a command.
3.3.4 Switching Terminal Language
This operation enables you to select a preferred language as the terminal display language.
3.3.5 Setting System Time
This operation enables you to set the system time.

3.3.6 Setting System Name

This operation enables an administrator to set system name to differentiate various MA5600s.
3.3.7 Setting Terminal Type
This operation enables you to set terminal type of the CLI system according to the type of the
in-service terminal, so as to ensure correct command line editing.
3.3.8 Setting Timeout Exit Time
This operation enables you to set timeout exit time. During the time, if the user fails to type in
any information on the terminal, the system will let the user exit from the system.
3.3.9 Locking the Terminal
This operation enables you to lock the terminal to prevent others from accessing the terminal by
using the current user name.
3.3.10 Clearing Terminal Screen
This operation enables you to clear the terminal screen.
3.3.11 Showing Version
This operation enables you to show the system or board version.
3.3.12 Showing CPU Usage
This operation enables you to show the CPU usage of a board.
3.3.13 Showing the Memory Usage
This operation enables you to check the memory usage of the control board.
3.3.14 Testing Network State
This operation enables you to check the network connectivity and whether the host is reachable,
and check all gateways passed by data packets sent from a host to the destination, and locate
network faults.
3.3.1 Obtaining Online Help Information

This operation enables you to obtain online help information. If no help information is found,
the help list is empty.
Context
The CLI offers two ways for you to obtain online help:
l Full help
When you input ? following the prompt, you can obtain help information about the
current available commands.
When you input a complete keyword followed by a space and a question mark, such as
display ?, you can obtain help information about all commands matching the keyword.
l Partial help
When you input an incomplete keyword followed by a question mark, such as display
l?, you can obtain help information about the commands matching the incomplete
keyword.
To show the help information about all available commands in global config mode, do as follows:
huawei(config)#?
---------------------------------------------

Command of config Mode:

---------------------------------------------
aaa AAA(Authentication,Authorization,Accounting) view
acl Specify ACL configuration information
adsl <Group> adsl command group
arp <Group> ARP command group
bind Bind IP/MAC
board <Group> board command group
---- More ( Press 'Q' to break ) ----
To show help information about the commands matching an incomplete keyword display, do
as follows:
huawei(config)#display ?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
aaa AAA(Authentication,Authorization,Accounting)
acl ACL status and configuration information
adsl <Group> adsl command group
alarm Display alarm related information
arp <Group> arp command group
authentication-scheme Authentication scheme
To show help information about the commands matching an incomplete d, do as follows:

huawei(config)#d?
---------------------------------------------
Command of config Mode:
---------------------------------------------
debugging Enable system debugging functions
default Configure default MAC pool
defaultvlan Configure default VLAN type
device-template Device template command
dhcp <Group> dhcp command group
dhcp-server Add DHCP server IP addresses
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
debugging <Group> debugging command group
diagnose Change into diagnose mode
disable Turn off privileged mode commands
display Display information
duplicate <Group> duplicate command group
---------------------------------------------
Command of user Mode:
---------------------------------------------
display Display information
Related Operation
Table 3-6 lists the related operation for obtaining online help information.
Table 3-6 Related operation for obtaining online help information

To… Run the Command...
Obtain system help information help

3.3.2 Enabling Interactive Command Execution

This operation enables interactive command execution.

Context
l With interactive command execution enabled, if you type in a complete command and press
Enter, the system gives prompts to prevent wrong operations.
For example, if you type in the reboot system command and then press Enter, the system
prompts the following:
Please check whether data has saved, the unsaved data will lose if reboot system, are you
sure to reboot system? (y/n)[n]:
l With interactive command execution disabled, if you type in a command and press
Enter, the system executes the command directly.
l By default, the interactive command execution is enabled.
Procedure
Step 1 Run the interactive command to disable interactive command execution.
Step 2 Run the display interactive command and you can find that the interactive command execution
is enabled.
----End
Example
To enable the interactive command execution, do as follows:
huawei>interactive
huawei>display interactive
Command confirmed function is enabled
Related Operation
Table 3-7 lists the related operation for enabling or disabling interactive command execution.
Table 3-7 Related operation for enabling or disabling interactive command execution
To… Run the Command…
Disable interactive command execution undo interactive
3.3.3 Enabling CLI Trap Reporting

This operation enables you to enable CLI trap reporting when displaying alarm or progress
information is needed during the execution of a command.

Procedure
Step 1 Run the info-center enable command to enable the CLI trap reporting function.
Step 2 Run the display info-center command and you can find that the CLI trap reporting is enabled.
----End
Example
To enable the CLI trap reporting function, do as follows:
huawei(config)#info-center enable
huawei(config)#display info-center
Information Center:enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 512,
current messages 36, channel number : 4, channel name : logbuffer
dropped messages 0, overwrote messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 0, channel number:3, channel name:trapbuffer
dropped messages 0, overwrote messages 0
Information timestamp setting:
log - date, trap - date, debug - boot
Sent messages = 37, Received messages = 37
IO Reg messages = 0 IO Sent messages = 0
Related Operation
Table 3-8 lists the related operation for enabling or disabling CLI trap reporting.
Table 3-8 Related operation for enabling or disabling CLI trap reporting
Disable CLI trap reporting undo info-center enable
3.3.4 Switching Terminal Language

This operation enables you to select a preferred language as the terminal display language.
Context
The MA5600 supports the general language and the local language, including English and
Chinese. English is the default language.

Procedure
Run the switch language-mode command to switch from one language to another.
----End
Example
To switch from one language to another, do as follows:
huawei(config)#switch language-mode
Related Operation
Table 3-9 lists the related operation for switching the terminal language.
Table 3-9 Related operation for switching the terminal language

To… Run the Command… Remarks
Display the terminal language display language In user mode, this

command is not
available for the
common user.
3.3.5 Setting System Time

This operation enables you to set the system time.
Context
l The system can synchronize the time of the NTP server based on the time zone where the
MA5600 is located. The system can automatically set the local time based on the time zone
where the MA5600 is located.
l The time format is hh:mm:ss yyyy-mm-dd, that is, hour: minute: second year-month-day.
l The setting takes effect at once.
l During the setting, the system checks the validity of the time. Special attention shall be
paid to the settings of leap year and leap month.
Procedure
Step 1 Run the timezone command to set the time zone where the device is located.
Step 2 Run the time command to set the system time.
Step 3 Run the display time command and you can find that the current system time has been set
successfully.
----End
Example
To set the current system time zone and time, do as follows:

huawei#timezone GMT+ 8:00

huawei#time 09:00:00 2007-06-20
huawei#display time
{ <cr>|dst<K>|time-stamp<K> }:
Command:
display time
2007-06-20 09:00:00+08:00
3.3.6 Setting System Name

This operation enables an administrator to set system name to differentiate various MA5600s.
Context
l By default, the device name is MA5600.
l The new system name takes effect immediately after it is set.
l After the system is changed, the command line prompt will change to the new name
accordingly.
Procedure
Run the sysname command to set the system name.
----End
Example
To name the first MA5600 at the New York office in U.S.A, do as follows:
huawei(config)#sysname NY_MA5600_A
3.3.7 Setting Terminal Type

This operation enables you to set terminal type of the CLI system according to the type of the
in-service terminal, so as to ensure correct command line editing.
Context
l Different terminals feature different edit characteristics. To make most terminals become
mutually compatible, the system divides terminals into two types, namely:
-Standard terminals (ANSI)

-VT series terminals
l The default terminal type is ANSI.
l Some terminal tools, such as HyperTerminal, telnet and neterm, allow you to set the
terminal types. You can use the associated menu to set the terminal emulation type so that
the type of the terminal tool is consistent with that of the terminal in the system.
Procedure
Step 1 Run the terminal type command to set the terminal type.

Step 2 Run the display terminal type command and you can find that the terminal type has been set
correctly.
----End
Example
To set the terminal type as VT 100, do as follows:
huawei#terminal type vt100
huawei>display terminal type
The terminal type: VT100
3.3.8 Setting Timeout Exit Time

This operation enables you to set timeout exit time. During the time, if the user fails to type in
any information on the terminal, the system will let the user exit from the system.
Context
By default, the system will let the user exit from the system as long as the user fails to type in
any information on the terminal for 5 minutes.
Procedure
Step 1 Run the idle-timeout command to set the timeout exit time.
Step 2 Run the display idle-timeout command and you can find the timeout exit time has been set
correctly.
----End
Example
To set the timeout exit time to 23 minutes, do as follows:
huawei>idle-timeout 23
huawei>display idle-timeout
The timeout value is set to 23 minutes currently. If there is no input from
terminal during this time, the user will be disconnected
Related Operation
Table 3-10 lists the related operation for setting the timeout exit time.
Table 3-10 Related operation for setting the timeout exit time
To set the timeout exit time to the undo idle-timeout

default 120 minutes

3.3.9 Locking the Terminal

This operation enables you to lock the terminal to prevent others from accessing the terminal by
using the current user name.
Context
Once a terminal is locked, if you press any button on the terminal, the system will prompts you
to enter the password. After entering the correct password, you can operate the terminal.
Procedure
Run the terminal hold command to lock the terminal.
----End
Example
To lock the current CLI terminal and then unblock it, do as follows:
huawei(config)#terminal hold
Hold Password(<=15 chars):
Confirm Password(<=15 chars):
The user terminal has been held
Hold Password(<=15 chars)://Press any key and the system will prompt you to
enter
the unblocking password.
huawei(config)# //Input the correct password.
Related Operation
Table 3-11 lists the related operation for locking the terminal.
Table 3-11 Related operation for locking the terminal

Unlock the terminal undo terminal hold
3.3.10 Clearing Terminal Screen

This operation enables you to clear the terminal screen.
Context
The command will clear the screen output, and display the command prompt on the upper left
of the screen. This command only clears what is displayed on the screen rather than those in the
buffer.
Procedure
Run the cls command to clear the terminal screen.
----End

Example
To clear the screen, do as follows:
huawei>cls
3.3.11 Showing Version

This operation enables you to show the system or board version.
Context
The command cannot show the version of a faulty board.
Procedure
Run the display version command to display the system or board version.
----End
To display the version information on the system, do as follows:

huawei>display version
{ spm<K>|<cr>|frameid/slotid<S><1,15>:
Command:
display version
MA5600V300R003 RELEASE SOFTWARE

Uptime is 7 day(s), 0 hour(s), 13 minute(s), 4 second(s)
huawei(config)#display version 0/7
Main Board: H561SCU
---------------------------------------
PCB Version: H561SCU VER G
Base BIOS Version: 101
Extended BIOS Version: 101
Software Version: MA5600V300R003
Logic Version: (U13)103(U57)103(U66)104
MAB Version: 0002
SubBoard[0]:
PCB Version: H531O2GS VER A
MAB Version: 0001
SubBoard[1]:
PCB Version: H561E4GFA VER 0
MAB Version: 0001
SubBoard:
PCB Version: H511L24GA VER B
CPLD Version: (U3)103
MAB Version: B0
3.3.12 Showing CPU Usage

This operation enables you to show the CPU usage of a board.
Procedure
Run the display cpu command to display the CPU usage of a board.
----End

Example
To show the CPU usage of the control board, do as follows:
huawei>display cpu 0/7
CPU occupancy: 12%
3.3.13 Showing the Memory Usage

This operation enables you to check the memory usage of the control board.
Context
You can query the memory usage of the control board only.
Procedure
Run the display mem command to show the memory usage of the control board.
----End
Example
To query the memory usage of the control board, do as follows:
huawei>display mem 0/7
Memory occupancy: 47%
3.3.14 Testing Network State

This operation enables you to check the network connectivity and whether the host is reachable,
and check all gateways passed by data packets sent from a host to the destination, and locate
network faults.
Context
The commands used to test network state include ping and tracert.
l ping
To check the network connectivity and the host reachability, run the ping command.
l tracert
To send test packets from the transmit host to the destination host, run the tracert
command. With this command, you can check the connectivity of a network and locate
faults in the network.
The following gives the execution process of the tracert command:
– The host sends a packet with the Time to Live (TTL) of 1 to the destination.
– During the first hop, the system returns an Internet Control Message Protocol (ICMP)
packet to indicate the failure in sending the packet due to TTL timeout.
– The host sends a packet with the TTL of 2. The system also returns TTL timeout in the
second hop.
The process continues in this way until the packet reaches the destination.

By doing so, the system can record the source address of each ICMP TTL timeout
message, and provide a path along which an IP packet goes all the way to the destination.
Procedure
l Run the ping command to test the network state.
l Run the tracert command to test the network state.
----End
To test the network connectivity using the ping command, do as follows:

huawei(config)#ping 10.11.52.240
PING 10.11.52.240: 56 data bytes, press CTRL_C to break
Reply from 10.11.52.240: bytes=56 Sequence=0 ttl=64 time = 10 ms
--- 10.11.52.240 Ping statistics ---
5 packets transmitted
5 packets received
0.00% packet loss
round-trip min/avg/max = 10/10/13 ms
To test the network connectivity using the tracert command, do as follows:

huawei#tracert 10.11.106.133
traceroute to 10.11.106.133 max hops 30 ,packet 40 bytes
press CTRL_C to break
1 253 ms 476 ms 508 ms 10.11.120.62
2 * * * Request timed out.
3 * * * Request timed out.
4 4 ms 4 ms 5 ms 10.11.106.133

Configuration Guide 4 Configuring the Network Management
4 Configuring the Network Management
About This Chapter
This chapter describes how to manage the MA5600 through the N2000 BMS and the related
configuration.
4.1 Overview
This section describes the network management protocols, the NMS that the MA5600 supports,
and the purpose of this chapter.
4.2 Basic Concepts
This section describes the concepts involved in the network configuration.
4.3 Configuration Example of an Outband NMS
This operation enables you to connect the MA5600 to the N2000 through the maintenance
network port. Then, you can maintain the MA5600 through an outband management channel.
4.4 Configuration Example of an Inband NMS
This operation enables you to connect the MA5600 to the N2000 through the GE port. Then,
you can maintain the MA5600 through an inband management channel.
4.5 SNMP Agent Configuration
This operation enables you to configure an SNMP agent when you want to maintain the
MA5600 through the manager.
4.6 Configuring the IP Address of the Outband NMS Interface
This operation enables you to configure the IP address of the outband NMS interface
(maintenance network port).
4.7 Configuring an NMS Route
This operation enables you to create a static route between the MA5600 and the manager.
4.8 Configuring the IP Address of the Inband NMS Interface
This operation enables you to configure the IP address of the inband NMS interface.

4 Configuring the Network Management Configuration Guide
4.1 Overview
This section describes the network management protocols, the NMS that the MA5600 supports,
and the purpose of this chapter.
Service Description
Based on Simple Network Management Protocol (SNMP), the MA5600 communicates with the
NMS through its network management interface. Here, the iManager N2000 Fixed Network
Integrated Management System (N2000) is used as the NMS.
The N2000 can manage and maintain the MA5600 through the network port of the MA5600.
The MA5600 uses traps to send the status information to the N2000 to report some urgent and
important events.
This chapter describes the network configuration performed on the MA5600 to realize normal
communication between the MA5600 and the N2000, including outband NMS configuration
and inband NMS configuration.
NOTE
To realize normal communication between the MA5600 and the N2000, you must also perform
configurations on the N2000. For details, refer to the SmartAX MA5600 Multi-service Access Module
Commissioning Guide.
4.2 Basic Concepts

This section describes the concepts involved in the network configuration.
SNMP
SNMP is a prevailing network management protocol. It includes two parts:
l Network management station (manager)

l Agent
SNMP ensures normal transmission of administrative message between any two points. It eases
up the administrator's following operations on any node of the network:
l Retrieving information
l Modifying information
l Locating a fault
l Diagnosing a fault
l Planning the capacity
l Generating a report
Manager

A manager runs the client software. It can send GetRequest, GetNextRequest and SetRequest
messages to the agent.
Agent
An agent is the server software running on a network device.
When receiving request messages from the manager, the agent:
l Reads or writes the management variables based on the message type.
l Generates and sends the response messages to the manager.
On the other hand, in case of device cold start, warm start, failure and fault recovery, the agent
sends traps to report such events to the manager.
Trap
Traps refer to the unsolicited messages sent from a managed device to the manager to report
some urgent and important events.
4.3 Configuration Example of an Outband NMS

This operation enables you to connect the MA5600 to the N2000 through the maintenance
network port. Then, you can maintain the MA5600 through an outband management channel.
Networking
Figure 4-1 shows a sample network for configuring the outband NMS.
Figure 4-1 Sample network for configuring the outband NMS
IP
NMS
Router
CON
ETH
MON
SCU MA5600
Data Plan
Table 4-1 lists the data plan for configuring the outband NMS.

Table 4-1 Data plan for configuring the outband NMS
Item Data
Maintenance network port (ETH) of the IP address: 10.10.20.1/24

MA5600
NMS (Primary) IP address: 10.10.21.1/24

(Secondary) IP address: 10.10.21.2/24
Figure 4-2 shows the flowchart for configuring the outband NMS.
Figure 4-2 Flowchart for configuring the outband NMS
Start
Set the IP address of the ETH port
Add a route for the outband NMS
Set the SNMP parameters
Enable traps sending
Set the IP address of the target host

for traps
Set the source address for traps

sending
Save the data
End
NOTE
l This section describes how to configure the MA5600 only. To set up the network connection, you also
need to configure the router.
l If the telnet environment has been set up according to "2.4 Configuring the Terminal Through the
Outband Management Channel ", skip steps 1 and 2.

Procedure
Step 1 Set the IP address of the maintenance network port.
Step 2 Add a route for the outband NMS.

huawei(config-if-meth0)#quit
Step 3 Set the SNMP parameters.

l Creating the community name
huawei(config)#snmp-agent community read public
huawei(config)#snmp-agent community write private
l Setting the system contact

huawei(config)#snmp-agent sys-info contact HW-075528780808
l Setting the system location

huawei(config)#snmp-agent sys-info location Shenzhen China
l Setting the SNMP version

NOTE
The setting of the MA5600 shall accord with that in the N2000. Assume that the N2000 adopts SNMP
V1.
huawei(config)#snmp-agent sys-info version v1
Step 4 Enable trap sending.

huawei(config)#snmp-agent trap enable standard
Step 5 Set the IP address of the target host for traps.

huawei(config)#snmp-agent target-host trap address 10.10.21.1 securityname private
Step 6 Set the IP address of the maintenance network port as the source address for traps sending.
huawei(config)#snmp-agent trap source meth 0

huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600 through the N2000.
4.4 Configuration Example of an Inband NMS

This operation enables you to connect the MA5600 to the N2000 through the GE port. Then,
you can maintain the MA5600 through an inband management channel.
Networking
Figure 4-3 shows a sample network for configuring the inband NMS.

Figure 4-3 Sample network for configuring the inband NMS
IP
N2000
Router
CON
ETH
MON
GE 0/7/0
SCU MA5600
Data Plan
Table 4-2 lists the data plan for configuring the inband NMS.
Table 4-2 Data plan for configuring the inband NMS

Item Data
Inband NMS port of the MA5600 IP address: 10.10.20.2

Subnet mask: 255.255.255.0
NMS (Primary) IP address: 10.10.21.1/24

(Secondary) IP address: 10.10.21.2/24
Router port connecting to the MA5600 IP address: 10.10.20.254

Subnet mask: 255.255.255.0
SNMP Agent Version: V3

User name: user1
Group name: group1
View name: hardy
Figure 4-4 shows the flowchart for configuring the inband NMS.

Figure 4-4 Flowchart for configuring the inband NMS
Start
Set the IP address of the inband NMS

port
Add a route for the inband NMS
Set the SNMP parameters
Enable traps sending
Set the IP address of the target host

for traps
Set the source address for traps

sending
Save the data
End
NOTE
l This section describes how to configure the MA5600 only. To set up the network connection, you also
need to configure the router.
l If the telnet environment has been set up according to "2.4 Configuring the Terminal Through the
Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the inband NMS port (GE port).
l Create an NMS VLAN
l Add the upstream port to the VLAN

l Enter the VLAN interface mode

l Set the IP address of the VLAN interface

Step 2 Add a route for the inband NMS.

Step 3 Set the SNMP parameters.

l Set the SNMP version.

NOTE
The setting of the MA5600 shall accord with that in the N2000. Assume that the N2000 adopts SNMP
V3.
huawei(config)#snmp-agent sys-info version v3
l Set the SNMP user.

huawei(config)#snmp-agent usm-user v3 user1 group1 authentication-mode md5
authkey privacy-mode des56 prikey
l Set the SNMP group.

huawei(config)#snmp-agent group v3 group1 privacy read-view hardy write-view
hardy
l Set the SNMP view.

huawei(config)#snmp-agent mib-view hardy include ip
l Set the ID and contact information about the administrator.

l Set the device location information.

Step 4 Enable traps sending.

Step 5 Set the IP address of the target host for traps.

Step 6 Set the IP address of the inband NMS as the source address for traps sending.
huawei(config)#snmp-agent trap source vlanif 1000

huawei(config)#save
----End
Result
After the configuration you can manage the MA5600 successfully through the N2000.
4.5 SNMP Agent Configuration

This operation enables you to configure an SNMP agent when you want to maintain the
MA5600 through the manager.
4.5.1 Setting the SNMP Version
This operation enables you to set the version of the SNMP running in the system.
4.5.2 Adding a Community Name and Setting Its Read/Write Authorities
This operation enables you to add a community name and set its read/write authorities.
4.5.3 Enabling Trap Sending
This operation enables the MA5600 to send traps to the N2000.
4.5.4 Setting the IP address of a Destination Host of Traps
This operation enables you to set the IP address of a destination host of traps.
4.5.5 Setting the Source Interface for Sending Traps
This operation enables you to set the source interface for sending traps.

4.5.6 Setting the System Contact Information

This operation enables you to system contact information.
4.5.7 Setting the System Location Information
This operation enables you to set the system location information.
4.5.8 Configuring an SNMP V3 User
This operation enables you to add or modify an SNMP V3 user.
4.5.9 Configuring an SNMP V3 Group
This operation enables you to configure an SNMP V3 group. After a group is configured, you
can control the access authorities of all the users in the group.
4.5.10 Configuring an SNMP MIB View
This operation enables you to configure an SNMP MIB view.
4.5.11 Configuring the Local SNMP Engine ID
This operation enables you to configure an engine ID that uniquely identifies an SNMP entity.
4.5.12 Enabling the Handshake Function between the MA5600 and the N2000
This operation enables you to enable the handshake function between the MA5600 and the
N2000.
4.5.13 Setting the Handshake Interval
This operation enables you to set the handshake interval.
4.5.1 Setting the SNMP Version

This operation enables you to set the version of the SNMP running in the system.
Procedure
Step 1 Run the snmp-agent sys-info version command to set the SNMP version.
Step 2 Run the display snmp-agent sys-info version command to query the configured SNMP version.
----End
Example
To set the SNMP version as V1 and V2C, do as follows:
huawei(config)#snmp-agent sys-info version v1 v2c
huawei(config)#display snmp-agent sys-info version
{ <cr>|contact<K>|location<K> }:
Command:
display snmp-agent sys-info version
SNMP version running in the system:
SNMPv1 SNMPv2c
Related Operation
Table 4-3 lists the related operation for setting the SNMP version.

Table 4-3 Related operation for setting the SNMP version
Delete the set SNMP version information undo snmp-agent sys-info version
4.5.2 Adding a Community Name and Setting Its Read/Write

Authorities
This operation enables you to add a community name and set its read/write authorities.
Context
l The default read-only community name in the Huawei iManager N2000 BMS is public,
and the read-write community name in the N2000 is private.
l The MA5600 supports up to 10 community names.
l The read and write community names set in the MA5600 shall accord with those in the
manager.
Procedure
Step 1 Run the snmp-agent community command to add a community name and set its read/write
authorities.
Step 2 Run the display snmp-agent community command to query a community name.
----End
Example
To add a read-only community named public, do as follows:
huawei(config)#display snmp-agent community read
Community name: public
Storage type: nonVolatile
View name: ViewDefault
Total number is 1
Related Operation
Table 4-4 lists the related operation for adding a community and setting its read/write authorities.
Table 4-4 Related operation for adding a community and setting its read/write authorities
Delete a community name undo snmp-agent community

4.5.3 Enabling Trap Sending

This operation enables the MA5600 to send traps to the N2000.
Context
By default, the MA5600 is prohibited from sending traps to the N2000.
Procedure
Step 1 Run the snmp-agent trap enable standard command to enable traps sending.
Step 2 Run the display snmp-agent trap enable command to check whether traps sending is enabled.
----End
Example
To enable the MA5600 to send traps to the N2000, do as follows:
huawei(config)#display snmp-agent trap enable
Trap is enabled
Related Operation
Table 4-5 lists the related operation for enabling traps sending.
Table 4-5 Related operation for enabling traps sending
Disable traps sending undo snmp-agent trap enable standard
4.5.4 Setting the IP address of a Destination Host of Traps

This operation enables you to set the IP address of a destination host of traps.
Context
The N2000 can receive traps only when the IP address of a destination host of traps is set
correctly.
Procedure
Step 1 Run the snmp-agent target-host trap command to set the IP address of a destination host of
traps.
Step 2 Run the display snmp-agent target-host command to query the destination host of traps.
----End

Example
To set the IP address of the destination host of traps as 10.71.53.108, and run the community
name “private”, do as follows:
huawei(config)#snmp-agent target-host trap address 10.71.53.108 securityname
private v3
huawei(config)#display snmp-agent target-host
Traphost list:
Traphost address: 10.71.53.108
Traphost portnumber: 162
Traphost securityname: private
Traphost trapversion: v3
Total number is 1
Related Operation
Table 4-6 lists the related operation for setting the IP address of a destination host of traps.
Table 4-6 Related operation for setting the IP address of a destination host of traps
Delete the IP address of the destination undo snmp-agent target-host

host of traps
4.5.5 Setting the Source Interface for Sending Traps

This operation enables you to set the source interface for sending traps.
Context
The IP address of the interface for traps sending is the source IP address of the traps.
Procedure
Step 1 Run the snmp-agent trap source command to set the source interface for sending traps.
Step 2 Run the display snmp-agent trap-source command to query the source interface for sending
traps.
----End
Example
To set the source interface for traps sending as the layer 3 interface of VLAN 1000, do as follows:
huawei(config)#display snmp-agent trap-source
Trap source interface name: vlanif1000
Related Operation
Table 4-7 lists the related operation for setting the source interface for traps sending.

Table 4-7 Related operation for setting the source interface for traps sending
Delete the source interface for sending undo snmp-agent trap source
traps
4.5.6 Setting the System Contact Information

This operation enables you to system contact information.
Context
By default, system contact information is R&D Shenzhen, Huawei Technologies Co., Ltd.
Procedure
Step 1 Run the snmp-agent sys-info contact command to set the system contact information.
Step 2 Run the display snmp-agent sys-info contact command to query the system contact
information.
----End
Example
To set the system contact information as HW-075528780808, do as follows:
huawei(config)#display snmp-agent sys-info contact
{ <cr>|location<K>|version<K> }:
Command:
display snmp-agent sys-info contact
The contact person for this managed node:
HW-075528780808
Related Operation
Table 4-8 lists the related operation for setting the system contact information.
Table 4-8 Related operation for setting the system contact information
Restore the default system contact undo snmp-agent sys-info contact

information
4.5.7 Setting the System Location Information

This operation enables you to set the system location information.

Context
By default, the system location information is Shenzhen China.
Procedure
Step 1 Run the snmp-agent sys-info location command to set the system location information.
Step 2 Run the display snmp-agent sys-info location command to display the system location
information.
----End
Example
To set the system location information as Shanghai China, do as follows:
huawei(config)#snmp-agent sys-info location Shanghai China
huawei(config)#display snmp-agent sys-info location
{ <cr>|contact<K>|version<K> }:
Command:
display snmp-agent sys-info location
The physical location of this node:
Shanghai China
Related Operation
Table 4-9 lists the related operation for setting the system location information.
Table 4-9 Related operation for setting the system location information
Restore the default system location undo snmp-agent sys-info location

information
4.5.8 Configuring an SNMP V3 User

This operation enables you to add or modify an SNMP V3 user.
Context
l The MA5600 supports up to 20 SNMP users.
l If the entered user name is an existing one, the system will update the configuration of the
user.
l If you do not enter the user authentication and encryption modes, the user can access the
equipment without authentication or encryption.
Procedure
Step 1 Run the snmp-agent usm-user command to configure an SNMP V3 user.

Step 2 Run the display snmp-agent usm-user command to query the SNMP V3 user.
----End
Example
To add an SNMP V3 user named user, belonging to a group named group, with the authentication
mode of md5, the authentication password of 1, the encryption mode of des56, and the encryption
password of 2, do as follows:
huawei(config)#snmp-agent usm-user v3 user group authentication-mode md5 1 privacy-
mode des56 2
huawei(config)#display snmp-agent usm-user user
User name: user
Engine ID: 800007DB0300E0FC995050
Group name: group
Authentication mode: md5, Privacy mode: des56
User status: active
Related Operation
Table 4-10 lists the related operation for configuring an SNMP V3 user.
Table 4-10 Related operation for configuring an SNMP V3 user
Delete an SNMP V3 user undo snmp-agent usm-user v3
4.5.9 Configuring an SNMP V3 Group

This operation enables you to configure an SNMP V3 group. After a group is configured, you
can control the access authorities of all the users in the group.
Context
l The MA5600 supports up to 20 SNMP V3 groups.
l By default, the system has a read view named viewDefault with the range of internet sub-
tree; the write view and notify view are blank.
l If the entered group name is an existing one, the system will update the configuration of
the group.
l A specified view can be a non-existing view. In this case, the users in the group fail to
access anywhere.
l A user can access views in three modes:
– With authentication and encryption
– With authentication but no encryption
– With no authentication or encryption
l If the access mode level is lower than the security level of the configured group, the user
will fail to access. If the corresponding groups have multiple security levels, the user can

select the group with the highest security level, and then access the view corresponding to
the group.
Procedure
Step 1 Run the snmp-agent group v3 command to configure an SNMP V3 group.
Step 2 Run the display snmp-agent group command to query the SNMP V3 group.
----End
Example
To configure a group named group, with authentication but no encryption, with the read view
of internet, and with blank write and notify views, do as follows:
huawei(config)#snmp-agent group v3 group authentication read-view internet
huawei(config)#display snmp-agent group group
Group name: group
Security model: v3 AuthnoPriv
Readview: internet
Writeview: <no specified>
Notifyview: <no specified>
Storage type: nonvolatile
Related Operation
Table 4-11 lists the related operation for configuring an SNMP V3 group.
Table 4-11 Related operation for configuring an SNMP V3 group
Delete an SNMP V3 group undo snmp-agent group v3
4.5.10 Configuring an SNMP MIB View

This operation enables you to configure an SNMP MIB view.
Context
l The number of sub-trees of all the views cannot exceed 20.
l By default, the system has a read view named ViewDefault, with the range of internet sub-
tree view.
l The view named ViewDefault cannot be deleted or updated.
Procedure
Step 1 Run the snmp-agent mib-view command to configure an SNMP MIB view.
Step 2 Run the display snmp-agent mib-view command to query the SNMP MIB view.
----End

Example
To configure a view named view1, including ip sub-tree, do as follows:
huawei(config)#snmp-agent mib-view view1 include ip
huawei(config)#display snmp-agent mib-view view1
View name: view1
MIB subtree: ip
Subtree mask:
View type: include
View status: active
Related Operation
Table 4-12 lists the related operation for configuring an SNMP MIB view.
Table 4-12 Related operation for configuring an SNMP MIB view
Delete an SNMP MIB view undo snmp-agent mib-view
4.5.11 Configuring the Local SNMP Engine ID

This operation enables you to configure an engine ID that uniquely identifies an SNMP entity.
Context
With no manually configured ID, the MA5600 will automatically initialize one at startup.
Procedure
Step 1 Run the snmp-agent local-engineid command to configure the local SNMP engine ID.
Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID.
----End
Example
To configure the engine ID of the local SNMP entity as 010101011000, do as follows:
huawei(config)#snmp-agent local-engineid 0101010110000
Command:
snmp-agent local-engineid 01010101110000
Info: Modify the local-engineid will disable the configured SNMPv3 user, all
of user local-engineid changes to the modified one after system reset, proceed?[
Y/N]:y
huawei(config)#display snmp-agent local-engineid
SNMP local EngineID: 010101011000
Related Operation
Table 4-13 lists the related operations for configuring the local SNMP engine ID.

Table 4-13 Related operations for configuring the local SNMP engine ID
Restore the default local SNMP engine undo snmp-agent local-engineid

ID
Display the remote SNMP engine ID display snmp-agent remote-engineid

information
4.5.12 Enabling the Handshake Function between the MA5600 and

the N2000
This operation enables you to enable the handshake function between the MA5600 and the
N2000.
Context
By default, the handshake function between the MA5600 and the N2000 is disabled.
Procedure
Step 1 Run the system handshake enable command to enable the handshake function between the
MA5600 and the N2000.
Step 2 Run the display system handshake command to query the handshake function between the
----End
Example
To enable the handshake function between the MA5600 and the N2000, do as follows:
huawei(config)#system handshake enable
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 300s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------
Related Operation
Table 4-14 lists the related operations for enabling the handshake function between the

Table 4-14 Related operations for enabling the handshake function between the MA5600 and
the N2000
Disable the handshake function between system handshake disable

the MA5600 and the N2000
Set the handshake interval system handshake interval
4.5.13 Setting the Handshake Interval

This operation enables you to set the handshake interval.
Context
l By default, the handshake interval between the MA5600 and the N2000 is zero second.
l The handshake interval between the MA5600 and the N2000 determines the handshake
frequency.
– When the interval is short, and the number of network elements under the N2000 is
large, the N2000 will be over-tasked to handle increasing handshake packets.
– When the interval is long, and the MA5600 and the N2000 are disconnected, the N2000
will fail to find the fault in time.
l You can set an appropriate handshake interval according to actual conditions.
Procedure
Step 1 Run the system handshake interval command to set the handshake interval.
Step 2 Run the display system handshake command to query he handshake interval.
----End
Example
To set the handshake interval to 10 seconds, do as follows:
huawei(config)#system handshake interval 10
huawei(config)#display system handshake
system handshake : enable
system handshake interval : 10s
----------------------------------------------
IP of NMS Status between NMS and device
----------------------------------------------
10.71.53.108 in register
----------------------------------------------
Related Operation
Table 4-15 lists the related operation for setting the handshake interval.

Table 4-15 Related operation for setting the handshake interval
Configure the handshake function system handshake

between the MA5600 and the N2000
4.6 Configuring the IP Address of the Outband NMS

Interface
This operation enables you to configure the IP address of the outband NMS interface
(maintenance network port).
Context
l By default, the IP address of the maintenance network port (ETH port on the control board)
is 10.11.104.1, and the subnet mask is 255.255.0.0.
l Make sure that the IP address of the ETH port is located in the same subnet as that of the
gateway or the PC used for maintaining the MA5600.
l After setting the IP address, keep the record for future reference.
Procedure
Step 1 Run the interface meth command to enter meth mode.
Step 2 Run the ip address command to set the IP address of the ETH port on the control board.
Step 3 Run the display interface meth command to query the IP address of the ETH port on the control
board.
----End
Example
To the IP address of the ETH port as 10.10.10.1 and the subnet mask as 255.255.255.0, do as
follows:
huawei(config)#display interface meth 0
meth0 current state : UP
Line protocol current state : UP
Description : HUAWEI, MA5600 Series, meth0 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcaa-8516
Auto-duplex(Full), Auto-speed(100M)
5 minutes input rate 1549 bytes/sec, 14 packets/sec
5 minutes output rate 168 bytes/sec, 1 packets/sec
10508484 packets input, 1472712535 bytes
2213003 packets output, 712283310 bytes

Related Operation
Table 4-16 lists the related operation for configuring the IP address of the outband NMS
interface.
Table 4-16 Related operation for configuring the IP address of the outband NMS interface
Delete the IP address of undo ip address In meth mode.

the outband NMS
interface
4.7 Configuring an NMS Route

This operation enables you to create a static route between the MA5600 and the manager.
Context
l The system supports up to 4096 static routes.
l When the MA5600 and the N2000 are located in different subnets, a route shall be
configured for the gateway to forward IP packets.
Procedure
Step 1 Run the ip route-static command to configure a static route.
Step 2 Run the display ip routing-table command to query the current routing configuration.
----End
Example
To create a route to subnet 10.71.8.0 (where the manager is located), and the gateway as
10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1
huawei(config)#display ip routing-table verbose
Routing Table : Public
Destinations : 3 Routes : 3
Destination: 10.0.0.0/8
Protocol: Static Process ID: 0
Preference: 60 Cost: 0
NextHop: 10.71.62.1 Interface: meth0
RelayNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Label: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
BkNextHop: 0.0.0.0 BkInterface:
BkLabel: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
State: Active Adv GotQ Age: 7d06h27m42s
Tag: 0
Destination: 10.71.62.0/24
Protocol: Direct Process ID: 0
Preference: 0 Cost: 0

NextHop: 10.71.62.36 Interface: meth0

RelayNextHop: 0.0.0.0 Neighbour: 0.0.0.0
Label: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
BkNextHop: 0.0.0.0 BkInterface:
BkLabel: NULL Tunnel ID: 0x0
SecTunnel ID: 0x0
State: Active Adv Age: 7d06h27m42s
Tag: 0
Related Operation
Table 4-17 lists the related operation for configuring an NMS route.
Table 4-17 Related operation for configuring an NMS route.

Delete an existing route undo ip route-static
4.8 Configuring the IP Address of the Inband NMS Interface

This operation enables you to configure the IP address of the inband NMS interface.
Context
l The MA5600 realizes inband NMS through the Ethernet port on the control board.
l To prevent login and access to the MA5600 from the user end, it is recommended that the
standard VLAN be used as the NMS VLAN.
Procedure
Step 1 Run the vlan command to create an NMS VLAN.
Step 2 Run the interface vlanif command to enter VLAN interface mode.
Step 3 Run the ip address command to set the IP address of the VLAN interface.
Step 4 Run the display interface vlanif command to query the IP address of the VLAN interface.
----End
Example
To set the IP address of the inband NMS interface as 10.10.10.2 and the subnet mask as
255.255.255.0, do as follows:
huawei(config)#display interface vlanif 1000
vlanif400 current state : UP
Line protocol current state : UP
Description : HUAWEI, MA5600 Series, Vlanif400 Interface
The Maximum Transmit Unit is 1500 bytes
Internet Address is 10.10.10.2/24

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-1240-4243
Related Operation
Table 4-18 lists the related operation for configuring the IP address of the inband NMS interface.
Table 4-18 Related operation for configuring the IP address of the inband NMS interface
Delete the IP address of undo ip address In VLAN interface mode.

the existing inband NMS
interface

Configuration Guide 5 Configuring the Log Host
5 Configuring the Log Host
About This Chapter
This chapter describes the functions of the log host of theMA5600 and how to configure the log
host.
5.1 Overview
This section describes the functions of the log and the application of the log to the MA5600.
5.2 Configuration Example of a Log Host
This example shows how to configure a log host. After the configuration, the logs reported by
the MA5600 can be displayed on the log lost.
5.3 Configuring a Log Host
This operation enables you to configure a log host, that is, add and activate the log host.
5.4 Deleting a Log Host
This operation enables you to delete a log host.
5.5 Deactivating a Log Host
This operation enables you to deactivate a log host.
5.6 Querying Logs
This operation enables you to query logs.

5 Configuring the Log Host Configuration Guide
5.1 Overview
This section describes the functions of the log and the application of the log to the MA5600.
Function
Logs can serve as important references for system maintenance and troubleshooting.
In the MA5600, you can query the executed commands and other important information recorded
in logs.
5.2 Configuration Example of a Log Host

This example shows how to configure a log host. After the configuration, the logs reported by
the MA5600 can be displayed on the log lost.
l The related inband NMS configuration has been complete. You can telnet to the
MA5600 to maintain it through PC 1 and PC 2.
l PC 3 is installed with FTP or TFTP software, and can receive and save the logs reported
by the MA5600.
Networking
Figure 5-1 shows a sample network for configuring a log host.
In the networking, PCs 1, 2 and 3 connect to the GE port of the MA5600 over a LAN. PC 3
works as the log host of the MA5600.
Figure 5-1 Sample network for configuring a log host
CON
ETH
MON
GE 0/7/0
SCU MA5600
LAN
PC1 PC2 PC3
Data Plan
Table 5-1 lists the data plan for configuring a log host.

Table 5-1 Data plan for configuring a log host
Item Data
Inband management interface (GE IP address: 10.10.10.2/24

port) of the MA5600
PC 3 IP address: 10.10.10.1/24
Procedure
Step 1 Add a log host.
huawei(config)#loghost add 10.10.10.1 huawei
Step 2 Activate the log host.

huawei(config)#loghost activate name huawei
Step 3 Check the connectivity between the MA5600 and the log host to verify that the MA5600 can
communicate with the log host smoothly.
Step 4 Configure the TFTP software of the log host.
1. Enable the syslog server function.
2. Set the directory for saving the reported logs.
----End
Result
After the configuration:
l You can query the logs in the directory for saving the logs.
l The logs record the operation commands executed on PCs 1 and 2 to the system. They are
the same as those queried on the MA5600.
5.3 Configuring a Log Host

This operation enables you to configure a log host, that is, add and activate the log host.
Context
l The MA5600 can log important operations in the UNIX host (also referred to as the log
server) of the internal network through the syslog mechanism.
l After configuring a log host, you need to enable the log host service of the log server, and
configure the directory for saving logs and the log file name to enable real-time reporting
of logs.
Procedure
Step 1 Run the loghost add command to add a log host.
Step 2 Run the loghost activate command to activate the log host.

Step 3 Run the display loghost list command to display the log host.
----End
Example
To add log host named huawei with IP address of 10.10.10.1, do as follows:
huawei(config)#loghost add 10.10.10.1 huawei
huawei(config)#loghost activate name huawei
huawei(config)#display loghost list name huawei
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Normal
Related Operation
Table 5-2 lists the related operations for configuring a log host.
Table 5-2 Related operations for configuring a log host
Deactivate a log host loghost deactivate
Delete a log host loghost delete
Set the source interface sending log syslog source
5.4 Deleting a Log Host

This operation enables you to delete a log host.
Procedure
Step 1 Run the loghost delete command to delete a log host
----End
Example
To delete the log host with IP address 10.10.10.1, do as follows:
huawei(config)#loghost delete ip 10.10.10.1
huawei(config)#display loghost list ip 10.10.10.1
Failure: The log server not exist
Related Operation
Table 5-3 lists the related operations for configuring a log host.

Table 5-3 Related operations for configuring a log host
Add a log host loghost add
Activate a log host loghost activate
Deactivate a log host loghost deactivate
5.5 Deactivating a Log Host

This operation enables you to deactivate a log host.
Context
The system sends log information only to the activated log hosts.
Procedure
Step 1 Run the loghost deactivate command to deactivate a log host.
----End
Example
To deactivate the log host with IP address 10.10.10.1, do as follows:
huawei#loghost deactivate ip 10.10.10.1
huawei#display loghost list ip 10.10.10.1
Log server configuration:
IP address : 10.10.10.1
Host name : huawei
Terminal state : Deactivate
Related Operation
Table 5-4 lists the related operations for deactivating a log host.
Table 5-4 Related operations for deactivating a log host
Activate a log host loghost activate
Add a log host loghost add
Delete a log host loghost delete

5.6 Querying Logs

This operation enables you to query logs.
Context
l The MA5600 can keep logs of the latest 512 operations. System administrators can query
the latest executed operation commands through logs. The executed query commands
cannot be recorded in the logs.
l Up to 512 logs can be stored in the system. When there are more than 512 records, the old
records will be overwritten.
l Query and record the system logs at once in the case of system failure, to avoid loss of logs
that are helpful for fault locating.
l To record the operation correctly, make sure that the system time is correct before service
configuration.
Procedure
Run the display log command to query logs.
----End
Example
To query the logs of operations performed by user "root" on July 9, 2007, do as follows:
huawei(config)#display log name root 2007-07-09
{ <cr>|time1<T><hh:mm:ss>|-<K> }:
Command:
display log name root 2007-07-09
---------------------------------------------------------------------------
No. UserName Domain IP-Address
10 root -- 　 10.70.41.163
Time: 2007-07-09 14:12:20
Cmd: config
---------------------------------------------------------------------------
9 root -- 　 10.70.41.163
Time: 2007-07-09 14:12:18
Cmd: enable
---------------------------------------------------------------------------
8 root -- 　 10.70.41.163
Time: 2007-07-09 13:06:53
Cmd: disable
---------------------------------------------------------------------------
7 root -- 　 10.70.41.163
Time: 2007-07-09 13:06:12
Cmd: quit

Configuration Guide 6 Managing Users
6 Managing Users
About This Chapter
This chapter describes the classification of users supported by the MA5600 and how to add,
modify, delete, or disconnect a user.
6.1 Overview
This section describes the definition of users and user levels and authorities supported by the
MA5600.
6.2 Adding a User Profile
This operation enables you to add a user profile. To add a new user, you need bind this user
profile to manage operators.
6.3 Adding a User
This operation enables you to add a user who can log in to the MA5600 to maintain it.
6.4 Modifying the User Attributes
You can modify the user attributes, such as user profile, authority, password, the permitted
reenter number and the appended information.
6.5 Disconnecting an Online User
This operation enables you to disconnect an online user to prevent the user from logging in to
the MA5600.
6.6 Deleting a User
This operation enables you to delete a user which is not permitted to log in to the MA5600.

6 Managing Users Configuration Guide
6.1 Overview
This section describes the definition of users and user levels and authorities supported by the
MA5600.
Service Description
Users herein refer to persons who configure and maintain the MA5600 through CLI.
In terms of authority, MA5600 users can be divided into four levels:
l Common user
l Operator
l Administrator
l Super user
Users at all levels can only add a user with lower levels than theirs.
Table 6-1 lists the authorities for users at all levels.
Table 6-1 User authorities
User Level Authority
Common user Common users perform basic system operation and simple query
operation.
Operator Operator can configure the MA5600 and services.
Administrator and Common:

super user l Perform all operations.
l Maintain the MA5600 user accounts and user authority.
Difference:
l Only one super user exists in the system, while multi administrators
in the system.
l The super user is of the highest level in the system.
l Super user can create the administrator level account, while
administrator has no authority to add a super user.
6.2 Adding a User Profile

This operation enables you to add a user profile. To add a new user, you need bind this user
profile to manage operators.

Context
l There exists one root profile in the system. This profile disables restrictions on users so
that root users can log in to the system smoothly after a system upgrade. It is not
recommended to bind the root profile when you add a new user.
l The system provides three default profiles whose levels are administrator, operator and
common user respectively. They are convenient for unified management and the operation
of adding users.
l Up to 12 profiles can be added.
l To add a user profile, you need to configure the following parameters:
– Use profile name
– Min. length of user name
– Min. length of password
– Validity period of the user name
– Validity period of the password
– Permitted start time of logon by a user
– Permitted end time of logon by a user
For details, refer to Table 6-2.
Table 6-2 Parameter descriptions of a user profile

Parameters Description
Min. length of user The min. length of user name can be 6 to 15 alphanumeric characters
name and it must be equal to or longer than 6 alphanumeric characters.
Min. length of The min. length of password can be 6 to 15 alphanumeric characters

password and it must be equal to or longer than 6 alphanumeric characters.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, then the validity lasts
the user name forever. By default, it is 30 days. The system checks the validity of user
names by day and when a user logs on to the system. Before three days
of the expiration, the system generates an alarm informing the user of
expiration day. The system generates an alarm informing the user of
expiration once the system identifies the expiration of a user name.
Validity period of It ranges from 0 to 999 days. If it is set to 0 day, then the validity lasts
the password forever. By default, it is 30 days. The validity period of the password
should not be equal to or shorter than that of the user name. The system
checks the validity of passwords by day and when a user logs on to the
system. Before three days of the expiration, the system generates an
alarm informing the user of expiration day and asking the user to modify
the password in time.
Permitted start Together with the parameter of permitted end time of logon by a
time of logon by a user, it specifies the permitted period for a user to log on to the system.
user A user can log on to the system only in the permitted period.

Permitted end time Together with the parameter of permitted start time of logon by a
of logon by a user user, it specifies the permitted period for a user to log on to the system.
A user can log on to the system only in the permitted period. If a user
logs on to the system at the permitted start time but does not log out at
the permitted end time, the system will force the user to log out and stop
the user to configure the system.
Procedure
Step 1 Run the terminal user-profile add command to add a user profile.
Step 2 Run the display terminal user-profile command to query information on the user profile.
----End
Example
Assume that:
l Use profile name: userprofile
l Min. length of user name: 8 alphanumeric characters
l Min. length of password: 8 alphanumeric characters
l Validity period of the user name: 30 day
l Validity period of the password: 30 day
l Permitted start time of logon by a user: 09:00
l Permitted end time of logon by a user: 19:00
To add the user profile, do as follows:
huawei(config)#terminal user-profile add
User profile name(<=15 chars):userprofile
Min. length of user name(6--15)[6]:8
Min. length of password(6--15)[6]:8
Validity period of the user name(0--999 days)[30]:
Validity period of the password(0--999 days)[30]:
Permitted start time of logon by a user(hh:mm):09:00
Permitted end time of logon by a user(hh:mm):19:00
Repeat this operation? (y/n)[n]:
huawei(config)#display terminal user-profile
{ name<K>|all<K> }:name
{ profile_name<S><1,15> }:userprofile
Command:
display terminal user-profile name userprofile
---------------------------------------------------------------------------
User profile name : userprofile
Min. length of user name : 8
Min. length of password : 8
Validity period of the user name : 30
Validity period of the password : 30
Permitted start time of logon by a user : 09:00
Permitted end time of logon by a user : 19:00
---------------------------------------------------------------------------

Related Operation
Table 6-3 lists the related operations for adding a user profile.
Table 6-3 Related operations for adding a user profile
To... Run the Command... Remarks
Modify a user terminal user-profile The user profile name cannot be modified.
profile modify The default user profiles cannot be
modified, named root, admin, operator and
common user.
The bound user profiles cannot be
modified.
Delete a user terminal user-profile delete The default user profiles cannot be
profile deleted, named root, admin, operator and
common user.
The bound user profiles cannot be deleted.
Modify the terminal user user-profile This operation binds the user to another
profile bound profile.
with a user
Query the IP display terminal ip-address -

address of a locked
locked terminal
Disable an IP terminal unlock ip-address An administrator runs this command to

lock disable an IP lock.
6.3 Adding a User

This operation enables you to add a user who can log in to the MA5600 to maintain it.
Context
l The super user and the administrator can add a user with a lower level than theirs. That is:
– The super user can add an administrator, operators and common users.
– The administrator can only add a operator and a common user.
l A user name is unique, cannot be all or online.
l The super user or administrator can add multiple users to the system at a time. Up to 127
users can be added to the system. If the root user counts, up to 128 users can be added.
l The system supports up to 10 terminal users online simultaneously.
When adding a user, you need to configure the user attributes, including the user profile, the
user account, password, permitted reenter number, authority and appended information.
Table 6-4 lists the user attributes.

Table 6-4 User Attributes

User attribute Description
User name A user name (or a user account) consists of 1-15 printable characters.
A user name is unique, case sensitive and cannot contain any space.
Password A password consists of 0-15 characters. It is case sensitive and cannot

be null.
Permitted reenter The permitted reenter number means the concurrent logon count of a
number user account. Whether a user name can be used to log in to the
MA5600 from several terminals at the same time depends on the
permitted reenter number. It is in the range of 0–4, and is generally set
to 1.
Authority In terms of authority, users can be divided into four levels:

l Common user
l Operator
l Administrator
l Super user
Append Append information is a kind of optional and supplementary

Information information. It consists of a chain of characters and its total length is
limited to 30. It can be telephone number or address of a user.
Procedure
Step 1 Run the terminal user name command to add a user.
Step 2 Run the display terminal user command to query a user.
----End
Example
To add a common user named huawei with password of huawei, reenter number of 3, the bound
user profile root, and appended information user, do as follows:
huawei(config)#terminal user name
User profile name(<=15 chars)[root]:
User Password(<=15 chars):huawei //Not display on the terminal
Confirm Password(<=15 chars):huawei //Not display on the terminal
User's Level:
1. Common User 2. Operator 3. Administrator:1
Permitted Reenter Number(0--4):3
User's Appended Info(<=30 chars):user
This user has been added
huawei(config)#display terminal user all
Name Level Status ReenterNum AppendInfo
--------------------------------------------------------------------
root Super Online 1 none
huawei User Offline 3 user

--------------------------------------------------------------------
Total record(s) number: 2
Related Operation
Table 6-5 lists the related operations for adding a user.
Table 6-5 Related operations for adding a user

Delete a user undo terminal user name l Only the super user and administrators
can delete users at lower levels.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To
delete an online user , you need to
disconnect the user first.
l Multi users can be deleted at a time.
Modify the user terminal user user-profile The administrator can run this command to
profile modify the profile where the user is located.
That is, bind the user to another profile.
6.4 Modifying the User Attributes

You can modify the user attributes, such as user profile, authority, password, the permitted
reenter number and the appended information.
6.4.1 Modifying the Profile Bound with a User
This operation enables you to bind a user with a different profile.
6.4.2 Modifying a User Level
This operation enables you to modify a user authority.
6.4.3 Changing a User Password
This operation enables you to change a user password to guarantee equipment security.
6.4.4 Modifying the Permitted Reenter Number
This operation enables you to modify the permitted reenter number of a user to ensure the user
authority.
6.4.5 Modifying the Appended Information
This operation enables you to modify the appended information on a user to update user
information in time.
6.4.1 Modifying the Profile Bound with a User

This operation enables you to bind a user with a different profile.

Context
l Administrators can modify the bound profile of themselves and users at lower level.
l The user name and password must satisfy the specification of the user profile to be bound.
Otherwise, the binding operation fails.
Procedure
Step 1 Run the terminal user user-profile command to modify the bound profile of a user.
Step 2 Run the display terminal user command to query the bound profile of the user.
----End
Example
To modify the profile bound with the user named testuser to the default admin profile, do as
follows:
huawei(config)#terminal user user-profile
User Name(<=15 chars):testuser
Permitted user-profile[root]:admin
Confirm user-profile:admin
Configuration will take effect when the user logs on next time.
Repeat this operation? (y/n)[n]:
Related Operation
Table 6-6 lists the related operations for modifying the profile bound with a user.
Table 6-6 Related operations for modifying the profile bound with a user
Configure a user profile terminal user-profile
Modify levels of a user terminal user level
Modify the password of a user terminal user password
Modify the permitted times of logon by a user terminal user reenter
Modify the appended information on a user terminal user apdinfo
6.4.2 Modifying a User Level

This operation enables you to modify a user authority.
Context
Only the super user and administrators can perform the operation for users at lower levels.
l The super user can modify the level of a user to that of a common user, an operator, or an
administrator.

l Administrators can modify the level of a user to that of a common user, or an operator.
Procedure
Step 1 Run the terminal user level command to modify a user level.
Step 2 Run the display terminal user command to query a user level.
----End
Example
To change a common user huawei to an operator, do as follows:
huawei(config)#terminal user level
1. Common User 2. Operator 3.Administrator:2
User's Level:2
Confirm Level: 2
Information will take effect when this user logs on next time
---------------------------------------------------------------------------
---------------------------------------------------------------------------
huawei Operator Offline 3 user
---------------------------------------------------------------------------
Related Operation
Table 6-7 lists the related operations for modifying a user level.
Table 6-7 Related operations for modifying a user level

Change the user password terminal user password
Modify the permitted reenter number of a terminal user reenter

user
6.4.3 Changing a User Password

This operation enables you to change a user password to guarantee equipment security.
Context
l The super user and the administrator can change the passwords of users at lower levels
(including themselves). When changing the passwords of users at lower levels, the super
user and the administrator need not to input the old password.
l The common user and the operator can only change their own password, and need to input
the old password.

Procedure
Step 1 Run the terminal user password command to change a user password.
Step 2 Log in to the equipment with the user old name and old password.
----End
Example
To change the password of a common user huawei, do as follows:
huawei(config)#terminal user password
User name (<=15 chars):huawei
Old Password(<=15 chars):hw //Not display on the terminal
New password(<=15 chars):huawei //Not display on the terminal
Confirm Password(<=15 chars):huawei //Not display on the terminal
Information takes effect
Related Operation
Table 6-8 lists the related operations for changing a user password.
Table 6-8 Related operations for changing a user password
Modify user level terminal user level

user
6.4.4 Modifying the Permitted Reenter Number

This operation enables you to modify the permitted reenter number of a user to ensure the user
authority.
Context
l The super user and administrators can modify the permitted reenter number of users at
lower levels.
l It is not allowed to modify the permitted reenter number of the super user.
Procedure
Step 1 Run the terminal user reenter command to modify the permitted reenter number of a user.
Step 2 Run the display terminal user command to query the permitted reenter number of a user.
----End

Example
To modify the permitted reenter number of the common user huawei to 1, do as follows:
huawei(config)#terminal user reenter
Permitted reenter number(0--4):1
Confirm Reenter Number(0--4):1
---------------------------------------------------------------------------
---------------------------------------------------------------------------
huawei Operator Offline 1 user
---------------------------------------------------------------------------
Related Operation
Table 6-9 lists the related operations for modifying the permitted reenter number.
Table 6-9 The related operations for modifying the permitted reenter number.
Modify the profile bound with a user terminal user user-profile
Modify user level terminal user level
Change user password terminal user password
Modify the appended information on user terminal user apdinfo
6.4.5 Modifying the Appended Information

This operation enables you to modify the appended information on a user to update user
information in time.
Context
l The super user and administrators can modify their own appended information and that of
users at lower levels.
l Common users and operators can modify their own appended information.
Procedure
Step 1 Run the terminal user apdinfo command to modify the appended information on a user.
Step 2 Run the display terminal user command to query the appended information on a user.
----End
Example
To modify the appended information on the common user huawei, do as follows:

huawei(config)#terminal user apdinfo

User's Appended Info(<=30 chars):support@huawei.com
---------------------------------------------------------------------------
Name Level Status ReenterNum Profile AppendInfo
---------------------------------------------------------------------------
root Super Online 1 root none
huawei Operator Offline 1 root support@huawei.com
---------------------------------------------------------------------------
Related Operation
Table 6-10 lists the related operations for modifying the appended information.
Table 6-10 Related operations for modifying the appended information

Modify the user level terminal user level
Change the user password terminal user password

user
6.5 Disconnecting an Online User

This operation enables you to disconnect an online user to prevent the user from logging in to
the MA5600.
Context
Only the super user and administrators can disconnect an online user at lower levels.
Procedure
Step 1 Run the client kickoff command to disconnect an online user.
Step 2 Run the display client command to query an online user.
----End
Example
To disconnect user 2, and then run the display client command to find the user has been
disconnected, do as follows:
huawei#client kickoff 2
Are you sure to kick the user off?(y/n)[n]: y
huawei#display client
-----------------------------------------------------------------------------
ID Client name Domain name IP Address Login Time
-----------------------------------------------------------------------------

1 root -- 10.71.60.100 2006-02-08 12:26:53

-----------------------------------------------------------------------------
Related Operation
Table 6-11 lists the related operation for disconnecting an online user.
Table 6-11 Related operation for disconnection an online user

Delete a user undo terminal user name
6.6 Deleting a User

This operation enables you to delete a user which is not permitted to log in to the MA5600.
Context
l Only the super user and administrators can delete the users at lower levels than themselves.
l Users cannot delete themselves.
l User root cannot be deleted.
l An online user cannot be deleted. To delete an online user, you need to disconnect the user
first.
l Multiple users can be deleted at a time.
Procedure
Step 1 Run the undo terminal user namecommand to delete users.
Step 2 Run the display terminal user command to verify that a user is deleted successfully.
----End
Example
To delete a user named huawei, do as follows:
huawei(config)#undo terminal user name
Are you sure to delete the user?(y/n)[n]:y
This user has been deleted
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Related Operation
Table 6-12 lists the related operations for deleting a user

Table 6-12 Related operations for deleting a user

Disconnect an online user client kickoff
Add a user terminal user name

Configuration Guide 7 Managing the Device
7 Managing the Device
About This Chapter
This chapter describes how to manage the MA5600. Device management includes shelf
management and board management.
7.1 Overview
This section describes the contents of the chapter and the board status.
7.2 Setting the Description of a Shelf
This operation enables you to set the description for a shelf to differentiate it from other shelves.
7.3 Resetting the Control Boards
This operation enables you to reset the control boards. When you need to reset the control boards
to run the newly-loaded program and database, use this command.
7.4 Adding a Service Board Offline
This operation enables you to add a required service board in an idle slot and configure data of
the service board offline. After the corresponding service board is inserted, the board can start
immediately.
7.5 Confirming a Service Board
This operation enables you to confirm a service board that has been discovered automatically.
7.6 Deleting a Service Board
This operation enables you to delete a service board that is no longer in need.
7.7 Resetting a Service Board
This operation enables you to reset a service board when it is unstable.
7.8 Prohibiting a Service Board
This operation enables you to prohibit a service board.
7.9 Managing a Subboard
This section describes the operation purpose and specification of device management, the rules
of subboard combination and replacement.

7 Managing the Device Configuration Guide
7.1 Overview
This section describes the contents of the chapter and the board status.
Service Description
Device management involves:
l Shelf management
– Setting description of a shelf
– Querying description of a shelf
– Querying attributes of a shelf
l Control board management
– Resetting a control board
– Querying a control board
l Service board management
– Adding a service board offline
– Confirming a service board
– Deleting a service board
– Resetting a service board
– Prohibiting/Unprohibiting a service board
– Querying a service board
l Subboard management
– Replacing a subboard
– Querying a subboard
Board Status
Table 7-1 lists the service board status.
Table 7-1 Service board status
State English Name Remarks
Normal Normal It indicates that the board is running

in the normal state.
Failed Failed It indicates that the board is faulty.
Config Config It indicates that the board is being

configured.
Auto-find Auto_find It indicates that the board is just

inserted, but not confirmed yet.

State English Name Remarks
Prohibited Prohibited It indicates that the board is

prohibited.
7.2 Setting the Description of a Shelf

This operation enables you to set the description for a shelf to differentiate it from other shelves.
Procedure
Step 1 Run the frame set command to set the description of a shelf.
Step 2 Run the display frame desc command to query the description of a shelf.
----End
Example
To set the description of shelf 0, do as follows:
huawei(config)#frame set 0 desc adl
huawei(config)#display frame desc 0
--------------------------------------------------------
FrameID Frame description
--------------------------------------------------------
0 adl
--------------------------------------------------------
Related Operation
Table 7-2 lists the related operation for setting the description of a shelf.
Table 7-2 Related operation for setting the description of a shelf
Query the description of a shelf display frame info
7.3 Resetting the Control Boards

This operation enables you to reset the control boards. When you need to reset the control boards
to run the newly-loaded program and database, use this command.
Context
l The control boards include active control board and standby control board.
l Resetting an active control board leads to two results:
– In the case of an active/standby configuration, the operation has no adverse impact on
the ongoing services.

– In the case there is no standby control board, the operation disconnects the control board
from all the service boards, that is, all service boards in the system are reset.
l The reset operation may cause loss to unsaved data. Therefore, before the operation, run
the save command to save the system data.
l Reset the system only when necessary. In general, the system is reset after new application
or database is loaded.
l The board reset command cannot be used to reset the control boards.
l The reboot active command and the reboot standby command can be used to reset the
active control board and standby control board respectively.
Procedure
Run the reboot command to reset the control board.
----End
To reset the active control board, do as follows:

huawei#reboot active
Please check whether data has saved, the unsaved data may lose if reboot
active board, are you sure to reboot active board? (y/n)[n]:y
Standby board failure or not exist, reboot active will cause system reboot,
are you sure to reboot active board? (y/n)[n]:y
To reset the standby control board, do as follows:

huawei#reboot standby
Please check whether data has saved, are you sure to reboot standby board? (y/
n)[n]:y
Related Operation
Table 7-3 lists the related operations for resetting the control boards.
Table 7-3 Related operations for resetting the control boards
Query a board display board You can query the board type, board
status and port information.
Reboot system reboot system This command is used to reset the

active and standby control boards at
the same time. As a result, the service
boards reset simultaneously.
7.4 Adding a Service Board Offline

This operation enables you to add a required service board in an idle slot and configure data of
the service board offline. After the corresponding service board is inserted, the board can start
immediately.

Context
l After the service board is added offline, the service board becomes faulty. Only after a
service board of the configured type is inserted into this slot, the board becomes normal.
If a service board of a different type is inserted, the board keep resetting because the board
type is not matching.
l You can add a service board only in an idle slot.
Procedure
Step 1 Run the board add command to add a service board.
Step 2 Run the display board command to query the information on the board.
----End
Example
To add a service board in slot 3, do as follows:
huawei(config)#board add 0/3 adg
huawei(config)#display board 0
-------------------------------------------------------------------------
SlotID BoardName Status SubType0 SubType1
-------------------------------------------------------------------------
0
1 H561SHEA Normal
2 H561AIUG Failed O1CTG
3 ADG Failed
4
5 H561ETHA Failed O4GS
6
7
8 H561SCU Active_normal O4GS
9
10
11
12
13
14
15
-------------------------------------------------------------------------
Related Operation
Table 7-4 lists the related operation for adding a service board offline.
Table 7-4 Related operation for adding a service board offline
To... Run the Remarks

Command...
Confirm a service board confirm The service board that is identified

board automatically is in auto-find state, and it
can be used after it is confirmed.

7.5 Confirming a Service Board

This operation enables you to confirm a service board that has been discovered automatically.
Context
After you insert a service board into an idle slot, the system automatically identifies the board
type. The automatically identified service board is in the auto-find state. To enable the board for
normal service transmission, you need to confirm this board.
Procedure
Step 1 Run the board confirm command to confirm a service board.
Step 2 Run the display board command to query the confirmed service board.
----End
Example
To confirm board 0/6, do as follows:
huawei(config)#board confirm 0/6
0 frame 6 slot board confirm successfully
Related Operation
Table 7-5 lists the related operation for confirming a service board.
Table 7-5 Related operation for confirming a service board
Add a service board board add You can add a service board only
offline to an idle slot.
7.6 Deleting a Service Board

This operation enables you to delete a service board that is no longer in need.
Context
l A service board with ongoing service cannot be deleted.
l A service board in the auto-find state cannot be deleted.
Procedure
Step 1 Run the board delete command to delete a service board.

Step 2 Run the display board command to query service board list.
----End
Example
To delete service board 0/6, do as follows:
huawei(config)#board delete 0/6
are you sure to delete this board? (y/n)[n]:y
Board delete successfully
7.7 Resetting a Service Board

This operation enables you to reset a service board when it is unstable.
Context
l The system will generate a fault alarm after the reset operation and a recovery alarm after
the board recovers.
l The system will generate the reset failure alarm if the control board does not receive the
response from the service board for a long time after the reset command is delivered.
l When the service boards are enabled after the board reset operation succeeds, the service
boards report registration information to the control board so that the control board can
configure their data to restore the services.
Procedure
Run the board reset command to reset a service board.
----End
Example
To reset service board 0/6, do as follows:
huawei(config)#board reset 0/6
Are you sure to reset board? (y/n)[n]:y
0 frame 1 slot reset board message sent successfully...
7.8 Prohibiting a Service Board

This operation enables you to prohibit a service board.
Context
l Through the operation, you can:
– Suspend (but not delete) the service of the board.
– Release resources dynamically.
l A control board cannot be prohibited.
l A service board in the auto-find state and unconfirmed cannot be prohibited.
l Prohibiting a service board interrupts the services of the board.

Procedure
Step 1 Run the board prohibit command to prohibit a service board.
Step 2 Run the display board command to query the service board status.
----End
Example
To prohibit service board 0/2, do as follows:
huawei(config)#board prohibit 0/2
Prohibiting board will interrupt all services on this board, are you sure to
prohibit board? (y/n)[n]:y
Prohibited board successfully
Related Operation
Table 7-6 lists the related operation for prohibiting a service board.
Table 7-6 Related operation for prohibiting a service board
Unprohibit a service board undo board prohibit
7.9 Managing a Subboard

This section describes the operation purpose and specification of device management, the rules
of subboard combination and replacement.
Specification
The MA5600 supports inserting subboards on the SCU, ETH and AIUG boards to provide
multiple upstream interfaces. Among them, the AIUG board can provide E3 and IMA subtending
function.
The SCU control board or the ETH service board supports the replacement of the subboard. That
is, after you save the database, remove the board, replace the subboard, and insert the board to
the slot again, the board is in the normal state.
Rules of Subboard Combination and Replacement

When inserting or replacing subboards on or from the SCU control board on the MA5600,
comply with the following requirements:
l Rules for inserting a subboard
– The SCU board offers two subslots for the subboards. The upper subslot is numbered
0, and the lower subslot is numbered 1.
– On a board, both optical and electrical subboards can be used at the same time.
l Rules for replacing a subboard

– Upgrading an FE optical subboard to a GE optical subboard is allowed. Degrading a

GE optical subboard to an FE optical subboard is prohibited. An FE optical subboard
can be upgraded to a GE optical subboard only in the auto-negotiation mode.
– Upgrading an FE electrical subboard to a GE electrical subboard is allowed. Degrading
a GE electrical subboard to an FE electrical subboard is prohibited.
– It is prohibited to change port type between an electrical port and an optical port.
– It is only allowed to change port type between a GE electrical port and a GE optical
port. Other exchanges between an electrical port and an optical port, such as the
exchange between an FE electrical port and an FE optical port, an FE electrical port and
a GE optical port, and a GE electrical port and an FE optical port, are prohibited.
l Rule for expanding the capacity of a subboard
– When you use the subboard whose capacity is expanded in subboard combination,
comply with the related rules.
– It is allowed to add ports to a subboard.
l Rules for reducing the capacity of a subboard
– Service ports to be removed cannot carry any data.
– When you use the subboard whose capacity is reduced in subboard combination, comply
with the related rules.
The AIUG board of the MA5600 does not support the replacement of the subboard. That is,
when the board is normal, after you remove the board and replace the subboard, the board is in
the failed state.
Meanwhile, when inserting or replacing subboards on or from the AIUG board, comply with
the following requirements:
l For the 622M subboard, the subboard can be inserted only in the second subboard slot and
inserting a subboard in the first subboard slot is not allowed.
l For the IMA subboard, the subboard can be inserted only in the first subboard slot and
inserting a subboard in the second subboard slot is not allowed.
l An H561AIUG board can be attached with only one BITS subboard.
l When no subboard is inserted in the first subboard slot, inserting a subboard in the second
subboard slot is not allowed.
l The number of subboard ports in the first subboard slot must be greater than or equal to
that in the second subboard slot.
NOTE
l For the SCU control board, if you do not follow the mentioned rules when replacing the subboard, the
system generates the alarm that the type of the subboard on the control board is changed, indicating
the operation failure. When you query the boards through the CLI, the system displays the information
about original subboards and the faulty status of the subboards.
l For the service board, if you do not follow the mentioned rules when replacing the subboard, the board
cannot be found automatically.
Related Operation
Table 7-7 lists the related operation for managing a subboard.

Table 7-7 Related operation for managing a subboard

Querying a service display board You can query the subboards used by the
board board.

Configuration Guide 8 Configuring the Remote User Authentication
8 Configuring the Remote User

Authentication
About This Chapter
This chapter describes the remote user management supported by the MA5600, including
authentication, authorization, and accounting.
8.1 Overview
This section contains service description and service specification of remote user authentication
on the MA5600.
8.2 Related Concepts
This section describes concepts related to remote user authentication, including AAA, RADIUS
and SSH.
8.3 Configuration Example of Remote User Authentication
This example shows how to configure the remote user authentication to prevent illegal access
to the MA5600.
8.4 Configuring RADIUS
This section describes RADIUS configuration, including creating a RADIUS server template,
setting the IP address and port number of a RADIUS server, setting the shared key of the
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, configuring an
NAS port and its ID format, and setting the format of user name sent to a RADIUS server.
8.5 Configuring AAA
This section describes AAA configuration, including configuring an authentication scheme,
creating a domain, specifying the authentication scheme and specifying the RADIUS server
template.
8.6 Configuring SSH
This section describes the SSH configuration, including creating the local RSA key pair,
configuring the SSH user public key and configuring an SSH user.

8 Configuring the Remote User Authentication Configuration Guide
8.1 Overview
This section contains service description and service specification of remote user authentication
on the MA5600.
Service Description
Remote user authentication refers to the process of examining the remote users who want to log
in to the MA5600. Only authenticated users can log in to the MA5600 to manage and maintain
it.
The MA5600 realizes remote user authentication.
The MA5600authenticates remote users in the following two ways:
l AAA/RADIUS
– In an authentication, authorization and accounting (AAA)/Remote Authentication Dial-
In User Service (RADIUS) frame, the MA5600 serves as a network access server
(NAS). As for the RADIUS server, the MA5600 is a RADIUS client.
– When the AAA/RADIUS function is enabled, the MA5600 forwards the user name and
password of the login user to the RADIUS server for authentication.
l SSH
– The SSH protocol is based on a server-client mode, using TCP for interconnection to
realize secure remote access to insecure networks.

This section describes concepts related to remote user authentication, including AAA, RADIUS
and SSH.
8.2.1 Introduction to AAA

This section describes what is AAA and advantages of AAA.
8.2.2 Introduction to RADIUS
This section describes what is RADIUS and principles of RADIUS.
8.2.3 Introduction to SSH
This section describes what is SSH and advantages of the SSH protocol.
8.2.1 Introduction to AAA

This section describes what is AAA and advantages of AAA.
What Is AAA
Authentication, Authorization and Accounting (AAA) is a framework for network security
management.

Advantages of AAA
Operating in the server-client model, the AAA framework uses the clients as managed objects
and the server for storing user information.
The AAA framework has the following advantages:
l Excellent expansibility
l Standard authentication schemes
l Centralized user management
l Multi-system based security mechanism
8.2.2 Introduction to RADIUS

This section describes what is RADIUS and principles of RADIUS.
What Is RADIUS
As a management framework, AAA can be carried out by a number of protocols. RADIUS is a
common one among them.
RADIUS is an information exchange protocol with the distributed server-client model. It is used
to manage a large number of distributed dialup users.
An RADIUS server manages a simple user database to provide AAA function for users and
modify users' service information according to the service types and authorities.
The users forward their AAA requests to the RADIUS server through a NAS.
Principles of RADIUS
l When you receive a request from a user to access other network (or use some network
resources), the NAS forwards the user data to the RADIUS server in line with the related
mechanism defined by the RADIUS protocol.
l The RADIUS server authenticates the user account and password contained in the user
data, and returns the data required data to the NAS.
NOTE
l The NAS and the RADIUS server also use a key to encrypt the data exchanged between them.
In this case, the data such as the password can be avoided being intercepted or stolen.
l The RADIUS configuration only defines the parameters related to the connections between the
NAS and the RADIUS server. To make these parameters take effect, you must enter domain
mode first, specify a RADIUS scheme, and then select the RADIUS AAA mode.
8.2.3 Introduction to SSH

This section describes what is SSH and advantages of the SSH protocol.
What Is SSH
SSH provides authentication, encryption, and identification to guarantee network
communication security. When users telnet the router through an insecure network, SSH offers
security guarantee and powerful authentication to protect the route against attacks such as IP
address spoofing and interception of plain text password.

SSH RFC
IETF defined SSH RFC document. There are two versions of the SSH protocol:
l SSHv1.5: SSHv1.5 was issued earlier than SSHv2. At present, a majority of SSHs support
it.
l SSHv2: SSHv2 is more standard and precise than SSHv1.5. It enhances security and adds
the file transfer function.
Advantages
The SSH protocol is based on a client/server mode. It uses TCP for interconnection to realize
secure remote access through insecure networks. Compared with telnet, SSH has the following
features:
l SSH supports the methods of using the password and RSA public key to authenticate clients.
l SSH supports Data Encryption Standard (DES), 3DES, and AES to encrypt session data.
l When the SSH server communicates with the SSH client, both the user name and the
password are encrypted to prevent the password from being intercepted.
l SSH encrypts the data to guarantee the security and reliability during the transmission.
l SSH supports authentication of a server.
l SSH supports the MD5 and SHA algorithms to identify the integrity of the session data to
guarantee authenticity of the session data and prevent the data from being altered
maliciously during the transfer process.
l SSH supports RSA authentication mode. In this mode, SSH implements secure key
exchange and authentication of the server by generating public and private keys. These
keys are generated according to the encryption principle of the asymmetric encryption
system. This guarantees the whole secure process of sessions.
8.3 Configuration Example of Remote User Authentication

This example shows how to configure the remote user authentication to prevent illegal access
to the MA5600.
Networking
Figure 8-1 shows a sample network for configuring the remote user authentication.

Figure 8-1 Sample network for configuring the remote user authentication
10.10.10.1 Radius
server
Internet
Radius
10.10.10.2 server
MA5600
LAN
PC PC PC
Data Plan
Table 8-1 lists the data plan for configuring the remote user authentication.
Table 8-1 Data plan for configuring the remote user authentication
Item Data
IP address of the primary RADIUS server 10.10.10.1
IP address of the secondary RADIUS 10.10.10.2

server
Authentication port ID of the RADIUS 1812

server
NOTE
This chapter describes configuration of the MA5600 only. For configuration of the RADIUS server, refer
to related documents. The RADIUS configuration profile contains the IP address and port number of the
RADIUS server. Configure other parameters such as RADIUS shared key and RADIUS server type
according to the practice.
Figure 8-2 shows the flowchart for configuring the remote user authentication.

Figure 8-2 Flowchart for configuring the remote user authentication
Start
Create RADIUS server virtual profile
Bind virtual profile with server
Create authentication scheme
Select authentication mode
Create domain
Bind domain with authentication

scheme
Bind domain with RADIUS server

virtual profile
End
Procedure
Step 1 Create a RADIUS server virtual profile.
huawei(config)#radius-server template radius2005
Step 2 Bind the RADIUS server virtual profile with the authentication server.
huawei(config-radius-radius2005)#radius-server authentication 10.10.10.1 1812
secondary
Step 3 Create the authentication scheme.

huawei(config-radius-radius2005)#quit
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme huawei
Step 4 Select authentication mode.

huawei(config-aaa-authen-huawei)#authentication-mode radius
Step 5 Create a domain.

huawei(config-aaa-authen-huawei)#quit
huawei(config-aaa)#domain radius1
Step 6 Bind the domain with the authentication scheme.

huawei(config-aaa-domain-radius1)#authentication-scheme huawei

Step 7 Bind the domain with the RADIUS server virtual profile.
huawei(config-aaa-domain-radius1)#radius-server radius2005
----End
Result
After the configuration on the RADIUS server is complete, log on to the MA5600 and type in
the user name in the format of "userid@domain-name". If the RADIUS server contains the user
name and domain configuration, the user can log on to it and manage the devices.
8.4 Configuring RADIUS

This section describes RADIUS configuration, including creating a RADIUS server template,
setting the IP address and port number of a RADIUS server, setting the shared key of the
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum
retransmit count of RADIUS request packets, setting the RADIUS server type, configuring an
NAS port and its ID format, and setting the format of user name sent to a RADIUS server.
8.4.1 Overview
This section describes RADIUS specification and notes for configuring RADIUS.
8.4.2 Specifying the RADIUS Server Template
This operation enables you to specify the RADIUS server template for a domain.
8.4.3 Setting the IP Address and Port Number of a RADIUS Server
This operation enables you to set the IP address and the port number of a new RADIUS server.
8.4.4 Setting the Shared Key of the RADIUS Server
This operation enables you to set the shared key of the RADIUS server to verify the legality of
the packets from the peer end.
8.4.5 Setting the Response Timeout Interval of a RADIUS Server
This operation enables you to set the response timeout interval of a RADIUS server.
8.4.6 Setting the Maximum Retransmit Count of RADIUS Request Packets
This operation enables you to set the maximum retransmit count of RADIUS request packets to
guarantee that server responds to the packets.
8.4.7 Setting the RADIUS Server Type
This operation enables you to set the RADIUS server type.
8.4.8 Configuring an NAS Port and Its ID Format
This operation enables you to configure an NAS port and its ID format to guarantee
interoperability between the devices of Huawei.
8.4.9 Setting the Format of User Name Sent to a RADIUS Server
This operation enables you to set the format of user name sent to a RADIUS server to specify
if the user name contains the domain name.
8.4.1 Overview
This section describes RADIUS specification and notes for configuring RADIUS.

Specification
For the MA5600, the RADIUS is configured on each RADIUS server group.
In actual networking, a RADIUS server group can be:
l An independent RADIUS server
l A pair of primary/secondary RADIUS servers with the same configuration but different IP
addresses
The attributes of each RADIUS server profile include:
l IP addresses of primary and secondary servers
l Shared key
l RADIUS server type
Note
The RADIUS configuration only defines the parameters used for data exchange between the
MA5600 and the RADIUS server. To validate these parameters, you need to quote the RADIUS
server group in a domain. For details, refer to "8.5 Configuring AAA".

Context
l Before this setting, you need to configure a RADIUS server template.
l One RADIUS server template can be used by multiple domains.
Procedure
Step 1 Run the radius-server template command to create RADIUS server template and enter the
corresponding mode.
Step 2 Run the quit command to quit RADIUS mode.
Step 3 Run the display radius-server configuration command to query the created RADIUS server
template.
----End
Example
To specify "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#display radius-server configuration template radius1
-------------------------------------------------------------------
Server-template-name : radius1
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : huawei
Timeout-interval(in second) : 5
Primary-authentication-server : 0.0.0.0:0:LoopBack0

Primary-accounting-server : 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 0.0.0.0:0:LoopBack0
Secondary-accounting-server : 0.0.0.0:0:LoopBack0
Retransmission : 3
Domain-included : YES
-------------------------------------------------------------------
Related Operation
Table 8-2 lists the related operation for specifying the RADIUS server template
Table 8-2 Related operation for specifying the RADIUS server template
Cancel the reference of a RADIUS undo radius-server template

server template
8.4.3 Setting the IP Address and Port Number of a RADIUS Server

This operation enables you to set the IP address and the port number of a new RADIUS server.
Context
l The servers may include the primary and secondary servers. By default, the IP address of
the primary or the secondary server is 0.0.0.0.
l To ensure the normal communication between the MA5600 and the RADIUS server, before
setting the IP address and port number of the server, make sure that the route between the
MA5600 and the RADIUS server is normal.
l Make sure that the port settings between the MA5600 and the server are consistent.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the
corresponding RADIUS config mode.
Step 2 Run the radius-server authentication command to configure the primary authentication server.
Step 3 Run the radius-server authentication secondary command to configure the secondary server.
Step 4 Run the quit command to quit from the RADIUS config mode.
Step 5 Run the display radius-server configuration command to query the IP address and port number
of a RADIUS server.
----End
Example
To set the IP address and port number of the primary server as 10.10.10.1 and 1812, and the IP
address and port number of the secondary server as 10.10.10.2 and 1812, do as follows:


secondary
-------------------------------------------------------------------
Traffic-unit : B
Shared-secret-key : huawei
Primary-authentication-server : 10.10.10.1:1812:LoopBack-1
Secondary-authentication-server : 10.10.10.2:1812:LoopBack-1
Retransmission : 3
-------------------------------------------------------------------
Related Operation
Table 8-3 lists the related operation for setting the IP address and port number of a server.
Table 8-3 Related operation for setting the IP address and port number of a server
Delete the configured RADIUS undo radius-server authentication

server
8.4.4 Setting the Shared Key of the RADIUS Server

This operation enables you to set the shared key of the RADIUS server to verify the legality of
the packets from the peer end.
Context
l By default, the key is "huawei".
l The RADIUS client (namely the MA5600) and the RADIUS server use MD5 algorithm to
encrypt the packets exchanged between them. They respond to the received packets only
when the keys at both ends are identical.
Procedure
Step 2 Run the radius-server shared-key command to set the shared key of the RADIUS server.
Step 4 Run the display radius-server configuration command to query the shared key of the RADIUS
server.
----End

Example
To set the shared key of a RADIUS server as "radius2004", do as follows:
huawei(config-radius-radius1)#radius-server shared-key radius2004
-------------------------------------------------------------------
Traffic-unit : B
Shared-secret-key : radius2004
Retransmission : 3
-------------------------------------------------------------------
8.4.5 Setting the Response Timeout Interval of a RADIUS Server

This operation enables you to set the response timeout interval of a RADIUS server.
Context
l After the MA5600 sends RADIUS request packets to the RADIUS server, if no response
from the RADIUS server is received for a period of time, the MA5600 needs to resend
these packets to the RADIUS server to make sure that the users can really obtain RADUS
service.
l By default, the timeout interval is 5s.
Procedure
Step 1 Run the radius-server template command to create a RADIUS template and enter
Step 2 Run the radius-server timeout command to set the response timeout interval of a RADIUS
server.
Step 4 Run the display radius-server configuration command to query the response timeout interval
of a RADIUS server.
----End
Example
To set the timeout interval of a RADIUS server as 10s, do as follows:
huawei(config-radius-radius1)#radius-server timeout 10
-------------------------------------------------------------------
Traffic-unit : B

Retransmission : 3
-------------------------------------------------------------------
Related Operation
Table 8-4 lists the related operation for setting the response timeout interval of a RADIUS server.
Table 8-4 Related operation for setting the response timeout interval of a RADIUS server
Restore the default response timeout interval of a undo radius-server timeout

RADIUS server
8.4.6 Setting the Maximum Retransmit Count of RADIUS Request

Packets
This operation enables you to set the maximum retransmit count of RADIUS request packets to
guarantee that server responds to the packets.
Context
l If no response has been received from the RADIUS server within the timeout time specified
by the timeout timer, the MA5600 resends the request packets to the RADIUS server. When
the retransmit count exceeds the specified maximum value, the MA5600 considers its
connection with the RADIUS server as interrupted, and turns to other RADIUS servers for
requesting services.
l By default, the maximum retransmit count of RADIUS request packets is 3.
l You can modify the configuration only when the RADIUS profile is not referenced.
Procedure
Step 2 Run the radius-server retransmit command to configure the retransmit time of the configured
server.
Step 4 Run the display radius-server configuration command to query the maximum count of
RADIUS request packets.
----End

Example
To set the maximum retransmit count of RADIUS request packets as 5, do as follows:
huawei(config-radius-radius1)#radius-server retransmit 5
-------------------------------------------------------------------
Traffic-unit : B
Retransmission : 5
-------------------------------------------------------------------
Related Operation
Table 8-5 lists the related operation for setting the maximum retransmit count of the RADIUS
request packets.
Table 8-5 Related operation for setting the maximum retransmit count of the RADIUS request
packets
Recover the maximum retransmit undo radius-server retransmit

count of RADIUS request packets to
the default value
8.4.7 Setting the RADIUS Server Type

This operation enables you to set the RADIUS server type.
Context
The MA5600 supports both standard RADIUS protocol and Portal of Huawei.
Procedure
Step 2 Run the radius-server type command to set the RADIUS server type.
Step 4 Run the display radius-server configuration command to query the RADIUS server type.
----End

Example
To set the RADIUS server type as "portal", do as follows:
huawei(config-radius-radius1)#radius-server type portal
-------------------------------------------------------------------
Protocol-version : portal
Traffic-unit : B
Retransmission : 5
-------------------------------------------------------------------
8.4.8 Configuring an NAS Port and Its ID Format

This operation enables you to configure an NAS port and its ID format to guarantee
interoperability between the devices of Huawei.
Context
The NAS port and its ID format are internal extended attributes of Huawei.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server profile and enter
RADIUS config mode.
Step 2 Run the radius-server nas-port-format command to configure an NAS port of the RADIUS
server.
Step 3 Run the radius-server nas-port-id-format command to configure the ID format of the NAS
port of the RADIUS server.
----End
Example
To set the format of NAS ports as "new", and that of NAS port IDs as "new" for RADIUS server
template "radius1", do as follows:
huawei(config-radius-radius1)#radius-server nas-port-format new
huawei(config-radius-radius1)#radius-server nas-port-id-format new
8.4.9 Setting the Format of User Name Sent to a RADIUS Server

This operation enables you to set the format of user name sent to a RADIUS server to specify
if the user name contains the domain name.

Context
l By default, the user name of a RADIUS server has the domain name.
l The access users are generally named in the format of "userid@domain-name". The part
following "@" is the domain name. The MA5600 assigns users to different ISP domains
based on their respective domain names.
l Some earlier RADIUS servers reject user names with domain names. In this case, you can
run the command to specify that the user name to be sent to a RADIUS server carries no
domain name.
l If a RADIUS server group does not allow user names carrying domain names, the RADIUS
server group shall not be used at the same time in two or more domains. Otherwise, when
receiving the same user names, the RADIUS server will mistake the users in different
domains as the same user.
l You can modify the configuration only when the RADIUS server profile is not referenced.
Procedure
Step 2 Run the (undo)radius-server user-name domain-included command to set whether the user
name sent to RADIUS server carries domain name.
Step 3 Run the quit command to quit RADIUS config mode.
Step 4 Run the display radius-server configuration command to query format of the user name that
is sent to the RADIUS server.
----End
To specify that a user name to be sent to a RADIUS server carries no domain name, do as follows:
huawei(config-radius-radius1)#undo radius-server user-name domain-included
-------------------------------------------------------------------
Traffic-unit : B
Retransmission : 5
Domain-included : NO
-------------------------------------------------------------------
To specify that a user name to be sent to a RADIUS server carries domain name, do as follows:
huawei(config-radius-radius1)#radius-server user-name domain-included
-------------------------------------------------------------------
Traffic-unit : B

Retransmission : 5
-------------------------------------------------------------------
8.5 Configuring AAA

This section describes AAA configuration, including configuring an authentication scheme,
creating a domain, specifying the authentication scheme and specifying the RADIUS server
template.
8.5.1 Configuring an Authentication Scheme
This operation enables you to configure an authentication scheme to define the policy to
authenticate users requesting for login.
8.5.2 Creating a Domain
This operation enables you to create a domain.
8.5.4 Specifying the Authentication Scheme
This operation enables you to specify the authentication scheme for all the users of an ISP.
8.5.1 Configuring an Authentication Scheme

This operation enables you to configure an authentication scheme to define the policy to
authenticate users requesting for login.
Context
l The MA5600 supports the authentication through the RADIUS server.
l After configuring an authentication scheme, reference it for setting a domain to bring it
into play.
l After an authentication scheme is created and before you reference the scheme, you need
to configure RADIUS for the MA5600 and configure the related user information on the
remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the authentication-scheme command to add an authentication scheme.
Step 3 Run the display authentication-scheme command to query the newly configured authentication
scheme.
----End

Example
To add the authentication scheme "huawei", with the authentication mode of RADIUS, do as
follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme huawei
huawei(config-aaa-authen-huawei)#authentication-mode radius
huawei(config-aaa-authen-huawei)#quit
huawei(config-aaa)#quit
huawei(config)#display authentication-scheme
{ <cr>|string<S><1,32> }:
Command:
display authentication-scheme
---------------------------------------------------------------------------
Authentication-scheme-name Authentication-method
---------------------------------------------------------------------------
default local
huawei radius
---------------------------------------------------------------------------
Total 2,2 printed
Related Operation
Table 8-6 lists the related operations for configuring an authentication scheme.
Table 8-6 Related operations for configuring an authentication scheme

Delete an undo authentication-scheme The default authentication

authentication scheme scheme of the system cannot
be deleted.
Show AAA display aaa configuration You can query the usage of
configuration the resources configured on
the authentication scheme
table.
8.5.2 Creating a Domain

This operation enables you to create a domain.
Context
l A domain is a group of users with the same attributes.
l For a user name in the form of "userid@domain-name", such as
huawei20041028@huawei.net, the "huawei.net" following "@" is the domain name, and
the "userid" is used as the user name for identity authentication.
Procedure
Step 2 Run the domain command to create a domain.

Step 3 Run the quit command to quit the domain mode.
Step 4 Run the quit command to quit the AAA mode.
Step 5 Run the display domain command to query the domain.
----End
Example
To create a domain named huawei.net, do as follows:
huawei(config)#aaa
huawei(config-aaa)#domain huawei.net
huawei(config-aaa-domain-huawei.net)#quit
huawei(config)#display domain
{<cr>|string<S><1,20> }:
Command:
display domain
-----------------------------------------------------------------------
DomainName State CAR Access-limit Online
-----------------------------------------------------------------------
default Active 0 384 0
huawei.net Active 0 384 0
-----------------------------------------------------------------------
Total 2,2 printed
Related Operation
Table 8-7 lists the related operations for creating a domain.
Table 8-7 Related operations for creating a domain
Delete a domain undo domain The default domain cannot be

deletedf.
Query AAA display aaa You can query the usage of

configuration configuration resources configured on the domain.

Context
Before this setting, you need to configure a RADIUS server template. For details, refer to "8.4
Configuring RADIUS."
Procedure

Step 2 Run the domain command to specify huawei as the current domain and enter domain mode.
Step 3 Run the radius-server command to create a RADIUS server template and enter the
Step 6 Run the display domain command to query the information on the domain.
----End
Example
To specify "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa-domain-huawei.net)#radius-server radius1
huawei(config)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Domain-state : Active
Authentication-scheme-name : huawei
Accounting-scheme-name : default
Authorization-scheme-name : default
User-CAR : -
Next-Hop : -
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
Acl-Number : -
Idle-data-attribute (time,flow) : 0, 60
User-priority : -
User-access-limit : 384
Online-number : 0
RADIUS-server-template : radius1
-------------------------------------------------------------------
Related Operation
Table 8-8 lists the related operation for specifying the RADIUS server template.
Table 8-8 Related operation for specifying the RADIUS server template
Cancel the reference of a undo radius-server Run the command in domain

RADIUS server template mode, and then you can
delete the reference of the
RADIUS server template.
8.5.4 Specifying the Authentication Scheme

This operation enables you to specify the authentication scheme for all the users of an ISP.

Context
l An authentication scheme defines the policy to authenticate all the users of an ISP.
l Before specifying a scheme, you need to create it.
Procedure
Step 2 Run the domain command to specify huawei as the current domain and enter domain mode.
Step 3 Run the authentication-scheme command to specify the authentication scheme.
Step 6 Run the display domain command to query the information on the domain.
----End
Example
To specify "huawei" as the authentication scheme of domain "huawei.net", do as follows:
huawei(config)#aaa
huawei(config-aaa-domain-huawei.net)#authentication-scheme huawei
huawei(config)#display domain huawei.net
-------------------------------------------------------------------
Domain-name : huawei.net
Domain-state : Active
Authentication-scheme-name : huawei
Accounting-scheme-name : default
Authorization-scheme-name : default
User-CAR : -
Next-Hop : -
Primary-DNS-IP-address : -
Second-DNS-IP-address : -
Primary-NBNS-IP-address : -
Second-NBNS-IP-address : -
Acl-Number : -
Idle-data-attribute (time,flow) : 0, 60
User-priority : -
User-access-limit : 384
Online-number : 0
RADIUS-server-template : -
-------------------------------------------------------------------
Related Operation
Table 8-9 lists the related operations for specifying the authentication scheme.

Table 8-9 Related operations for specifying the authentication scheme

Delete the undo authentication-scheme Delete the specified

specified authentication scheme in domain
authentication mode.
scheme
Query AAA display aaa configuration You can query the usage of
configuration resources configured on the
domain.
8.6 Configuring SSH

This section describes the SSH configuration, including creating the local RSA key pair,
configuring the SSH user public key and configuring an SSH user.
8.6.1 Creating the Local RSA Key Pair
This operation enables you to create the local RSA key pair.
8.6.2 Configuring the SSH User Public Key
This operation enables you to configure the SSH user public key.
8.6.3 Configuring an SSH User
This operation enables you to configure an SSH user.
8.6.1 Creating the Local RSA Key Pair

This operation enables you to create the local RSA key pair.
Context
l The key size ranges from 512 bits to 2048 bits. You can change it to 512, 1024, or 2048
bits as required. By default, it is 512 bits.
l Before using the SSH service for the first time, you must run the rsa local-key-pair
create command.
l If you destroy the SSH server host public key pair and service key pair, you must create
the new SSH server host key pair and service key pair.
Procedure
Step 1 Run the rsa local-key-pair create command to create the local RSA key pair.
Step 2 Run the display rsa local-key-pair public command to query the local RSA key pair.
----End
Example
To create a local RSA key pair, do as follows:
huawei(config)#rsa local-key-pair create
The key name will be: huawei_Host

% RSA keys defined for MA5600_Host already exist.

Confirm to replace them? [y/n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
......................++++++
..++++++
............................................++++++++
.++++++++
huawei(config)#display rsa local-key-pair public
=====================================================
Time of Key pair created: 13:39:58 2006/2/10
Key name: huawei_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BF2B1846 14543312 785ABA61 595B1FA6 9B6D2A6D
D0C5A771 07FE3692 CDEE3C8D 11EFB290 7247BC5B
6F28BBB0 8F0B9DC0 4247F4F0 0A38A5B3 A7E5BD5F
7330CB1D
0203
010001
=====================================================
Time of Key pair created: 13:40:0 2006/2/10
Key name: huawei_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
B4830A71 7974B485 1365431A 0504081E C9D5A8AF
17AE7F6B A7E07227 3260B5DB 722F42F4 B1BD03D8
E6C527F3 B4403736 29E1A954 17AA56F9 50B3857B
21354F07 95F421C7 9468D159 75B72B27 EA79E33E
68C9D35C BF98B56D 9B880598 095EAB0D
0203
010001
Table 8-10 lists the related operation for creating a local RSA key pair.
Table 8-10 Related operation for creating a local RSA key pair
Destroy the local RSA key rsa local-key-pair destroy

pair
8.6.2 Configuring the SSH User Public Key

This operation enables you to configure the SSH user public key.
Figure 8-3 shows the flowchart for configuring the SSH user public key.

Figure 8-3 Flowchart for configuring the SSH user public key
Start
Enter config-rsa-public-key
mode
Enter public key eidt mode
Input the user public key
Quit public key edit mode
End
Procedure
Step 1 Run the rsa peer-public-key command to enter config-rsa-public-key mode.
Step 2 Run the public-key-code begin command to enter public key edit mode.
Step 3 Input the user public key.
Step 4 Run the public-key-code end command to quit public key edit mode.
Step 5 Run the peer-public-key end command to quit to global config mode.
Step 6 Run the display rsa peer-public-key command to query the SSH user public key.
----End
Example
To paste the conversed user public key in the current system, do as follows:
huawei(config)#rsa peer-public-key key
huawei(config-rsa-public-key)#public-key-code begin
huawei(config-rsa-key-code)#30450240 B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E
huawei(config-rsa-key-code)#FD00ED66 B8B5E954 2B053A82 131B967C 8DDC1176 0746A8BB
huawei(config-rsa-key-code)#C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F 020125
huawei(config-rsa-key-code)#public-key-code end
huawei(config-rsa-public-key)#peer-public-key end
huawei(config)#display rsa peer-public-key
{ <cr>|brief<K>|name<K> }:
Command:
display rsa peer-public-key
=====================================
Key name: key
=====================================
Key Code:
3045
0240

B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E FD00ED66 B8B5E954 2B053A82

131B967C 8DDC1176 0746A8BB C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F
0201
25
8.6.3 Configuring an SSH User

This operation enables you to configure an SSH user.
Context
SSH user authentication falls into the following types:
l password: indicates the common password authentication mode. It is the default

authentication type.
l rsa: indicates the RSA public key authentication.
l all: indicates the password and RSA authentication.
l password-publickey: indicates the password and public key authentication, which is
applicable for SSHv2.0.
Procedure
Step 1 Run the ssh user assign rsa-key command to set the RSA public key of SSH user.
Step 2 Run the ssh user authentication-type rsa command to set the RSA authentication mode of SSH
user.
Step 3 Run the display ssh user-information command to query the authentication mode of SSH user.
----End
Example
To set the RSA public key of the SSH user huawei as key, and the authentication mode as RSA,
do as follows:
huawei(config)#ssh user huawei assign rsa-key key
huawei(config)#ssh user huawei authentication-type rsa
huawei(config)#display ssh user-information
{ <cr>|string<S><1,16> }:
Command:
display ssh user-information
Username Authentication-type User-public-key-name Service-type
huawei rsa key stelnet
Related Operation
Table 8-11 lists the related operations for configuring an SSH user.
Table 8-11 Related operations for configuring an SSH user
Delete the RSA public key of an undo ssh user assign rsa-key
SSH user

Set the SSH user authentication ssh user authentication-type

mode

Configuration Guide 9 Configuring the VLAN
9 Configuring the VLAN
About This Chapter
This chapter describes the classification of VLANs supported by the MA5600 and how to
configure a VLAN.
9.1 Overview
This section describes VLAN technology, as well as count, types and attributes of VLAN
supported by the MA5600.
9.2 Configuration Example of a Standard VLAN
This example shows how to subtend two MA5600 devices through a standard VLAN. For details,
refer to "25.3 Configuration Example of the Subtended Network Through the SCU
Board" or "25.4 Configuration Example of Subtending Device Through the ETHA
Board."
9.3 Configuration Example of a Smart VLAN
This example shows how to configure a smart VLAN to realize ADSL2+ access.
9.4 Configuration Example of a MUX VLAN
This example shows how to configure a MUX VLAN to realize ADSL2+ access.
9.5 Configuration Example of the Super VLAN
This example shows how to configure the super VLAN to enable users whose services are
isolated at layer 2 to communicate with each other at layer 3.
9.6 Creating a VLAN
This operation enables you to create a VLAN or VLANs of the same type in batches.
9.7 Configuring the VLAN Attribute
This operation enables you to configure the VLAN attribute to QinQ, stacking or common.
9.8 Setting the Inner and Outer Ethernet Protocols Type of a Stacking VLAN
This operation enables you to set the inner and outer Ethernet protocol type of a stacking VLAN
supports.
9.9 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN
This operation enables you to set the inner VLAN priority of the service port in a stacking VLAN.
9.10 Adding an Upstream Port to a VLAN

9 Configuring the VLAN Configuration Guide
This operation enables you to add an upstream port to a VLAN.

9.11 Adding a Service Port to a VLAN
This operation enables you to add a service port to a VLAN.
9.12 Adding Service Ports in Batches
This operation enables you to add service ports in batches: To run the multi-service-port
vlan command to add multiple service ports on an asymmetric digital subscriber line 2 plus
(ADSL2+)/single-pair high-speed digital subscriber line (SHDSL) board to a smart VLAN or a
standard VLAN. To run the multi-service-port from-vlan command to add multiple service
ports on one or multiple ADSL2+/SHDSL boards to different MUX VLANs at a time.
9.13 Setting the Description of a Service Port
This operation enables you to set the description of a service port.

9.1 Overview
This section describes VLAN technology, as well as count, types and attributes of VLAN
supported by the MA5600.
Service Description
Virtual local area network (VLAN) is a technology used to form virtual workgroups by logically
grouping the devices of a LAN. The Institute of Electrical and Electronics Engineers (IEEE)
issued draft IEEE 802.1q in 1999, aiming at standardizing VLAN implementations.
For details on the VLAN feature, refer to the chapter "VLAN" in the Feature Description
VLAN.
The MA5600 supports up to 4000 VLANs.
The MA5600 supports the following types of VLANs:
l Standard VLAN
l Smart VLAN
l MUX VLAN
l Super VLAN
Table 9-1 lists the VLAN types and applications.
Table 9-1 VLAN types and applications

Type Description Application
Standard l Ethernet ports in a standard VLAN can Used for Ethernet ports and
VLAN communicate with each other. service ports. Applied in
l An Ethernet port in a standard VLAN is the network equipment
isolated from an Ethernet port in another management, subtending,
standard VLAN. and layer 2 interconnection
between service ports.
l The service ports of the same VLANs on
different service boards can realize the The standard VLAN with
layer 2 interconnection. the common attribute can
be configured as the
service virtual port of the
AIUG board to work with
the MPLS subboard and
realize the ATM uplink of
the MPLS service.

Type Description Application
Smart VLAN A smart VLAN can contain multiple xDSL Applied to xDSL access,
service ports. Traffic streams of these ports such as residential areas to
in a smart VLAN are isolated from each provide access to the
other. Traffic streams of different VLANs are Internet.
also isolated from each other. A smart VLAN
can serve multiple xDSL users, thus saving
VLAN resources.
MUX VLAN A MUX VLAN can contain only one service Applied when users are
port. Traffic streams of different VLANs are distinguished by VLANs.
isolated from each other. One-to-one
mapping can be set up between a MUX
VLAN and an access user. So, a MUX VLAN
can uniquely identify an access user.
Super VLAN A super VLAN is a layer 3 based VLAN. It Applied to save IP

consists of multiple sub VLANs. A sub addresses resources.
VLAN can be a smart VLAN or a MUX
VLAN.
The following lists the attributes of VLANs:

l Common
l QinQ
l Stacking
Table 9-2 lists the attributes of VLANs.
Table 9-2 VLAN attributes

VLAN Application
attribute
Common A VLAN with this attribute can be used as a layer 2 VLAN. You can create
a layer 3 virtual interface for it if necessary.
The standard VLAN with the common attribute can also be configured as
the service virtual port of the AIUG board for the ATM uplink of the MPLS
service after mpls vlan is enabled.

VLAN Application
attribute
QinQ When a packet is added with the tag of a VLAN with QinQ attribute, the
packet contains two VLAN tags:
l Inner VLAN tag from the private network
l Outer VLAN tag from the MA5600
Through the outer VLAN tag, a layer 2 VPN tunnel can be set up to
transparently transmit service data among private networks.
When standard VLANs are used to realize the interconnection between
service ports, set the attribute of the standard VLANs as QinQ.
For details about the QinQ VLAN, see the chapter "30 Configuring the
QinQ VLAN Leased Line Service."
Stacking When a packet is added with the tag of a VLAN with Stacking attribute,
the packet contains two VLAN tags: inner VLAN tag and outer VLAN tag
allocated by the MA5600. With this attribute, the upper layer BRAS can
authenticate users based on the double VLAN tags, thus increasing the
number of access users. The upper layer network working in layer 2 mode
can forward packets based on the outer "VLAN+MAC" to provide the
multi-ISP wholesale service. For details about the stacking VLAN, see the
chapter "29 Configuring the VLAN Stacking Wholesale Service."
9.2 Configuration Example of a Standard VLAN

This example shows how to subtend two MA5600 devices through a standard VLAN. For details,
refer to "25.3 Configuration Example of the Subtended Network Through the SCU
Board" or "25.4 Configuration Example of Subtending Device Through the ETHA
Board."
9.3 Configuration Example of a Smart VLAN

This example shows how to configure a smart VLAN to realize ADSL2+ access.
Networking
Figure 9-1 shows a sample network for configuring a smart VLAN.

Figure 9-1 Sample network for configuring a smart VLAN
Router
Internet
A A CON
ETH
D D MON
G G
E E
GE0/7/0
SCU MA5600
Modem Modem
PC1 PC2
Data Plan
Table 9-3 lists the data plan for configuring a smart VLAN.
Table 9-3 Data plan for configuring a smart VLAN
Item Data
ADSL2+ board ADSL2+ port: 0/2/0

VPI/VCI: 0/35

VPI/VCI: 0/35
Smart VLAN VLAN ID: 10
Upstream port 0/7/0
Prerequisite
l The network devices and lines are normal.
l The VPI/VCI of the modem is 0/35.
Figure 9-2 shows the flowchart for configuring a smart VLAN.

Figure 9-2 Flowchart for configuring a smart VLAN.
Start
Create a smart VLAN
Add the upstream port
Add the virtual port
Save the data
End
Procedure
Step 1 Create a MUX VLAN.
Step 2 Add an upstream port to the VLAN.

Step 3 Add a service port to the VLAN.

The service port uses the default traffic profile 5.
huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5

huawei#save
----End
Result
Both PC 1 and PC 2 can access to the IP network, but they cannot ping each other.
9.4 Configuration Example of a MUX VLAN

This example shows how to configure a MUX VLAN to realize ADSL2+ access.
Networking
Figure 9-3 shows a sample network for configuring a MUX VLAN.

Figure 9-3 Sample network for configuring a MUX VLAN
Router
Internet
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
Modem Modem
PC1 PC2
Data Plan
Table 9-4 lists the data plan for configuring a MUX VLAN.
Table 9-4 Data plan for configuring a MUX VLAN
Item Data

VPI/VCI: 0/35
VLAN ID: 20

VPI/VCI: 0/35
VLAN ID: 21
Upstream port 0/7/0
Prerequisite
l All the boards of the MA5600 are normal.
Figure 9-4 shows the flowchart for configuring a MUX VLAN.

Figure 9-4 Flowchart for configuring a MUX VLAN
Start
Create a MUX VLAN
Add the virtual port
Save the data
End
Procedure
Step 1 Create a MUX VLAN.
huawei(config)#vlan 20 mux



huawei#save
----End
Result
After the configuration, PC 1 can access the Internet.
9.5 Configuration Example of the Super VLAN

This example shows how to configure the super VLAN to enable users whose services are
isolated at layer 2 to communicate with each other at layer 3.
Networking
Figure 9-5 shows a sample network for configuring a super VLAN.

Figure 9-5 Sample network for configuring a super VLAN
Router
Internet
A A CON
ETH
D D MON
G G
E E
GE0/7/0
SCU MA5600
Modem Modem
PC1 PC2
Data Plan
Table 9-5 lists the data plan for configuring a super VLAN.
Table 9-5 Data plan for configuring a super VLAN

Item Data

VPI/VCI: 0/35
Sub VLAN ID: 20

VPI/VCI: 0/35
VLAN ID: 21
PC2 GPON port:

GEM Port ID: 129
Upstream VLAN: 21
User-side VLAN: 101
Super VLAN VLAN ID: 100

IP address of layer 3 interface: 10.0.0.254/24
Standard VLAN VLAN ID: 30

IP address of layer 3 interface: 10.0.1.254/24
Upstream port: 0/7/0

Prerequisite
l All the service boards are normal.
l PC 1 and PC 2 can obtain their IP addresses dynamically in the DHCP mode.
l The sub VLAN must exist already. The VLAN can be a smart VLAN or a MUX VLAN.
In this procedure, it is a MUX VLAN.
l A super VLAN cannot contain physical ports, and the layer 3 interface can be established
on the super VLAN. Whether the layer 3 interface is up depends on whether the physical
port of the up state exists in the contained sub VLAN.
l A sub VLAN contains only physical ports, and the layer 3 interface cannot be established
on the sub VLAN.
Figure 9-6 shows the flowchart for configuring a super VLAN.

Figure 9-6 Flowchart for configuring a super VLAN
Start
Create a super VLAN
Create sub VLANs and add them to

the super VLAN
Configure the service port of the sub

VLAN
Enable the global ARP Proxy
Configure the layer 3 interface of the

super VLAN
Enable ARP Proxy for the layer 3

interface of the super VLAN
Create the standard VLAN and add the

upstream port to the VLAN
Add the layer 3 interface of the

standard VLAN
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create sub VLANs and add them to the super VLAN.
huawei(config)#supervlan 100 subvlan 20
Step 3 Configure the service port of the sub VLAN.



Step 4 Enable the global ARP Proxy.

huawei(config)#arp proxy enable
Step 5 Configure the layer 3 interface of the super VLAN.

huawei(config-if-Vlanif100)#ip address 10.0.0.254 24
NOTE
The IP address of the layer 3 interface of the super VLAN must be in the same subnet as the IP address
obtained by the PC.
Step 6 Enable ARP Proxy for the layer 3 interface of the super VLAN.
huawei(config-if-Vlanif100)#arp proxy enable
Step 7 Create the standard VLAN and add the upstream port to the VLAN.
Step 8 Add the layer 3 interface of the standard VLAN.


huawei(config-if-Vlanif30)#quit
huawei(config)#save
----End
Result
After the configuration, both PC 1 and PC 2 can communicate with each other and access the
Internet.
9.6 Creating a VLAN

This operation enables you to create a VLAN or VLANs of the same type in batches.
Prerequisite
The ID of the VLAN to be added does not exist in the system.
Context
l If the service ports belonging to the same smart VLAN are created on two boards, the
service ports belonging to the same standard VLAN cannot be created on the two boards
simultaneously.
l If the service ports belonging to the same standard VLAN are created on two boards, the
service ports belonging to the same smart VLAN cannot be created on the two boards
simultaneously.
l The MA5600 supports up to 4000 VLANs and some VLANs are reserved for the system.

Procedure
Step 1 Run the vlan command to add a VLAN.
Step 2 Run the display vlan command to query VLAN information.
----End
To add a standard VLAN with the VLAN IDs of 2, do as follows:

huawei(config)#display vlan 2
{ <cr>|to<K> }:
Command:
display vlan 2
VLAN ID: 2
VLAN type: standard
VLAN attribute: common
Standard port number: 0
Service virtual port number: 0
To add 10 standard VLANs in batches with VLAN IDs ranging from 1000 to 1009, do as follows:
huawei(config)#vlan 1000 to 1009 standard
It will take several minutes, and console may be timeout, please use command
idle-timeout to set time limit
Are you sure to add VLANs? (y/n)[n]:y
huawei#display vlan all
{ <cr>|vlantype<E><mux,standard,smart,super>|vlanattr<K> }:
Command:
display vlan all
---------------------------------------------------------
VLAN Type Attribute STND-Port NUM SERV-Port NUM
---------------------------------------------------------
1 MUX common 8 0
2 standard common 0 0
---------------------------------------------------------
Total: 12
Note : STND-Port--standard port, SERV-Port--service virtual port
Related Operation
Table 9-6 lists the related operations for creating a VLAN.

Table 9-6 Related operations for creating a VLAN

Delete a VLAN undo vlan To delete a VLAN, make sure:

l There is no upstream port, L3
interface, or service port in the
VLAN.
l There is no sub VLAN in the super
VLAN.
l The VLAN is not the default VLAN
(VLAN 1)
Display VLAN count display vlan number -
Display VLAN display statistics vlan The traffic of VLAN service ports is
statistics measured.
Configure the start vlan reserve -

number of the
reserved VLANs
9.7 Configuring the VLAN Attribute

This operation enables you to configure the VLAN attribute to QinQ, stacking or common.
Prerequisite
The VLAN with its attribute to be configured already exists.
Context
l The attribute of default VLAN1 cannot be configured to QinQ or stacking.
l When the attribute of a smart VLAN or a MUX VLAN is common, you can configure the
attribute of the VLAN to QinQ or stacking.
l The attribute of a standard VLAN can be configured to QinQ, but not to stacking.
l The attribute of a super VLAN cannot be configured to QinQ or stacking.
l The attribute of a VLAN cannot be changed from QinQ to stacking or from stacking to
QinQ directly.
Procedure
Step 1 Run the vlan attrib command to configure the VLAN attribute.
Step 2 Run the display vlan command to display the VLAN attribute.
----End
Example
To configure the attribute of smart VLAN 10 to QinQ, do as follows:

huawei(config)#vlan attrib 10 q-in-q

{ <cr>|to<K> }:
Command:
display vlan 10
VLAN ID: 10
VLAN type: smart
VLAN type: smart
VLAN attribute: QinQ
VLAN description:
------------------------------
F/S /P Native VLAN State
------------------------------
0/7/0 2 down
------------------------------
Related Operation
Table 9-7 lists the related operation for configuring the VLAN attribute.
Table 9-7 Related operation for configuring the VLAN attribute
To... Run the Command… Remarks
Restore the VLAN undo vlan attrib By default, the VLAN attribute is
attribute common.
9.8 Setting the Inner and Outer Ethernet Protocols Type of

a Stacking VLAN
This operation enables you to set the inner and outer Ethernet protocol type of a stacking VLAN
supports.
Context
l By default, the inner and outer Ethernet protocol type of a stacking VLAN is 0x8100. That
is, the Ethernet frame has a 802.1q VLAN Tag.
l The protocol type to be set cannot be set as a value for other protocols, such as 0x0800 (IP
packets) or 0x0806 (ARP packets).
Procedure
Step 1 Run the stacking inner-ethertype command to set the inner Ethernet protocol type of a stacking
VLAN; run the stacking outer-ethertype command to set the outer Ethernet protocol type of
a stacking VLAN.
Step 2 Run the display stacking inner-ethertype command to display the inner Ethernet protocol type
of a stacking VLAN; run the display stacking outer-ethertype command to display the outer
Ethernet protocol type of a stacking VLAN.
----End

Example
To set the inner Ethernet protocol type the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking inner-ethertype 0x8100
huawei(config)#display stacking inner-ethertype
The inner Ethernet type in the system: 0x8100
To set the outer Ethernet protocol type the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking outer-ethertype 0x8100
huawei(config)#display stacking outer-ethertype
The outer Ethernet type in the system: 0x8100
9.9 Setting the Inner VLAN Priority of the Service Port in a

Stacking VLAN
This operation enables you to set the inner VLAN priority of the service port in a stacking VLAN.
Procedure
Run the stacking inner-priority command to set the inner VLAN priority of the service port.
----End
Example
To set the inner VLAN priority of the service port in stacking VLAN 4000 as 5, do as follows:
huawei(config)#stacking inner-priority vlan 4000 5
9.10 Adding an Upstream Port to a VLAN

This operation enables you to add an upstream port to a VLAN.
Prerequisite
The VLAN to which an upstream port is to be added already exists.
Context
The upstream port of a VLAN must be an Ethernet port.
Procedure
Step 1 Run the port vlan command to add an upstream port.
Step 2 Run the display vlan command to query the upstream port number.
----End
Example
To add upstream port 0/7/0 to VLAN 10, do as follows:


{<cr>|to<K>}:
Command:
display vlan 10
VLAN ID: 10
VLAN type: MUX
VLAN attribute: stacking
------------------------------
------------------------------
0/7/0 1 up
------------------------------
Related Operation
Table 9-8 lists the related operation for adding an upstream port to a VLAN.
Table 9-8 Related operation for adding an upstream port to a VLAN
Delete the upstream port of a undo port vlan

VLAN
9.11 Adding a Service Port to a VLAN

This operation enables you to add a service port to a VLAN.
l The VLAN, to which the service port is to be added, already exists.

l The suitable traffic item already exists.
Context
l An xDSL port can support up to eight service ports.
l The SHDSL service port supports only the ATM and PTM port encapsulation modes.
l The VPI and VCI values of the service port must be the same as that of the xDSL modem
connected to the port.
l If the service ports of the same smart VLAN are created on two service boards, the service
ports of the same standard VLAN cannot be created on the two service boards.
l The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of
the service ports are different. If the VPI/VCI of the service port is auto-sensing, only one
service port can be created on a port.
l When the service port needs to carry multiple services, the MA5600supports the traffic
classification. That technology can be based on user VLAN, service encapsulation mode
on the user side and the priority of packets on the user side. When the service flow is
classified by user VLAN, the traffic classification can be performed on the untagged packet
(the data packet without VLAN tag).

Procedure
Step 1 Run the service-port vlan command to add a service port.
Step 2 Run the display service-port vlan command to query service ports.
----End
Example
To add service port 0/2/0 with the VPI/VCI of 0/35 and the traffic profile of 5 to VLAN 10, do
as follows:
huawei(config)#display service-port port 0/2/0
{ <cr>|sort-by<K>|autosense<K> }:
Command:
display service-port port 0/2/0
----------------------------------------------------------------------------
VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE LABEL PRI
ID ATTR TYPE PARA
----------------------------------------------------------------------------
10 common adl 0/2/0 0 35 vlan 100 6 6 up - -
----------------------------------------------------------------------------
Total : 1 (Up/Down : 1/0)
Note : F--Frame, S--Slot, P--Port(or virtual port, such as IMA group etc.)
top--TDM over packet
Related Operation
Table 9-9 lists the related operations for adding a service port to a VLAN.
Table 9-9 Related operations for adding a service port to a VLAN

Delete a service port undo service-port The service port cannot be deleted in the
following cases: 
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for a BTV user.
l The port is bound with an IP address
or a MAC address.
l The port is configured with a static
MAC address.
Display VLAN display vlan -

information
Display VLAN display statistics vlan -

statistics

9.12 Adding Service Ports in Batches

This operation enables you to add service ports in batches: To run the multi-service-port
vlan command to add multiple service ports on an asymmetric digital subscriber line 2 plus
(ADSL2+)/single-pair high-speed digital subscriber line (SHDSL) board to a smart VLAN or a
standard VLAN. To run the multi-service-port from-vlan command to add multiple service
ports on one or multiple ADSL2+/SHDSL boards to different MUX VLANs at a time.
Context
l The VPI/VCI of the service port must be the same as that of the xDSL modem connected
to the port.
l The SHDSL service port supports only the ATM and PTM port encapsulation modes.
l The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of
the service ports are different. If the VPI/VCI of the service port is auto-sensing, only one
service port can be created on a port.
l If the service ports of the same smart VLAN are created on two service boards, the service
ports of the same standard VLAN cannot be created on the two service boards.
l An xDSL port can be configured with up to eight service ports.
l The VLAN(s) to which the service ports are to be added already exist.
l The suitable traffic item already exists.
Procedure
Step 1 Run the multi-service-port vlan or the multi-service-port from-vlan command to add service
ports.
Step 2 Run the display service-port vlan command to query service ports.
----End
Example
To add service ports 0/2/0-0/2/3 to smart VLAN 10, do as follows:
huawei(config)#multi-service-port vlan 10 port 0/2 0-3 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5
huawei(config)#display service-port vlan 10
-------------------------------------------------------------------------
VLAN ID VLAN-ATTR PORT-TYPE F/S /P VPI VCI RX TX STATE LABEL
-------------------------------------------------------------------------
10 common adl 0/2/0 0 35 2 2 up -
10 common adl 0/2/1 0 35 2 2 up -
10 common adl 0/2/2 0 35 2 2 up -
10 common adl 0/2/3 0 35 2 2 up -
-------------------------------------------------------------------------
Note : F--Frame, S--Slot, P--Port(or Virtual Port, such as IMA GROUP,
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl port
To add all ADSL2+, SHDSL, or VDSL, ports to MUX VLANs (to add port 1 to VLAN 2, port
2 to VLAN 3, and so on), do as follows:
huawei(config)#multi-service-port from-vlan 2 board 1-18 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5

To add service ports 0/5/10-0/5/12 to standard VLAN 6, do as follows:

huawei(config)#multi-service-port vlan 6 port 0/5 10-12 vpi 0 vci 35 rx-cttr 5 tx-
cttr 5
It will take several minutes, and console may timeout, please use command idle
-timeout to set time limit
Are you sure to create service virtual port(s)? (y/n)[n]:y
The number of total board in this operation: 1
The number of total service virtual port in this operation: 3
Creating start...
Creating end:
The number of total service virtual port which need be created: 3
The number of total service virtual port which have been created: 3
huawei(config)#display service-port vlan 6
{ <cr>|sort-by<K>|autosense<K> }:
Command:
display service-port vlan 6
-----------------------------------------------------------------------------
VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE LABEL PRI
ID ATTR TYPE PARA
-----------------------------------------------------------------------------
6 QinQ shl 0/5 /10 0 35 - - 5 5 act/up - -
6 QinQ shl 0/5 /11 0 35 - - 5 5 act/up - -
6 QinQ shl 0/5 /12 0 35 - - 5 5 act/up - -
-----------------------------------------------------------------------------
Note : F--Frame, S--Slot, P--Port(or virtual port, such as IMA group etc.)
top--TDM over packet.The characters precede / in the STATE column
indicate the Admin-Status and characters behind the / indicate the
Oper-Status of the service port.act means activate and deact means
deactivate.dn is abbreviation of down.
NOTE
If adding a service port fails, the reason is that the service port to be added is already added to the mapping
VLAN.
Related Operation
Table 9-10 lists the related operations for adding service ports in batches.
Table 9-10 Related operations for adding service ports in batches

To… Run the Command... Remarks
Delete a service port undo service-port The service port cannot be deleted in the
following cases:
l The port is encapsulated in PPPoA,
IPoA or Auto mode.
l The port serves for a BTV user.
l The port is bound with the IP address
or MAC address.
l The port is configured with a static
MAC address.
Display VLAN display statistics vlan -

traffic statistics

9.13 Setting the Description of a Service Port

This operation enables you to set the description of a service port.
Procedure
Step 1 Run the service-port desc command to set the description of a service port.
Step 2 Run the display service-port desc command to query the description of the service port.
----End
Example
To set the description of service port 0/2/0 with VPI/VCI of 0/35, do as follows:
huawei(config)#service-port desc 0/2/0 vpi 0 vci 35 description user0/2/0
huawei(config)#display service-port desc 0/2/0
{<cr>|autosense<K>|vpi<K>|user-vlan<K>|user-encap<K>}:
Command:
display service-port desc 0/2/0
------------------------------------------------------------------------------
PORT : adl
F/S/P : 0/2/0
VPI : 0
VCI : 35
FLOWTYPE : -
FLOWPARA : -
DESCRIPTION : user0/2/0
------------------------------------------------------------------------------
Related Operation
Table 9-11 lists the related operation for setting the description of a service port.
Table 9-11 Related operation for setting the description of a service port
Delete the description of a service port undo service-port desc

Configuration Guide 10 Configuring the DHCP Relay
10 Configuring the DHCP Relay
About This Chapter
This chapter describes the principles of the DHCP relay function supported by the MA5600 and
how to configure the DHCP relay function.
10.1 Overview
This section describes the DHCP relay function and its application to the MA5600.
10.2 Configuration Example of DHCP Standard Mode
This example shows how to configure DHCP standard mode to obtain the IP address
automatically.
10.3 Configuration Example of DHCP Option60 Mode
This example shows how to enable PCs to obtain IP addresses automatically in DHCP option60
mode.
10.4 Configuration Example of DHCP MAC Address Segment Mode
This example shows how to enable the PC to obtain the IP address automatically in DHCP MAC
address segment mode.
10.5 Creating a DHCP Server Group
This operation enables you to create a DHCP server group.
10.6 Setting Working Mode of a DHCP Server
This operation enables you to set working mode of a DHCP server.
10.7 Setting DHCP Relay Mode
This operation enables you to set DHCP relay mode.
10.8 Binding a DHCP Server Group with a VLAN Interface
This operation enables you to bind a DHCP server group with a VLAN interface.
10.9 Creating an Option60 Domain
This operation enables you to create an option60 domain.
10.10 Binding a DHCP Server Group with a DHCP Option60 Domain
This operation enables you to bind a DHCP server group with a DHCP option60 domain.
10.11 Configuring the Gateway of a DHCP Option60 Domain
This operation enables you to configure the gateway of a DHCP option60 domain.

10 Configuring the DHCP Relay Configuration Guide
10.12 Creating a DHCP MAC Address Segment

This operation enables you to create a DHCP MAC address segment.
10.13 Setting the Range of a DHCP MAC Address Segment
This operation enables you to set the range of a DHCP MAC address segment.
10.14 Binding a DHCP Server Group with a DHCP MAC Address Segment
This operation enables you to bind a DHCP server group with a DHCP MAC address segment.
10.15 Configuring the Gateway of a DHCP MAC Address Segment
This operation enables you to configure the gateway of a DHCP MAC address segment.

10.1 Overview
This section describes the DHCP relay function and its application to the MA5600.
Service Description
The Dynamic Host Configuration Protocol (DHCP) works in the client/server mode. The DHCP
client can dynamically request configuration data and the DHCP server can provide the data for
the client conveniently. DHCP adopts IP address renting management and IP address time
division multiplexing, greatly saving IP address resources.
Initially, the DHCP was only suitable for applications where the DHCP client and server were
located on the same subnet and could not work across a network segment. If the early DHCP is
used to dynamically configure the host, each subnet shall be equipped with a DHCP server. That
is obviously uneconomical.
The introduction of DHCP relay solves the mentioned problem. The DHCP relay serves as relay
between the DHCP client and the server located on different subnets. The DHCP packets can
be relayed to the destination DHCP server (or client) across network segments. In this way, the
DHCP clients on different networks can use the same DHCP server. This is economical and
convenient for centralized management. Figure 10-1 shows the principle of DHCP relay.
Figure 10-1 MA5600 DHCP relay
LAN
DHCP client
DHCP client
Internet
DHCP client Switch

MA5600
DHCP client DHCP server
For details on DHCP, refer to the chapter "DHCP Relay" in the Feature Description.
The MA5600 supports layer 2 and layer 3 DHCP relay as well as DHCP Option82 to guarantee
DHCP security.
NOTE
For the configuration of the DHCP Option82, refer to "19.5 Enabling the DHCP Option82 Function"
and "19.6 Setting the Maximum Length of DHCP Packets."
The MA5600 supports the following DHCP relay working modes:

l Standard mode
l Option60 mode

l MAC address segment mode
10.2 Configuration Example of DHCP Standard Mode

This example shows how to configure DHCP standard mode to obtain the IP address
automatically.
Prerequisite
The primary IP address of the layer 3 interface of VLAN 2 shall be in the same network segment
as that of the upper layer router. There shall be routing between the device and the DHCP server.
Networking
Figure 10-2 shows a sample network for configuring DHCP standard mode.
Figure 10-2 Sample network for configuring DHCP standard mode
10.1.1.1
DHCP Server group 1

VLAN 2
10.1.1.2
IP network
10.2.1.1
MA5600
VLAN 3 DHCP Server group 2
10.2.1.2
In this network:
l DHCP server group 1 assigns IP addresses for the two PCs in VLAN 2.
l DHCP server group 2 assigns IP addresses for the two PCs in VLAN 3.
Data Plan
Table 10-1 lists the data plan for configuring DHCP standard mode.
Table 10-1 Data plan for configuring DHCP standard mode
Item Data Remarks
DHCP server group 1 Primary IP address: 10.1.1.1/24 -
Secondary IP address: 10.1.1.2 -

Item Data Remarks
Secondary IP address: 10.2.1.2/24 -
VLAN 2 Layer 3 IP address: 2.2.2.1/24 VLAN 2 binds with

DHCP server group 1.
VLAN 3 Layer 3 IP address: 2.2.2.2/24 VLAN 3 binds with

DHCP server group 2.
Upstream port 0/7/0 -
Service ports 0/2/0，0/2/1 -
NOTE
The configuration on VLAN 3 is the same as that on VLAN 2. This example only shows how to configure
PCs of VLAN 2 to obtain IP addresses.
Figure 10-3 shows the flowchart for configuring DHCP standard mode.
Figure 10-3 Flowchart for configuring DHCP standard mode
Start
Select DHCP Relay mode
Add
AddaDHCP
DHCPserver
servergroup
group
Set DHCP server mode (Optional)
Add the upstream port and service

port to the VLAN
Configure the VLAN layer 3

interface
Bind the port with a DHCP server

group
End

Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 standard
Step 2 Add a DHCP server group.

huawei(config)#dhcp-server 1 ip 10.1.1.1 10.1.1.2
Step 3 Set the working mode of the DHCP server.

The default load-sharing mode is applied and no configuration is needed.
NOTE
For details on setting working mode of the DHCP server, refer to "10.6 Setting Working Mode of a DHCP
Server."
Step 4 Configure the VLAN upstream port and the service port.
Step 5 Configure the IP address of the layer 3 interface.

Step 6 Bind the interface with the DHCP server group.

huawei(config-if-vlanif2)#dhcp-server 1

huawei(config)#save
----End
Result
The PCs can obtain IP addresses dynamically.
10.3 Configuration Example of DHCP Option60 Mode

This example shows how to enable PCs to obtain IP addresses automatically in DHCP option60
mode.
Prerequisite
The primary IP address of the layer 3 of VLAN 2 shall be in the same network segment as that
of the upper layer router. There shall be routing between the device and the DHCP server.
Networking
Figure 10-4 shows a sample network for configuring DHCP option60 mode.

Figure 10-4 Sample network for configuring DHCP option60 mode
10.10.10.10
VLAN 2 IP DHCP server group 2
10.10.10.11
MA5600
Data Plan
Table 10-2 lists the data plan for configuring DHCP option60 mode.
Table 10-2 Data plan for configuring DHCP option60 mode

Item Data Remarks
Secondary IP address: -
10.10.10.11/24
VLAN 2 Layer 3 interface IP address: -

10.1.2.1/24
Upstream port 0/7/0 -
Service ports 0/2/0 -
Domain Domain: msft The gateway IP

address is the same as
DHCP server group: DHCP server the IP address of the
group 2 layer 3 interface.
Gateway IP address: 10.1.2.1/24
Context
l The name of option60 domain must be configured according to the type of connected
terminal device.
l If Windows 98/2000/XP/NT series runs on the DHCP client, the domain name must be
msft.
l The system selects the domain based on the option60 field in the packet. If there is no
appropriate domain matched, the default domain is used.
Figure 10-5 shows the flowchart for configuring the DHCP option60 mode.

Figure 10-5 Flowchart for configuring the DHCP option60 mode
Start
Add a DHCP server group
Set DHCP server mode
Define a domain
Bind the domain with the DHCP

server group
Add the upstream port and

service port to the VLAN
Configure the VLAN layer 3

interface
Configure the domain gateway
End
Procedure
huawei(config)#dhcp mode layer-3 option60
Step 2 Add a DHCP server group.

Step 3 Set the working mode of the DHCP server.

NOTE
For details on setting working mode of the DHCP server, refer to "10.6 Setting Working Mode of a DHCP
Server."
Step 4 Define an option60 domain.

huawei(config)#dhcp domain msft
Step 5 Bind the domain with the DHCP server group.

huawei(config-dhcp-domain-msft)#dhcp-server 2

Step 6 Configure the VLAN upstream port and the service port.
huawei(config-dhcp-domain-msft)#quit
Step 7 Configure the IP address of VLAN layer 3 interface.

Step 8 Configure the domain gateway.

huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1

huawei(config)#save
----End
Result
10.4 Configuration Example of DHCP MAC Address

Segment Mode
This example shows how to enable the PC to obtain the IP address automatically in DHCP MAC
Prerequisite
The primary IP address of the layer 3 interface of VLAN 2 shall be in the same network segment
as that of the upper layer router. There shall be routing between the device and the DHCP server.
Networking
Figure 10-6 shows a sample network for configuring MAC address segment mode.
Figure 10-6 Sample network for configuring MAC address segment mode
10.10.10.10
VLAN 2 IP DHCP server group 2
10.10.10.11
MA5600
Data Plan
Table 10-3 lists the data plan for configuring MAC address segment mode.

Table 10-3 Data plan for configuring MAC address segment mode
Function Data
DHCP server group 2 Primary IP address: 10.10.10.10/24
Secondary IP address: 10.10.10.11/24
VLAN 2 Layer 3 interface IP address: 10.1.2.1/24
Upstream port 0/7/0
Service port 0/2/0
MAC address segment MAC address segment name: huawei
Start range: 0000-0000-0001

End range: 0000-0000-0100
Gateway IP address: 10.1.2.1

The gateway IP address is the same as the IP address of the
layer 3 interface.
DHCP server group: DHCP server group 2
PC MAC address: 0000-0000-0010
Figure 10-7 shows the flowchart for configuring MAC address segment mode.

Figure 10-7 Flowchart for configuring MAC address segment mode
Start
Add a DHCP server group
Set DHCP server group mode
Specify MAC address segment
Specify MAC address segment range
Bind the MAC address segment with

DHCP server group
Add the upstream port and service port

to the VLAN
Configure the VLAN layer 3 interface
Configure the MAC address segment

gateway
End
Procedure
huawei(config)#dhcp mode layer-3 mac-range
Step 2 Create a DHCP server.

Step 3 Set working mode of the DHCP server.

NOTE
For details of setting working mode of the DHCP server, refer to "10.6 Setting Working Mode of a DHCP
Server."

Step 4 Define the MAC address segment.

huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
Step 5 Bind the MAC address segment with the DCHP server group.
huawei(config-mac-range-huawei)#dhcp-server 2
Step 6 Configure the upstream port and the service port to the VLAN.
huawei(config-mac-range-huawei)#quit
Step 7 Configure the IP address of the VLAN layer 3 interface.

Step 8 Configure the gateway address of the MAC address segment.

huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1

huawei(config)#save
----End
Result
10.5 Creating a DHCP Server Group

This operation enables you to create a DHCP server group.
Context
l To improve the reliability of a network, you can specify a primary DHCP server and a
secondary one in a server group to form a DHCP server group.
l Up to 20 DHCP server groups (0–19) can be configured in the system.
l The primary server or the secondary server is identified by its IP address. The secondary
server cannot be added independently. Instead, it has to be added together with the primary
server.
Procedure
Step 1 Run the dhcp-server command to create a DHCP server group.
Step 2 Run the display dhcp-server command to query the information on the DHCP server group.
----End
Example
To add the primary and secondary DHCP servers with IP addresses of 10.1.1.1 and 10.1.1.2
respectively to DHCP server group 1, do as follows:

huawei(config)#display dhcp-server 1
The primary IP address of DHCP server group 1: 10.1.1.1
The secondary IP address of DHCP server group 1: 10.1.1.2
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP OFFER messages: 0
DHCP ACK messages: 0
DHCP NAK messages: 0
DHCP DECLINE messages: 0
DHCP DISCOVER messages: 0
DHCP REQUEST messages: 0
DHCP INFORM messages: 0
DHCP RELEASE messages: 0
Related Operation
Table 10-4 lists the related operation for creating a DHCP server group.
Table 10-4 Related operation for creating a DHCP server group
Delete a DHCP server undo dhcp-server

group
10.6 Setting Working Mode of a DHCP Server

This operation enables you to set working mode of a DHCP server.
Context
The MA5600 supports two DHCP server working modes:
l load-sharing: In this mode, the MA5600 sends DHCP messages to both the active and
standby DHCP servers. By default, the system is in load-sharing mode.
l backup: In this mode, the MA5600 sends DHCP messages to the DHCP server that is
running at the current time. The system firstly takes the active DHCP server as the running
DHCP server at the current time. When the DHCP server does not reply OFFER message
to the MA5600 within a specified period, the system switches the standby DHCP server to
the running DHCP server at the current time. This mode can reduce the message load in
the network.
Procedure
Step 1 Run the dhcp server mode command to set the working mode of a DHCP server.
Step 2 Run the display dhcp config command to query the working mode of the DHCP server.
----End

Example
To set the DHCP server to backup mode, the maximum response time to DISCOVER message
to 50s and the maximum timeout times for responding to DISCOVER message to 100, do as
follows:
huawei(config)#dhcp server mode backup 50 100
huawei(config)#display dhcp server config
DHCP server mode: backup
DHCP server reply max time: 50 second
DHCP server reply timeout max times: 100
Related Operation
Table 10-5 lists the related operations for setting working mode of a DHCP server.
Table 10-5 Related operations for setting working mode of a DHCP server
Create a DHCP server dhcp-server
Query information on a DHCP server display dhcp-server
10.7 Setting DHCP Relay Mode

This operation enables you to set DHCP relay mode.
Context
The MA5600 supports both layer 2 and layer 3 DHCP relay. Layer 3 DHCP relay includes:
l DHCP standard mode: Select the DHCP server according to the IP address of the VLAN
layer 3 interface for forwarding DHCP packets.
l DHCP option60 mode: Select the DHCP server according to the DHCP optioni60 domain.
l DHCP MAC address segment mode: Select the DHCP server group according to the source
MAC address segment of DHCP packets.
Procedure
Step 1 Run the dhcp mode command to set DHCP working mode.
Step 2 Run the display dhcp config command to query DHCP working mode.
----End
To set the DHCP relay mode as layer 2, do as follows:

huawei(config)#dhcp mode layer-2
huawei(config)#display dhcp config
DHCP relay mode: layer-2
To set the DHCP relay mode as layer 3 DHCP option60, do as follows:

huawei(config)#dhcp mode layer-3 option60

huawei(config)#display dhcp config

DHCP relay mode: layer-3
DHCP server select mode: option60
10.8 Binding a DHCP Server Group with a VLAN Interface

This operation enables you to bind a DHCP server group with a VLAN interface.
Prerequisite
The DHCP server group has been created.
Context
l A VLAN layer 3 interface can be bound with only one DHCP server group. Therefore, all
DHCP packets to be sent upstream through the VLAN layer 3 interface shall be forwarded
to the DHCP server group bound with the VLAN interface.
l If a layer 3 interface has been bound with a DHCP server group, the new setting overwrites
the old one.
l By default, a VLAN interface is not bound with any DHCP server.
Procedure
Step 2 Run the dhcp-server command to bind a DHCP server group.
Step 3 Run the display dhcp-server interface vlanif command to query the DHCP server group that
is bound with VLAN interface.
----End
Example
To bind DHCP server group 1 to VLAN interface 2, do as follows:
huawei(config-if-Vlanif2)#dhcp-server 1
huawei(config)#display dhcp-server interface vlanif 2
The DHCP server group of this interface is 1
Related Operation
Table 10-6 lists the related operations for binding a DHCP server group with a VLAN interface.
Table 10-6 Related operations for binding a DHCP server group with a VLAN interface
Unbind a VLAN interface from a undo dhcp-server In VLAN interface mode.

DHCP server
Show the settings of DHCP relay display dhcp config -

10.9 Creating an Option60 Domain

This operation enables you to create an option60 domain.
Context
l The system supports up to 128 DHCP option60 domains.
l If the domain exists, enter domain mode directly. By default, the system has a DHCP
option60 domain named default.
Procedure
Step 1 Run the dhcp domain command to create a domain.
Step 2 Run the quit command to quit from domain mode.
Step 3 Run the display dhcp domain command to query the option60 domain.
----End
Example
To create domain msft, do as follows:
huawei(config)#display dhcp domain
{ <cr>|string<s><1,32> }:
Command:
display dhcp domain
--------------------------------------------------------------------
Index Name Server VLANIF Gateway
-group
--------------------------------------------------------------------
0 default none none none
1 msft none none none
--------------------------------------------------------------------
Total: 2
Related Operation
Table 10-7 lists the related operations for creating a DHCP option60 domain.
Table 10-7 Related operations for creating a DHCP option60 domain
Delete a DHCP option60 domain undo dhcp domain The domain named default
cannot be deleted.

10.10 Binding a DHCP Server Group with a DHCP Option60

Domain
This operation enables you to bind a DHCP server group with a DHCP option60 domain.
Context
Only one DHCP server group can be bound to a DHCP domain.
Procedure
Step 1 Run the dhcp domain command to enter domain mode.
Step 3 Run the display dhcp domain command to query the DHCP server group.
----End
Example
To bind DHCP server group 1 to DHCP domain msft, do as follows:
huawei(config-dhcp-domain-msft)#dhcp-server 1
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
-group
--------------------------------------------------------------------
1 msft 1 none none
--------------------------------------------------------------------
Related Operation
Table 10-8 lists the related operations for binding a DHCP server group with a DHCP option60
domain.
Table 10-8 Related operations for binding a DHCP server group with a DHCP option60 domain
Delete a DHCP domain undo dhcp domain -
Unbind the DHCP server undo dhcp-server In option60 domain mode.

group from a DHCP domain
10.11 Configuring the Gateway of a DHCP Option60

Domain
This operation enables you to configure the gateway of a DHCP option60 domain.

Context
l A DHCP domain can be configured with only one gateway address.
l By default, the gateway address of a domain is the IP address of the VLAN layer 3 interface.
Procedure
Step 2 Run the dhcp domain gateway command to set the gateway address.
Step 3 Run the quit command to quit from VLAN interface mode.
Step 4 Run the display dhcp domain command to query the DHCP server group.
----End
Example
To set the gateway address of domain msft as 10.1.2.1, do as follows:
huawei(config-if-Vlanif2)#dhcp domain msft gateway 10.1.2.1
huawei(config)#display dhcp domain msft
--------------------------------------------------------------------
-group
--------------------------------------------------------------------
1 msft 1 2 10.1.2.1
--------------------------------------------------------------------
Related Operation
Table 10-9 lists the related operation for configuring the gateway of a DHCP option60 domain.
Table 10-9 Related operation for configuring the gateway of a DHCP option60 domain
Delete the gateway of a DHCP undo dhcp domain gateway In VLAN interface
option60 domain mode.
10.12 Creating a DHCP MAC Address Segment

This operation enables you to create a DHCP MAC address segment.
l The DHCP server group has been created.

l The IP address of the VLAN layer 3 interface has been configured.
l By default, the system has a MAC address segment named default.

Context
The system supports up to 128 MAC address segments.
Procedure
Step 1 Run the dhcp mac-range command to create a DHCP MAC address segment and enter MAC
Step 2 Run the display dhcp mac-range command to query the MAC address segment.
----End
Example
To set a MAC address segment named huawei, do as follows:
huawei(config-mac-range-huawei)#quit
huawei(config)#display dhcp mac-range
{ <cr>|string<S><1,32> }:
Command:
display dhcp mac-range
------------------------------------------------------------------------------
Index Name MAC-start MAC-end Server VLAN Gateway

-group -IF
------------------------------------------------------------------------------
0 default none none none none none

1 huawei none none none none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 10-10 lists the related operations for creating a DHCP MAC address segment.
Table 10-10 Related operations for creating a DHCP MAC address segment
Delete a DHCP MAC undo dhcp mac-range The MAC address segment
address segment named default cannot be deleted.
10.13 Setting the Range of a DHCP MAC Address Segment

This operation enables you to set the range of a DHCP MAC address segment.
Context
l A MAC address segment is a consecutive MAC address array specified by a start MAC
address and an end MAC address.
l The MAC address adopts the format of "H-H-H" ("H" is a 4-bit hexadecimal number).

Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 2 Run the mac-range command to set the range of a MAC address segment.
Step 3 Run the quit command to quit from the MAC address segment mode.
Step 4 Run the display dhcp mac-range command to query the range of the MAC address segment.
----End
Example
To set the range of MAC address segment huawei from 0000-0000-0001 to 0000-0000-0100,
do as follows:
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
{ <cr>|string<S><1,32> }:
Command:
------------------------------------------------------------------------------

-group -IF
------------------------------------------------------------------------------

1 huawei 0000-0000-0001 0000-0000-0100 none none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 10-11 lists the related operation for setting the range of a DHCP MAC address segment.
Table 10-11 Related operation for setting the range of a DHCP MAC address segment
Cancel the range of a MAC undo mac-range -

address segment
10.14 Binding a DHCP Server Group with a DHCP MAC

Address Segment
This operation enables you to bind a DHCP server group with a DHCP MAC address segment.
Context
A MAC address segment can be bound with only one DHCP server group.

Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address
segment mode.
Step 3 Run the display dhcp mac-range command to query the information on the MAC address
segment.
----End
Example
To bind MAC address segment huawei with server group 1, do as follows:
huawei(config-mac-range-huawei)#dhcp-server 100
{ <cr>|string<S><1,32> }:
Command:
------------------------------------------------------------------------------

-group -IF
------------------------------------------------------------------------------

1 huawei none none 100 none none
------------------------------------------------------------------------------
Total: 2
Related Operation
Table 10-12 lists the related operations for binding a DHCP server group with a DHCP MAC
address segment.
Table 10-12 Related operations for binding a DHCP server group with a DHCP MAC address
segment
To... Run the Command.. Remarks
10.15 Configuring the Gateway of a DHCP MAC Address

Segment
This operation enables you to configure the gateway of a DHCP MAC address segment.
Context
A DHCP MAC address segment can be configured with only one gateway address.

Procedure
Step 2 Run the dhcp mac-range gateway command to configure the gateway address.
Step 3 Run the quit command to quit from VLAN interface mode.
Step 4 Run the display dhcp mac-range command to query the information on the gateway address.
----End
Example
To set the gateway address of MAC address segment huawei as 10.1.2.1, do as follows:
huawei(config-if-Vlanif2)#dhcp mac-range huawei gateway 10.1.2.1
huawei(config)#display dhcp mac-range huawei
------------------------------------------------------------------------------
-group -IF
------------------------------------------------------------------------------
0 huawei none none none 2 10.1.2.1
------------------------------------------------------------------------------
Related Operation
Table 10-13 lists the related operations for configuring the gateway of a DHCP MAC address
segment.
Table 10-13 Related operations for configuring the gateway of a DHCP MAC address segment
Cancel the gateway of the MAC undo dhcp mac-range -

address segment on a VLAN gateway
interface
Unbind the DHCP server group from undo dhcp-server In MAC address segment
a MAC address segment mode.

Configuration Guide 11 Configuring the ARP & ARP Proxy
11 Configuring the ARP & ARP Proxy
About This Chapter
This chapter describes the principles of the ARP and ARP proxy supported by the MA5600 and
how to configure the ARP and ARP proxy.
11.1 Overview
This chapter describes ARP proxy service description and service specification.
11.2 Configuration Example of the ARP Proxy
This operation enables you to configure ARP proxy to enable users in different VLANs to
communicate with each other.
11.3 Adding a Static ARP Entry
This operation enables you to add a static ARP entry to realize layer 3 interconnection with no
dynamic ARP trigged.
11.4 Enabling the ARP Proxy
This operation enables you to enable the ARP proxy to implement layer 3 interconnection for
users who are isolated at layer 2.

11 Configuring the ARP & ARP Proxy Configuration Guide
11.1 Overview
This chapter describes ARP proxy service description and service specification.
Service Description
Before two hosts in a network can communicate with each other, they shall know each other's
physical addresses, that is, MAC addresses. The IP address represents only the address of a host
at the network layer. To send the data at the network layer to a destination host, the source host
must know the physical address of the destination host. This is why an IP address shall be
translated into a MAC address.
Address Resolution Protocol (ARP) is used to translate an IP address into a MAC address.
Through ARP proxy, two PCs subject to layer 2 isolation can interconnect with each other at
layer 3.
For details on the ARP proxy feature, refer to the chapter "ARP Proxy" in the Feature
Description.
The MA5600 can maintain ARP entries both dynamically and manually. It supports ARP proxy
function.
The MA5600 supports the ARP protocol and maintains an ARP table for the mapping between
the MAC addresses and the IP addresses. You can configure the static ARP entry manually. The
MA5600 supports the manual configuration of up to 256 static ARP entries. The MA5600 can
dynamically learn up to 3584 dynamic ARP entries.
11.2 Configuration Example of the ARP Proxy

This operation enables you to configure ARP proxy to enable users in different VLANs to
Networking
Figure 11-1 shows a sample network for configuring the ARP proxy.

Figure 11-1 Sample network for configuring the ARP proxy
IP network
Router
MA5600
PC1 PC2 PC3
Data Plan
Table 11-1 lists the data plan for configuring the ARP proxy.
Table 11-1 Data plan for configuring the ARP proxy
Item Data
Super VLAN VLAN ID: 100
Sub VLAN: VLAN 10, VLAN 20
IP address: 10.0.0.254/24
Sub VLAN VLAN ID: 10
VLAN type: smart VLAN
User: PC1 (0/2/0), PC2 (0/2/1)
Sub VLAN VLAN ID: 20
VLAN type: MUX VLAN
User: PC3 (0/3/0)
Upstream port Port: 0/7/0
VLAN: standard VLAN 30
IP Address: 10.0.1.254/24
Prerequisite
l The network equipment and line work in the normal state.

l Service boards work in the normal state.

l VPI/VCI configured on the modem is 0/35.
Figure 11-2 shows the flowchart for configuring the ARP proxy.
Figure 11-2 Flowchart for configuring the ARP proxy
Start
Create a super VLAN
Create Sub VLANs and add them

to the super VLAN
Configure the service ports of the

sub VLANs
Configure the upstream port
Configure the layer 3 interface of

the super VLAN
Enable the ARP proxy function
Save the data
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create sub VLANs 3 and 4, and add them to the super VLAN.
Step 3 Configure the service ports of the sub VLANs.

Step 4 Configure the upstream port.


Step 5 Configure the layer 3 interface of the super VLAN.

NOTE
The IP address of the layer 3 interface of the super VLAN must be in the same subnet as that of the PC.
Step 6 Enable the ARP proxy function.

1. Enable the ARP proxy function globally.
huawei(config)#arp proxy enable
2. Enable ARP proxy on the super VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable
3. Enable ARP proxy on the sub VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable subvlan 10
NOTE
Skip step 8 if you only want PCs in different VLANs to communicate with each other.

huawei#save
----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface
are enabled, PC 1 and PC 3 in different VLANs can communicate with each other.
After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and
that of the sub VLAN interface are enabled, PC 1 and PC 2 in the same VLAN can communicate
with each other.
11.3 Adding a Static ARP Entry

This operation enables you to add a static ARP entry to realize layer 3 interconnection with no
dynamic ARP trigged.
Context
l The ARP mapping list applies only to a LAN for address resolution, instead of the WAN.
l The system supports up to 256 static ARP entries.
Procedure
Step 1 Run the arp command to add a static ARP entry.
Step 2 Run the display arp static command and you can find that a static ARP entry has been added
successfully.
----End

Example
To add a static ARP entry to set up the mapping between the IP address 129.102.0.1 and the
MAC address 00e0-fc01-0000, passing through port 0/7/0 of VLAN 10, do as follows:
huawei(config)#arp 129.102.0.1 00e0-fc01-0000 10 0/7/0
huawei(config)#display arp static
IP Address MAC Address VLAN ID Port Type
129.102.0.1 00e0-fc01-0000 10 0/7/0Static
--- 1 entry found ---
Related Operation
Table 11-2 lists the related operations for adding a static ARP entry.
Table 11-2 Related operations for adding a static ARP entry

Delete an ARP undo arp The system can delete both static and
entry dynamic ARP entries.
Clear redundant reset arp You can clear a static ARP entry, a dynamic
information ARP entry, or ARP entries related to a port.
By entering the parameter all, you can clear
all ARP entries.
11.4 Enabling the ARP Proxy

This operation enables you to enable the ARP proxy to implement layer 3 interconnection for
users who are isolated at layer 2.
Context
Principles for applying the ARP Proxy are as follows:
Hosts isolated at layer 2 can communicate with each other through the ARP proxy function of
the MA5600. This section offers an example for the principles of applying of the ARP proxy.
Table 11-3 lists the data plan of the ARP proxy.
Table 11-3 Data plan of the ARP proxy

Super VLAN Sub VLAN PC
VLAN 100 (Super VLAN) VLAN 10 (Smart VLAN) PC A
PC B
VLAN 20 (MUX VLAN)） PC C
For the topology as shown in, to achieve interconnection between PCs in the VLAN, the ARP
proxy must be set as follows:

l For interconnection between PC A and PC B, enable the global ARP proxy and the ARP
proxy on super VLAN 2 and sub VLAN 3.
l For interconnection between PC A and PC C, enable the global ARP proxy and the ARP
proxy on super VLAN 2.
Procedure
Step 1 Run the arp proxy command to enable the global ARP proxy function.
Step 2 Run the display arp proxy command and you can find that the ARP proxy has been enabled.
----End
To enable the global ARP proxy, do as follows:

huawei(config)arp proxy enable
huawei(config)#display arp proxy
Global arp proxy is enabled
To enable the ARP proxy of a layer 3 interface, do as follows:

huawei(config-if-Vlanif100)arp proxy enable
huawei(config-if-vlanif100)#display arp proxy
VLANIF 10 : Arp proxy is enabled
To enable the ARP proxy of a Sub VLAN, do as follows:

huawei(config-if-vlanif10)#arp proxy enable subvlan 10
huawei(config-if-vlanif10)#display arp proxy
ARP proxy enable subvlan 10
Related Operation
Table 11-4 lists the related operation for enabling the ARP proxy.
Table 11-4 Related operation for enabling the ARP proxy

Disable the ARP proxy arp proxy disable

Configuration Guide 12 Configuring the Routing Protocol
12 Configuring the Routing Protocol
About This Chapter
This chapter describes the routing protocols supported by the MA5600 and how to configure
the routing protocols.
12.1 Routing Protocol Configuration

This section describes the routing protocol and its application to the MA5600.
12.2 Configuration Example of the Static Route
This example shows how to configure the static route which enables users in different network
segments to interconnect across different MA5600 devices.
12.3 Configuration Example of RIP
This example shows how to configure the Routing Information Protocol (RIP). Through the RIP
protocol, a route is established between the device and the managed network, thus supporting
the interconnection between the device and the managed network.
12.4 Configuration Example of OSPF
This example shows how to configure OSPF on the MA5600.
12.5 Configuration Example of a Route Policy
This example shows how to configure a route policy for imported routes.
12.6 Adding a Static Route
This operation enables you to add a static route to the destination address. This helps to realize
layer 3 interconnection among network devices in different network segments.
12.7 Configuring RIP
This sections describes how to configure RIP.
12.8 Configuring OSPF
This section describes how to configure OSPF.
12.9 Configuring OSPF on a VLAN Interface
This section describes how to configure OSPF on a VLAN interface.
12.10 Configuring OSPF Timer
This section describes how to configure OSPF timer.
12.11 Configuring Route Summarization

12 Configuring the Routing Protocol Configuration Guide
This sections describes how to configure route summarization.

12.12 Configuring OSPF Route Import
This section describes how to configure OSPF route import.
12.13 Configuring a Route Policy
This section describes how to configure a route policy.

12.1 Routing Protocol Configuration

This section describes the routing protocol and its application to the MA5600.
Service Description
This chapter describes the following routing protocols:
l Static route: a special type of route that is configured manually by a network administrator.
Static routes are used in small networks with a simple topology that is not expected to
change frequently.
l Routing Information Protocol (RIP): a routing protocol that is based on the Vector-Distance
Algorithm (V-D).
l Open Shortest Path First (OSPF): a dynamic routing protocol running inside an autonomous
system (AS). OSPF discovers and forwards routing information by collecting and
forwarding the link status of an AS.
For details on the routing protocol, refer to the chapter "Routing" in the Feature Description.
With a routing protocol running, the MA5600 can work as a router. The routing protocols
supported by the MA5600 include:
l Static routing protocols
l Dynamic routing protocols such as RIP and OSPF
12.2 Configuration Example of the Static Route

This example shows how to configure the static route which enables users in different network
segments to interconnect across different MA5600 devices.
Networking
Figure 12-1 shows a sample network for configuring the static route.

Figure 12-1 Sample network for configuring the static route
PC_C 1.1.5.1/24
1.1.5.2/24
1.1.2.2/24
1.1.3.1/24
1.1.2.1/24 MA5600_ C 1.1.3.2/24
1.1.1.2/24 1.1.4.2/24
MA5600_ A MA5600_ B
PC_A 1.1.1.1/24 PC_B 1.1.4.1/24
MA5600_A, MA5600_B, and MA5600_C have the routing function. It is expected that after
the configuration, any two PCs can communicate with each other.
Data Plan
Table 12-1 lists the data plan for configuring the static route at the user side.
Table 12-1 Data plan for configuring the static route at the user side
Item Data
MA5600_A Primary IP address of the layer 3 interface: 1.1.2.1/24
Secondary IP address of the layer 3 interface: 1.1.1.2/24
VLAN ID: 2
PC_A IP address: 1.1.1.1/24
MA5600_B Secondary IP address of layer 3 interface: 1.1.4.2/24
Primary IP address of layer 3 interface: 1.1.3.2/24
VLAN ID: 2
PC_B IP address: 1.1.4.1/24
MA5600_C Primary IP address of layer 3 interface: 1.1.3.1/24
Secondary IP address of layer 3 interface: 1.1.5.2/24
Secondary IP address of layer 3 interface: 1.1.2.2/24
VLAN ID: 2

Item Data
Upstream port: 0/7/0 (connectingMA5600_A) and 0/7/1 (connecting

MA5600_B)
PC_C IP address: 1.1.5.1/24
Context
Configure a native VLAN of the layer 3 interface of each MA5600 to ensure a normal
communication among MA5600 devices.
Figure 12-2 shows the flowchart for configuring the static route.
Figure 12-2 Flowchart for configuring the static route
Start
Configure layer 3 interface
Configure static route
Configure the default gateway of a

host
End
NOTE
The procedure shown in the above flowchart is for configuring static routes on one MA5600. To configure
static routes on multiple MA5600 devices, repeat the procedure.
Procedure
Step 1 Configure the IP address of the layer 3 interface.
NOTE
The configurations are the same for the three MA5600 devices. So, here the configuration for the
MA5600_A is taken for example.
huawei(config-if-vlanif2)#ip address 1.1.2.1 24 sub
Step 2 Configure static routes.

1. Configure static route for MA5600_A.

2. Configure static route for MA5600_B.

3. Configure static routes for MA5600_C.

Step 3 Configure the host gateways.

1. Configure the default gateway of Host A to 1.1.1.2.
2. Configure the default gateway of Host B to 1.1.4.2.
3. Configure the default gateway of Host C to 1.1.5.2.
huawei#save
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all
the MA5600 devices.
12.3 Configuration Example of RIP

This example shows how to configure the Routing Information Protocol (RIP). Through the RIP
protocol, a route is established between the device and the managed network, thus supporting
the interconnection between the device and the managed network.
Networking
Figure 12-3 shows a sample network for configuring RIP.
MA5600_A uses port 0/7/1 to subtend with MA5600_B, uses port 0/7/0 for upstream service,
and connects with the network in the management center over the MAN.
RIP is enabled respectively on MA5600_A and MA5600_B. Users can access MA5600_A and
MA5600_B through the RIP route to operate and maintain MA5600_A and MA5600_B.

Figure 12-3 Sample network for configuring RIP
Management
MAN center
192.13.24.5/22 Router
MA5600_A
GE Loopback IP
192.15.24.1/26 192.13.2.1/24
Operation and maintenance

MA5600_B
Loopback IP 192.15.24.2/26
192.13.2.2/24
Data Plan
Table 12-2 lists the data plan for configuring RIP.
Table 12-2 Data plan for configuring RIP

Item Data
MA5600_A Upstream port: 0/7/0

Management VLAN: 100
Type: smart
IP address of the layer 3 interface of the management VLAN:
192.13.24.5/22
IP address of the loopback interface: 192.13.2.1/24
RIP version: V2
RIP route filtering policy: The system performs route filtering
according to the IP address prefix list abc. Only the routing
information of IP addresses 192.13.2.1 and 192.13.2.2 can be
transmitted through the layer 3 interface of VLAN 100.
Subtending port: 0/7/1

Subtending management VLAN: 10, type: smart
IP address of the layer 3 interface of the subtending management
VLAN: 192.15.24.1/26
MA5600_B Subtending port: 0/7/0

Management VLAN: 10, type: smart
IP address of the layer 3 interface of the management VLAN:
192.15.24.2/26
IP address of the loopback interface: 192.13.2.2/24

Item Data
RIP version: V2
RIP route filtering policy: The system performs route filtering
according to the IP address prefix list abc. Only the routing
information of IP address 192.13.2.2 can be transmitted through
the layer 3 interface of VLAN 10.
Figure 12-4 shows the flowchart for configuring RIP.
Figure 12-4 Flowchart for configuring RIP
Start
Configure the layer 3 interface
Enable the RIP function
Configure the RIP protocol parameters

(optional)
Configure the route filtering policy

(optional)
Save the data
End
Procedure
l Configure MA5600_A.
1. Configure the layer 3 interface that supports RIP.
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.1 24
huawei(config-if-loopback0)#quit
2. Enable the RIP function.

huawei(config)#rip 1
huawei(config-rip-1)#network 192.13.24.0

huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
3. Configure the route filtering policy.

huawei(config)#ip ip-prefix abc permit 192.13.2.1 32
huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 100
4. Configure the subtending port.

5. Enable the RIP function on the subtending port.

6. Save the data.

huawei(config)#save
l Configure MA5600_B.
1. Configure the layer 3 interface that supports RIP.
huawei(config)#interface loopBack 0
2. Enable the RIP function.

3. Configure the route filtering policy.

huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 10
4. Save the data.

huawei(config)#save
----End
Result
You can log in to MA5600_A and MA5600_B from the maintenance terminal of the
management center for operation and maintenance.
12.4 Configuration Example of OSPF

This example shows how to configure OSPF on the MA5600.

Networking
Figure 12-5 shows a sample network for configuring OSPF.
Figure 12-5 Sample network for configuring OSPF
MA5600_ A 1.1.1.1 MA5600_D 4.4.4.4
DR
192.1.1.1/24 192.1.1.4/24
192.1.1.2/24 192.1.1.3/24
BDR
MA5600_B 2.2.2.2 MA5600_C 3.3.3.3
Data Plan
Table 12-3 lists the data plan for configuring OSPF.
Table 12-3 Data plan for configuring OSPF
Item Data Remarks
MA5600_A IP address of the layer 3 interface: -

192.1.1.1/24
Priority: 100 -
VLAN ID: 2 -
Router ID: 1.1.1.1 -
MA5600_B IP address of the layer 3 interface: -

192.1.1.2/24
Priority: 0 -
VLAN ID: 2 -
MA5600_C IP address of the layer 3 interface: -

192.1.1.3/24
Priority: 2 -
VLAN ID: 2 -
MA5600_D IP address of the layer 3 interface: -

192.1.1.4/24

Item Data Remarks
Priority: not configured Default: 1
VLAN ID: 2 -
Context
l In this example, the interfaces of all the MA5600 devices are in one VLAN. If they are not
in one VLAN, configure a native VLAN to ensure a normal communication among them.
l The OSPF area IDs of the MA5600 devices must be consistent.
Figure 12-6 shows the flowchart for configuring OSPF.
Figure 12-6 Flowchart for configuring OSPF
Start
Configure layer 3 Iinterface
Configure OSPF router ID
Enable OSPF
Set OSPF priority
End
NOTE
The procedure shown in the above flowchart is for configuring OSPF on one MA5600. To configure OSFP
on multiple MA5600 devices, repeat the procedure.
Procedure
Step 1 Configure MA5600_A.
1. Configure the IP address of the layer 3 interface.

2. Configure the OSPF Router ID.

huawei(config)#router id 1.1.1.1
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
4. Configure the OSPF priority.

huawei(config-if-vlanif2)#ospf dr-priority 100
5. Save the data.

huawei(config)#save
Step 2 Configure MA5600_B.

1. Configure the IP address of layer 3 interface.

3. Enable OSPF.
huawei(config)#ospf

5. Save the data.

huawei(config)#save
Step 3 Configure MA5600_C.


3. Enable OSPF.
huawei(config)#ospf

5. Save the data.

huawei(config)#save
Step 4 Configure MA5600_D.


3. Enable OSPF.
huawei(config)#ospf
4. Save the data.

huawei#save
----End
Result
Run the display ip routing-table command and you can find the learnt route table. Hosts can
12.5 Configuration Example of a Route Policy

This example shows how to configure a route policy for imported routes.
Networking
Figure 12-7 shows a sample network for configuring the route policy. The MA5600_A and
MA5600_B have the routing function.
Figure 12-7 Sample network for configuring the route policy
Static:20.0.0.1
30.0.0.1
40.0.0.1
Vlanif2 Vlanif2
10.0.0.1/24 10.0.0.2/24
MA5600_A Area 0 MA5600_B

1.1.1.1 2.2.2.2

Data Plan
Table 12-4 lists the data plan for configuring the route policy.
Table 12-4 Data plan for configuring the route policy

Item Data
MA5600_A IP address of layer 3 interface: 10.0.0.1/24
VLAN ID: 2
Router ID: 1.1.1.1
OSPF area: 0
Static routes: 20.0.0.1, 30.0.0.1, 40.0.0.1
MA5600_B IP address of layer 3 interface: 10.0.0.2/24
VLAN ID: 2
Router ID: 2.2.2.2
OSPF area: 0
Figure 12-8 shows the flowchart for configuring the route policy.
Figure 12-8 Flowchart for configuring the route policy
Start
Configure router ID
Enable route fucntion
Configure ACL
Configure route policy
End

Procedure
Step 1 Configuring MA5600_A.
1. Configure the IP address of layer 3 interface on MA5600_A.
2. Enable OSPF on MA5600_A and specify the area ID to which the interface belongs.
huawei(config)#ospf
3. Configure the OSPF router ID on the MA5600_A.

4. Configure three static routes.

huawei(config)#ip route-static 20.0.0.1 32 vlanif 2
5. Import static routes.

huawei(config-ospf-1)#import-route static
6. Save the data.

huawei(config)#save
Step 2 Configuring MA5600_B.

1. Configure the IP address of layer 3 interface on MA5600_B.
2. Configure the ACL.

huawei(config)#acl 2000
huawei(config-acl-basic-2000)#rule deny source 30.0.0.0 0.255.255.255.0
huawei(config-acl-basic-2000)#rule permit source any
huawei(config-acl-basic-2000)#quit
3. Enable OSPF on MA5600_B and specify the area id to which the interface belongs.
huawei(config)#ospf
4. Configure the OSPF router ID of MA5600_B.

5. Filter imported routes.

huawei(config-ospf-1)#filter-policy 2000 import
6. Save the data.

huawei(config)#save
----End
Result
1. MA5600_A and MA5600_B run OSPF successfully, and they can communicate well with
each other.
2. After a filter is configured on MA5600_B, parts of the three imported static routes are
available while part of them is screened. That is, routes from segments 20.0.0.0 and 40.0.0.0
are available, while the route from segment 30.0.0.0 is screened.

12.6 Adding a Static Route

This operation enables you to add a static route to the destination address. This helps to realize
layer 3 interconnection among network devices in different network segments.
Prerequisite
The IP address has been configured for the layer 3 service port.
Context
l The system supports up to 4096 static routes.
l The following items are contained in a static route:
– Destination address: It is used to label the destination address or destination network of
an IP packet.
– Subnet mask: The subnet mask is comprised of consecutive "1"s, and expressed in dotted
decimal format, or the count of consecutive "1"s. The mask is used with the destination
address to identify the subnet address of the destination host or router.
– Output interface: It specifies the interface of a router for IP packet forwarding.
– Next hop IP address: It indicates the next router that an IP packet will pass through.
– Route priority: When there are multiple routes with different priorities to the same
destination, the route with the highest priority (smallest value) will be the optimal one.
The default priority of a static route is 60.
l When configuring a static route, specify the transmit interface or the next hop IP address
if necessary. For a port supporting ARP or connecting to a point-to-point network, the
destination IP address is in the network that connects to the port directly. In this case, you
need to specify the transmit interface.
l A route with both the destination IP address and network mask being 0.0.0.0 is the default
route. If no matching route is found in the routing table for an IP packet, the packet is
forwarded over the default route.
Procedure
Step 1 Run the ip route-static command to add a static route.
Step 2 Run the display ip routing-table command to query the routing table.
----End
Example
To set up a static route to the subnet 10.71.8.0 through gateway 10.71.53.1, do as follows:
huawei(config)#display ip routing-table protocol static
{ <cr>|inactive<K>|verbose<K> }:
Command:
display ip routing-table protocol static
Total static routes configed in Public routing table: 3

Public routing table : Static

Static routing table status : <Active>

Static routing table status : <Inactive>

Destination/Mask Proto Pre Cost NextHop Interface
10.71.8.0/24 Static 60 0 10.71.53.1

10.71.53.0/24 Static 60 0 10.71.8.0
10.71.54.0/24 Static 60 0 10.71.8.0
Related Operation
Table 12-5 lists the related operation for adding a static route.
Table 12-5 Related operation for adding a static route

Delete a static route undo ip route-static
12.7 Configuring RIP

This sections describes how to configure RIP.
12.7.1 Enabling RIP Process
This operation enables RIP process.
12.7.2 Setting the RIP Version
This operation enables you to set the RIP version.
12.7.3 Configuring Zero Field Check for RIP-I Packets
This operation enables you to configure zero field check for RIP-1 packets.
12.7.4 Setting the Cost of the Default Route
This operation enables you to set the cost of the default route.
12.7.5 Enabling Route Summarization
This operation enables route summarization.
12.7.6 Specifying Default Routing Metric
This operation enables you to specify the default routing metric.
12.7.7 Importing Routes of Other Protocols
This operation enables you to import routes of other protocols.
12.7.8 Disabling Receiving Host Routes
This operation prohibits the router from receiving host routes.
12.7.9 Configuring the RIP Preference
This operation enables you to set RIP preference.
12.7.10 Configuring the Route Filtering Policy
This operation enables you to configure the route filtering policy to filter unnecessary routes.

12.7.11 Verifying the Source IP Address of a RIP Route Update

This operation enables you to verify the source IP address of a RIP route update.
12.7.12 Resetting RIP
This operation enables you to restore the default settings of RIP.
12.7.13 Clearing RIP Process Statistics
This operation enables you to clear RIP process statistics.
12.7.14 Disabling RIP Packet Transmission on an Interface
This operation enables you to disable RIP packet transmission on an interface.
12.7.15 Configuring the IP Address of a Peer Router
This operation enables you to configure the IP address of a peer router.
12.7.16 Configuring a Summary Route IP Address
This operation enables you to configure the IP address of a summary route.
12.7.17 Enabling an Interface to Receive/Transmit RIP Packets
This operation enables an interface to receive and transmit RIP packets.
12.7.18 Enabling the Split Horizon Function
This operation enables the split horizon function.
12.7.19 Enabling the Poison Reverse Function
This operation enables the poison reverse function.
12.7.20 Configuring the RIP-2 Authentication Mode
This operation enables you to configure the RIP-2 authentication mode.
12.7.21 Configuring the Additional Metric of a Route
This operation enables you to configure the additional metric of a route.
12.7.22 Configuring the RIP Timer
This operation enables you to configure the RIP timer so as to improve the RIP running
performance.
12.7.23 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN
This operation enables the transparent transmission function of the RIP packet based on the
VLAN.
12.7.1 Enabling RIP Process

This operation enables RIP process.
Context
To configure the global parameters of RIP, you need to enable RIP first. However, you do not
have to comply with this when configuring the interface related parameters.
Procedure
Step 1 Run the rip command to start the RIP process.
Step 2 Run the display rip command to query the RIP.
----End

Example
To enable RIP process 1, do as follows:
huawei(config)#display rip 1
{ route<K>|database<K>|interface<K>|<cr> }:
Command:
display rip 1
Public VPN-instance name :
RIP process : 1
RIP version : RIP-1 compatibility
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Hostroutes : Enabled
Maximum number of balanced paths : 1
Update time : 35 sec Age time : 170 sec
Suppress time : 0 sec Garbage-collect time : 240 sec
Silent interfaces : None
Default routes : Disabled
Verify-source : Enabled
Networks : None
Configured peers : None
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Related Operation
Table 12-6 lists the related operation for enabling RIP process.
Table 12-6 Related operation for enabling RIP process

Disable RIP process undo rip
12.7.2 Setting the RIP Version

This operation enables you to set the RIP version.
Context
l The MA5600 supports packets in two formats: RIP-1 and RIP-2.
l The default is RIP-1.
Procedure
Step 2 Run the version command to set the RIP version.
Step 3 Run the display rip command to query the RIP information.
----End

Example
To set the format of packets as RIP-2, do as follows:
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Networks : None
Related Operation
Table 12-7 lists the related operation for setting the RIP version.
Table 12-7 Related operation for setting the RIP version

Restore the system default format of the RIP packets undo version
12.7.3 Configuring Zero Field Check for RIP-I Packets

This operation enables you to configure zero field check for RIP-1 packets.
Context
If the field is not zero, RIP refuses to process the packet.
Procedure
Step 2 Run the checkzero command to configure zero field check for RIP-1 packets.
Step 3 Run the display rip command to query the configuration information.
----End

Example
To configure zero field check for RIP-1 packets, do as follows:
huawei(config-rip-1)#checkzero
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Networks : None
Related Operation
Table 12-8 lists the related operation for configuring zero field check for RIP-1 packets.
Table 12-8 Related operation for configuring zero field check for RIP-1 packets
Cancel zero field check for RIP-1 packets undo checkzero
12.7.4 Setting the Cost of the Default Route

This operation enables you to set the cost of the default route.
Procedure
Step 2 Run the default-route originate command to create a default route and set its cost.
Step 3 Run the display rip command to query the configured cost of the default route.
----End
Example
To create a default route and set its cost as 5, do as follows:

huawei(config-rip-1)#default-route originate cost 5
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Default routes : Enabled Default route cost : 5
Networks : None
Related Operation
Table 12-9 lists the related operation for setting the cost of the default route.
Table 12-9 Related operation for setting the cost of the default route
Delete the default route undo default-route originate
12.7.5 Enabling Route Summarization

This operation enables route summarization.
Context
Route summarization is to combine routes of different subnets into one route. Route
summarization helps to reduce the routing traffic on the network as well as the size of the routing
table.
Procedure
Step 1 Run the rip command to start RIP process.
Step 2 Run the summary command to enable route summarization.
Step 3 Run the display rip command to query the configuration of default route summarization.
----End

Example
To enable the route summarization, do as follows:
huawei(config-rip-1)#summary
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Networks : None
Related Operation
Table 12-10 lists the related operation for enabling route summarization.
Table 12-10 Related operation for enabling route summarization
Disable route summarization undo summary
12.7.6 Specifying Default Routing Metric

This operation enables you to specify the default routing metric.
Procedure
Step 2 Run the default-cost command to specify the default routing metric.
Step 3 Run the display rip command to query the configuration information on the default routing
metric.
----End

Example
To set the default routing metric as 10, do as follows:
huawei(config-rip-1)#default-cost 10
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Networks : None
Related Operation
Table 12-11 lists the related operation for specifying default routing metric.
Table 12-11 Related operation for specifying default routing metric
Restore the default routing metric undo default-cost
12.7.7 Importing Routes of Other Protocols

This operation enables you to import routes of other protocols.
Context
To enhance the routing function, the MA5600 allows RIP to import routes (including direct
route, static routes and OSPF routes) of other protocols into the routing table at a certain metric.
This greatly improves the capability of RIP to obtain routes and enhances the performance of
RIP.
Procedure

Step 2 Run the import-route command to import static routes.
----End
Example
To import static routes, do as follows:
huawei(config-rip-1)#import-route static
Related Operation
Table 12-12 lists the related operation for importing routes of other protocols.
Table 12-12 Related operation for importing routes of other protocols

Stop importing routes of other protocols undo import-route
12.7.8 Disabling Receiving Host Routes

This operation prohibits the router from receiving host routes.
Context
l In some special cases, the router can receive a number of host routes from the same subnet,
and these routes are of little help in route addressing, but consume vast amounts of network
resources. In this case, receiving host routes shall be disabled.
l By default, receiving host routes is enabled.
Procedure
Step 2 Run the undo host-route command to prohibit the router from receiving host routes.
----End
Example
To set the system to refuse host routes, do as follows:
huawei(config-rip-1)#undo host-route
Command:
display rip 1

RIP process : 1
RIP version : RIP-2
Preference : 100
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Hostroutes : Disabled
Networks : None
Related Operation
Table 12-13 lists the related operation for disabling receiving host routes.
Table 12-13 Related operation for disabling receiving host routes

Receive host routes host-route
12.7.9 Configuring the RIP Preference

This operation enables you to set RIP preference.
Context
l Each kind of IGP routing protocol has its own preference. The route policy selects the route
of the routing protocol with the highest preference as the optimal route.
l The greater the preference value, the lower the preference.
l The default RIP preference is 100.
Procedure
Step 2 Run the preference command to configure the RIP preference.
Step 3 Run the display rip command to query the configuration of RIP preference.
----End
Example
To set the RIP preference as 120, do as follows:
huawei(config-rip-1)#preference 120

Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Networks : None
Related Operation
Table 12-14 lists the related operation for configuring the RIP preference.
Table 12-14 Related operation for configuring the RIP preference

Restore the default RIP preference undo preference
12.7.10 Configuring the Route Filtering Policy

This operation enables you to configure the route filtering policy to filter unnecessary routes.
Context
The route filtering can be performed based on the ACL, IP-prefix list of the system, or the IP-
prefix of the VLAN interface. Routes which fail to meet the filtering criteria will not be received
or sent.
Procedure
Step 2 Run the filter-policy ip-prefix export static command to configure the route filtering policy.
----End
Example
To filter the transmitted RIP routing updates based on the IP-prefix list abc, do as follows:

huawei(config-rip-1)#filter-policy ip-prefix abc export static
Related Operation
Table 12-15 lists the related operation for configuring the route filtering policy.
Table 12-15 Related operation for configuring the route filtering policy
Delete the route filtering policy undo filter-policy
12.7.11 Verifying the Source IP Address of a RIP Route Update

This operation enables you to verify the source IP address of a RIP route update.
Context
In general, do not disable this function.
Procedure
Step 2 Run the verify-source command to verify the source IP address of a RIP route update.
----End
Example
To enable the RIP route verification function, do as follows:
huawei(config-rip-1)#verify-source
Command:
display rip 1
RIP process : 1
RIP version : RIP-2
Preference : 120
Checkzero : Enabled
Default-cost : 10
Summary : Enabled
Networks : None


Related Operation
Table 12-16 lists the related operation for verifying the source IP address of a RIP route update.
Table 12-16 Related operation for verifying the source IP address of a RIP route update
Disable the verification function undo verify-source
12.7.12 Resetting RIP

This operation enables you to restore the default settings of RIP.
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the reset command to restore the system configuration parameters of the RIP process.
Step 3 Run the display rip command to query the system configuration parameters of the RIP process.
----End
Example
To restore the system configuration parameters of the RIP process, do as follows:
huawei(config-rip-1)#reset
Command:
display rip 1
RIP process : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Networks : None

12.7.13 Clearing RIP Process Statistics

This operation enables you to clear RIP process statistics.
Procedure
Step 2 Run the reset rip statistics command to clear statistics of RIP process.
----End
Example
To clear statistics of RIP process 1, do as follows:
huawei#reset rip 1 statistics
12.7.14 Disabling RIP Packet Transmission on an Interface

This operation enables you to disable RIP packet transmission on an interface.
Context
After the transmission is disabled on an interface, the interface can still receive and process RIP
packets from other routers.
Procedure
Step 2 Run the silent-interface command to disable RIP packet transmission on an interface.
----End
Example
To disable VLAN interface 7 from sending RIP packets, do as follows:
huawei(config-rip-1)#silent-interface vlanif 7
Command:
display rip 1
RIP process : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled


Silent interfaces :
vlanif7
Networks :
192.0.1.0
Related Operation
Table 12-17 lists the related operation for disabling RIP packet transmission on an interface.
Table 12-17 Related operation for disabling RIP packet transmission on an interface
Restore RIP packets transmission on a undo silent-interface

specified interface
12.7.15 Configuring the IP Address of a Peer Router

This operation enables you to configure the IP address of a peer router.
Context
l Generally, RIP packets are forwarded in broadcast mode. If you want an interface to
exchange routing information with a peer router in unicast mode, run the peer command
to specify the IP address of the peer router.
l Specifying the peer router enables the peer router to receive the same packet in both
multicast (broadcast) and unicast modes. So, when configuring the IP address of the peer
router, it is recommended that you change the related interface on the router to silent mode.
Procedure
Step 2 Run the peer command to configure the IP address of a peer router.
----End
Example
To configure the IP address of the peer router as 10.0.0.1, do as follows:
huawei(config-rip-1)#peer 10.0.0.1
Related Operation
Table 12-18 lists the related operation for configuring the IP Address of a Peer router.

Table 12-18 Related operation for configuring the IP Address of a Peer router
Cancel the IP address of the specified peer undo peer

router
12.7.16 Configuring a Summary Route IP Address

This operation enables you to configure the IP address of a summary route.
Context
l The summary address is valid only when the classful summarization is disabled.
l With split horizon or poison reverse is enabled, summary address and classful
summarization will fail. That is, to transmit route summarization to neighbors, disable split
horizon or poison reverse of the related interface.
Procedure
Step 1 Runt the interface vlanif command to enter VLAN interface mode.
Step 2 Runt the rip summary-address command to configure IP address of a summary route.
----End
Example
To configure the summary IP address of VLAN interface 2 as 10.0.0.0, do as follows:
huawei(config-if-vlanif2)#rip summary-address 10.0.0.0 255.255.255.0
Related Operation
Table 12-19 lists the related operation for configuring a summary route IP address.
Table 12-19 Related operation for configuring a summary route IP address

Cancel the specified summary route IP undo rip summary-address

address
12.7.17 Enabling an Interface to Receive/Transmit RIP Packets

This operation enables an interface to receive and transmit RIP packets.
Context
By default, an interface is enabled to receive and transmit RIP packets.

Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the rip input(rip output) command to enable an interface to receive/transmit RIP packets.
----End
To allow VLAN interface 2 to receive RIP packets, do as follows:

huawei(config-if-vlanif2)#rip input
To allow VLAN interface 2 to transmit RIP packets, do as follows:

huawei(config-if-vlanif2)#rip output
Related Operation
Table 12-20 lists the related operation for enabling an interface to receive and transmit RIP
packets.
Table 12-20 Related operation for enabling an interface to receive and transmit RIP packets
Prevent an interface from receiving or undo rip output

transmitting RIP packets
12.7.18 Enabling the Split Horizon Function

This operation enables the split horizon function.
Context
l Once the function is enabled, RIP will not send the routing information learned from a
neighbor to it again. This avoids the creation of routing loops.
l By default, the split horizon function is enabled.
l The split horizon and poison reserve functions cannot be enabled at the same time.
Procedure
Step 2 Run the rip split-horizon command to enable the split horizon function.
----End
Example
To enable the RIP split horizon function, do as follows:

huawei(config-if-vlanif2)#rip split-horizon
Related Operation
Table 12-21 lists the related operation for enabling the split horizon function.
Table 12-21 Related operation for enabling the split horizon function
Disable the split horizon undo rip split-horizon

function
12.7.19 Enabling the Poison Reverse Function

This operation enables the poison reverse function.
Context
You are not allowed to enable both the split horizon and poison reverse functions at the same
time.
Procedure
Step 2 Run the rip poison-reverse command to enable the poison reverse function.
----End
Example
To enable the RIP poison reverse function, do as follows:
huawei(config-if-vlanif2)#rip poison-reverse
NOTE
Once the function is enabled, if a route breaks down but is still kept in RIP packets, the route is configured
as infinite, that is, the routing metric is set as 16. The poison reversal function avoids the creation of routing
loops among multiple routers.
Related Operation
Table 12-22 lists the related operation for enabling the poison reverse function.
Table 12-22 Related operation for enabling the poison reverse function
Disable the poison reversal undo rip poison-reverse

function

12.7.20 Configuring the RIP-2 Authentication Mode

This operation enables you to configure the RIP-2 authentication mode.
Context
RIP-2 supports two authentication modes: plain text authentication and MD5 encrypted text
authentication.
l The plain text authentication does not ensure security. The authentication key, which is not
encrypted, is sent together with the packet.
l MD5 encrypted text authentication ensures security in that the authentication key is
encrypted and then sent. MD5 encrypted text authentication has two formats: one is a
common packet format and the other is a non-standard packet format.
Procedure
Step 2 Run the rip authentication-mode command to configure the RIP-2 authentication mode.
----End
Example
To configure the RIP-2 authentication mode as plain text mode and password as huawei, do as
follows:
huawei(config-if-vlanif2)#rip authentication-mode simple huawei
Related Operation
Table 12-23 lists the related operation for configuring the RIP-2 authentication mode.
Table 12-23 Related operation for configuring the RIP-2 authentication mode
Cancel the RIP authentication undo rip authentication-mode
12.7.21 Configuring the Additional Metric of a Route

This operation enables you to configure the additional metric of a route.
Context
The default input metric is 0 while the default output metric is 1.
Procedure

Step 2 Run the rip metricin or rip metriout command to configure the added metric when the interface
receives or transmits or the RIP packets.
----End
Example
To configure the input metric added to a RIP route as 5, do as follows:
huawei(config-if-vlanif2)#rip metricin 5
To configure the output metric added to a RIP route as 5, do as follows:

huawei(config-if-vlanif2)#rip metriout 5
Related Operation
Table 12-24 lists the related operation for configuring the additional metric of a route.
Table 12-24 Related operation for configuring the additional metric of a route
Restore the default additional metric undo rip metricin
12.7.22 Configuring the RIP Timer

This operation enables you to configure the RIP timer so as to improve the RIP running
performance.
Context
By default:
l The update time as 30s.

l The age time is 180s.
l The suppression time is 0s.
l Garbage-collect time is 120s.
In general, do not change the default values of the timer.
Procedure
Step 2 Run the timers rip command to configure the RIP timer.
Step 3 Run the display rip route command to query configuration information on the RIP timer.
----End

Example
To set the update time as 35s, age time as 170s, suppression time as 0s and Garbage-collect time
as 240s, do as follows:
huawei(config-rip-1)#timers rip 35 170 0 240
Command:
display rip 1
RIP process : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Silent interfaces :
vlanif7
Networks :
192.0.1.0
Configured peers :
10.0.0.1
Related Operation
Table 12-25 lists the related operation for configuring the RIP timer.
Table 12-25 Related operation for configuring the RIP timer
Restore the default RIP timer configuration undo timers rip
12.7.23 Enabling the Transparent Transmission function of the RIP

Packet Based on the VLAN
This operation enables the transparent transmission function of the RIP packet based on the
VLAN.
Context
By default, the function is disabled.

Procedure
Step 1 Run the rip tunnel command to enable the transparent transmission function of the RIP packet
based on the VLAN.
Step 2 Run the display rip tunnel command to query the status of the function.
----End
Example
To enable the transparent transmission function of the RIP packet based on VLAN 10, do as
follows:
huawei(config)#rip tunnel enable vlan 10
huawei(config)#display rip tunnel vlan 10
rip tunnel is enable
12.8 Configuring OSPF

This section describes how to configure OSPF.
12.8.1 Enabling OSPF Process
This operation enables OSPF process.
12.8.2 Configuring DR Priority
This operation enables you to configure the DR priority. To reduce the OSPF packet traffic in
the network segment, a router is specified as the DR and another router is specified as the BDR
according to the interface DR priority.
12.8.3 Setting an OSPF Router ID
This operation enables you to configure the ID for a router.
12.8.4 Entering OSPF Area Config Mode
This operation enables you to enter OSPF area config mode.
12.8.5 Configuring Subnets for an Area
This operation enables you to configure the interface running OSPF and the area of the interface.
12.8.6 Configuring the OSPF Stub Area
This operation enables you to configure an area as an OSPF Stub area and set its attributes.
12.8.7 Configuring an NBMA Adjacent Router
This operation enables you to manually configure a router adjacent to the NBMA interface.
12.8.8 Setting OSPF Preference
This operation enables you to set OSPF preference.
12.8.9 Disabling OSPF Packet Transmission on an Interface
This operation enables you to prohibit an interface from transmitting OSPF packets, so as to
enhance the network adaptability of OSPF, and reduce the consumption of system resources.
12.8.10 Configuring the Maximum OSPF Route Count
This operation enables you to configure the maximum OSPF route count.
12.8.11 Enabling OSPF Logging Function
This operation enables OSPF logging function.
12.8.12 Setting the VLAN-Based Transparent Transmission for OSPF Packets

This operation enables you to set the VLAN-based transparent transmission for open shortest
path first (OSPF) packets. If you require the transparent transmission for OSPF packets in a
VLAN, enable the function.
12.8.1 Enabling OSPF Process

This operation enables OSPF process.
Context
l By default, OSPF is disabled.
l To configure the related parameters, enable OSPF first.
Procedure
Step 1 Run the ospf command to start the OSPF process.
Step 2 Run the display ospf command to query the OSPF process.
----End
Example
To enable OSPF process 1, do as follows:
huawei(config)#ospf 1
huawei(config)#display ospf brief
OSPF Process 1 with Router ID 10.71.62.27
OSPF Protocol Information
RouterID: 10.71.62.27 Border Router:
Route Tag: 0
Multi-VPN-Instance is not enabled
Spf-schedule-interval: 5
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 0
RFC 1583 Compatible
Area Count: 0 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Related Operation
Table 12-26 lists the related operation for enabling OSPF.
Table 12-26 Related operation for enabling OSPF
Disable OSPF undo ospf

12.8.2 Configuring DR Priority

This operation enables you to configure the DR priority. To reduce the OSPF packet traffic in
the network segment, a router is specified as the DR and another router is specified as the BDR
according to the interface DR priority.
Context
l OSPF does not support configuring the DR priority for interface NULL.
l The DR is for broadcast or NBMA type interfaces. The interfaces of p2p, p2mp network
type do not need DR election.
Procedure
Step 2 Run the ospf dr-priority command to configure DR priority.
Step 3 Run the display ospf interface command to query DR priority.
----End
Example
To configure the DR priority 8 for interface vlanif2, do as follows:
huawei(config)#display ospf interface vlanif 2
Interfaces
Interface: 192.1.1.1 (vlanif2)
Cost: 1 State: Down Type: Broadcast MTU: 1500
Priority: 8
Designated Router: 0.0.0.0
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
12.8.3 Setting an OSPF Router ID

This operation enables you to configure the ID for a router.
Context
A router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS.
Procedure
Step 1 Run the router-id command to set an OSPF router ID.
Step 2 Run the display ospf brief command to query the configured OSPF router ID.
----End

Example
To set the ID of a router as 192.168.1.1, do as follows:
huawei(config)#ospf router-id 192.168.1.1
Warning: OSPF The new router id will be activated only after Reset Ospf Process
huawei(config)#reset ospf 1 process
Route Tag: 0
RFC 1583 Compatible
Related Operation
Table 12-27 lists the related operation for setting an OSPF router ID.
Table 12-27 Related operation for setting an OSPF router ID
Disable the OSPF process undo ospf
12.8.4 Entering OSPF Area Config Mode

This operation enables you to enter OSPF area config mode.
Context
l OSPF further divides the AS into different areas. Routing information is transmitted
between the areas through the ABRs which are located at the boarders of the areas. This
helps to reduce the number of OSPF packets in the network, thus improving the
performance of OSPF.
l If the specified area does not exist, the system first creates the area and then enters area
config mode.
l An area ID is shown in the form of an IP address.
l If an area ID is an integer, the MA5600 automatically converts the integer into an IP address.
Procedure
Step 2 Run the area command to add an area and enter the configuration mode of the area.
----End

Example
To create area 1 and enter area config mode, do as follows:
huawei(config-ospf-100-area-0.0.0.1)#
Related Operation
Table 12-28 lists the related operation for entering OSPF area config mode.
Table 12-28 Related operation for entering OSPF area config mode
Delete an area undo area
12.8.5 Configuring Subnets for an Area

This operation enables you to configure the interface running OSPF and the area of the interface.
Context
Wildcard-mask in the network command is the reverse of the IP address, that is, the mask of
the IP address is reserved (0 changed to 1 and 1 changed to 0). "1" indicates the digit in the IP
address is omitted and "0" indicates that the digit must be reserved.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 3 Run the network command to configure the interface running OSPF protocol and the area the
interface belongs to.
----End
Example
To configure the subnet 131.108.20.0 for the interface running OSPF, do as follows:
Related Operation
Table 12-29 lists the related operation for configuring subnets for an area.

Table 12-29 Related operation for configuring subnets for an area
Delete the interface running OSPF undo network
12.8.6 Configuring the OSPF Stub Area

This operation enables you to configure an area as an OSPF Stub area and set its attributes.
Procedure
Step 3 Run the stub command to configure the OSPF stub area.
----End
Example
To configure OSPF area 1 as a Stub area, do as follows:
huawei(config-ospf-1-area-0.0.0.1)#stub
Related Operation
Table 12-30 lists the related operations for configuring a Stub area.
Table 12-30 Related operations for configuring a Stub area
Delete a Stub area undo stub
Configure a Stub router (undo)stub-router
12.8.7 Configuring an NBMA Adjacent Router

This operation enables you to manually configure a router adjacent to the NBMA interface.
Context
l Up to 128 adjacent routers can be configured in a process.
l Since an NBMA interface on the network cannot discover the adjacent routers through
broadcasting the Hello packets, you need to specify the adjacent routers.
l By default, the preference for NBMA interface adjacent router is 1.

Procedure
Step 2 Run the peer command to configure an NBMA adjacent router.
----End
Example
To configure the IP address of the NBMA adjacent router as 1.1.1.1 and specify the DR priority
as 120, do as follows:
huawei(config-ospf-1)#peer 1.1.1.1 dr-priority 120
Related Operation
Table 12-31 lists the related operation for configuring an NBMA adjacent router.
Table 12-31 Related operation for configuring an NBMA adjacent router

Cancel the configuration of the undo peer

NBMA adjacent router
12.8.8 Setting OSPF Preference

This operation enables you to set OSPF preference.
Context
l Multiple dynamic routing protocols can run on one router at the same time. Due to this
reason, the problem of route sharing and routing protocol selection occurs.
l The system defines a preference for each routing protocol. When different routes are found
by different protocols to the same destination, the route found by the routing protocol with
the highest preference serves as the current effective route.
l The OSPF preference ranges from 1 to 255. By default, it is 10.
Procedure
Step 2 Run the preference command to set OSPF preference.
Step 3 Run the display ospf brief command to query the OSPF preference.
----End
Example
To set the OSPF preference as 12, do as follows:

huawei(config-ospf-1)#preference 12

Route Tag: 0
Applications Supported: MPLS Traffic-Engineering
Retransmission limitation is disabled
Related Operation
Table 12-32 lists the related operation for setting OSPF preference.
Table 12-32 Related operation for setting OSPF preference
Restore the default OSPF undo preference

preference
12.8.9 Disabling OSPF Packet Transmission on an Interface

This operation enables you to prohibit an interface from transmitting OSPF packets, so as to
enhance the network adaptability of OSPF, and reduce the consumption of system resources.
Context
After the transmission is disabled on an interface, the interface shall be in silent state. The
interface can still advertise its direct route. However, the OSPF Hello packets of the interface
will be blocked, and no adjacency can be set up on the interface.
Procedure
Step 2 Run the silent-interface command to prohibit an interface from transmitting OSPF packets.
----End
Example
To prohibit VLAN interface 7 from transmitting OSPF packets, do as follows:
huawei(config-ospf-1)#silent-interface vlanif 7

Related Operation
Table 12-33 lists the related operation for prohibiting an interface from transmitting OSPF
packets.
Table 12-33 Related operation for prohibiting an interface from transmitting OSPF packets
Allow an interface to send undo silent-interface By default, the system

OSPF packets allows an interface to send
OSPF packets.
12.8.10 Configuring the Maximum OSPF Route Count

This operation enables you to configure the maximum OSPF route count.
Context
The default maximum route count is:
l Intra-area routes: 10000

l Inter-area routes: 10000
l External routes: 10000
Procedure
Step 2 Run the maximum-routes command to configure the maximum OSPF route count.
----End
Example
To configure the maximum count of OSPF routes as 500, do as follows:
huawei(config-ospf-1)#maximum-routes intra 500
Related Operation
Table 12-34 lists the related operation for configuring the maximum OSPF route count.
Table 12-34 Related operation for configuring the maximum OSPF route count
Restore the default setting undo maximum-routes

12.8.11 Enabling OSPF Logging Function

This operation enables OSPF logging function.
Procedure
Step 2 Run the enable log command to query log information.
----End
Example
To enable the logging function of OSPF, do as follows:
huawei(config-ospf-1)#enable log config
Related Operation
Table 12-35 lists the related operation for enabling the OSPF logging function.
Table 12-35 Related operation for enabling the OSPF logging function
Disable the logging function of undo enable log

OSPF
12.8.12 Setting the VLAN-Based Transparent Transmission for

OSPF Packets
This operation enables you to set the VLAN-based transparent transmission for open shortest
path first (OSPF) packets. If you require the transparent transmission for OSPF packets in a
VLAN, enable the function.
Context
By default, the function is disabled.
Procedure
Step 1 Run the ospf tunnel command to set the VLAN-based transparent transmission for OSPF
packets.
Step 2 Run the display ospf tunnel command to query the VLAN-based transparent transmission for
OSPF packets.
----End

Example
To enable the transparent transmission for OSPF packets in VLAN 10, do as follows:
huawei(config)#ospf tunnel enable vlan 10
huawei(config)#display ospf tunnel vlan 10
ospf tunnel is enable
12.9 Configuring OSPF on a VLAN Interface

This section describes how to configure OSPF on a VLAN interface.
12.9.1 Configuring the Network Type on an OSPF Interface
This operation enables you to configure the network type for an OSPF interface.
12.9.2 Configuring OSPF Cost
This operation enables you to configure the cost of the interface running OSPF.
12.9.3 Configuring OSPF Packet Authentication
This operation enables you to configure OSPF packet authentication.
12.9.4 Configuring the MTU of the DD Packet
This operation enables you to configure the MTU of the DD packet.
12.9.1 Configuring the Network Type on an OSPF Interface

This operation enables you to configure the network type for an OSPF interface.
Context
OSPF divides networks into four types. By default, the network type of an interface is determined
by the physical interface. For details, see Table 12-36.
Table 12-36 Description of the network types
Network Description Default

type
Broadcast The default network type. The default network type of

an Ethernet port is broadcast.
NBMA Non-Broadcast Multi-Access. This type of The default network type of

network is fully connected, non-broadcast and an ATM interface is NBMA.
multi-access. The ATM network is of this type.
p2mp Point-to-Multipoint -
p2p Point-to-Point The default network type of

a serial port is P2P.
Procedure

Step 2 Run the ospf network-type command to configure the network type.
----End
Example
Presume that the Ethernet port 0/7/0 is in VLAN 2, to configure the network type of the port
0/19/0 as P2P, do as follows:
huawei(config-vlanif-2)#ospf network-type p2p
Related Operation
Table 12-37 lists the related operation for configuring the network type on an OSPF interface.
Table 12-37 Related operation for configuring the network type on an OSPF interface
Restore the default network type of the undo ospf network-type

OSPF interface
12.9.2 Configuring OSPF Cost

This operation enables you to configure the cost of the interface running OSPF.
Procedure
Step 2 Run the ospf cost command to configure the cost of the interface running OSPF.
----End
Example
To configure the cost of the interface running OSPF as 5, do as follows:
huawei(config-vlanif2)#ospf cost 5
Related Operation
Table 12-38 lists the related operation for configuring OSPF cost.

Table 12-38 Related operation for configuring OSPF cost
Restore the default undo ospf cost By default, the system calculates the
cost cost needed for the interface running
OSPF according to the current baud
rate of the interface.
12.9.3 Configuring OSPF Packet Authentication

This operation enables you to configure OSPF packet authentication.
Context
l OSPF supports plain text authentication or MD5/HMAC-MD5 encrypted text
authentication for adjacent routes to transmit OSPF packets.
l By default, the interface is not configured with any authentication mode.
Procedure
Step 2 Run the ospf authentication-mode command to configure OSPF packet authentication.
----End
Example
To configure the OSPF authentication as plain text authentication and the authentication
password as "huawei", do as follows:
huawei(config-if-vlanif2)#ospf authentication-mode simple huawei
Related Operation
Table 12-39 lists the related operation for configuring OSPF packet authentication.
Table 12-39 Related operation for configuring OSPF packet authentication
Delete the configured authentication mode undo ospf authentication-mode

and key
12.9.4 Configuring the MTU of the DD Packet

This operation enables you to configure the MTU of the DD packet.

Context
l After the adjacency is set up between two routers, the routers begin to transmit DD packets
to each other to exchange the owned routing information.
l By default, the interface does not fill in the MTU field while transmitting DD packets. In
other words, the MTU field in the DD packets is 0.
Procedure
Step 2 Run the ospf mtu-enable command to configure the MTU of the DD packet.
----End
Example
To configure interface vlanif2 to fill in the MTU field when transmitting DD packet, do as
follows:
huawei(config-if-vlanif2)#ospf mtu-enable
Related Operation
Table 12-40 lists the related operation for configuring the MTU of the DD packet.
Table 12-40 Related operation for configuring the MTU of the DD packet
Restore the default setting for the interface undo ospf mtu-enable
when transmitting DD packets
12.10 Configuring OSPF Timer

This section describes how to configure OSPF timer.
12.10.1 Setting the Interval for Sending the Hello Packets
This operation enables you to set the interval for sending Hello packets. The OSPF router
transmits Hello packets periodically to find the adjacent router, to maintain adjacency and elect
the DR and BDR.
12.10.2 Setting the Dead Time Between Adjacent Routers
This operation enables you to set the dead time between adjacent routers. If a router fails to
receive any Hello packet from an adjacent router for a certain period, it considers the adjacent
router as unavailable. This period is called the dead time between adjacent routers.
12.10.3 Setting the Hello Packet Poll Interval
This operation enables you to set the Hello packet poll interval.
12.10.4 Setting the LSA Transmit Delay
This operation enables you to set the LSA transmit delay.
12.10.5 Setting the LSA Retransmit Interval between Adjacent Routers

This operation enables you to set the LSA retransmit interval between adjacent routers.
12.10.6 Setting the SPF Calculation Interval for OSPF
This operation enables you to set the SPF calculation interval for OSPF.
12.10.1 Setting the Interval for Sending the Hello Packets

This operation enables you to set the interval for sending Hello packets. The OSPF router
transmits Hello packets periodically to find the adjacent router, to maintain adjacency and elect
the DR and BDR.
Context
l By default, Hello interval of P2P and broadcast interfaces is 10s and that of P2MP and
NBMA interfaces is 30s.
l The intervals for sending Hello packets of network neighbors should be consistent with
each other.
l The interval for sending Hello packets should be in inverse proportion of route convergence
speed and network load.
l After the network type of the interface is modified, the interval for sending Hello packets
restores the default value.
Procedure
Step 2 Run the ospf timer hello command to set the interval for sending Hello packets.
----End
Example
To set the interval for sending OSPF Hello packet as 15s, do as follows:
huawei(config-if-vlanif2)#ospf timer hello 15
Related Operation
Table 12-41 lists the related operation for setting the interval for sending Hello packets.
Table 12-41 Related operation for setting the interval for sending Hello packets
Restore the default interval for sending undo ospf timer hello
Hello packets
12.10.2 Setting the Dead Time Between Adjacent Routers

This operation enables you to set the dead time between adjacent routers. If a router fails to
receive any Hello packet from an adjacent router for a certain period, it considers the adjacent
router as unavailable. This period is called the dead time between adjacent routers.

Context
l By default, the dead time between adjacent routers on a P2P and broadcast interfaces is 40s
and that on P2MP and NBMA (non-broadcast) interfaces is 120s.
l The value of dead seconds must be 4 times that of hello seconds at least.
l After the network type of the interface is modified, the dead time is restored to the default
value.
Procedure
Step 2 Run the ospf timer dead command to set the dead time of adjacent routers.
----End
Example
To set the dead time of adjacent routers as 60s, do as follows:
huawei(config-if-vlanif2)#ospf timer dead 60
Related Operation
Table 12-42 lists the related operation for setting the dead time between adjacent routers.
Table 12-42 Related operation for setting the dead time between adjacent routers
Restore the default dead time undo ospf timer dead
12.10.3 Setting the Hello Packet Poll Interval

This operation enables you to set the Hello packet poll interval.
Context
l In the NBMA network, after the adjacent router fails, a router transmits Hello packet to the
failed router periodically with the Hello packet poll interval.
l The Hello packet poll interval shall at least four times the interval for sending Hello packets.
l By default, the Hello packet poll interval is 120s.
Procedure
Step 2 Run the ospf timer poll command to set the Hello packet poll interval.
----End

Example
To set the Hello packet poll interval as 60s, do as follows:
huawei(config-if-vlanif2)#ospf timer poll 60
Related Operation
Table 12-43 lists the related operation for setting the Hello packet poll interval.
Table 12-43 Related operation for setting the Hello packet poll interval
Restore the default poll interval undo ospf timer poll
12.10.4 Setting the LSA Transmit Delay

This operation enables you to set the LSA transmit delay.
Context
l The Link State Advertise (LSA) describes the interface state and the adjacency state of a
router. When saved in the LSDB of the local router, LSA ages. However, LSA does not
age in the process of network transmission.
l It is necessary to add LSA transmit delay to the expiration time before the transmission.
This configuration is very important for low speed networks.
l By default, the delay for sending link-state update is 1s.
Procedure
Step 2 Run the ospf trans-delay command to set the LSA transmit delay.
----End
Example
To set LSA transmit delay as 10s, do as follows:
huawei(config-if-vlanif2)#ospf trans-delay 10
Related Operation
Table 12-44 lists the related operation for setting the LSA transmit delay.

Table 12-44 Related operation for setting the LSA transmit delay
Restore the default LSA transmit delay undo ospf trans-delay
12.10.5 Setting the LSA Retransmit Interval between Adjacent

Routers
This operation enables you to set the LSA retransmit interval between adjacent routers.
Context
l When a router sends an LSA to its neighbors, it shall wait for an ACK from them. If no
ACK is received from the neighbors within the retransmit interval, this LSA shall be resent.
l A too small LSA retransmit interval on an interface may lead to unnecessary retransmission.
A too large LSA retransmit interval affects the flooding speed in case of packet loss.
l By default, the LSA retransmit interval between adjacent routers is 5s.
Procedure
Step 2 Run the ospf timer retransmit command to set the LSA retransmit interval.
----End
Example
To set the LSA retransmit interval as 8s, do as follows:
huawei(config-if-vlanif2)#ospf timer retransmit 8
Related Operation
Table 12-45 lists the related operation for setting the LSA retransmit interval between adjacent
routers.
Table 12-45 Related operation for setting LSA retransmit interval between adjacent routers
Restore the default LSA retransmit undo ospf timer retransmit

interval between adjacent routers
12.10.6 Setting the SPF Calculation Interval for OSPF

This operation enables you to set the SPF calculation interval for OSPF.

Context
l Whenever the LSDB of OSPF changes, the SPF shall be recalculated.
l Calculating the shortest path upon any change consumes vast amounts of resources and
affects the operation efficiency of the router. Adjusting the SPF calculation interval,
however, can restrain the resource consumption due to frequent network changes.
l By default, the interval of SPF recalculation is 5s.
Procedure
Step 2 Run the spf-schedule-interval command to set the SPF calculation interval for OSPF.
----End
Example
To set the interval of SPF recalculation as 10s, do as follows:
huawei(config-ospf-1)#spf-schedule-interval 10
Related Operation
Table 12-46 lists the related operation for setting the SPF calculation interval for OSPF.
Table 12-46 Related operation for setting the SPF calculation interval for OSPF
Restore the default SPF calculation undo spf-schedule-interval

interval
12.11 Configuring Route Summarization

This sections describes how to configure route summarization.
12.11.1 Configuring Route Summarization Between Areas
This operation enables you to configure route summarization between areas. Route
summarization means that the ABR summarizes all routes with the same prefix to a route entry
and then send it to other areas, so as to reduce the broadcasted routing information.
12.11.2 Configuring the Summarization of Routes Imported by OSPF
This operation enables you to how to configure the summarization of routes imported by OSPF.
12.11.1 Configuring Route Summarization Between Areas

This operation enables you to configure route summarization between areas. Route
summarization means that the ABR summarizes all routes with the same prefix to a route entry
and then send it to other areas, so as to reduce the broadcasted routing information.

Context
l By default, the ABR does not summarize routes between areas.
l One area can be configured with multiple summarization network segments.
l The route summarization is valid when configured on an ABR.
Procedure
Step 1 Run the ospf command to start the OSPF progress.
Step 3 Run the network command to configure the interface running OSPF protocol and the area the
interface belongs to.
Step 4 Run the abr-summary command to configure route summarization between areas.
----End
Example
To summarize the routes in the two network segments of 20.20.10.0 and 20.20.20.0 in OSPF
area as one route entry 20.20.0.0 and send it to other areas, do as follows:
huawei(config-ospf-100-area-0.0.0.1#abr-summary 20.20.0.0 255.255.0.0
Related Operation
Table 12-47 lists the related operation for configuring route summarization between areas.
Table 12-47 Related operation for configuring route summarization between areas
Disable the route summarization undo abr-summary

between areas
12.11.2 Configuring the Summarization of Routes Imported by

OSPF
This operation enables you to how to configure the summarization of routes imported by OSPF.
Context
OSPF supports the summary of imported routes. By default, the summary of imported routes is
disabled.

Procedure
Step 2 Run the asbr-summary command to configure summary of routes with the same prefix.
----End
Example
To enable the summary of routes with the same prefix of 10.2, do as follows:
huawei(config-ospf-1)#asbr-summary 10.2.0.0 255.255.0.0
Related Operation
Table 12-48 lists the related operation for configuring the summarization of routes imported by
OSPF.
Table 12-48 Related operation for configuring summarization of routes imported by OSPF
Disable the summarization of undo asbr-summary

routes imported by OSPF
12.12 Configuring OSPF Route Import

This section describes how to configure OSPF route import.
12.12.1 Importing Routes from Other Protocols into OSPF
This operation enables you to import routes from other protocols into OSPF.
12.12.2 Setting the Default Parameters of OSPF Imported Routes
This operation enables you to set the default parameters of OSPF imported routes.
12.12.1 Importing Routes from Other Protocols into OSPF

This operation enables you to import routes from other protocols into OSPF.
Context
l OSPF makes the routes found by other routing protocols to be processed as routes outside
the AS. The protocol types of routes that OSPF can import are RIP, direct routes and static
routes.
l By default, OSPF's importing routes from other protocols is disabled.
Procedure

Step 2 Run the import-route rip command to import routes from other protocols into OSPF.
----End
Example
To specify the imported RIP route as Type 2 external route, the route tag as 33, and the cost as
50, do as follows:
huawei(config-ospf-1)#import-route rip 40 type 2 tag 33 cost 50
Related Operation
Table 12-49 lists the related operation for importing routes from other protocols into OSPF.
Table 12-49 Related operation for importing routes from other protocols into OSPF
Cancel the imported route from undo import-route rip

other protocols
12.12.2 Setting the Default Parameters of OSPF Imported Routes

This operation enables you to set the default parameters of OSPF imported routes.
Context
The default settings are:
l Cost: 10
l The type of imported route: 2
l The upper limit of the imported external routes: 1000 at a time
Procedure
Step 2 Run the default command to set the default parameters for OSPF to import external routes.
----End
Example
Assume that:
l The upper limit of the default imported external routes: 100
l The default cost for OSPF to accept external routes: 8
l The default tag for OSPF to accept external routes: 8
l The default type of imported routes: Type-1
To set the OSPF imported routes, do as follows:

huawei(config-ospf-100)#default cost 8 type 1 tag 8 limit 100
Related Operation
Table 12-50 lists related operations for setting parameters for OSPF to import external routes.
Table 12-50 Related operations for setting parameters for OSPF to import external routes
Restore the default upper limit for OSPF to import undo default limit
external routes each time
Restore the default cost for OSPF to import external undo default cost
routes
Restore the default tag when OSPF imports external undo default tag
routes
Restore the default type of the external routes to be undo default type
imported
12.13 Configuring a Route Policy

This section describes how to configure a route policy.
12.13.1 Defining a Route Policy
This operation enables you to define a route policy.
12.13.2 Defining the if-match Clause of a Route Policy
This operation enables you to define the if-match clause of a route policy.
12.13.3 Defining the apply Clause of a Route Policy
This operation enables you to define the apply clause of a route policy.
12.13.1 Defining a Route Policy

This operation enables you to define a route policy.
Context
l Up to 1000 route policies can be defined in the system, and each route policy can be
configured with up to 20 nodes.
l A route policy may consist of several nodes, with each node as a unit for the match test.
The node number is also the matching order.
l The relationship between nodes of a route policy is "or". The system checks every node of
a route policy. If one node passes the match test, it means that the route policy passes the
match test.
l Every node consists of if-match clause and apply clause:

– if-match defines the matching order. The relationship between two if-match clauses
of a node is "and". In other words, the match test can be considered as pass-through
only when all if-match clauses of a node are satisfied.
– apply clause specifies the action to be taken when node match test is conducted, that
is, set some attributes of the routes.
Parameter Description
Table 12-51 lists the parameters for defining a route policy.
Table 12-51 Parameters for defining a route policy
permit It specifies the matching mode of a node as "permit". When a

route entry passes a node, the system executes the apply clause
of the node without the test by the next node. If the route entry
fails to pass the filtering, it will go to next node for test.
deny It specifies the matching mode of a mode as "deny". In this

mode, the apply clause of the node will not be executed. When
a route entry satisfies all if-match clauses of a node, it will not
go to next node for test. If a route entry does not satisfy any if-
match clause of a node, it will go to next node for test.
Procedure
Step 1 Run the route-policy command to create a route policy and the enter route policy configuration
mode.
Step 2 Run the display route-policy command to query the running status of the configured route
policy.
----End
Example
To configure route policy 1 with node number of 10 and the matching mode "permit", do as
follows:
huawei(config)#route-policy policy1 permit node 10
huawei(config-route-policy)#quit
huawei(config)#display route-policy
{ <cr>|string<S><1,19> }:policy1
Command:
display route-policy policy1
Route-policy : policy1
permit : 10
Related Operation
Table 12-52 lists the related operation for configuring a route policy.

Table 12-52 Related operation for configuring a route policy

Command...
Delete a route policy undo route-policy By default, no route policy is defined.
12.13.2 Defining the if-match Clause of a Route Policy

This operation enables you to define the if-match clause of a route policy.
Context
l The if-match clause defines the matching rules, namely the preconditions for routes to pass
the current route policy, based on the attributes of the routes.
l The relationship between two if-match clauses of a node is "and". The match test can be
considered as pass-through only when all if-match clauses of a node are satisfied. The apply
clause specifies the action to be taken when node match test is conducted.
l If no if-match clause is specified, all routes can pass through the node.
l By default, no match action is taken.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match ip command to set the filtering criteria of routing information.
Step 3 Run the display route-policy command to query the configuration information.
----End
Example
To set filtering the address prefix list p1 of destination address of route, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip next-hop ip-prefix p1
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Related Operation
Table 12-53 lists the related operation for defining the route policy matching rule.

Table 12-53 Related operation for defining the route policy matching rule
Delete the route policy matching undo if-match ip

rule
12.13.3 Defining the apply Clause of a Route Policy

This operation enables you to define the apply clause of a route policy.
Context
l The apply clause specifies the commands to be used for modifying the attributes of the
routes when if-match clauses are satisfied.
l By default, no setting is available.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration
mode.
Step 2 Run the if-match command to set the filtering criteria of routing information.
Step 3 Run the apply tag command to set the tag of the route information.
Step 4 Run the display route-policy command to query the configured route policy.
----End
Example
To set the routing information tag of the filtered route as 100, do as follows:
huawei(config)#route-policy 1 permit node 1
huawei(config-route-policy)#if-match ip-prefix p1
huawei(config-route-policy)#apply tag 100
{ <cr>|string<S><1,19> }:1
Command:
display route-policy 1
Route-policy : 1
permit : 1
Match clauses :
if-match ip-prefix p1
Apply clauses :
apply tag 100
Related Operation
Table 12-54 lists the related operation for modifying the attributes of the filtered route.

Table 12-54 Related operation for modifying the attributes of the filtered route
Cancel the modification of the undo apply

attributes of the filtered route

Configuration Guide 13 Configuring MSTP
13 Configuring MSTP
About This Chapter
This chapter describes how to configure the MSTP protocol on the MA5600.
13.1 Overview
This chapter describes the multiple spanning tree protocol (MSTP) and its applications to the
MA5600.
13.2 Enabling the MSTP Function
This operation enables the MSTP function on the MA5600.
13.3 Setting the Working Mode of MSTP
This operation enables you to set the working mode of MSTP.
13.4 Setting the MST Region Parameters
This section describes how to set the parameters of the multiple spanning tree (MST) region.
13.5 Activating the Configuration of the MST Region
This operation enables you to activate the configuration of the MST region.
13.6 Specifying the Device as a Root Bridge or a Backup Root Bridge
This operation enables you to specify the device as a root bridge or a backup root bridge.
13.7 Setting the Priority of the Device in the Specified Spanning Tree Instance
This operation enables you to set the priority of the device in the specified spanning tree instance.
13.8 Setting the Maximum Hop of the MST Region
This operation enables you to set the maximum hop of the MST region.
13.9 Setting the Diameter of the Switching Fabric
This operation enables you to set the diameter of the switching fabric.
13.10 Setting the Calculation Standard for the Path Cost
This operation enables you to set the calculation standard for the path cost.
13.11 Setting the Time Parameters of the Specified Network Bridge
This section describes how to set the time parameters of the specified network bridge. The time
parameters include Forward Delay, Hello Time, MAX Age, and time factor.
13.12 Setting the Parameters of the Specified Port

13 Configuring MSTP Configuration Guide
This section describes how to set the parameters of the specified port.
13.13 Setting the mCheck Variable
This operation enables you to set the mCheck variable to force a port to work in MSTP mode.
13.14 Configuring the Device Protection Function
This section describes how to configure the device protection functions, including BPDU
protection, loopback protection and root protection.
13.15 Clear the MSTP Protocol Statistics
This operation enables you to clear the MSTP protocol statistics.

13.1 Overview
This chapter describes the multiple spanning tree protocol (MSTP) and its applications to the
MA5600.
Service Description
MSTP applies to a redundant network. It makes up for the drawback of STP and RSTP. MSTP
makes the network converge fast and the traffic of different VLANs distributed along their
respective paths, which provides a better load-sharing mechanism.
MSTP trims a loop network into a loop-free tree network. It avoids the proliferation and infinite
cycling of the packets in the loop network. In addition, MSTP provides multiple redundant paths
for VLAN data transmission to achieve the load-sharing purpose.
For details on MSTP, refer to the chapter "MSTP" in the Feature Description.
The MA5600 supports MSTP, which is compatible with the STP and RSTP. It supports MSTP
loop network to meet the various networking requirements.
13.2 Enabling the MSTP Function

This operation enables the MSTP function on the MA5600.
Context
l By default, the MSTP function is disabled.
l After the MSTP function is enabled, the device determines whether it works in STP
compatible mode or MSTP mode based on the configured protocol.
l After the MSTP function is enabled, MSTP maintains dynamically the spanning tree of the
VLAN based on the received BPDU packets. After the MSTP function is disabled, the
MSTP device becomes a transparent bridge and does not maintain the spanning tree.
Procedure
Step 1 Run the stp enable command or stp port enable command to enable the MSTP function of the
bridge or the port.
Step 2 Run the display stp command or display stp port command to query the MPLS state of the
bridge or the port.
----End
To enable the MSTP function of the bridge, do as follows:

huawei(config)#stp enable Are you sure you will change global stp state?[Y/N][N]y
huawei(config)#display stp
{ <cr>|instance<K>|port<K> }:
Command:

display stp
The bridge is executing the IEEE Multiple Spanning Tree Protocol
Bridge Diameter : 7 Max Hops : 20
PathCost standard : LEGACY BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 0 Time since last TC : 1 days :18m:27s
============================== Instance 0 ==================================

Bridge Priority : 32768 MAC Address : 00e0-fc99-5050
Hello Time: 2 sec Forward Delay: 15 sec Max Age: 20 sec
IST Root Priority : 32768 MAC Address : 00e0-fc99-5050
CST Root Priority : 32768 MAC Address : 00e0-fc99-5050
Path cost to IST root bridge is 0

Path cost to CST root bridge is 0
-----------------------------------------------------------------------------
To enable the MSTP function of port 0/7/0, do as follows:

huawei(config)#stp port 0/7/0 enable
huawei(config)#display stp port 0/7/0
----[CIST][Port1(Down)]----
Port Protocol :enabled
Port Role :CIST Disabled Port
Port Priority :128
Port Cost :Config=auto / Active=200000
Desg. Bridge/Port :32768.00e0-fc99-5050 / 128.1
Port Edged(Admin) :disabled
Point-to-point :Config=auto / Active=false
Transit Limit :3 packets/hello-time
Protection Type :None
Port Stp Mode :Stp
PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
Related Operation
Table 13-1 lists the related operations for enabling the MSTP function.
Table 13-1 Related operations for enabling the MSTP function
Disable the MSTP function of the device stp disable -
Disable the MSTP function of the port stp port disable -
Restore the default MSTP state of the undo stp By default, it is

device disabled.
Restore the default MSTP state of the undo stp port By default, it is
port enabled.
Query the MSTP information undo stp port -

13.3 Setting the Working Mode of MSTP

This operation enables you to set the working mode of MSTP.
Context
l MSTP supports two working modes:
– MSTP mode
– STP mode
l MSTP is compatible with STP. If the network bridge that runs STP exists in the switching
fabric, MSTP automatically runs in MSTP/STP compatible mode.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the stp mode
mstp command to force the port to work in MSTP mode.
Procedure
l The following section shows the procedure for setting the STP working mode.
1. Run the stp mode stp command to set the STP working mode.
2. Run the display stp command to query the working mode.
l The following section shows the procedure for setting the RSTP working mode.
1. Run the stp mode stp command to set the MSTP working mode.
2. Run the display stp command to query the working mode.
----End
To set the STP working mode, do as follows:

huawei(config)#stp mode stp
Command:
display stp
The bridge is executing the IEEE compatible Spanning Tree Protocol
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
To set the MSTP working mode, do as follows:

huawei(config)#stp mode mstp

Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 13-2 lists the related operation for setting the working mode of MSTP.
Table 13-2 Related operation for setting the working mode of MSTP
Restore the default working mode of undo stp mode By default, the
MSTP device works in
MSTP mode.
13.4 Setting the MST Region Parameters

This section describes how to set the parameters of the multiple spanning tree (MST) region.
13.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region
This operation enables you to set the MD5-Key for the MD5 encryption algorithm.
13.4.2 Configuring the MST Region Name
This operation enables you to configure the MST region name.
13.4.3 Mapping the Specified VLAN to the Specified MSTP Instance
This operation enables you to map the specified VLAN to the specified MSTP instance.
13.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic
This operation enables you to map all VLANs to the MSTP instances by modular arithmetic.
13.4.5 Setting the MSTP Revision Level
This operation enables you to set the MSTP revision level.
13.4.6 Restoring the Default Settings for All Parameters of the MST Region
This operation enables you to restore the default settings for all parameters of the MST region.

13.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm

Configured on the MST Region
This operation enables you to set the MD5-Key for the MD5 encryption algorithm.
Context
l The purpose of setting the MD5-Key is for device security. Two devices in the same
multiple spanning tree (MST) can communicate with each other when their MD5-Key
values are the same.
l The MD5-Key value is a character string not longer than 32 bytes. In addition, its length
must be a multiple of 2. By default, it is 0x13AC06A62E47FD 51F95D2BA243CD0346.
Procedure
Step 1 Run the stp md5-key command to set the MD5-Key for the MD5 encryption algorithm
configured on the MST region.
Step 2 Run the display current-configuration command to query the configuration of the device.
----End
Example
To set the MD5-Key for the MD5 encryption algorithm as 0x11ed224466, do as follows:
huawei(config)#stp md5-key 11ed224466
huawei(config)#display current-configuration section config
[MA5600V300R003: 3002]
#
[config]
<config>
mpls vlan 10
mpls vlan 20
mpls vlan 500
mpls vlan 1000
mpls vlan 1001
#
stp region-configuration
region-name huawei
instance 1 vlan 1000
instance 2 vlan 100
active region-configuration
stp instance 0 priority 0
stp timer hello 1000
stp md5-key 11ED224466
stp port 0/7/0 root-protection enable
stp enable
#
lacp priority 0 system
lacp long-period 20
Related Operation
Table 13-3 lists the related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region.

Table 13-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm
configured on the MST region
Restore the default MD5-Key for the undo stp md5-key

MD5 encryption algorithm
13.4.2 Configuring the MST Region Name

This operation enables you to configure the MST region name.
Context
You can configure the parameters related to the MST regions, such as the name, revision level,
and VLAN instance mapping table.
The default values of the three parameters are as follows:
l The name of the MST region is the management MAC address.

l All VLANs are mapped to common and internal spanning tree (CIST).
l The revision level of MSTP is 0.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode.
Step 2 Run the region-name command to configure the name of the MST region.
Step 3 Run the check region-configuration command to query the parameters of the current MST
region.
----End
Example
To configure the name of the MST region as huawei-mstp-bridge, do as follows:
huawei(config)#stp region-configuration
huawei(stp-region-configuration)#region-name huawei-mstp-bridge
huawei(stp-region-configuration)#check region-configuration
Admin configuration
Format selector :0
Region name :huawei-mstp-bridge
Revision level :0
Instance Vlans Mapped

0 1 to 4094
Related Operation
Table 13-4 lists the related operations for configuring the MST region name.

Table 13-4 Related operations for configuring the MST region name
Restore the default name of the MST undo region-name

region
Activate the configuration of the MST active region-configuration

region
Query the configuration of the MST display stp region-configuration

region
13.4.3 Mapping the Specified VLAN to the Specified MSTP

Instance
This operation enables you to map the specified VLAN to the specified MSTP instance.
Context
l By default, all VLANs are mapped to CIST, that is, instance 0.
l One VLAN can be mapped to only one instance at one time. If you re-map a VLAN to
another instance, the original mapping is disabled.
l A maximum of 10 VLAN sections can be configured for an MSTP instance.
l After the mapping, activate it to validate it.
Procedure
Step 2 Run the instance vlan command to map the specified VLAN to the specified MSTP instance.
region.
----End
Example
To map VLANs 2-10 and VLANs 12-16 to MSTP instance 3, do as follows:
huawei(stp-region-configuration)#instance 3 vlan 2 to 10 12 to 16
Admin configuration
Format selector :0
Revision level :0

0 1, 11, 17 to 4094
3 2 to 10, 12 to 16

Related Operation
Table 13-5 lists the related operations for mapping the specified VLAN to the specified MSTP
instance.
Table 13-5 Related operations for mapping the specified VLAN to the specified MSTP instance
Disable the VLAN undo instance vlan VLAN mapping in CIST

mapping of the specified (instance 0) cannot be disabled.
MSTP instance
Activate the active region-configuration -

configuration of the MST
region
Query the configuration display stp region- -

of the MST region configuration
13.4.4 Mapping All VLANs to the MSTP Instances by Modular

Arithmetic
This operation enables you to map all VLANs to the MSTP instances by modular arithmetic.
Context
l By default, all VLANs are mapped to CIST, that is, instance 0.
l On the MA5600, you can specify the VLAN to each MSTP instance rapidly by modular
arithmetic.
– When you map the VLAN to the MSTP instance by modular arithmetic, the ID of the
mapped instance is (VLANID - 1) % module + 1.
– The modular value for the modular arithmetic ranges from 1 to 16. It indicates the
number of the MSTP instances.
l This operation is used to map the VLANs to the MSTP instances rapidly. In actual
application, you can run the instance vlan command to adjust the mappings as required.
l Activate the setting to make it take effect.
Procedure
Step 2 Run the vlan-mapping module command to map all VLANs to the MSTP instances by modular
arithmetic.
region.
----End

Example
To map all VLANs to the MSTP instances by modular arithmetic, with the modular value of 16,
do as follows:
huawei(stp-region-configuration)#vlan-mapping module 16
Admin configuration
Format selector :0
Revision level :0
InstanceVlans Mapped
1 1, 17, 33, 49, 65, 81, 97, 113, 129, 145, 161,
177, 193, 209, 225, 241, 257, 273, 289, 305, 321, 337,
353, 369, 385, 401, 417, 433, 449, 465, 481, 497, 513,
529, 545, 561, 577, 593, 609, 625, 641, 657, 673, 689,
705, 721, 737, 753, 769, 785, 801, 817, 833, 849, 865,
881, 897, 913, 929, 945, 961, 977, 993, 1009, 1025, 1041,
1057, 1073, 1089, 1105, 1121, 1137, 1153, 1169, 1185, 1201, 1217,
1233, 1249, 1265, 1281, 1297, 1313, 1329, 1345, 1361, 1377, 1393,
1409, 1425, 1441, 1457, 1473, 1489, 1505, 1521, 1537, 1553, 1569,
1585, 1601, 1617, 1633, 1649, 1665, 1681, 1697, 1713, 1729, 1745,
1761, 1777, 1793, 1809, 1825, 1841, 1857, 1873, 1889, 1905, 1921,
1937, 1953, 1969, 1985, 2001, 2017, 2033, 2049, 2065, 2081, 2097,
2113, 2129, 2145, 2161, 2177, 2193, 2209, 2225, 2241, 2257, 2273,
2289, 2305, 2321, 2337, 2353, 2369, 2385, 2401, 2417, 2433, 2449,
2465, 2481, 2497, 2513, 2529, 2545, 2561, 2577, 2593, 2609, 2625,
2641, 2657, 2673, 2689, 2705, 2721, 2737, 2753, 2769, 2785, 2801,
2817, 2833, 2849, 2865, 2881, 2897, 2913, 2929, 2945, 2961, 2977,
2993, 3009, 3025, 3041, 3057, 3073, 3089, 3105, 3121, 3137, 3153,
3169, 3185, 3201, 3217, 3233, 3249, 3265, 3281, 3297, 3313, 3329,
3345, 3361, 3377, 3393, 3409, 3425, 3441, 3457, 3473, 3489, 3505,
3521, 3537, 3553, 3569, 3585, 3601, 3617, 3633, 3649, 3665, 3681,
3697, 3713, 3729, 3745, 3761, 3777, 3793, 3809, 3825, 3841, 3857,
3873, 3889, 3905, 3921, 3937, 3953, 3969, 3985, 4001, 4017, 4033,
4049, 4065, 4081
2 2, 18, 34, 50, 66, 82, 98, 114, 130, 146, 162,
178, 194, 210, 226, 242, 258, 274, 290, 306, 322, 338,
Related Operation
Table 13-6 lists the related operations for mapping all VLANs to the MSTP instances.
Table 13-6 Related operations for mapping all VLANs to the MSTP instances
Map all VLANs to CIST instance 0 undo vlan-mapping module

region
Query the effective configuration of the display stp region-configuration

MST region
13.4.5 Setting the MSTP Revision Level

This operation enables you to set the MSTP revision level.

Context
l By default, the revision level is 0.
l Activate the setting to make it take effect.
NOTE
l When you configure the parameters related to the MST region, the current device is placed into a
specified MST region.
l Two devices belong to a same MST region when they meet the following conditions:
l They have the same MST region name and the MSTP revision level.
l The VLAN mapping tables, which correspond to all the spanning tree instances, must be the same
with each other.
Procedure
Step 2 Run the revision-level command to set the MSTP revision level of the device.
region.
----End
Example
To set the MSTP revision level as 100, do as follows:
huawei(stp-region-configuration)#revision-level 100
Admin configuration
Format selector :0
Region name :00e0fc995050
Revision level :100

0 1 to 4094
Related Operation
Table 13-7 lists the related operations for setting the MSTP revision level of the device.
Table 13-7 Related operations for setting the MSTP revision level of the device
Restore the MSTP revision level undo revision-level

region
Query the configuration of the MST display stp region-configuration

region

13.4.6 Restoring the Default Settings for All Parameters of the MST
Region
This operation enables you to restore the default settings for all parameters of the MST region.
Context
By default, the name of the MST region is its management MAC address, all VLANs are mapped
to instance 0, and the revision level of MSTP is 0.
Procedure
Step 1 Run the reset stp region-configuration command to restore the default settings to all parameters
of the MST region.
Step 3 Run the display stp region-configuration command to query the configuration of the MST
region.
----End
Example
To restore the default settings for all parameters of the MST region, do as follows:
huawei(config)#reset stp region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Region name :00e0fc995050
Revision level :0

0 1 to 4094
13.5 Activating the Configuration of the MST Region

This operation enables you to activate the configuration of the MST region.
Context
When you configure the parameters related to the MST region, especially the VLAN mapping
table, MSTP will recalculate the spanning tree. This results in an unstable network topology.
To avoid it, MSTP will not recalculate the spanning tree immediately after you configure the
parameters, unless the following conditions are met:
l Run the active region-configuration command to activate the configuration of the MST
region.
l Run the stp enable command to enable the MSTP function.

Procedure
Step 2 Run the active region-configuration command to activate the configuration of the MST region.
Step 3 Run the display stp region-configuration command to query the effective configuration of the
MST region.
----End
Example
To activate the configuration of the MST region, do as follows:
huawei(stp-region-configuration)#active region-configuration
huawei(stp-region-configuration)#display stp region-configuration
Oper configuration
Format selector :0
Revision level :100

0 1 to 4094
Related Operation
Table 13-8 lists the related operation for activating the configuration of the MST region.
Table 13-8 Related operation for activating the configuration of the MST region
Query the configuration of the current check region-configuration

MST region
13.6 Specifying the Device as a Root Bridge or a Backup Root

Bridge
This operation enables you to specify the device as a root bridge or a backup root bridge.
Context
l By default, the device is not used as a root bridge or a backup root bridge.
l After specifying the current bridge as a root bridge or a backup root bridge, you cannot
modify the system priority of the root bridge.
l One spanning tree instance can be configured with only one root bridge, but more backup
root bridges.
– If the root bridge fails or is powered off, the backup root bridge is used as the root bridge.
– If multiple backup root bridges are configured, the root bridge with the smallest MAC
address is used as the root bridge of the specified spanning tree instance.

Procedure
Step 1 Run the stp root command to specify the device as a root bridge or a backup root bridge.
Step 2 Run the display stp command to query the MSTP configuration of the device.
----End
Example
To specify the current device as the root bridge of MSTP instance 2, do as follows:
huawei(config)#stp instance 2 root primary
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 2
{ <cr>|port<K> }:
Command:
display stp instance 2
Time Factor : 3
============================== Instance 2 ==================================

Related Operation
Table 13-9 lists the related operation for specifying the device as a root bridge or a backup root
bridge.
Table 13-9 Related operation for specifying the device as a root bridge or a backup root bridge
Cancel the operation of specifying the undo stp root

device as a root bridge or a backup root
bridge
13.7 Setting the Priority of the Device in the Specified

Spanning Tree Instance
This operation enables you to set the priority of the device in the specified spanning tree instance.

Context
l The priority of the device ranges from 0 to 61440, with the step of 4096. By default, it is
32768.
l The priority of the device determines whether it can be selected as the root bridge of the
spanning tree. A device with a smaller priority is likely to be selected as the root bridge of
the spanning tree.
l The device that supports MSTP has different priorities in different spanning tree instances.
l If two devices have the same priority, then the device with the smaller MAC address is
selected as the root bridge of the spanning tree.
Procedure
Step 1 Run the stp priority command to set the priority of the device in the specified spanning tree
instance.
----End
Example
To set the priority of the device in spanning tree instance 2 as 4096, do as follows:
huawei(config)#stp instance 2 priority 4096
NOTE
If you set the parameter instance instance-id as 0, the priority you set is used as the priority of the device
in the CIST.
{ <cr>|port<K> }:
Command:
Time Factor : 3
============================== Instance 2 ==================================

Related Operation
Table 13-10 lists the related operations for setting the priority of the device in the specified
spanning tree instance.

Table 13-10 Related operations for setting the priority of the device in the specified spanning
tree instance
Restore the default priority of the device undo stp priority

in the specified spanning tree instance
Set the priority of the port in the specified stp port port-priority
spanning tree instance
13.8 Setting the Maximum Hop of the MST Region

This operation enables you to set the maximum hop of the MST region.
Context
l By default, the maximum hop of the MST region is 20.
l The device takes the root device of the spanning tree in the MST region as a start point.
When the configuration message in the region, that is, the BPDU packet, is forwarded by
one device, the hop is reduced by 1. The device drops the packet with the hop of 0. In this
case, the network scale in the region is restricted.
l If the current device becomes the root bridge device of the CIST or multiple spanning tree
instance (MSTI) in the MST region, the maximum hop configured on the bridge device
becomes the network diameter of the spanning tree. In this case, the spanning tree scale in
the region is restricted.
Procedure
Step 1 Run the stp max-hops command to set the maximum hop of the MST region.
Step 2 Run the display stp command to query the MSTP configuration of the current device.
----End
Example
To set the maximum hop of the MST region as 10, do as follows:
huawei(config)#stp max-hops 10
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================



-----------------------------------------------------------------------------
Related Operation
Table 13-11 lists the related operation for setting the maximum hop of the MST region.
Table 13-11 Related operation for setting the maximum hop of the MST region
Restore the default maximum hop of the undo stp max-hops

device
13.9 Setting the Diameter of the Switching Fabric

This operation enables you to set the diameter of the switching fabric.
Context
l The setting takes effect only to CIST.
l The device takes the root of the spanning tree in the MST region as a start point. When the
configuration message in the region, that is, the BPDU packet, is forwarded by one device,
the hop is reduced by 1. The device drops the packet with the hop of 0. In this case, the
network scale in the region is restricted.
l If the current device becomes the root bridge of the CIST or MSTI in the MST region, the
maximum hop configured on the root bridge is the network diameter of the spanning tree.
l The parameters Hello Time, Forward Delay and Max Age are related to the network scale.
When you set the diameter of the switching fabric, MSTP sets automatically the parameters
Hello Time, Forward Delay and Max Age to a proper value based on the configured network
diameter.
l By default, the diameter of the switching fabric is 7, the Forward Delay is 15, the Hello
Time is 2s, and the Max Age is 20s.
NOTE
l The diameter of the switching fabric is the path with the most switching devices along it. The diameter
is indicated by the number of the switching devices along the path.
l The larger the network diameter is, the larger the network scale is.
Procedure
Step 1 Run the stp bridge-diameter command to set the diameter of the switching fabric.
----End

Example
To set the diameter of the switching fabric as 6, do as follows:
huawei(config)#stp bridge-diameter 6
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 13-12 lists the related operation for setting the diameter of the switching fabric.
Table 13-12 Related operation for setting the diameter of the switching fabric
Restore the default diameter of the undo stp bridge-diameter

switching fabric
13.10 Setting the Calculation Standard for the Path Cost

This operation enables you to set the calculation standard for the path cost.
Context
l The MA5600 supports three kinds of calculation standards for the path cost: the IEEE
802.1d standard (dot1d), the IEEE 802.1t standard (dot1t), and the private standard of
Huawei (legacy). By default, the private standard of Huawei (legacy) is used.
l After the calculation standard is set, the path cost of the device is calculated based on it
automatically.
l Different calculation standards define different path cost values for the ports. If the set
calculation standard is different from the current standard, all ports use the default path cost
of the set calculation standard.

Procedure
Step 1 Run the stp pathcost-standard command to set the calculation standard for the path cost.
----End
Example
To set the calculation standard for the path cost as IEEE 802.1t, do as follows:
huawei(config)#stp pathcost-standard dot1t
Command:
display stp
PathCost standard : DOT1T BPDU-Protection : disabled
Time Factor : 3
TC or TCN received : 95 Time since last TC : 0 days : 0m: 4s
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 13-13 lists the related operation for setting the calculation standard for the path cost.
Table 13-13 Related operation for setting the calculation standard for the path cost
Restore the default calculation standard undo stp pathcost-standard

for the path cost
13.11 Setting the Time Parameters of the Specified Network

Bridge
This section describes how to set the time parameters of the specified network bridge. The time
parameters include Forward Delay, Hello Time, MAX Age, and time factor.
13.11.1 Setting the Forward Delay of the Specified Network Bridge
This operation enables you to set the Forward Delay of the specified network bridge.

13.11.2 Setting the Hello Time of the Specified Network Bridge

This operation enables you to set the Hello Time of the specified network bridge.
13.11.3 Setting the Max Age of the Specified Network Bridge
This operation enables you to set the Max Age of the specified network bridge.
13.11.4 Setting the Timeout Time Factor of the Specified Network Bridge
This operation enables you to set the timeout time factor of the specified network bridge.
13.11.1 Setting the Forward Delay of the Specified Network Bridge

This operation enables you to set the Forward Delay of the specified network bridge.
Context
l For MSTP, when the port switches from discarding to forwarding state, an intermediate
state (Learning) is used if the rapid transition condition of the port state is not met. In this
case, the temporary loop can be avoided.
l The Forward Delay of the root bridge specifies the interval of state transition. If the current
device is a root bridge, its state transition interval is specified by the Forward Delay. The
other devices use the Forward Delay specified by the root bridge to perform state transition.
l The three time parameters, Forward Delay, Hello Time, and Max Age must comply with
the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second)
≥ Max Age ≥ 2 x (Hello Time + 1.0 second).
l By default, the Forward Delay is 15 seconds.
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridge-
diameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts
the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified
network diameter.
Procedure
Step 1 Run the stp timer forward-delay command to set the Forward Delay of the specified network
bridge.
----End
Example
To set the Forward Delay of the specified network bridge as 2000 centiseconds, do as follows:
huawei(config)#stp timer forward-delay 2000
Command:
display stp
Time Factor : 3
TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
============================== Instance 0 ==================================



-----------------------------------------------------------------------------
Related Operation
Table 13-14 lists the related operations for setting the Forward Delay of the specified network
bridge.
Table 13-14 Related operations for setting the Forward Delay of the specified network bridge
Restore the default Forward Delay undo stp timer forward-delay
Set the Hello Time of the specified stp timer hello

network bridge
Set the Max Age of the specified network stp timer max-age
bridge
13.11.2 Setting the Hello Time of the Specified Network Bridge

This operation enables you to set the Hello Time of the specified network bridge.
Context
l The device transmits the configuration packets at regular intervals specified by the Hello
Time to keep the spanning tree stable. If a device does not receive the configuration packets,
it considers that the configuration packets are timed out and then recalculates the spanning
tree.
l If the current device is a root bridge, the configuration packets are sent at regular intervals
specified by the Hello Time. The other devices use the Hello Time specified by the root
bridge to send the configuration packets.
l By default, the Hello Time is 2 seconds.
NOTE
network diameter.

Procedure
Step 1 Run the stp timer hello command to set the Hello Time of the specified network bridge.
----End
Example
To set the Hello Time of the specified network bridge as 1000 centiseconds, do as follows:
huawei(config)#stp timer hello 1000
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 13-15 lists the related operations for setting the Hello Time of the specified network
bridge.
Table 13-15 Related operations for setting the Hello Time of the specified network bridge
Restore the default Hello Time undo stp timer hello
Set the Forward Delay of the specified stp timer forward-delay

network bridge
Set the Max Age of the specified network stp timer max-age
bridge
13.11.3 Setting the Max Age of the Specified Network Bridge

This operation enables you to set the Max Age of the specified network bridge.

Context
l The Max Age takes no effect to MSTI.
l On the CIST, the device uses the Max Age to determine whether the configuration received
by the port is out of date. If the configuration received by the port is out of date, recalculate
the spanning tree instance.
l If the device is a CIST root bridge, it uses the Max Age to determine whether the
configuration is out of date. If the device is not a CIST root bridge, it uses the Max Age set
on the CIST root bridge to determine it.
l By default, the Max Age is 20 seconds.
NOTE
network diameter.
Procedure
Step 1 Run the stp timer max-age command to set the Max Age of the specified network bridge.
----End
Example
To set the Max Age of the specified network bridge as 3000 centiseconds, do as follows:
huawei(config)#stp timer max-age 3000
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 13-16 lists the related operations for setting the Max Age of the specified network bridge.

Table 13-16 Related operations for setting the Max Age of the specified network bridge
Restore the default Max Age undo stp timer max-age
Set the Forward Delay of the specified stp timer forward-delay

network bridge
Set the Hello Time of the specified stp timer hello

network bridge
13.11.4 Setting the Timeout Time Factor of the Specified Network

Bridge
This operation enables you to set the timeout time factor of the specified network bridge.
Context
l The device that supports MSTP sends Hello packets at regular intervals to the neighboring
network bridges. In this case, it checks whether the links are normal.
l If the device does not receive the Hello packets from the upstream device within a triple
Hello Time, it considers the upstream device faulty and recalculates the spanning tree. By
doing so, the link problem can be resolved in time.
l Generally, the network condition is good. If the upstream devices are busy, the spanning
tree may be recalculated. You can avoid such an unnecessary calculation by the timeout
time factor of the specified network bridge.
l By default, the timeout time factor of the specified network bridge is 3.
Procedure
Step 1 Run the stp time-factor command to set the timeout time factor of the specified network bridge.
----End
Example
To set the timeout time factor of the specified network bridge as 6, do as follows:
huawei(config)#stp time-factor 6
Command:
display stp
Time Factor : 6
============================== Instance 0 ==================================




-----------------------------------------------------------------------------
Related Operation
Table 13-17 lists the related operation for setting the timeout time factor of the specified network
bridge.
Table 13-17 Related operation for setting the timeout time factor of the specified network bridge
Restore the default timeout time factor of undo stp time-factor

the specified network bridge
13.12 Setting the Parameters of the Specified Port

This section describes how to set the parameters of the specified port.
13.12.1 Setting the Maximum Transmission Rate of the Specified Port
This operation enables you to set the maximum transmission rate of the specified port.
13.12.2 Setting the Specified Port as an Edge Port
This operation enables you to set the specified port as an edge port. An edge port is not connected
with any switching device.
13.12.3 Setting the Path Cost of the Port in the Specified Spanning Tree Instance
This operation enables you to set the path cost of the port in the specified spanning tree instance.
13.12.4 Setting the Priority of the Specified Port
This operation enables you to set the priority of the specified port.
13.12.5 Setting the Point-to-Point Link Connection of the Specified Port
This operation enables you to set the point-to-point link connection of the specified port.
13.12.1 Setting the Maximum Transmission Rate of the Specified

Port
This operation enables you to set the maximum transmission rate of the specified port.
Context
l The maximum transmission rate of the port indicates the maximum MSTP packets
transmitted by the port within one Hello Time.

l The port can transmit a maximum of 255 packets within one Hello Time. The default
number of packets transmitted is 3.
Procedure
Run the stp port transmit-limit command to set the number of packets transmitted by the port
within the Hello Time.
----End
Example
To set the maximum packets transmitted by the port within one Hello Time as 16, do as follows:
huawei(config)#stp port 0/7/0 transmit-limit 16
Related Operation
Table 13-18 lists the related operations for setting the maximum transmission rate of the
specified port.
Table 13-18 Related operations for setting the maximum transmission rate of the specified port
Restore the default maximum number of undo stp port transmit-limit

packets transmitted by the port
13.12.2 Setting the Specified Port as an Edge Port

This operation enables you to set the specified port as an edge port. An edge port is not connected
with any switching device.
Context
l You can set only the port connected to the terminal as an edge port. When the BPDU
protection is disabled from the switching device, after the port receives the BPDD packets,
even if the port is set as an edge port, it still works as a non-edge port. By default, all ports
are set as non-edge ports.
l If you specify a port as an edge port, the rapid transition can be implemented if the port is
transited from blocking to forwarding state.
l This setting takes effect to all spanning tree instances. When a port is set as an edge port,
it works as an edge port on all spanning tree instances. When a port is set as a non-edge
port, it works as a non-edge port on all spanning tree instances.
NOTE
For the port directly connected to the terminal, set it as an edge port, and enable its BPDU protection
function. For more details, see the section "13.14.1 Enabling the BPDU Protection Function of the
Device." In this case, the rapid transition of the port state can be implemented, and the network security is
guaranteed.

Procedure
Step 1 Run the stp port edged-port enable command to set the port as an edge port.
Step 2 Run the display stp command to query the MSTP global configuration.
----End
Example
To set port 0/7/0 as an edge port, do as follows:
huawei(config)#stp port 0/7/0 edged-port enable
Command:
display stp
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Port F/ S/ P Priority Cost Admin-State Role State Type
-----------------------------------------------------------------------------
1 0/7/ 0 128 200000 Disabled Disa Down Edge
3 0/7/ 2 128 200000 Enabled Disa Down None
17 0/ 2/ 0 0 200000 Enabled Disa Down None
-----------------------------------------------------------------------------
Related Operation
Table 13-19 lists the related operation for setting the specified port as an edge port.
Table 13-19 Related operation for setting the specified port as an edge port
Set a port as a non-edge port stp port edged-port disable
13.12.3 Setting the Path Cost of the Port in the Specified Spanning
Tree Instance
This operation enables you to set the path cost of the port in the specified spanning tree instance.

Context
l By default, the network bridge obtains the path cost of the port based on the link status.
l Setting the path cost of the Ethernet port results in the recalculation of the spanning tree.
Therefore, the default path cost is recommended.
NOTE
l Path cost is a parameter related to the rate of the link connected to the port. For the device that supports
MSTP, the port has different path costs in different spanning tree instances.
l Setting a proper path cost makes various VLAN traffic be forwarded along different physical links. In
this case, the VLAN load-sharing function is implemented.
Procedure
Step 1 Run the stp port cost command to set the path cost of the port in the specified spanning tree
instance.
----End
Example
To set the path cost of the port in spanning tree instance 2 as 1024, do as follows:
huawei(config)#stp port 0/7/0 instance 2 cost 1024
NOTE
{ <cr>|port<K> }:
Command:
Time Factor : 3
============================== Instance 0 ==================================


-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------

Related Operation
Table 13-20 lists the related operation for setting the path cost of the port in the specified
spanning tree instance.
Table 13-20 Related operation for setting the path cost of the port in the specified spanning tree
instance.
Restore the default path cost of the undo stp port cost
specified port
13.12.4 Setting the Priority of the Specified Port

This operation enables you to set the priority of the specified port.
Context
l The priority of a port affects its role in the specified spanning tree instance. You can set
different priorities for the same port on the different MSTIs. This makes various VLAN
traffic be forwarded along different physical links. In this case, the VLAN load-sharing
function is implemented.
l If the priority of the port changes, MSTP recalculates the role of the port and perform state
transition.
l The priority of the port ranges from 0 to 240, with the step of 16. By default, it is 128.
Procedure
Step 1 Run the stp port port-priority command to set the priority of the specified port.
----End
Example
To set the priority of the specified port as 64, do as follows:
huawei(config)#stp port 0/7/0 instance 0 port-priority 64
NOTE
{ <cr>|port<K> }:
Command:
Time Factor : 3
============================== Instance 0 ==================================



-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
Related Operation
Table 13-21 lists the related operation for setting the priority of the specified port.
Table 13-21 Related operation for setting the priority of the specified port
Restore the default priority of the undo stp port port-priority

specified port
13.12.5 Setting the Point-to-Point Link Connection of the Specified

Port
This operation enables you to set the point-to-point link connection of the specified port.
Context
l By default, the point-to-point parameter is set to auto mode. MSTP checks whether the
link connected to the specified port is a point-to-point link.
l The port state cannot be changed rapidly if the port is not connected to a point-to-point link.
The default setting is recommended.
l This setting takes effect to CIST and MSTI. When the port is set as connecting (or not
connecting) with the point-to-point link, the setting applies to all the spanning tree
instances.
l If the port is set as connecting with the point-to-point link, but actually it is not connected
with a point-to-point link, the port is in loopback state.
NOTE
l For an aggregated port, only the primary port can be set as connecting with the point-to-point link.
l Assume that a port works in auto negotiation mode, if it is in full-duplex mode after the negotiation, it
can be set as connecting with the point-to-point link.

Procedure
Run the stp port point-to-point command to set whether the link that is connected to the port
is a point-to-point link.
----End
Example
To set the link that is connected to port 0/7/0 as a point-to-point link, do as follows:
huawei(config)#stp port 0/7/0 point-to-point force-true
Related Operation
Table 13-22 lists the related operation for setting the point-to-point link connection of the
specified port.
Table 13-22 Related operation for setting the point-to-point link connection of the specified port
Set the link connected to the port as the undo stp port point-to-point
default state
13.13 Setting the mCheck Variable

This operation enables you to set the mCheck variable to force a port to work in MSTP mode.
Context
Run the stp port mcheck command to check whether there is any network bridge that runs STP
in the subnet to which the current port is connected.
l If the network bridge that runs STP exists in the subnet where the port is connected, the
port runs in MSTP/STP compatible mode automatically.
l When the network condition is good, though the network bridge that runs STP in the subnet
is removed, the port still runs in the STP compatible mode. In this case, run the command
to force the port to work in MSTP mode. After that, the type of the packets received by the
port determines whether it works in MSTP or STP compatible mode.
This command takes effect only when the network bridge runs MSTP.
Procedure
Run the stp port mcheck command to set the mCheck variable.
----End
Example
To transit port 0/7/0 to work in MSTP mode, do as follows:

huawei(config)#stp port 0/7/0 mcheck
13.14 Configuring the Device Protection Function

This section describes how to configure the device protection functions, including BPDU
protection, loopback protection and root protection.
13.14.1 Enabling the BPDU Protection Function of the Device
This operation enables the BPDU protection function of the device.
13.14.2 Enabling the Loop Protection Function of the Device
This operation enables the loop protection function of the device.
13.14.3 Enabling the Root Protection Function of the Device
This operation enables the root protection function of the device.
13.14.1 Enabling the BPDU Protection Function of the Device

This operation enables the BPDU protection function of the device.
Context
l By default, the BPDU protection function is disabled.
l If the port of an access device is connected directly to the user terminal, such as a PC, or
connected to the file server, the port is usually set as an edge port to implement rapid state
transition. When the port receives the BPDU packets, the system sets the port as a non-
edge port and recalculates the spanning tree. This results in an unstable network topology.
l MSTP provides the BPDU protection function to prevent users from forging BPDU packets
to attack the device maliciously. If the BPDU protection function is enabled on the device,
the system disables the edge port that receives the BPDU packets. If the disabled port does
not receive the BPDU packets within 180s, it is enabled automatically.
Procedure
Step 1 Run the stp bpdu-protection enable command to enable the BPDU protection function of the
device.
----End
Example
To enable the BPDU protection function of device, do as follows:
huawei(config)#stp bpdu-protection enable
Command:
display stp
PathCost standard : LEGACY BPDU-Protection : enabled
Time Factor : 3

============================== Instance 0 ==================================


-----------------------------------------------------------------------------
Related Operation
Table 13-23 lists the related operation for enabling the BPDU protection function of the device.
Table 13-23 Related operation for enabling the BPDU protection function of the device
Disable the BPDU protection function of stp bpdu-protection disable

the device
13.14.2 Enabling the Loop Protection Function of the Device

This operation enables the loop protection function of the device.
Context
l To avoid the switching fabric loop due to the link congestion or unidirectional link fault,
MSTP provides the loop protection function.
l After the loop protection function is enabled, the root port keeps its role, and the blocked
port keeps its discarding state and does not forward any packets. In this case, the loop will
not occur in the network.
l By default, the loop protection function is disabled.
Procedure
Step 1 Run the stp port loop-protection enable command to enable the loop protection function of
the port.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To enable the loop protection function of port 0/7/0, do as follows:
huawei(config)#stp port 0/7/0 loop-protection enable

Port Priority :128

Protection Type :Loop
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
BPDU Received :0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Related Operation
Table 13-24 lists the related operations for enabling the loop protection function of the device.
Table 13-24 Related operations for enabling the loop protection function of the device
Disable the loop protection function of stp port loop-protection disable

the device
Enable the BPDU protection function of stp bpdu-protection

the device
Enable the root protection function of the stp port root-protection

device
13.14.3 Enabling the Root Protection Function of the Device

This operation enables the root protection function of the device.
Context
l Due to the incorrect configuration or malicious attacks, the legal root bridge in the network
might receive the configuration packets with a higher priority. In this case, the current root
bridge becomes invalid, which causes the network topology changed. MSTP provides the
root protection function to avoid such a case.
l For the port that is enabled with the root protection function, it is only used as a specified
port for all instances. Once the port receives the configuration packets with a higher priority,
which sets the port as a non-specified port, the port will be in the listening state, and will
not forward the packets. When the port does not receive the configuration packets with a
higher priority for a certain period, the port will restore to the normal state.
l By default, the root protection function of the port is disabled.

Procedure
Step 1 Run the stp port root-protection enable command to enable the root protection function of the
port.
Step 2 Run the display stp port command to query the MSTP configuration of the port.
----End
Example
To enable the root protection function of port 0/7/0, do as follows:
huawei(config)#stp port 0/7/0 root-protection enable
Port Priority :128
Protection Type :Root
Port Stp Mode :Stp
PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop
20
BPDU Sent :0
BPDU Received :0
----[MSTI 2][Port1(Down)]----
Port Role :Disabled Port
Port Priority :128
Related Operation
Table 13-25 lists the related operations for enabling the root protection function of the device.
Table 13-25 Related operations for enabling the root protection function of the device
Disable the root protection function of the stp port root-protection disable
device
Enable the BPDU protection function of stp bpdu-protection

the device
Enable the loop protection function of the stp port loop-protection

port
13.15 Clear the MSTP Protocol Statistics

This operation enables you to clear the MSTP protocol statistics.

Context
You can clear the device/port MSTP protocol statistics.
Procedure
Step 1 Run the reset stp statistics command to clear the MSTP protocol statistics.
Step 2 Run the reset stp port statistics command to clear the MSTP protocol statistics of a port.
----End
To clear the MSTP protocol statistics on the MA5600, do as follows:

huawei(config)#reset stp statistics
To clear the MSTP protocol statistics on port0/7/0, do as follows:

huawei(config)#reset stp port 0/7/0 statistics

Configuration Guide 14 Configuring NTP
14 Configuring NTP
About This Chapter
This chapter describes the NTP protocol and how to configure it on the MA5600.
14.1 Overview
This section describes the NTP concepts and its specification on the MA5600.
14.2 Configuration Example of NTP Broadcast Mode
This operation enables you to configure NTP broadcast mode on the MA5600, so as to implement
clock synchronization among network devices.
14.3 Configuration Example of NTP Multicast Mode
This operation enables you to configure NTP multicast mode on the MA5600, so as to implement
14.4 Configuration Example of NTP Server/Client Mode
This operation enables you to configure NTP server/client mode on the MA5600, so as to
implement clock synchronization among network devices.
14.5 Configuration Example of NTP Peer Mode
This operation enables you to configure NTP peer mode on the MA5600, so as to implement
14.6 Configuring the NTP ID Authentication
This operation enables you to configure NTP ID authentication so as to enhance network security
and avoid unauthorized clock modification.
14.7 Configuring the NTP Master Clock
This operation enables you to configure the NTP master clock.
14.8 Configuring NTP Broadcast Mode
This section describes how to configure the MA5600 as NTP broadcast server mode and NTP
broadcast client mode.
14.9 Configuring the NTP Multicast Mode
This operation enables you to configure the NTP multicast server or client mode.
14.10 Configuring NTP Server/Client Mode

14 Configuring NTP Configuration Guide
This operation enables you to define a remote server as the NTP server, and the local device as
the client.
14.11 Configuring NTP Peer Mode
This operation enables you to configure the MA5600 as the peer of a local device.
14.12 Configuring the Authority of Access to a Local Device's NTP Service
This operation enables you to configure the authority of access to a local device's NTP service.
14.13 Configuring an Interface for Transmitting/Receiving NTP Packets
This operation enables you to configure an interface for transmitting or receiving NTP packets.

14.1 Overview
This section describes the NTP concepts and its specification on the MA5600.
Service Description
Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite. NTP
is used to synchronize the time between the distributed time server and the client. The network
devices that support NTP keep their time consistent by exchanging NTP packets to implement
various service applications based on universal time, such as the network management system
and the network accounting system.
According to the time zone of the MA5600, NTP can synchronize the time with the NTP server.
In addition, NTP can automatically set the local time according to the time zone of the
MA5600.
For details on NTP, refer to the chapter "NTP" in the Feature Description.
There are four NTP modes:
l Server/client
l Peer
l Broadcast
l Multicast
The MA5600 supports all these modes.
14.2 Configuration Example of NTP Broadcast Mode

This operation enables you to configure NTP broadcast mode on the MA5600, so as to implement
Prerequisite
The time zone of the MA5600 is already configured. For details, refer to the "3.3.5 Setting
System Time".
Networking
Figure 14-1 shows a sample network for configuring NTP broadcast mode.

Figure 14-1 Sample network for configuring the NTP broadcast mode
IP
LSW
VLAN interface 2 VLAN interface 2

1.1.1.1/24 1.1.1.2/24
MA5600_A MA5600_B
An MA5600 serves as an NTP broadcast server, and periodically sends clock synchronization
packets to destination 255.255.255.255. The other MA5600 serves as a client to intercept the
broadcast packets from the server, and then synchronizes its clock with that of the server.
Data Plan
Table 14-1 lists the data plan for configuring NTP broadcast mode.
Table 14-1 Data plan for configuring NTP broadcast mode
Item Data
MA5600_A VLAN ID: 2

IP address of L3 interface 1: 1.1.1.1
Clock: Selects the local clock as the NTP master clock at stratum
2.
MA5600_B VLAN ID: 2

IP address of L3 interface 2: 1.1.1.2
Clock: Follows the clock of the broadcast server.
Context
l The network devices and the line must be in the normal state.
l The clock stratum of the synchronizing device must be equal to or lower than that of the
synchronized device. Otherwise, clock synchronization fails.
Figure 14-2 shows the flowchart for configuring NTP broadcast mode.

Figure 14-2 Flowchart for configuring NTP broadcast mode
Start
Configure broadcast server
Configure broadcast client
End
Procedure
l Configure the NTP broadcast server MA5600_A.
1. Define the local clock of MA5600_A as the master NTP clock at stratum 2.
huawei(config)#ntp-service refclock-master 2
2. Enable NTP authentication.

huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 88 authentication-mode
md5 123456
huawei(config)#ntp-service reliable authentication-keyid 88
3. Add a layer 3 virtual port.

4. Define the master NTP clock as the NTP broadcast server and specify the
authentication ID.
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-key
88
5. Save the data.

huawei(config)#save
l Configure the NTP broadcast client MA5600_B.

1. Enable NTP authentication.
md5 123456

3. Define MA5600_B as a broadcast client.

huawei(config-if-vlanif2)#ntp-service broadcast-client
4. Save the data.

huawei(config)#save
----End

Result
Follow the steps below to verify the configuration:
1. After synchronization, show the state of MA5600_B.
huawei(config)#display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 1.1.1.1
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 996.5820 ms
root delay: 0.00 ms
root dispersion: 10.45 ms
peer dispersion: 10.93 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
According to the above configurations, the clock of MA5600_B is at stratum of 3, and is

synchronized with that of MA5600_A.
2. Display the sessions of MA5600_B.
huawei(config)#display ntp-service sessions
{ <cr>|verbose<K> }:
Command:
display ntp-service sessions
source reference stra reach poll now offset delay
disper
******************************************************************************
**
[1234]1.1.1.1 LOCAL(0) 2 376 64 27 991.1 0.0
1.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
By analyzing the sessions of MA5600_B, you can find that MA5600_B has been connected
to MA5600_A.
14.3 Configuration Example of NTP Multicast Mode

This operation enables you to configure NTP multicast mode on the MA5600, so as to implement
Prerequisite
System Time".
Networking
Figure 14-3 shows a sample network for configuring NTP multicast mode.

Figure 14-3 Sample network for configuring NTP multicast mode
IP
LSW

1.1.1.1/24 1.1.1.2/24
MA5600_A MA5600_B
MA5600_A sends multicast packets through VLAN interface 2 while MA5600_B intercepts
multicast information from VLAN interface 2. After receiving multicast packets from
MA5600_A, MA5600_B synchronizes with MA5600_A.
Data Plan
Table 14-2 lists the data plan for configuring NTP multicast mode.
Table 14-2 Data plan for configuring NTP multicast mode

Item Data
MA5600_A IP address of L3 interface 2: 1.1.1.1/24
Clock: Selects the local clock as the NTP master clock at stratum
2.
MA5600_B IP address of L3 interface 2: 1.1.1.2/24
Clock: Follows the clock of the multicast server.
Context
The stratum of the NTP server must be higher than or equal to that of the NTP client. Otherwise,
the synchronization fails.
Figure 14-4 shows the flowchart for configuring NTP multicast mode.

Figure 14-4 Flowchart for configuring NTP multicast mode
Start
Configure multicast server
Configure multicast client
End
Procedure
l Configure the NTP multicast server MA5600_A.
1. Set the local clock as the master clock working in stratum 2.
2. Configure the NTP authentication.

md5 123456

4. Set MA5600_A as the multicast server and specify the authentication ID.
huawei(config-if-vlanif2)#ntp-service multicast-server authentication-
keyid 88
5. Save the data.

huawei(config)#save
l Configure the NTP multicast host MA5600_B.

1. Configure the NTP authentication.
md5 123456

3. Set MA5600_B as an NTP multicast client.

huawei(config-if-vlanif2)# ntp-service multicast-client
4. Save the data.

huawei(config)#save
----End

Result
1. After synchronization, display the state of MA5600_B.
clock stratum: 3
root delay: 0.00 ms
reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
According to the above configurations, the clock of MA5600_B, is at stratum of 3, and is

2. Display sessions of MA5600_B.
Command:
disper
******************************************************************************
**
[1234]1.1.1.1 LOCAL(0) 2 376 64 27 991.1 0.0
1.9
By analyzing the sessions of MA5600_B, you can find that MA5600_B has been connected
to MA5600_A.
14.4 Configuration Example of NTP Server/Client Mode

This operation enables you to configure NTP server/client mode on the MA5600, so as to
implement clock synchronization among network devices.
Prerequisite
System Time".
Networking
Figure 14-5 shows a sample network for configuring NTP server/client mode.

Figure 14-5 Sample network for configuring NTP server/client mode
IP
LSW

1.1.1.1/24 1.1.1.2/24
MA5600_A MA5600_B
An MA5600 serves as an NTP broadcast server, while the other MA5600 serves as a client. The
client sends the clock synchronization request to the server and the server synchronizes the clock
according to the request.
Data Plan
Table 14-3 shows the data plan for configuring NTP server/client mode.
Table 14-3 Data plan for configuring NTP server/client mode

Item Data
MA5600_A IP address of VLAN interface 2: 1.1.1.1/24
Clock: Selects the local clock as the NTP master clock at

stratum 2.
MA5600_B IP address of VLAN interface 2: 1.1.1.2/24
Clock: Selects MA5600_A as the NTP server.
Context
The stratum of the NTP server must be higher than or equal to that of the NTP client. Otherwise,
the synchronization fails.
Figure 14-6 shows the flowchart for configuring NTP server/client mode.

Figure 14-6 Flowchart for configuring NTP server/client mode
Start
Is there a clock No
reference?
Yes
Configure the NTP master clock
No
Configure authentication?
Yes
Configure NTP authentication
No
Configure a layer 3 interface?
Yes
Configure NTP server/client mode
End
NOTE
l When the MA5600 functions as a time server, the layer 3 interface needs to be configured.
l If any other network device supporting NTP serves as a time server, whether the layer 3 interface needs
to be configured depends on the features of the device.
Procedure
l Configure the NTP server MA5600_A.
1. Set the local clock as the master clock working in stratum 2.

3. Save the data.

huawei(config)#save
l Configure the client MA5600_B.


2. Specify the IP address of MA5600_A and specify it as the server.

huawei(config)#ntp-service unicast-server 1.1.1.1
3. Save the data.

huawei(config)#save
----End
Result
1. Before synchronization, display the state of MA5600_B.
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
root delay: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
2. After synchronization, display the state of MA5600_B.

clock stratum: 3
root delay: 8.18 ms
reference time: 11:06:39.203 UTC May 14 2005(C6305A3F.3422EE41)
According to the above configurations, the clock of MA5600, is at stratum of 3, and is

3. Display the sessions of MA5600_B. By analyzing the sessions of MA5600_B, you can find
that MA5600_B has been connected to MA5600_A.
Command:
disper
**************************************************************************
[12345]1.1.1.1 LOCAL(0) 2 177 64 62 -1.0 6.9
2.8

14.5 Configuration Example of NTP Peer Mode

This operation enables you to configure NTP peer mode on the MA5600, so as to implement
Prerequisite
System Time".
Networking
Figure 14-7 shows a sample network for configuring NTP peer mode.
Figure 14-7 Sample network for configuring NTP peer mode
IP
LSW

1.1.1.1/24 1.1.1.2/24
MA5600_A MA5600_B
One MA5600 serves as an NTP active peer, while the other MA5600 serves as the passive peer.
The active peer sends a clock synchronization request to the passive peer, and then the passive
peer responds to the request. In this case, the peer with a higher clock stratum is synchronized
by the peer with a lower clock stratum.
Data Plan
Table 14-4 lists the data plan for configuring NTP peer mode.
Table 14-4 Data plan for configuring NTP peer mode
Item Data
MA5600_A IP address of VLAN interface 2: 1.1.1.1/24
Clock: Selects the local clock as the NTP master clock at

stratum 2.
MA5600_B IP address of VLAN interface 2: 1.1.1.2/24

Item Data
Clock: Selects MA5600_B as the peer.
Figure 14-8 shows the flowchart for configuring NTP peer mode.
Figure 14-8 Flowchart for configuring NTP peer mode
Start
Is there a clock No
reference?
Yes
Configure the NTP master clock
No
Configure authentication?
Yes
Configure NTP authentication
No
Configure a layer 3 interface?
Yes
Configure NTP peer mode
End
Procedure
l Configure the server MA5600_A.
1. Set the local clock as the NTP master clock in stratum 2.



3. Set MA5600_B as the peer.

huawei(config)#ntp-service unicast-peer 1.1.1.2
4. Save the data.

huawei(config)#save
l Configure the MA5600_B as the passive peer.

2. Save the data.

huawei(config)#save
----End
Result
According to the above configurations, MA5600_A and MA5600_B are defined as peers.
MA5600_A works in active peer mode, and MA5600_B works in passive peer mode. By default,
the system clock is at stratum 16, so the clock of MA5600_B is at stratum 16. The clock of
MA5600_A is at stratum 2. Therefore, MA5600_B turns to MA5600_A for clock
synchronization.
You can verify the configuration through the following steps:
1. Check the state of the MA5600_B before synchronization.

clock stratum: 16
root delay: 8.18 ms
2. Check the state of the MA5600_B after the synchronization.

clock stratum: 3
root delay: 8.18 ms
MA5600_A has been synchronized with MA5600_B, and the stratum of MA5600_B is 3, an
increase of 1 on that of MA5600_A.

NOTE
Whether the active peer synchronizes with the passive peer or the passive peer synchronizes with active
peer is determined by the clock stratum rather than the active or the passive state.
14.6 Configuring the NTP ID Authentication

This operation enables you to configure NTP ID authentication so as to enhance network security
and avoid unauthorized clock modification.
Context
l If the NTP authentication is disabled on the client, the client can turn to the server for clock
synchronization, regardless of whether the NTP authentication is enabled on the server.
l If NTP authentication is enabled, a reliable key shall be configured.
l The configuration of the server shall be consistent with that of the client.
l If NTP is enabled on the client, the client can pass the authentication by the server, as long
as the server is configured with the same key as that of the client, regardless of whether
NTP authentication is enabled on the server or its key is reliable.
l The client synchronizes the server that provides the reliable key. If the server provides an
unreliable key, the client does not synchronize the server.
Figure 14-9 shows the flowchart for configuring the NTP server/client mode with ID
authentication.
Figure 14-9 Flowchart for configuring the NTP server/client mode with ID authentication
Start
Enable ID authentication for

NTP server
Set an ID authentication key

for the NTP server
Define the key as a reliable

key
End
Procedure
Step 1 Run the ntp-service authentication enable command to enable the NTP ID authentication.
Step 2 Run the ntp-service authentication-keyid command to set a key for the ID authentication.

Step 3 Run the ntp-service reliable authentication-keyid command to define the key as a reliable
one.
Step 4 Run the display current-configuration section command to query the current configuration of
the system.
----End
Example
To enable NTP ID authentication, configure the NTP configuration key as aNiceKey with key
number of 42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5
aNiceKey
huawei(config)#display current-configuration section post-system
[MA5600V300R003: 3002]
#
[post-system]
<post-system>
ip route-static 0.0.0.0 0.0.0.0 10.71.55.1
ip route-static 2.2.2.2 255.255.255.255 10.1.1.2
ip route-static 2.2.2.2 255.255.255.255 20.1.1.2
#
static-lsp ingress tunnel-interface tunnel1 destination 2.2.2.2 nexthop 10.1.1
.2 out-label 8200
static-lsp ingress tunnel-interface tunnel2 destination 2.2.2.2 nexthop 20.1.1
.2 out-label 8210
#
snmp-agent local-engineid 000007DB0300E0FC590001
snmp-agent sys-info version v1 v2c
snmp-agent group v3 group authentication read-view internet
snmp-agent usm-user v3 user group authentication-mode md5
5B35F3BA2B65CA9D4A35CC868E5963CF privacy-mode des56
B889728872508FA68D4C91595D092958
snmp-agent
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 X&9#$^U(!:[Q=^Q`
MAF4<1!!
ntp-service reliable authentication-keyid 42
#
ssh user op authentication-type password
ssh user user authentication-type password
ssh user test authentication-type password
#
tunnel-policy policy10
#
return
Related Operation
Table 14-5 lists the related operations for configuring NTP ID authentication.
Table 14-5 Related operations for configuring NTP ID authentication
Disable NTP ID undo ntp-service authentication enable

authentication

Remove the NTP undo ntp-service authentication-keyid

authentication key
Cancel a key as a reliable one undo ntp-service reliable authentication-keyid
Display the NTP service status display ntp-service status
14.7 Configuring the NTP Master Clock

This operation enables you to configure the NTP master clock.
Context
l The IP address of the local reference lock is set to 127.127.t.u, in which:
t ranges from 0 to 37 but is currently 1.

u ranges from 0 to 3, representing the NTP process number.
l With no IP address specified, by default, local clock 127.127.1.0 serves as the NTP master
clock.
l Clock stratum represents clock accuracy. The clock stratum number ranges 1–15. The initial
value is 16 before it is configured. The clock at stratum 1 is of the highest accuracy. The
larger the clock stratum number, the lower the clock accuracy.
Procedure
Step 1 Run the ntp-service refclock-master command to configure the NTP master clock.
Step 2 Run the display ntp-service status command to query the NTP status information.
----End
Example
To define the clock of a local device as the master NTP clock at stratum 2 and specify the IP
address as 127.127.127.0, do as follows:
huawei(config)#ntp-service refclock-master 127.127.1.0 2
clock stratum: 2
reference clock ID: LOCAL(0)
root delay: 0.00 ms
reference time: 13:41:41.065 UTC Feb 14 2006(C79C5C95.10ADBC66)
Related Operation
Table 14-6 lists the related operation for configuring the NTP master clock.

Table 14-6 Related operation for configuring the NTP master clock
Cancel the NTP master clock undo ntp-service refclock-master
14.8 Configuring NTP Broadcast Mode

This section describes how to configure the MA5600 as NTP broadcast server mode and NTP
broadcast client mode.
14.8.1 Configuring NTP Broadcast Server Mode
This operation enables you to configure the MA5600 as the NTP broadcast server.
14.8.2 Configuring NTP Broadcast Client Mode
This operation enables you to configure the MA5600 as the NTP broadcast client.
14.8.1 Configuring NTP Broadcast Server Mode

This operation enables you to configure the MA5600 as the NTP broadcast server.
Context
l This task is to specify an interface on the local device to transmit NTP broadcast packets.
The local device operates in broadcast-server mode, and serves as a broadcast server to
broadcast packets to its clients regularly.
l Perform this operation on the interface where the NTP broadcast packets are to be
transmitted.
Procedure
Step 2 Run the ntp-service broadcast-server command to configure the NTP broadcast server mode.
the system.
----End
Example
To define VLAN interface 2 on a local device to transmit NTP broadcast packets which are
encrypted by key 88, do as follows:
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-keyid 88
huawei(config)#display current-configuration section vlanif
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif10>
interface vlanif10
ip address 10.1.1.1 255.255.255.0
mpls

mpls te
#
<vlanif30>
interface vlanif30
ntp-service broadcast-server authentication-keyid 88
#
return
Related Operation
Table 14-7 lists the related operations for configuring NTP broadcast server mode.
Table 14-7 Related operations for configuring NTP broadcast server mode
Cancel the broadcast server undo ntp-service -

configuration broadcast-server
Display NTP service trace display ntp-service trace Synchronize NTP server chain
from the local device to the
reference clock source, and
display brief information on
each NTP server.
Display the state of sessions display ntp-service -

maintained by NTP service sessions
Enable NTP debugging debugging ntp-service -
14.8.2 Configuring NTP Broadcast Client Mode

This operation enables you to configure the MA5600 as the NTP broadcast client.
Context
l The local device first detects the broadcast packets from the server. When receiving the
first broadcast packet, it enters the client/server mode briefly to exchange packets with a
remote server for estimating the network delay. The local device then enters the broadcast
client mode, continues detecting the broadcast packets, and synchronizes the local clock
according to the received broadcast packets.
l Perform this operation on the interface where the NTP multicast packets are to be
transmitted.
Procedure
Step 2 Run the ntp-service broadcast-client command to configure NTP broadcast client mode.
Step 3 Run the display ntp-service status command to query the NTP information.
----End

Example
To specify a local device as a broadcast client to receive broadcast packets through VLAN
interface 2, do as follows:
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei#display ntp-service status
clock stratum: 3
nominal frequence: 100.0000 Hz
actual frequence: 100.0000 Hz
root delay : 372.66 ms
peer disper: 10.83 ms
reference time: 04:01:11.344 UTC May 16 2003(C26EE107.5847A17F)
Related Operation
Table 14-8 lists the related operations for configuring NTP broadcast client mode.
Table 14-8 Related operations for configuring NTP broadcast client mode
To... Run the Command…
Cancel the broadcast client configuration undo ntp-service broadcast-client
Display NTP service trace display ntp-service trace
14.9 Configuring the NTP Multicast Mode

This operation enables you to configure the NTP multicast server or client mode.
Context
Working principle of NTP multicast server is as follows:
l The multicast server sends clock synchronization packets to multicast destination IP

address 224.0.1.1. The client detects the multicast packets and synchronizes the local clock
according to the packets.
Working principles of NTP multicast client are as follows:
l The local device first detects the multicast packets from the server. When receiving the first
multicast packet, it enters the client/server mode briefly to switch packets with a remote
server for estimating the network delay.
l The local device enters multicast client mode, continues to detect the multicast packets,
and synchronizes the local clock according to the received multicast packets.
Note that:

l The server and the client can be configured only on the interface where the NTP multicast
packets are to be transmitted or received.
l In multicast mode, the NTP configurations must be performed on both the server and the
client. The client must be synchronized by the clock of the server.
Procedure
Step 1 Run the interface vlanif command to enter the layer 3 interface mode.
Step 2 Run the ntp-service multicast-server command to configure the NTP multicast mode.
----End
To define a local device as multicast server to transmit multicast packets through VLAN interface
2, do as follows:
huawei(config-if-vlanif2)#ntp-service multicast-server
UA5000(config)#display ntp-service status
clock stratum: 2
root delay: 0.00 ms
reference time: 21:57:54.244 UTC Sep 9 2006(C8ADB762.3E7CD035)
To define a local device as multicast client to receive multicast packets through VLAN interface
2, do as follows:
huawei(config-if-vlanif2)#ntp-service multicast-client
UA5000(config)#display ntp-service status
clock stratum: 2
root delay: 0.00 ms
reference time: 22:00:03.537 UTC Sep 9 2006(C8ADB7E3.89A7E308)
Related Operation
Table 14-9 lists the related operations for configuring the NTP multicast mode.

Table 14-9 Related operations for configuring the NTP multicast mode
Cancel the multicast server configuration undo ntp-service multicast-server
Cancel the multicast client configuration undo ntp-service multicast-client
Display NTP service trace display ntp-service trace
14.10 Configuring NTP Server/Client Mode

This operation enables you to define a remote server as the NTP server, and the local device as
the client.
Context
l The client sends the clock synchronization request to the server. After receiving the request,
the server automatically works in server mode and then sends the response. After receiving
the response from the server, the client filters and selects the clock, and synchronizes the
preferred server.
l In this mode, only the local client initiates the clock synchronization with the remote server,
while the remote server does not.
Procedure
Step 1 Run the ntp-service unicast-server command to configure the NTP server/client mode.
----End
Example
To specify the device with the IP address of 1.0.1.11 as the NTP server and the version as 3for
the client, do as follows:
huawei(config)#ntp-service unicast-server 1.0.1.11 version 3
clock stratum: 16
root delay: 0.00 ms
Related Operation
Table 14-10 lists the related operations for configuring NTP server/client mode.

Table 14-10 Related operations for configuring NTP server/client mode
Cancel a specified NTP server undo ntp-service unicast-server
Set the max. local session number ntp-service max-dynamic-sessionsnumber
Restore the default setting of maximum undo ntp-service max-dynamic-sessions

local sessions
14.11 Configuring NTP Peer Mode

This operation enables you to configure the MA5600 as the peer of a local device.
Context
l The active peer sends the clock synchronization request to the passive peer. After receiving
the request, the other peer automatically works in passive peer mode and sends the response.
Both the active peer and the passive peer synchronize their clocks mutually.
l In NTP peer mode, the NTP configuration is performed only on the active peer.
l The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Procedure
Step 1 Run the ntp-service unicast-peer command to configure NTP peer mode.
----End
Example
To specify the remote device with IP address of 3.0.1.32 as the peer of the local device, do as
follows:
huawei(config)#ntp-service unicast-peer 3.0.1.32
clock stratum: 16
root delay: 0.00 ms
Related Operation
Table 14-11 lists the related operation for configuring NTP peer mode.

Table 14-11 Related operation for configuring NTP peer mode

Cancel the specified NTP peer undo ntp-service unicast-peer
14.12 Configuring the Authority of Access to a Local

Device's NTP Service
This operation enables you to configure the authority of access to a local device's NTP service.
Prerequisite
The ACL applied already exists.
Context
By default, access to a local device's NTP service is not controlled. With this configuration,
when there is an access request, the request will be matched with peer, query, server, and
synchronization in descending order. The first matched authority will be granted.
l peer: authority for absolute access
l query: control and query authority.
l server: authority for server's access and query
l synchronization: authority for only the server's access
Procedure
Step 1 Run the ntp-service access command to configure the authority of access to a local device's
NTP service.
the system.
----End
Example
To configure the authority of access to a local device's NTP service as "peer", and the ACL
applied as 2000, do as follows:
huawei(config)#ntp-service access peer 2000
huawei(config)#display current-configuration section post-system
[MA5600V300R003: 3002]
#
[post-system]
<post-system>
ip route-static 0.0.0.0 0.0.0.0 10.71.55.1
ip route-static 2.2.2.2 255.255.255.255 10.1.1.2
ip route-static 2.2.2.2 255.255.255.255 20.1.1.2
#
snmp-agent local-engineid 000007DB0300E0FC590001
snmp-agent sys-info version v1 v2c

snmp-agent group v3 group authentication read-view internet

snmp-agent usm-user v3 user group authentication-mode md5
5B35F3BA2B65CA9D4A35CC868E5963CF privacy-mode des56
B889728872508FA68D4C91595D092958
snmp-agent
#
ntp-service authentication enable
ntp-service access peer 2000
ntp-service authentication-keyid 42 authentication-mode md5
X&9#$^U(!:[Q=^Q`MAF4<1!!
ntp-service reliable authentication-keyid 42
#
ssh user op authentication-type password
ssh user user authentication-type password
ssh user test authentication-type password
#
tunnel-policy policy10
#
return
Related Operation
Table 14-12 lists the related operations for configuring the authority of access to a local device's
NTP service.
Table 14-12 Related operations for configuring the authority of access to a local device's NTP
service
Cancel the NTP access undo ntp-service access

authority configuration
Configure the maximum ntp-service max-dynamic-sessions [number]

number of dynamic sessions
that can be set up on a local
device
Cancel the configuration of undo ntp-service max-dynamic-sessions

maximum number of dynamic
sessions that can be set up on
a local device
14.13 Configuring an Interface for Transmitting/Receiving

NTP Packets
This operation enables you to configure an interface for transmitting or receiving NTP packets.
Prerequisite
The applied ACL has been existed.

Context
l Once an interface is specified through the ntp-service source-interface command, the IP
address of the interface is also the IP address of the packets.
l If the ntp-service unicast-server or ntp-service unicast-peer command also specifies a
transmit interface, this transmit interface prevails.
Procedure
Run the ntp-service source-interface command to specify an interface for transmitting NTP
packets.
----End
Example
To specify interface MEth 0 for transmitting NTP packets, do as follows:
huawei(config)#ntp-service source-interface meth 0
Related Operation
Table 14-13 lists the related operations for configuring an interface for transmitting or receiving
NTP packets.
Table 14-13 Related operations for configuring an interface for transmitting or receiving NTP
packets
To... Run the Command… Remarks
Cancel the local transmit or undo ntp-service source- -

receive interface interface
Disable an interface from ntp-service in-interface disable In corresponding

receiving NTP packets interface config mode
Enable an interface to receive undo ntp-service in-interface In corresponding

NTP packets disable interface config mode

Configuration Guide 15 Configuring MAC Address
15 Configuring MAC Address
About This Chapter
This chapter describes how to configure the MAC address and MAC address pool on the
MA5600.
15.1 Overview
This chapter describes MAC address and its application to the MA5600.
15.2 Adding a Static MAC Address
This operation enables you to add a static MAC address.
15.3 Setting the Maximum MAC Address Number Learned by a Service Port
This operation enables you to set the maximum MAC address number learned by a service port.
This helps to restrict the number of users connected to the port.
15.4 Configuring the Aging Time of a Dynamic MAC Address
This operation enables you to configure the aging time of a dynamic MAC address.
15.5 Binding the MAC Address
This operation enables you to bind a service port with a MAC address.
15.6 Configuring MAC Address Filtering
This operation enables you to configure the function of MAC address filtering to filter the packets
with the source MAC address as the specified one.
15.7 Configuring the MAC Address Pool
This operation enables you to configure the MAC address pool.

15 Configuring MAC Address Configuration Guide
15.1 Overview
This chapter describes MAC address and its application to the MA5600.
Service Description
To meet the needs of bearing multiple services, the MA5600 supports the MAC address lists
and the MAC address pool.
The MAC address lists of the MA5600 is capable of learning new MAC addresses. If the source
MAC address of a packet does not exist in the list, the MA5600 can add the source MAC address
and the port number of the received packet to the list as a new item.
Dynamic MAC addresses in the MAC address list also features the aging function. The
MA5600 deletes the associated address items of a device that has not sent any packet with this
source MAC address for a certain period.
In IP over ATM (IPoA) or PPP over ATM (PPPoA) access, the MA5600 needs to convert the
IPoA/PPPoA packets into IP over Ethernet (IPoE)/PPP over Ethernet (PPPoE) packets. In this
case, the MAC address pool of the MA5600 needs to allocate MAC addresses to users, and add
ATM cells with the MAC address, that is, source MAC addresses (SMAC), so as to convert
ATM cells to Ethernet frames.
The MA5600 supports up to 1024 static MAC addresses.
The MA5600 supports up to 20 MAC address pools, but the total number of configurable MAC
addresses cannot exceed 1024.
The MA5600 supports up to 16384 MAC addresses including the dynamic MAC addresses and
static MAC addresses.
15.2 Adding a Static MAC Address

This operation enables you to add a static MAC address.
Context
l When you add a static MAC address and there exists the same dynamic MAC address in
the specified service channel or the upstream port of a specified VLAN, the dynamic MAC
address is overwritten by the static MAC address. A static MAC address cannot be added
if there exists a same static MAC address in the system.
l The configured static MAC address must be excluded from the MAC address pool. You
can run the display mac-pool command to check it.
l An upstream port which is included in different VLANs can be configured with the same
static MAC address.
Procedure
Step 1 Run the mac-address static command to add a static MAC address.

Step 2 Run the display mac-address static command to query the configured static MAC address.
----End
Example
To configure the MAC address of ADSL2+ port 0/2/0 (with VPI/VCI of 0/32) as
1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/2/0 vpi 0 vci 32 1010-1010-1010
huawei(config)#display mac-address static
---------------------------------------------------------------------------
Type MAC MAC Type F/S /P VPI VCI FLOWTYPE FLOWPARA VLANID
---------------------------------------------------------------------------
adl 1010-1010-1010 static 0/2/0 0 32 - - 3
---------------------------------------------------------------------------
Total: 1
Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or
VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port
or PON ID in gpon port
Related Operation
Table 15-1 lists the related operation for adding a static MAC address.
Table 15-1 Related operation for adding a static MAC address
Delete a static MAC address undo mac-address static
15.3 Setting the Maximum MAC Address Number Learned

by a Service Port
This operation enables you to set the maximum MAC address number learned by a service port.
This helps to restrict the number of users connected to the port.
Context
l By default, the maximum MAC address number learned by a service port is 255.
l The maximum MAC address number learned by a service port does not include the
configured static MAC addresses.
Procedure
Step 1 Run the mac-address max-mac-count command to set the maximum MAC address number
learned by a service port.
Step 2 Run the display mac-address max-mac-count command to query the configured maximum
MAC address number learned by the service port.
----End

Example
To set the maximum MAC address number learned by service port 0/2/0 with VLAN ID of 10
at the user side as 10, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 32 user-vlan 10 10
huawei(config)#display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 32 user-vlan
10
Command:
display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 32 user-vlan 10
----------------------------------------------------------------------------
Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number
----------------------------------------------------------------------------
adl 0/2/0 0 32 10 user-vlan 10 10
----------------------------------------------------------------------------
or PON ID in gpon port
15.4 Configuring the Aging Time of a Dynamic MAC

Address
This operation enables you to configure the aging time of a dynamic MAC address.
Context
l To effectively realize the aging function of dynamic MAC addresses, you need to configure
the aging time. If a device has not transmitted any packet during the period which is the
one to double of the aging time, the MA5600 deletes the MAC address of the device from
the MAC address list.
l By default, the aging time is 300s. In general, the default value is recommended.
l If the aging time is set too short, a dynamic MAC address is deleted very soon. As a result,
the data packets associated with the address are broadcast to all the ports in a VLAN due
to the failure to find the destination address, thus affecting the running efficiency of the
MA5600.
l On the other hand, if the aging time is set too long, the MA5600 cannot update its MAC
address list according to the network change. Consequently, if the number of MAC
addresses learnt on the specified port reaches the maximum value, packets with new MAC
addresses are directly discarded due to failure to find the destination address.
l The address aging function is only effective to dynamic MAC addresses.
Procedure
Step 1 Run the mac-address timer command to configure the aging time of a dynamic MAC address.
Step 2 Run the display mac-address timer command to query the configured aging time of the
dynamic MAC address.
----End
To set the aging time of a dynamic MAC address as 500s, do as follows:

huawei(config)#mac-address timer 500
huawei(config)#display mac-address timer
MAC aging time: 500s

To configure no aging time of a dynamic MAC address, do as follows:

huawei(config)#mac-address timer no-aging
huawei(config)#display mac-address timer
MAC aging time: No aging

Context
The MA5600 does not support binding a MAC address directly. By configuring a static MAC
address entry and setting the maximum address count to 0, you can bind a port with a MAC
address.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/2/0 is 1010-1010-1010, and the
maximum address count is 0, to bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35
----------------------------------------------------------------------------
----------------------------------------------------------------------------
adl 0/2/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
or PON ID in epon port

Context
The system supports up to four filtering MAC addresses.

Procedure
Step 1 Run the security mac-filter command to configure MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End
Example
To configure the MAC address 1000-0000-0000 as the filtering MAC address, do as follows:
huawei(config)#security mac-filter 1000-0000-0000
huawei(config)#display security mac-filter
--------- Mac Address ---------
1000-0000-0000
---- 1 mac address found ----
Related Operation
Table 15-2 lists the related operation for configuring MAC address filtering.
Table 15-2 Related operation for configuring MAC address filtering
Delete the filtering MAC address undo security mac-filter
15.7 Configuring the MAC Address Pool

This operation enables you to configure the MAC address pool.
Context
l The system supports up to 20 MAC address pools and totally 1024 MAC addresses.
l The configured static MAC address must be excluded from the MAC address pool to be
configured. You can run the display mac-address static command to check it.
l A MAC address pool cannot contain the MAC address of the control board.
l When adding a MAC address pool, you do not need to specify the index and range of the
MAC address pool. By default, the range is 256.
You need to configure the MAC address pool in one of the following two cases:
l The user modem adopts the IPoA access mode, and the MA5600 adopts the IPoA or Auto
encapsulation mode.
l The user modem adopts the PPPoA access mode, and the MA5600 adopts the PPPoA or
Auto encapsulation mode.
Procedure
Step 1 Run the mac-pool command to configure the MAC address pool.

Step 2 Run the display mac-pool command to query the added MAC address pool.
----End
Example
To add a MAC address pool with the index of 0, the start MAC address of 1000-0000-0000, and
the address count of 800, do as follows:
huawei(config)#mac-pool 0 1000-0000-0000 800
huawei(config)#display mac-pool all
Current allocation method of MAC addresses: manual
User-configured MAC pools :
----------------------------------------------------------------
Index StartMAC EndMAC Scope UsedNum
----------------------------------------------------------------
0 1000-0000-0000 1000-0000-031f 800 0
----------------------------------------------------------------
MAC pools : 1, MAC addresses :800, Addresses in use : 0

Configuration Guide 16 Configuring TCP/IP Connection
16 Configuring TCP/IP Connection
About This Chapter
This chapter describes how to configure the TCP&IP connection on the MA5600.
16.1 Overview
This chapter describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application to the MA5600.
16.2 Basic Concepts
This section describes concepts of synwait timer and finwait timer.
16.3 Configuring the Synwait Timer
This operation enables you to configure the synwait timer.
16.4 Configuring the Finwait Timer
This operation enables you to configure the finwait timer.
16.5 Configuring the Socket Buffer
This operation enables you to configure the size of the socket transmit and receive buffer.
16.6 Enabling the TCP Debugging
This operation enables the TCP debugging.
16.7 Enabling the IP Packets Debugging
This operation enables the IP packets debugging.

16 Configuring TCP/IP Connection Configuration Guide
16.1 Overview
This chapter describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection
attributes and the application to the MA5600.
Service Description
The MA5600 supports TCP/IP.
TCP connection configuration involves:
l Configuring the synwait timer
l Configuring the finwait timer
l Configuring the socket buffer
l Enabling the TCP debugging
IP connection involves enabling the IP packets debugging.
16.2 Basic Concepts

This section describes concepts of synwait timer and finwait timer.
Synwait Timer
When the synchronization (SYN) packet is sent, TCP enables the synwait timer. If no
acknowledgement (ACK) packet is received before time specified by the synwait timer, the TCP
connection will be terminated.
Finwait Timer
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer
is enabled.
If no FIN packet is received before the time specified by the finwait timer, the TCP connection
will be dropped.
16.3 Configuring the Synwait Timer

This operation enables you to configure the synwait timer.
Context
The timeout time of synwait timer ranges from 2s to 600s. The default is 75s.
Procedure
Run the tcp timer syn-timeout command to configure the synwait timer.
----End

Example
To set the TCP timer time as 100s, do as follows:
huawei(config)#tcp timer syn-timeout 100
Related Operation
Table 16-1 lists the related operation for configuring the synwait timer.
Table 16-1 Related operation for configuring the synwait timer

Restore the default setting of the syswait undo tcp timer syn-timeout
timer
16.4 Configuring the Finwait Timer

This operation enables you to configure the finwait timer.
Context
The timeout time of finwait timer ranges from 76s to 3600s. The default is 675s.
Procedure
Run the tcp timer fin-timeout command to configure the finwait timer.
----End
Example
To set the time of finwait timer as 200s, do as follows:
huawei(config)#tcp timer fin-timeout 200
Related Operation
Table 16-2 lists the related operation for configuring the finwait timer.
Table 16-2 Related operation for configuring the finwait timer

Restore the default setting of finwait undo tcp timer fin-timeout

timer
16.5 Configuring the Socket Buffer

This operation enables you to configure the size of the socket transmit and receive buffer.

Context
The buffer size ranges from 1 KB to 32 KB. The default is 4 KB.
Procedure
Run the tcp window command to set the size of the socket transmit & receive buffer.
----End
Example
To set the size of the socket transmit & receive buffer as 12 KB, do as follows:
huawei(config)#tcp window 12
Related Operation
Table 16-3 lists the related operation for configuring the socket buffer.
Table 16-3 Related operation for configuring the socket buffer
Restore the default setting of the socket undo tcp window

buffer
16.6 Enabling the TCP Debugging

This operation enables the TCP debugging.
Context
After the terminal monitor and terminal debugging function are enabled, the related
information will be displayed on the terminal.
By default, the terminal monitor and terminal debugging functions are disabled.
Procedure
Run the debugging tcp packet command to enable the TCP debugging.
----End
Example
To enable the TCP debugging, do as follows:
huawei(config)#debugging tcp packet

Related Operation
Table 16-4 lists the related operations for enabling the IP packets debugging.
Table 16-4 Related operations for enabling the IP packets debugging
Disable the TCP debugging undo debugging tcp { packet | event |

md5 }
Enable/Disable the switch for displaying the (undo) terminal monitor

debugging/log/alarm information at the
terminal
Enable/Disable output of the debugging (undo) terminal debugging

information on the terminal
16.7 Enabling the IP Packets Debugging

This operation enables the IP packets debugging.
Context
After the terminal monitor and terminal debugging function are enabled, the related
information will be displayed on the terminal.
By default, the terminal monitor and terminal debugging functions are disabled.
Procedure
Run the debugging ip packet command to enable the IP packets debugging.
----End
Example
To enable the IP packets debugging, do as follows:
huawei(config)#debugging ip packet
*0.24271340 MA5600-42 IP/8/debug_case:
Receiving, interface = vlanif3000, version = 4, headlen = 20, tos = 192,
pktlen = 70, pktid = 35614, offset = 0, ttl = 1, protocol = 17,
checksum = 17131, s = 10.11.0.209, d = 224.0.0.2
prompt: Receiving IP packet
Related Operation
Table 16-5 lists the related operations for enabling the IP packets debugging.

Table 16-5 Related operations for enabling the IP packets debugging

Disable the IP packets debugging undo debugging ip packet
Enable/Disable the ICMP debugging (undo) debugging ip icmp
Query the information about the IP layer display ip interface

interfaces
Enable/Disable the switch for displaying the (undo) terminal monitor

debugging/log/alarm information at the
terminal
Enable/Disable output of the debugging (undo) terminal debugging

information on the terminal

Configuration Guide 17 Configuring ACL
17 Configuring ACL
About This Chapter
The following lists the contents of this chapter.

17.1 Overview
This chapter describes access control list (ACL) and its applications to the MA5600.
17.3 Configuring the Basic ACL
This operation enables you to filter data packets that meet the source IP address conditions within
a certain period of time.
17.4 Configuring the Advanced ACL
This operation enables you to filter data packets that meet the source IP address and DSCP
conditions within a certain period of time.
17.5 Configuring the Layer 2 ACL
This operation enables you to filter data packets that meet the source MAC address, destination
MAC address, and VLAN ID conditions within a certain period of time.
17.6 Configuration Example of the Customized ACL
This operation enables you to filter data packets that meet the customized conditions within a
certain period of time.
17.7 Creating an ACL
This operation enables you to create a basic ACL, an advanced ACL, a layer 2 ACL or a
customized ACL.
17.8 Configuring a Time Range
This operation enables you to configure a time range, so as to specify the valid time of an ACL
rule.
17.9 Setting the Step
This operation enables you to modify the step of ACL rules when they are automatically
numbered.
17.10 Creating a Basic ACL Rule
This operation enables you to configure a basic ACL rule so that the device can filter data packets
according to the source IP address.

17 Configuring ACL Configuration Guide
17.11 Creating an Advanced ACL Rule

This operation enables you to configure an advanced ACL rule to filter data packets according
to such information as the source IP address, destination IP address, and IP bearer protocol type.
17.12 Creating a Layer 2 ACL Rule
This operation enables you to configure a layer 2 ACL rule to filter data packets according to
the link layer information such as the source MAC address, source VLAN ID, layer 2 protocol
type, layer 2 forward port, and destination MAC address.
17.13 Creating a Customized ACL Rule
This operation enables you to configure a customized ACL rule to filter data packets according
to any eight character strings (up to four bytes in a character string) in the first 80 bytes of the
layer 2 data frame.
17.14 Activating an ACL
This operation enables you to activate a configured ACL to validate it.

17.1 Overview
This chapter describes access control list (ACL) and its applications to the MA5600.
Service Description
An ACL carries out the packet filtering function. You can configure some matching rules on
network devices to filter unwanted data packets. With the matching rules, network devices can
permit or deny the matching data packets to pass. The classified traffic is the prerequisite for
carrying out Quality of Service (QoS).
For details on ACL, refer to the Feature Description ACL.
The MA5600 can ensure high QoS for user services based on the traffic rule classification,
measurement and scheduling policies. The MA5600 supports the following types of ACLs:
l Basic ACL
l Advanced ACL
l Layer 2 ACL
l Customized ACL
The MA5600 performs filtering, traffic mirroring, traffic limitation, priority queuing,
scheduling, redirection, and traffic measurement on packets filtered by ACL rules.
If ACL rules are delivered to user port of the MA5600, such as ADSL2+ port 0/1/0, then all
ADSL2+ ports in slot 1 of frame 0 filter packets; If ACL rules are delivered to an Ethernet port,
then only the Ether port filters packets.
For the basic, advanced or layer 2 ACL, the mask of the IP/MAC address is the inverse mask.
For the customized ACL, the mask of the IP/MAC address is the positive mask.
ACL Types
Table 17-1 describes the four types of ACLs.
Table 17-1 ACL types

ACL Type Numeral Range Feature
Basic ACL 2000–2999 Allows rule definition

according to L3 source IP
address.

ACL Type Numeral Range Feature
Advanced ACL 3000–3999 Allows rule definition

according to source address,
destination address, IP bearer
protocol type, TCP source
port, TCP destination port,
ICMP protocol type and
ICMP code.
Compared with the basic
ACL, the definition of the
advanced ACL is more
accurate, richer and more
flexible.
Layer 2 ACL 4000–4999 Allows rule definition

according to source MAC
address, source VLAN ID,
layer 2 protocol type, and
destination MAC address.
Customized ACL 5000–5999 Allows rule definition

according to any 32 bytes of
the first 80 bytes in a layer 2
frame.
Difference Between Matching Sequence and Configuration Sequence

ACL rule IDs are assigned in the same sequence as that an ACL is defined.
By default, the ID of the first ACL rule is 5, the ID of the second rule is 10, the ID of the third
rule is 15, and so on. This is called configuration sequence.
If a traffic stream reaches a device and matches with two or more ACL rules, which rule should
be followed to handle the traffic. This is determined by the matching sequence.
You can match the traffic with one group of ACL rules or with different groups of ACL rules.
Matching with One Group of ACL Rules

l If all rules in an ACL are activated at the same time, a rule defined later has a higher priority
than those defined earlier.
l If rules in an ACL are activated one by one, a rule activated earlier has higher priority than
those activated later.
Assume that ACL rule A denies all IP packets, and ACL rule B permits packets to a specific IP
address. Active the two rules at the same time. In this case, the two ACL rules conflict when
they are used to process packets to such specific IP address. Since ACL rule B is defined later,
it has higher priority over ACL rule A, so ACL rule B is chosen as the rule to handle the packets
to such a specific address.

Matching with Different Groups of ACL Rules

When matching the packets using different groups of ACL rules, the QoS action that is activated
later has a higher priority than the actions activated earlier.
Assume that ACL group A denies all IP packets, and ACL group B permits packets to a specific
IP address, QoS action A is based on ACL A, while QoS action B is based on ACL B. Activate
QoS action A first on a port, and then activate QoS action B on the same port. After that, all
packets are denied except the packets carrying the specific IP address. This is because that QoS
action B is activated later than QoS action A.
If QoS action B is activated first on the port, and QoS action A is activated later, all the IP packets
are denied.
Matching Sequence
When matching the packets using different groups of ACL rules, the QoS action that is activated
earlier has a higher priority than the actions activated later.
Assume that ACL group A filters all IP packets, and ACL group B permits packets to a specific
IP address, QoS action A is based on ACL A, while QoS action B is based on ACL B. Activate
QoS action A first on a port, and then activate QoS action B on the same port. After that, all IP
packets are filtered. This is because that QoS action B is activated later than QoS action A.
If QoS action B is activated first on the port, and QoS action A is activated later, all packets are
filtered except the packets carrying the specific IP address.
Default Matching Sequence

If a traffic stream does not match with any rule, the stream is processed according to a default
rule.
The default rule is to forward all the un-matched packets.
You can define a rule such as permit any or deny any for all ACLs so that any packet has a
rule to match.
Recommendations on Configuring ACL Rules

To use ACLs more efficiently, you can:
l Activate QoS actions consecutively if the QoS actions apply to the same ACL rule.
To enable traffic statistics and traffic limitation on packets that match with rule 10 of
ACL 2001, activate these two actions consecutively. The reason is that all QoS actions
based on the same rule share the same hardware resource.
l Activate QoS actions consecutively if the QoS actions have the same type of parameters
but different parameter values. This is because ACLs with the same parameters but different
values share the same hardware resource.
Assume that rule 10 of ACL 2000 denies packets from IP address 1.1.1.1, while rule 15
of ACL 2000 denies packets from IP address 2.2.2.2.
l The same type of parameter is used in configuring the two rules, only parameter values
differ. So the two rules use the same hardware resource, and have the same priority if they
are activated consecutively.

l When configuring an ACL group, comply with the principle that all ACLs within the group
have the same parameters but different values, as ACLs with the same parameters but
different values can share the same hardware resources. If a QoS based on an ACL group
is issued, the ACLs within the group will have the same priority. To offer different priorities
to rules of different ACL groups, comply with the preceding rules.
l The activated ACL rules will consume the hardware resources and share the hardware
resources with the protocol module (such as DHCP and IPoA) functions. In this case, the
hardware resources are insufficient.
Therefore, it is recommended to initiate the protocol module first and then activate ACL
rules in the data configuration.
If you fails to initiate a protocol module, handling it according to the steps given below:
– Check whether ACL rules occupy too many resources.

– If ACL rules occupy too many resources, deactivate or delete the ACL configurations
that are unimportant or not in the use, and then initiate the protocol module.

Service Traffic
The MA5600 supports four service types:
l Constant Bit Rate (CBR) service
l Real-Time Variable Bit Rate (rt-VBR) service
l Non-Real-Time Variable Bit Rate (nrt-VBR) service
l Unspecified Bit Rate (UBR) service
CBR
The CBR is used for connections that require static bandwidth and the highest priority. It features
high stability and low burst. Data services are delivered in a fixed period with the smallest burst.
The CBR applies to the circuit service, emulation voice service and video service. Peak Cell
Rate (PCR) is the only parameter required for applying the CBR service. The source end can
send cells at the PCR rate or a rate lower than PCR.
rt-VBR
The rt-VBR is delay-critical and jitter-critical. It applies to voice services and interactive video
services. Compared with the CBR service, the rt-VBR service is more tolerant to burst. The
source end can send the data at different rates.
Parameters required for rt-VBR service include:

l PCR
l Cell Delay Variation Tolerance (CDVT)
l Sustainable Cell Rate (SCR)
l Max. Burst Size (MBS)

nrt-VBR
The nrt-VBR is used for non-realtime services with burst nature. Compared with the rt-VBR
service, the nrt-VBR service has lower priority.
Parameters required for service application include:

l PCR
l CDVT
l SCR
l MBS
UBR
The UBR is applied to services with high burst and no real time requirement, such as FTP and
E-mail. UBR users only demand best-effort service without QoS requirement.
The network offers no QoS guarantee for the UBR service. When congestion occurs, UBR cells
are the first to be dropped. Error correction is carried out by the upper layer protocols.
Traffic Classes
The MA5600 supports four service types, which correspond to thirteen traffic classes as defined
in RFC 2514. Different traffic types require different parameters.Table 17-2 shows all traffic
classes and their parameter settings. In the following table, parameter is abbreviated as P.
Table 17-2 Mapping between the traffic classes and parameters
Service Traffic P1 P2 P3 P4
Type Class
CBR NO_CLP_N CLP01PCR - - -

O_SCR
NO_CLP_N CLP01PCR CDVT - -

O_SCR_CD
VT
CLP_TRAN CLP01PCR CDVT - -

SPARENT_
NO_SCR
rt_VBR CLP_TRAN CLP01PCR CLP01SCR MBS CDVT

SPARENT_
SCR
NO_CLP_S CLP01PCR CLP01SCR MBS CDVT

CR_CDVT
CLP_NO_T CLP01PCR CLP0SCR MBS CDVT

AGGING_S
CR_CDVT

Service Traffic P1 P2 P3 P4
Type Class
CLP_TAGG CLP01PCR CLP0SCR MBS CDVT

ING_SCR_
CDVT
nrt_VBR NO_CLP_S CLP01PCR CLP01SCR MBS -

CR
CLP_NO_T CLP01PCR CLP0SCR MBS -

AGGING_S
CR
CLP_TAGG CLP01PCR CLP0SCR MBS -

ING_SCR
UBR NO_CLP_N CLP01PCR - - -

O_SCR
NO_CLP_N CLP01PCR CLP01SCR MBS CDVT

O_SCR_CD
VT
NO_CLP_T CLP01PCR CDVT - -

AGGING_N
O_SCR
Table 17-3 Description of traffic classes

Traffic Class First-level Funnel Second-level Funnel
ClpNoTaggingNoScr Handles the CLP01 cells Disabled.

based on clp01Pcr and drops
the mismatched cells.
ClpTaggingNoScr Handles the CLP01 cells Disabled.

based on clp01Pcr. The
mismatched CLP0 cells are
labelled and the mismatched
CLP1 cells are dropped.
ClpTransparentNoScr Handles the CLP01 cells Disabled.

NoClpNoScr Handles the CLP01 cells Disabled.

NoClpNoScrCdvt Handles the CLP01 cells Disabled.


Traffic Class First-level Funnel Second-level Funnel
ClpTransparentScr Handles the CLP01 cells Handles the CLP01 cells

based on clp01Pcr and drops based on clp01Scr and drops
the mismatched cells. the mismatched cells.
NoClpScrCdvt Handles the CLP01 cells Handles the CLP01 cells

ClpNoTaggingScrCdvt Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr and drops on clp0Scr and drops the
the mismatched cells. mismatched cells.
ClpTaggingScrCdvt Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr. The on clp0Scr and drops the
mismatched CLP0 cells are mismatched cells.
NoClpScr Handles the CLP01 cells Handles the CLP01 cells

ClpNoTaggingScr Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr and drops on clp0Scr and drops the
the mismatched cells. mismatched cells.
ClpTaggingScr Handles the CLP01 cells Handles the CLP0 cells based
based on clp01Pcr. The on clp0Scr and drops the
mismatched CLP0 cells are mismatched cells.
NoClpTaggingNoScr Handles the CLP01 cells Disabled.

based on clp01Pcr. The
mismatched CLP0 cells are
NoTrafficDescriptor Disabled. Disabled.
Traffic Class
Currently, the CBR service and rt-VBR service of the MA5600supports traffic shaping.
To enhance the processing efficiency of the system, 32 traffic classes are provided to the
parameters of the CBR service; similarly, 16 traffic classes are provided to the CPL01SCR and
CPL0SCR parameters of rt-VBR service.
By default, the system supports 32 traffic classes: 64, 128, 256, 512, 1000, 1024, 1500, 1920,
2000, 2048, 2500, 3000, 4096, 5000, 6000, 7000, 8000, 8160, 9000, 10000, 12000, 20000,
24544, 34000, 45000, 50000, 100000, 120000, 155000, 300000, 400000, 599039.

By default, the system supports 16 traffic classes: 64, 128, 192, 256, 320, 512, 800, 1024, 1500,
2000, 4000, 8096, 16000, 32000, 64000, 128000.
Traffic Control Principles

The following lists the basic principles of traffic control:
l Control the traffic at the access end, and monitor the traffic at the convergence end.
l Impose traffic control at places prone to traffic congestion or convergence.
l Impose traffic control at places near the source end.
l Impose traffic control at places with switching nodes.
l Impose traffic control for every node if end-to-end QoS must be ensured.
l Impose traffic control for every node, because the bandwidth of a PVC is determined by
the minimum SCR among nodes of the PVC.
l Determine the user bandwidth according to the minimum SCR among the nodes with the
services going through.
Traffic control is applicable to all devices in the whole network. Located at the access layer, the
MA5600 shall have the traffic control function to reduce traffic burstness and maintain the
stability of service delivery. In the upper layer device, traffic monitoring shall be enabled.
17.3 Configuring the Basic ACL

This operation enables you to filter data packets that meet the source IP address conditions within
a certain period of time.
Data Plan
Table 17-4 lists the data plan for configuring the basic ACL.
Table 17-4 Data plan for configuring the basic ACL
Item Data Remarks
ACL number 2000 -
Source IP 2.2.2.2 Data packets from 2.2.2.2 are permitted to

address pass. Wildcard: 0.0.0.0 (negative mask).
ACL step Default value -
Time range From 00:00 to 12:00 every -

Friday
Port 0/7/0 Apply ACL 2000 on the port.
Figure 17-1 shows the flowchart for configuring a basic ACL.

Figure 17-1 Flowchart for configuring a basic ACL
Start
Create an ACL
(Optional) Configure a time

range
Define an ACL rule
Activate/Deactivate an ACL
for a port
Show ACL settings
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
Step 2 Create an ACL.

Step 3 Configure the basic ACL rule.

huawei(config-acl-basic-2000)#rule deny time-range time1
huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0.0.0.0 time-range time1
Step 4 Activate the ACL on port 0/7/0.

huawei(config)#packet-filter inbound ip-group 2000 port 0/7/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, the port 0/7/0 on the MA5600
can receive the data packets from IP address 2.2.2.2, and discard other data packets.
17.4 Configuring the Advanced ACL

This operation enables you to filter data packets that meet the source IP address and DSCP
conditions within a certain period of time.

Data Plan
Table 17-5 lists the data plan for configuring the advanced ACL.
Table 17-5 Data plan for configuring the advanced ACL
Item Data Remarks
ACL number 3000 -
Source IP 2.2.2.2 Wildcard: 0.0.0.255

address
Destination 3.3.3.3 Wildcard mask: 0.0.0.0.

IP address
DSCP 23 -

Friday
Figure 17-2 shows the flowchart for configuring an advanced ACL.
Figure 17-2 Flowchart for configuring an advanced ACL.
Start
Create an ACL

range
Define an ACL rule
for a port
Show ACL settings
End

Procedure

Step 3 Configure the advanced ACL rule.

huawei(config-acl-adv-3000)#rule deny ip time-range time1
huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0.0.0.255 destination
3.3.3.3 0 dscp 23 time-range time1

huawei(config-acl-adv-3000)#quit
huawei(config)#packet-filter inbound ip-group 3000 port

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/7/0 on the MA5600 can
receive the data packets from 2.2.2.0 to 3.3.3.3 with DSCP of 23. Other packets are discarded.
17.5 Configuring the Layer 2 ACL

This operation enables you to filter data packets that meet the source MAC address, destination
MAC address, and VLAN ID conditions within a certain period of time.
Data Plan
Table 17-6 lists the data plan for configuring the layer 2 ACL.
Table 17-6 Data plan for configuring the layer 2 ACL
Item Data Remarks
ACL number 4000 -
Type 0x8863 The type of an Ethernet bearer protocol in

hexadecimal digits.
COS 1 802.1p priority
Source VLAN ID 12 -
Source MAC 2222-2222-2222 Wildcard: 0000-0000-0000

address
Destination MAC 00e0-fc11-4141 Wildcard: 0000-0000-0000

address

Item Data Remarks
Time range From 00:00 to 12:00 -

every Friday
Context
If you omit "0x" when entering the type of an Ethernet bearer protocol, the input shall be
considered as a decimal number. The decimal number you input is converted to hexadecimal
ones for the protocol type.
Figure 17-3 shows the flowchart for configuring a layer 2 ACL.
Figure 17-3 Flowchart for configuring a layer 2 ACL
Start
Create an ACL

range
Define an ACL rule
for a port
Show ACL settings
End
Procedure

Step 3 Configure the layer 2 ACL rule.

huawei(config-acl-link-4000)#rule deny time-range time1

huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12

2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000 time-range
time1

huawei(config-acl-link-4000)#quit
huawei(config)#packet-filter inbound link-group 4000 port 0/7/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/7/0 on the MA5600 can
receive the Ethernet frames with the source MAC address of 2222-2222-2222, destination MAC
address of 00e0-fc11-4141, VLAN ID of 12, and COS of 1. Other packets are discarded.
17.6 Configuration Example of the Customized ACL

This operation enables you to filter data packets that meet the customized conditions within a
certain period of time.
Context
The customized ACL can only be used to filter the data frame that is in the format of ETH II +
VLAN tag.
Data Plan
Table 17-7 shows the data plan for configuring the customized ACL.
Table 17-7 Data plan for configuring the customized ACL
Item Data Remarks
ACL number 5000 -
Matching byte 06 Wildcard: FF
Offset 27 -
ACL step default -

Friday
Port 0/7/0 The ACL 5000 applies to this port.
Figure 17-4 shows the flowchart for configuring a customized ACL.

Figure 17-4 Flowchart for configuring a customized ACL
Start
Create an ACL

range
Define an ACL rule
for a port
Show ACL settings
End
Procedure

Step 3 Configure the customized ACL rule.

huawei(config-acl-user-5000)#rule deny 06 ff 27 time-range time1

huawei(config-acl-user-5000)#quit
huawei(config)#packet-filter inbound user-group 5000 port 0/7/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/7/0 on the MA5600 rejects
TCP packets.
17.7 Creating an ACL

This operation enables you to create a basic ACL, an advanced ACL, a layer 2 ACL or a
customized ACL.

Context
The MA5600 supports up to 64 ACLs. Each ACL can be configured with up to 64 rules.
Table 17-8 lists the ACL number range.
Table 17-8 ACL number range
ACL type Numeral range
Basic ACL (for IP packets) 2000-2999
Advanced ACL (IP packets) 3000-3999
Layer 2 ACL (for link layer packets) 4000-4999
Customized ACL 5000-5999
Procedure
Step 1 Run the acl command to create an ACL.
Step 2 Run the quit command to quit from the ACL config mode.
Step 3 Run the display acl command to query the configuration of the ACL.
----End
Example
To create an advanced ACL with ID of 3000, do as follows:
huawei(config)#display acl 3000
Advanced ACL 3000, 0 rule
Acl's step is 5
Related Operation
Table 17-9 lists the related operations for creating an ACL.
Table 17-9 Related operations for creating an ACL
Delete an ACL undo acl If an ACL and its rules are activated, or if
they are quoted by other QoS functions,
the ACL and the rules cannot be deleted.
Configure the description The description covers the functions and

description for an features of the ACL.
ACL

Delete the undo description -

description for an
ACL
Configure the step step Step means the difference between two
for an ACL neighboring rules in a group of ACL rules.
By default, it is 5.
Restore the default undo step By default, it is 5.

step
17.8 Configuring a Time Range

This operation enables you to configure a time range, so as to specify the valid time of an ACL
rule.
Context
ACL time ranges include relative time and absolute time.
l Relative time refers to periodical intervals, such as the period from 8:30 in the morning to
18:30 in the afternoon every Monday.
l Absolute time refers to intervals from a specific moment to another specific moment, such
as the period from 12:00 in the noon on June 8, 2006 to 18:00 in the afternoon on August
8, 2006.
The principle for a time range to take effect is as follows:
l When a time range includes only absolute time or relative time, the union set of all intervals
in the time range takes effect.
l When a range time includes both absolute time and relative time, the intersection set of the
union sets of both relative time and absolute time takes effect.
Note that:
l Configuring a time range is optional when you configure an ACL.
l A time range that is used cannot be deleted.
Procedure
Step 1 Run the time-range command to configure a time range.
Step 2 Run the display time-range command and you can find that the time range is configured.
----End
Example
To create a time range named "last24hrs" that is valid for the whole day of 2008-03-24, do as
follows:

huawei(config)#time-range last24hrs from 00:00 2008/03/24 to 24:00 2008/03/24

huawei(config)#display time-range all
Current time is 15:12:28 3-21-2007 Wednesday
Time-range : last24hrs ( Inactive )

from 00:00 2008/3/24 to 24:00 2008/3/24
17.9 Setting the Step

This operation enables you to modify the step of ACL rules when they are automatically
numbered.
Context
l By default, the step is 5.
l If a step changes, the rules in an ACL shall be re-numbered.
For example, presume that the rules of an ACL are numbered as 5, 10, and 15. If you
set the step to 2 using the command step 2, the rules will be numbered as 2, 4 and 6.
l To restore the default step value and renumber the ACL rules, run the undo step command.
Assume that ACL 1 contains rules 1, 3 and 5 with a step of 2. After you run the undo
step command, the numbers of the ACL rules are 5, 10 and 15, with the default step of
5.
Procedure
Step 1 Run the step command to modify the step of ACL rule.
Step 2 Run the display acl command to query the set step.
----End
Example
To set the step to 10, do as follows:
huawei(config-acl-basic-2000)#step 10
Basic ACL 2000, 1 rule
Acl's step is 10
rule 10 permit (0 times matched)
Related Operation
Table 17-10 lists the related operation for setting the step.
Table 17-10 Related operation for setting the step
Restore the default undo step By default, it is 5.

step value

17.10 Creating a Basic ACL Rule

This operation enables you to configure a basic ACL rule so that the device can filter data packets
according to the source IP address.
Prerequisite
The basic ACL to which the rule is added already exists.
Context
Up to 64 rules can be created for an ACL.
You can change the configuration of an ACL rule by specifying the number of the rule. This
method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create a basic ACL rule.
Step 2 Run the rule command to configure the basic ACL rule.
Step 3 Run the quit command to quit from the basic ACL config mode.
Step 4 Run the display acl command to query the information on the basic ACL rule.
----End
Example
To define a basic ACL rule that enables data packets from 2.2.2.2 to pass, do as follows:
huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0
Acl's step is 5
rule 5 permit source 2.2.2.2 0 (0 times matched)
Related Operation
Table 17-11 lists the related operation for creating a basic ACL rule.
Table 17-11 Related operation for creating a basic ACL rule
Delete an ACL rule undo rule

17.11 Creating an Advanced ACL Rule

This operation enables you to configure an advanced ACL rule to filter data packets according
to such information as the source IP address, destination IP address, and IP bearer protocol type.
Prerequisite
The advanced ACL to which the rule is added already exists.
Context
Procedure
Step 1 Run the acl command to create an advanced ACL rule.
Step 2 Run the rule command to configure the advanced ACL rule.
Step 3 Run the quit command to quit from the advanced ACL config mode.
Step 4 Run the display acl command to query the information on the ACL rule.
----End
Example
To define an advanced ACL rule that enables data packets from 2.2.2.2 to 3.3.3.3 with DSCP
of 23 to pass, and the valid time as the predefined time 1, do as follows:
huawe(config)#acl 3000
huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3
0 dscp 23 time-range time1
Advanced ACL 3000, 1 rule
Acl's step is 5
rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3 0 dscp 23 time-range
time1 (0 times matched)(Inactive)
Related Operation
Table 17-12 lists the related operation for creating an advanced ACL rule.
Table 17-12 Related operation for creating an advanced ACL rule

17.12 Creating a Layer 2 ACL Rule

This operation enables you to configure a layer 2 ACL rule to filter data packets according to
the link layer information such as the source MAC address, source VLAN ID, layer 2 protocol
type, layer 2 forward port, and destination MAC address.
Prerequisite
The layer 2 ACL to which the rule is added already exists.
Context
Procedure
Step 1 Run the acl command to create a layer 2 ACL rule.
Step 2 Run the rule command to configure the layer 2ACL rule.
Step 3 Run the quit command to quit from the layer 2 ACL config mode.
Step 4 Run the display acl command to query the information on the layer 2 ACL rule.
----End
Example
To define a layer 2 ACL rule that enables data packets with type of 0x8863, VLAN ID of 12,
COS of 1, source MAC address of 2222-2222-2222 and destination MAC address of 00e0-
fc11-4141 to pass, do as follows:
huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000
huawei(config-acl-link-4000)#quit
Acl's step is 5
rule 1 permit type 0x8863 cos background source 2222-2222-2222 0000-0000-0000
12 destination 00e0-fc11-4141 0000-0000-0000
Related Operation
Table 17-13 lists the related operation for creating a layer 2 ACL rule.
Table 17-13 Related operation for creating a layer 2 ACL rule


17.13 Creating a Customized ACL Rule

This operation enables you to configure a customized ACL rule to filter data packets according
to any eight character strings (up to four bytes in a character string) in the first 80 bytes of the
layer 2 data frame.
Prerequisite
The customized ACL to which the rule is added already exists.
Context
Figure 17-5 shows the first 64 bytes of a layer 2 frame. Every letter represents one hexadecimal,
and every two letters represent one byte.
Figure 17-5 First 64 bytes of a layer 2 frame
Table 17-14 lists the meaning of the letters and their offset values.
Table 17-14 Description of letters and their offset values

Letter Meaning Offset Letter Meaning Offset
A Destination 0 L IP check sum 28

MAC address
B Source MAC 6 M Source IP 30

address address
C VLAN tag 12 N Destination IP 34

field address
D Protocol type 16 O TCP source port 38
E IP version 18 P TCP destination 40

port
F TOS field 19 Q Serial number 42
G IP packet 20 R Acknowledgem 46
length ent

Letter Meaning Offset Letter Meaning Offset
H ID number 22 S IP header length 50

and reserved bit
I Flags field 24 T Reserved bit and 51

flags bit
J TTL field 26 U Window Size 52

field
K Protocol 27 V Other 54
number (6
refers to TCP
and 17 refers to
UDP)
In Figure 17-5, the offset of their field is their offset in the 802.3 data frame of Sub Network
Access Protocol (SNAP) + tag. For the customized ACL, the user can use the rule mask and
offset parameters to extract any byte from the first 80 bytes of data frame, and then compare the
extracted byte with customized rules to filter matched data frames for processing.
Procedure
Step 1 Run the acl command to create a customized ACL rule.
Step 2 Run the rule command to configure the customized ACL rule.
Step 3 Run the display acl command to query the information on the ACL rule.
----End
Example
To filter all TCP packets, do as follows:
huawei(config-acl-adv-5000)#rule permit 06 ff 27
User ACL 5000, 1 rule
Acl's step is 5
rule 5 permit 06 ff 27
Related Operation
Table 17-15 lists the related operation for creating a customized ACL rule.
Table 17-15 Related operation for creating a used defined ACL rule

17.14 Activating an ACL

This operation enables you to activate a configured ACL to validate it.
Prerequisite
The ACL to be activated has been configured, and the port for which the ACL is to be activated
is working in the normal state.
Procedure
Step 1 Run the packet-filter command to activate an ACL.
Step 2 Run the display packet-filter port command and you can find that the ACL is activated.
----End
Example
To activate ACL 3000 of port 0/2/0, do as follows:
huawei(config)#display packet-filter port 0/2/0
port0/2/0
Inbound:
inbound Acl 3000 rule 1 port 0/2/0 running
Related Operation
Table 17-16 lists the related operation for activating the ACL of a port.
Table 17-16 Related operation for activating the ACL of a port

Deactivate an ACL undo packet-filter

Configuration Guide 18 Configuring the QoS
18 Configuring the QoS
About This Chapter
The following lists the contents of this chapter.
18.1 Overview
This section describes the Quality of Service (QoS) functions and the application of the functions.
18.2 Configuring the Traffic Entry
This operation enables you to configure the traffic entry. The traffic entries are the core of traffic
management. You can bind traffic entries with service traffic to achieve traffic management. In
the traffic management, traffic entries monitor and control the service traffic.
18.3 Configuring the Queue Scheduling
A queue is a unit that schedules packets in a physical port. After the queue scheduling is set, the
packets of key services can be processed in time when network congestion occurs.
18.4 Managing the Traffic Based on the ACL Rule
This section describes how to filter by the ACL rule the traffic that passes through the port and
how to manage the traffic that matches the ACL rule.
18.5 Setting the Rate Limit for an Upstream Port
This section describes how to set the rate limit for an upstream port.

18 Configuring the QoS Configuration Guide
18.1 Overview
This section describes the Quality of Service (QoS) functions and the application of the functions.
Service Description
QoS means the performance when the data stream flows through a network. By setting different
parameters of the QoS, such as service availability, throughput, delay, jitter, and packet loss
ratio, you can provide users with high quality services.
For details on the QoS, refer to the chapter "QoS" in the .MA5600 Feature Description
The MA5600 supports the following QoS functions:
l Traffic management based on data stream
l Queue scheduling
The MA5600 supports the following queue scheduling modes:
– Strict-priority queue (PQ)
– Weighted round robin (WRR)
l Traffic management based on ACLs
l Rate restriction on upstream ports
NOTE
When configuring the traffic management based on ACLs, you need to configure the ACL for only port 0
of a service board (excepting the ETHA board). After the configuration, the ACL is valid for all the ports
of the service board.
18.2 Configuring the Traffic Entry

This operation enables you to configure the traffic entry. The traffic entries are the core of traffic
management. You can bind traffic entries with service traffic to achieve traffic management. In
the traffic management, traffic entries monitor and control the service traffic.
Context
ATM-based Traffic Management
The MA5600 provides the ATM service by means of permanent virtual connection (PVC). When
setting up a PVC, select the traffic profile index, which corresponds to the traffic table.
An ATM traffic table contains the following items:
l Traffic index
It is the traffic profile index selected when the PVC is set up.
l Service type
The MA5600 supports four service types: CBR, rt-VBR, nrt-VBR and UBR.

l Traffic type
The MA5600 supports the traffic shaping of the CBR and rt-VBR service. To enhance
the processing efficiency, 32 traffic classes are provided for CLP01PCR parameter of
CBR service; Similarly, 16 traffic classes are provided to CPL01SCR and CLP0SCR
parameters of rt-VBR service.
l Traffic parameter
The traffic parameters include: PCR, SCR and CDVT.

IP-based Traffic Management
The MA5600 provides the IP service by means of VLAN. When adding the virtual port to a
VLAN, select the traffic profile index, which corresponds to the traffic table.
An IP traffic table contains the following items:
l Traffic index
It is the traffic profile index selected when the virtual port is added to the VLAN.
l CAR
Committed access rate means the maximum access rate.

l Priority and priority policy
It is the policy for selecting the traffic priority and packet priority.
Procedure
Step 1 Run the traffic table command to configure a traffic entry.
Step 2 Run the display traffic table command to query a traffic entry.
----End
Example
Assume that:
l Service type: cbr
l Traffic class: noClpNoScr
l Clp01Pcr: 160
l 802.1p priority: 6
l Priority policy: tag-In-Package
To add an ATM traffic entry, do as follows:
huawei(config)#traffic table atm srvcategory cbr tdtype noClpNoScr clp01Pcr 160
priority 6
priority-policy tag-In-Package
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index :
0
Priority :
6
Priority policy : tag-
pri

CAR : 128 kbps

TD Type : NoClpNoScr
Service category :
cbr
Referenced Status : not
used
EnPPDISC :
off
EnEPDISC :
off
Clp01Pcr : 160
kbps
--------------------------------------------------------------------------
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 128 6 tag-
pri
-----------------------------------------------------------------------------
Traffic parameters for ATM service:

-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE
Type Type kbps kbps kbps kbps cells
1/10us
-----------------------------------------------------------------------------
0 cbr 2 160 -- -- -- -- -- off/
off/--
-----------------------------------------------------------------------------
Total Num :
1
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr
3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr
9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr
12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt
15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
Assume that:
l CAR: 2048 kbps
l 802.1p priority: 6
l Priority policy: tag-In-Package
To add an IP traffic entry, do as follows:
huawei(config)#traffic table ip car 2048 priority 6 priority-policy tag-In-Package
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index : 10
Priority : 6
Priority policy : tag-pri
CAR : 2048 kbps
TD Type : NoClpNoScr
Service category : ubr
Referenced Status: not used
EnPPDISC : on
EnEPDISC : on

Clp01Pcr : 2048 kbps

-----------------------------------------------------------------------------

Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
10 2048 6 tag-
pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
10 ubr 2 2048 -- -- -- -- -- on /
on /--
-----------------------------------------------------------------------------
Total Num : 1
1:NoTrafficDescriptor 2:NoClpNoScr
3:ClpNoTaggingNoScr
7:ClpTaggingScr 8:ClpNoTaggingMcr
9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr
12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt
15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
Related Operation
Table 18-1 lists the related operations for configuring the traffic entry.
Table 18-1 Related operations for configuring the traffic entry

To… Run the Command... Remarks
Delete a traffic entry undo traffic table You can delete a traffic entry
only if it is not referenced.
18.3 Configuring the Queue Scheduling

A queue is a unit that schedules packets in a physical port. After the queue scheduling is set, the
packets of key services can be processed in time when network congestion occurs.
Features of the Queue Scheduling

l The system schedules queues based on the priorities of the queues. The larger the queue
number is, the higher the priority of the queue is.
l The system supports the following two scheduling modes:
– PQ

– WRR
NOTE
By default, the system support the PQ mode.
18.3.1 Configuring the Queue Scheduling

This section describes how to set the queue scheduling so that when network congestion occurs,
the packets in the queue with a higher priority can be processed in time.
18.3.1 Configuring the Queue Scheduling

This section describes how to set the queue scheduling so that when network congestion occurs,
the packets in the queue with a higher priority can be processed in time.
Context
The MA5600 supports two queue scheduling modes: PQ and WRR.
l PQ
PQ gives priority to packets in a high priority queue. When the high priority queue is empty,
packets in a queue with a lower priority are sent.
By default, the PQ mode is adopted.
l WRR
The system supports WRR for eight queues. Each queue has a weight value, namely, w7,
w6, w5, w4, w3, w2, w1, and w0 in descending order. The weight values mean the
proportions for resources acquisition. WRR is performed for the queues in turn. This
guarantees that each queue can obtain certain service time.
Table 18-2 lists the relationship between the weight values and the actual queues.
Table 18-2 Relationship between the weight values and the actual queues
Queue Configured Actual Queue Actual Queue
Number Weight Weight (Supporting Weight (Supporting
Ports of Eight Ports of Four
Queues) Queues)
7 W7 W7 -
6 W6 W6 -
5 W5 W5 -
4 W4 W4 -
3 W3 W3 W7 + W6
2 W2 W2 W5 + W4
1 W1 W1 W3 + W2
0 W0 W0 W1 + W0
NOTE
Wn: means the weight of queue n. The weight sum of queues must be equal to 100.

Procedure
Step 1 Run the queue-scheduler command to set the queue scheduling.
Step 2 Run the display queue-scheduler command to query the configuration of the queue scheduling.
----End
Example
To set the queue scheduling mode as WRR and assign weight values 10, 10, 20, 20, 10, 10, 10
and 10 to eight queues, do as follows:
huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10
huawei(config)#display queue-scheduler
Queue scheduling mode: weighted round robin
weight of queue 0: 10%
Related Operation
Table 18-3 lists the related operations for setting the queue scheduling.
Table 18-3 Related operations for setting the queue scheduling

Restore the queue scheduling undo queue-scheduler

mode as the default value
Set the mapping between the cos-queue-map

802.1p priority and a queue
18.4 Managing the Traffic Based on the ACL Rule

This section describes how to filter by the ACL rule the traffic that passes through the port and
how to manage the traffic that matches the ACL rule.
18.4.1 Restricting the Traffic That Matches the ACL Rule
This section describes how to restrict the ACL-matched traffic over a specified port For the
traffic that exceeds the restriction, the system takes the corresponding measures. For example,
to label the traffic with the diff serv code point (DSCP) sign or to discard the traffic directly.
18.4.2 Adding a Priority Tag to the Traffic That Matches the ACL Rule
This section describes how to add a priority tag to the ACL-matched traffic over a specified port,
so that the traffic can enjoy the services for the specified priority. The priorities that can be used
include ToS, DSCP, and 802.1p.
18.4.3 Measuring the Traffic That Matches the ACL Rule
This section describes how to measure the traffic that matches the ACL rule so as to analyze and
monitor the traffic.

18.4.4 Mirroring the Traffic That Matches the ACL Rule

This section describes how to mirror the traffic that matches the ACL rule and passes through
a port to a specified port. The mirroring operation does not affect the normal receiving and
transmitting of the traffic on the mirroring source port. By analyzing the traffic received on the
mirroring destination port, you can monitor the traffic received on the mirroring source port.
18.4.5 Redirecting the Traffic That Matches the ACL Rule
This section describes how to redirect the traffic that matches the ACL rule and passes through
a port to a specified port for forwarding. After the redirection succeeds, it is not the source port
but the redirected port forwards the traffic that matches the ACL rule.
18.4.1 Restricting the Traffic That Matches the ACL Rule

This section describes how to restrict the ACL-matched traffic over a specified port For the
traffic that exceeds the restriction, the system takes the corresponding measures. For example,
to label the traffic with the diff serv code point (DSCP) sign or to discard the traffic directly.
Prerequisite
The related ACL and the sub rules are configured.
Context
l The restriction is valid only for permit rules of an ACL.
l The rate of the limited traffic must be an integer multiple of 64.
Procedure
Step 1 Run the traffic-limit command to restrict the ACL-matched traffic over a specified port
Step 2 Run the display qos-info traffic-limit port command to query the traffic control information
about the specified port.
----End
Example
For the traffic received on port 0/2/0 that matches the rule of ACL 2001, to limit its rate to 512
kbit/s; and for the packets that exceed the preset value, to label the packets with the DSCP priority
(af1), do as follows:
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port
0/2/0
huawei(config)#display qos-info traffic-limit port 0/2/0
traffic-limit:
port 0/2/0:
Inbound:
Matches: Acl 2001 rule 5 running
Target rate: 512 Kbps
Exceed action: remark-dscp af1
Related Operation
Table 18-4 lists the related operation for configuring the traffic restriction.

Table 18-4 Related operation for configuring the traffic restriction
Cancel the restriction on the traffic that undo traffic-limit

matches the ACL rule and passes through
the specified port
18.4.2 Adding a Priority Tag to the Traffic That Matches the ACL
Rule
This section describes how to add a priority tag to the ACL-matched traffic over a specified port,
so that the traffic can enjoy the services for the specified priority. The priorities that can be used
include ToS, DSCP, and 802.1p.
Context
The operation of adding priority tags is valid only for permit rules of an ACL.
The ToS and the DSCP priorities are mutually exclusive. Therefore, they cannot be configured
at the same time.
Prerequisite
The ACL and its sub rules are configured, and the port involved in adding a priority tag to the
traffic is working in the normal state.
Procedure
Step 1 Run the traffic-priority command to add a priority tag to the ACL-matched traffic over a
specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority.
----End
Example
Assume that the DSCP priority is 10 (af1) and the local priority is 0. To add a priority tag to the
traffic that matches ACL rule 2001 and is received by port 0/2/0, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/2/0
huawei(config)#display qos-info traffic-priority port 0/2/0
traffic-priority:
port 0/2/0:
Inbound:
Priority action: dscp af1 cos background

Related Operation
Table 18-5 lists the related operation for adding a priority tag to the traffic that matches the ACL
rule.
Table 18-5 Related operation for adding a priority tag to the traffic that matches the ACL rule
Cancel the priority tag added to the traffic undo traffic-priority

that matches the ACL rule
18.4.3 Measuring the Traffic That Matches the ACL Rule

This section describes how to measure the traffic that matches the ACL rule so as to analyze and
monitor the traffic.
Context
Traffic measurement is valid only for permit rules of an ACL.
Prerequisite
The ACL and its sub rules are configured, and the port involved in traffic statistics is working
in the normal state.
Procedure
Step 1 Run the traffic-statistic command to collect the statistics of the ACL-matched traffic over a
specified port
Step 2 Run the display qos-info traffic-statistic port command to query the traffic statistics about the
specified port.
----End
Example
To measure the traffic that matches ACL 2001 and are received on port 0/7/0, do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/7/0
huawei(config)#display qos-info traffic-statistic port 0/7/0
traffic-statistic:
port 0/7/0:
Inbound:
0 packet
Related Operation
Table 18-6 lists the related operation for collecting the statistics of the traffic that matches the
ACL rule.

Table 18-6 Related operation for collecting the statistics of the traffic that matches the ACL rule
Clear the statistics of the ACL- reset traffic-statistic

matched traffic over a specified port
Cancel the statistics of the traffic that undo traffic-statistic

matches the ACL rule
18.4.4 Mirroring the Traffic That Matches the ACL Rule

This section describes how to mirror the traffic that matches the ACL rule and passes through
a port to a specified port. The mirroring operation does not affect the normal receiving and
transmitting of the traffic on the mirroring source port. By analyzing the traffic received on the
mirroring destination port, you can monitor the traffic received on the mirroring source port.
Context
l The operation of traffic mirroring is valid only for permit rules of an ACL.
l The mirroring destination port cannot be the aggregated port.
Prerequisite
The ACL and its sub rules are configured, and the mirroring source port is working in the normal
state.
Procedure
Step 1 Run the traffic-mirror command to mirror the ACL-matched traffic over a specified port
Step 2 Run the display qos-info traffic-mirror port command to query the traffic mirroring
information about the specified port.
----End
Example
To mirror the packets that match the rules of ACL 2001 and are received on port 0/2/0 to port
0/7/0, do as follows:
huawei(config)#traffic-mirror inbound ip-group 2001 port 0/2/0 to port 0/7/0

huawei(config)#display qos-info traffic-mirror port 0/2/0
traffic-mirror:
port 0/2/0:
Inbound:
Mirror to: port 0/7/0
Related Operation
Table 18-7 lists the related operation for configuring the traffic mirroring.

Table 18-7 Related operation for configuring the traffic mirroring
Cancel the mirroring of the traffic undo traffic-mirror

18.4.5 Redirecting the Traffic That Matches the ACL Rule

This section describes how to redirect the traffic that matches the ACL rule and passes through
a port to a specified port for forwarding. After the redirection succeeds, it is not the source port
but the redirected port forwards the traffic that matches the ACL rule.
Prerequisite
The ACL and its sub rules are configured, and the port to be redirected is working in the normal
state.
Context
l The operation of traffic redirection is valid only for permit rules of an ACL.
l Currently, the system can redirect the traffic that matches the ACL rule on a service board
to the upstream port, and can redirect the traffic that matches the ACL rule on the upstream
port to a service port of the same service board.
Procedure
Step 1 Run the traffic-redirect command to redirect the ACL-matched traffic over a specified port.
Step 2 Run the display qos-info traffic-redirect port command to query the traffic redirection
information about the specified port.
----End
Example
To redirect the traffic that matches ACL 2001 and is received on port 0/7/0 to port 0/7/1, do as
follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/7/0 to port 0/7/1
huawei(config)#display qos-info traffic-redirect port 0/7/0
traffic-redirect:
port 0/7/0:
Inbound:
Redirected to: port 0/7/1
Related Operation
Table 18-8 lists the related operation for redirecting the traffic that matches the ACL rule.

Table 18-8 Related operation for redirecting the traffic that matches the ACL rule
Cancel the redirection of the traffic undo traffic-redirect

18.5 Setting the Rate Limit for an Upstream Port

This section describes how to set the rate limit for an upstream port.
Context
l The MA5600 supports only the rate limit of Ethernet port on the boards, but does not support
the rate limit of a service port.
l The rate limit must be a multiple of 64.
Procedure
Step 1 Run the line-rate command to limit the rate of a port.
Step 2 Run the display qos-info line-rate port command to query the rate limit information about the
port.
----End
Example
To limit the rate of Ethernet port 0/7/0 to 640 kbit/s, do as follows:
huawei(config)#line-rate 6400 port 0/7/0
huawei(config)#display qos-info line-rate port 0/7/0
line-rate:
port 0/7/0:
Line rate: 6400 Kbps
Related Operation
Table 18-9 lists the related operation for setting the rate limit for an upstream port.
Table 18-9 Related operation for setting the rate limit for an upstream port
Cancel the rate limit for an upstream undo line-rate

port

Configuration Guide 19 Configuring User Security
19 Configuring User Security
About This Chapter
This chapter describes how to configure the user security supported by the MA5600.
19.1 Overview
This section describes the service description and service specifications of user security.
19.2 Enabling the PITP
This operation enables the PITP so that the device can report the user port information to the
BRAS for authenticating the user.
19.3 Setting the RAIO Working Mode
This operation enables you to set the RAIO working mode.
19.4 Setting the Ethernet Encapsulation Type
This operation enables you to set the Ethernet encapsulation type.
19.5 Enabling the DHCP Option82 Function
This operation enables the DHCP option82 function so that the BRAS can authenticate the access
users. The MA5600 adds the option82 field to the DHCP packets to ensure the security of the
DHCP function.
19.6 Setting the Maximum Length of DHCP Packets
This operation enables you to set the maximum length of DHCP packets.
19.7 Binding the IP Address
This operation enables you to bind a service port with one or multiple IP addresses, so that the
messages from the IP addresses other than the bound IP addresses are refused to pass through
the service channel of the port.
19.9 Enabling Anti MAC Spoofing
This operation enables the anti MAC spoofing function.  With the anti MAC spoofing function
enabled, unauthorized users are prevented from sending PPPoE and DHCP control packets
through forged MAC addresses.
19.10 Enabling Anti IP Spoofing

19 Configuring User Security Configuration Guide
This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled,
unauthorized users are prevented from logging in to the device using legal IP addresses.

19.1 Overview
This section describes the service description and service specifications of user security.
Service Description
Policy Information Transfer Protocol (PITP), a member of Huawei Group Management Protocol
(HGMP) family, provides the Broadband Remote Access Server (BRAS) with the information
about the port of access users.
PITP binds user accounts with the access ports to avoid the theft and roaming of user accounts.
The DHCP Option82 contains reliable user port information and terminal information, which
are added to the DHCP packets. The DHCP Option82 is used as reference for the DHCP server
to allocate the IP address and other parameters.
For details onhe user security feature, refer to the chapter "User Security" in the Feature
Description.
The MA5600 supports the PITP V mode and P mode as well as DHCP Option82 to implement
binding between the user account and the physical port.
l PITP V mode (VBAS mode): After the PPPoE discovery phase, BRAS initiates a request
for querying user ports, requiring the MA5600 to report the information on the user ports.
The MA5600 sends the port information to the BRAS when the MA5600 responds to
messages.
l PITP V mode (PPPoE Tag mode): In the PPPoE discovery phase, the MA5600 initiates a
request for querying user ports, and adds tags to the PPPoE authentication request messages.
In this way, the port information is sent to the BRAS.
19.2 Enabling the PITP

This operation enables the PITP so that the device can report the user port information to the
BRAS for authenticating the user.
Context
PITP has two modes:
l vmode
– The BRAS sends the VBRAS request packets to the MA5600 first, and the MA5600
sends the port information to the BRAS.
l pmode
– The MA5600 adds the tag to the PPPoE packets directly, and sends the port information
to the BRAS.
You can configure the PITP in the following two modes:
l Global configuration

– You can run the pitp { disable | enable { pmode | vmode } } command to disable PITP
or select PITP mode.
– By default, the global configuration is disabled.
l Port configuration
– You can run the pitp { port frame/slot/port { enable | disable } | board frame/slot
{ enable | disable } } command to enable or disable PITP of the physical port.
– By default, the port configuration is enabled.
l You can switch over between PITP P and V modes. However, the system works in only
one mode. Disabling PITP invalidates both PITP modes.
l Global PITP configuration is of higher priority than port PITP configuration.
l Global PITP configuration is of higher priority than port PITP configuration. If global PITP
configuration is disabled, packets from a port do not contain user port information
regardless whether the port PITP is enabled.
l PPPoE packets from a port contain user port information only when both global PITP
configuration and port PITP configuration are enabled.
l The ports on the control board do not support PITP, and it only transmits the PITP packets
transparently.
l To enable DHCP Option82 or PITP, you need to configure the RAIO mode first.
Procedure
Step 1 Run the pitp command to enable the PITP V mode or the PITP of the physical port.
Step 2 Run the display pitp config command to query the PITP configuration.
----End
Example
To enable the PITP V mode, do as follows:
huawei(config)#pitp enable vmode
huawei(config)#display pitp config
PITP is enabled. Current mode:vmode
To enable PITP of port0/2/0, do as follows:

huawei(config)#pitp port 0/2/0 enable
huawei(config)#display pitp port 0/2/0 config
PITP is enabled on this port
19.3 Setting the RAIO Working Mode

This operation enables you to set the RAIO working mode.
Context
l Relay Agent Information Option (RAIO) includes DHCP option82 and PITP tag. Because
these two options are not standardized, different carriers have different formats of them.
l By default, the RAIO working mode is common.

l To differentiate the formats, set correctly the RAIO working mode before using the DHCP
option82 and PITP tag function.
Procedure
Step 1 Run the raio-mode command to set the RAIO working mode.
Step 2 Run the display raio-mode command to query the RAIO working mode.
----End
Example
To set the RAIO working mode as port-userlabel so that after the DHCP option82 function is
enabled on the port, and the PPPoE packets contain the description of the port, do as follows:
huawei(config)#display raio-mode
{ <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }:
Command:
display raio-mode
Current mode of PITP pmode: xdsl-port-rate mode
Current mode of PITP vmode: common mode
Current mode of DHCP option82: port-userlabel mode
To set the RAIO working mode as xdsl-port-rate so that after the PITP P mode is enabled on
the port, the PPPoE packets contain the upstream/downstream activation rate of the port, do as
follows:
huawei(config)#raio-mode xdsl-port-rate pitp-pmode
huawei(config)#raio-mode xdsl-port-rate pitp-pmode
huawei(config)#display raio-mode
{ <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }:
Command:
display raio-mode
Current mode of PITP pmode: xdsl-port-rate mode
Current mode of PITP vmode: common mode
Current mode of DHCP option82: xdsl-port-rate mode
19.4 Setting the Ethernet Encapsulation Type

This operation enables you to set the Ethernet encapsulation type.
Context
WARNING
Before setting the Ethernet encapsulation type, make sure that the PITP V mode is disabled.
When setting a protocol type, make sure that it does not conflict with any of existing protocol
types, such as:
l IP: 0x0800
l ARP: 0x0806

l RARP: 0x8035
l 802.1q: 0x8100
l PPPoE: 0x8863 and0x8864
Procedure
Step 1 Run the pitp vmode ether-type command to set the Ethernet encapsulation type.
Step 2 Run the display pitp vmode ether-type command and you can find the Ethernet encapsulation
type is set successfully.
----End
Example
To set the Ethernet encapsulation type in V mode, do as follows:
huawei(config)#pitp vmode ether-type 0x8200
huawei(config)#display pitp vmode ether-type
Vmode ethernet type is 0x8200
Related Operation
Table 19-1 lists the related operation for setting the Ethernet encapsulation type.
Table 19-1 Related operation for setting the Ethernet encapsulation type
Disable PITP function pitp disable
19.5 Enabling the DHCP Option82 Function

This operation enables the DHCP option82 function so that the BRAS can authenticate the access
users. The MA5600 adds the option82 field to the DHCP packets to ensure the security of the
DHCP function.
Context
l With the DHCP option82 function enabled, the MA5600 can add/remove the option82 field
to/from DHCP packets.
l With the DHCP option82 function disabled, the MA5600 transparently transmits or directly
forwards DHCP packets without processing them.
Procedure
Step 1 Run the dhcp option82 enable command to enable the DHCP option82.
Step 2 Run the display dhcp option82 config command and you can find the DHCP option82 is
enabled.
----End

Example
To enable the DHCP option82, do as follows:
huawei(config)#dhcp option82 enable
huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes
Related Operation
Table 19-2 lists the related operations for enabling the DHCP option82.
Table 19-2 Related operations for enabling the DHCP option82
Disable the DHCP option82 dhcp option82 disable
Set the maximum length of the DHCP dhcp option82 max-length

packet
19.6 Setting the Maximum Length of DHCP Packets

This operation enables you to set the maximum length of DHCP packets.
Context
l By default, the maximum length of DHCP packets is 1500 bytes.
l You can set the maximum length for the DHCP packets added with DHCP relay Agent
Option messages. If there are packets with length exceeding this value, the system
transparently transmits these packets.
Procedure
Step 1 Run the dhcp option82 max-length command to set the maximum length of DHCP packets.
Step 2 Run the display dhcp option82 config command to query the configured maximum length of
DHCP packets.
----End
Example
To set the maximum length of DHCP packets as 1300 bytes, do as follows:
huawei(config)#dhcp option82 max-length 1300
huawei(config)#huawei(config)#display dhcp option82 config
DHCP option82 is enabled
Maximum length of DHCP packet is 1300 bytes

19.7 Binding the IP Address

This operation enables you to bind a service port with one or multiple IP addresses, so that the
messages from the IP addresses other than the bound IP addresses are refused to pass through
the service channel of the port.
Context
l A service channel can be bound with up to eight IP addresses. The bound IP address must
be unicast IP address.
l One port can be bound with either one IP address or eight consecutive IP addresses
according to the IP address mask at one time.
Procedure
Step 1 Run the bind ip command to bind an IP address.
Step 2 Run the display bind command to query the IP address binding information.
----End
To bind the IP address 10.1.1.245 of the service channel (VPI/VCI of 0/35) with ADSL port
0/2/0, do as follows:
huawei(config)#bind ip adsl 0/2/0 vpi 0 vci 35 single-service 10.1.1.245
huawei(config)#display bind adsl 0/2/0 vpi 0 vci 35
{ <cr>|user-encap<K>|user-vlan<K> }:
Command:
display bind adsl 0/2/0 vpi 0 vci 35
-------------------------
No. IP address
-------------------------
0 10.1.1.245
1 -
2 -
3 -
4 -
5 -
6 -
7 -
-------------------------
To bind the IP address 10.10.10.10/29 of the service channel (VPI/VCI of 0/35) with ADSL port
0/2/0 (the bound IP address segment is 10.10.10.8-10.10.10.15), do as follows:
huawei(config)#bind ip adsl 0/2/0 vpi 0 vci 35 single-service 10.10.10.10 29
huawei(config)#display bind adsl 0/2/0 vpi 0 vci 35 single-service
{ <cr>|user-encap<K>|user-vlan<K> }:
Command:
display bind adsl 0/2/0 vpi 0 vci 35
-------------------------
No. IP address
-------------------------
0 10.10.10.8
1 10.10.10.9
2 10.10.10.10
3 10.10.10.11
4 10.10.10.12

5 10.10.10.13
6 10.10.10.14
7 10.10.10.15
-------------------------
Related Operation
Table 19-3 lists the related operation for binding the IP address.
Table 19-3 Related operation for binding the IP address
Cancel the binding of IP address undo bind ip

Context
The MA5600 does not support binding a MAC address directly. By configuring a static MAC
address entry and setting the maximum address count to 0, you can bind a port with a MAC
address.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port.
Step 2 Run the mac-address max-mac-count command to set the maximum address count for the
service port.
Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address
number that can be learnt by service channels.
----End
Example
Assume that the static MAC address of ADSL2+ port 0/2/0 is 1010-1010-1010, and the
maximum address count is 0, to bind the port with the MAC address so that the port only allows
the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35 0
huawei(config)#display mac-address max-mac-count adsl 0/2/0 vpi 0 vci 35
----------------------------------------------------------------------------
----------------------------------------------------------------------------
adl 0/2/0 0 35 4000 - - 0
--------------------------------------------------------------------------
Total: 1
or PON ID in epon port

19.9 Enabling Anti MAC Spoofing

This operation enables the anti MAC spoofing function.  With the anti MAC spoofing function
enabled, unauthorized users are prevented from sending PPPoE and DHCP control packets
through forged MAC addresses.
Context
l The anti MAC spoofing function is implemented through MAC address binding.
l Each service virtue port can be bound with up to eight different MAC addresses
dynamically.
l If a user has been online before the anti MAC spoofing function is enabled, the system does
not bind MAC address.
l If a user logs in after the anti MAC spoofing function is enabled, the user MAC address is
bound.
Procedure
Step 1 Run the security anti-macspoofing enable command to enable anti MAC spoofing function.
Step 2 Run the display security config command and you can find that the function is enabled.
----End
Example
To enable anti MAC spoofing, do as follows:
huawei(config)#security anti-macspoofing enable
huawei(config)#display security config
Anti-ipspoofing function : disable
Anti-dos function : enable
Anti-macspoofing function : enable
Anti-ipattack function : disable
Anti-icmpattack function : disable
Source-route filter function : disable
PPPoE Overall Aging Time(sec): 360

PPPoE Aging Period (sec): 90
DHCP Overall Aging Time(sec): 1560
Related Operation
Table 19-4 lists the related operations for enabling anti MAC spoofing.
Table 19-4 Related operations for enabling anti MAC spoofing

Disable anti MAC spoofing security anti-macspoofing disable
Display the dynamically bound MAC display security bind mac

addresses

19.10 Enabling Anti IP Spoofing

This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled,
unauthorized users are prevented from logging in to the device using legal IP addresses.
Context
l The anti IP spoofing function is implemented through dynamic IP address binding.
l By default, the dynamic IP address binding function is disabled.
l The system only binds the IP address of the user who obtains the IP address through DHCP.
l When the anti IP spoofing function is enabled for a user who has already got online, the
user service will be interrupted. In this case, the user needs to get offline and then online
again.
l When the anti IP spoofing function is enabled before the user gets online, the user does not
need to get offline and then online again.
Procedure
Step 1 Run the security anti-ipspoofing enable command to enable anti IP spoofing.
----End
Example
To enable anti IP spoofing, do as follows:
huawei(config)#security anti-ipspoofing enable
Anti-ipspoofing function : enable

Related Operation
Table 19-5 lists the related operations for enabling anti MAC spoofing.
Table 19-5 Related operations for enabling anti MAC spoofing
Disable anti IP spoofing security anti-ipspoofing disable
Display the dynamically bound IP display security bind ip

addresses


Configuration Guide 20 Configuring System Security
20 Configuring System Security
About This Chapter
This chapter describes how to configure the system security supported by the MA5600.
20.1 Overview
This chapter describes the service description and service specification of system security.
20.2 Enabling Anti DoS Attack
This operation enables the anti DoS attack function, so as to prevent large amount of packets
sent by the access user from attacking the MA5600.
20.3 Enabling Anti IP Attack
This operation enables the function of anti IP attack. This function prevents users from
maliciously sending IP packets to the IP address of the device to enhance the device security.
20.4 Enabling Anti ICMP Attack
This operation enables the function of anti ICMP attack.
20.5 Enabling Source Route Filtering
This operation enables the function of source route filtering. This function filters the IP packet
containing the route option field.
20.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE/DHCP Users
This operation enables you to set the time to detect exceptional disconnection of the PPPoE/
DHCP users.
20.8 Configuring the Black List
This operation enables you to configure a firewall black list, such as adding some IP addresses
to the firewall black list, so that the service packets from these IP addresses cannot pass the
firewall.
20.9 Configuring the Firewall Function
This operation enables you to configure the firewall function to prohibit or allow the packets
that meet the criteria to pass the inband or outband management interface.

20 Configuring System Security Configuration Guide
20.10 Configuring an Accessible Address Segment

This operation enables you to configure the accessible address segment for the firewall of a
specified protocol type.
20.11 Configuring the Inaccessible Address Segment
This operation enables you to add the inaccessible address segment for the firewall of the

20.1 Overview
This chapter describes the service description and service specification of system security.
Service Description
The MA5600 supports system security setting to prevent attacks initiated at the network or user
side. This helps to guarantee user or equipment stability.
For details on the system security, refer to the chapter "System Security" in the Feature
Description.
To ensure stable operation, the MA5600 supports the following security features:
l Anti DoS attack
l Anti IP spoofing
l Anti MAC spoofing
l Anti IP attack
l Anti ICMP attack
l Source route filtering
l MAC address filtering
l IP/MAC address binding
l Firewall function
l SSH
20.2 Enabling Anti DoS Attack

This operation enables the anti DoS attack function, so as to prevent large amount of packets
sent by the access user from attacking the MA5600.
Procedure
Step 1 Run the security anti-dos enable command to enable anti DoS attack.
Step 2 Run the display security config command to query the status of anti DoS attack.
----End
Example
To enable anti DoS attack, do as follows:
huawei(config)#security anti-dos enable
Anti-ipspoofing function : disable
Anti-macspoofing function : disable



Related Operation
Table 20-1 lists the related operations for enabling anti DoS attack.
Table 20-1 Related operations for enabling anti DoS attack
Disable anti DoS attack security anti-dos disable
Display the black list of anti DoS display security dos-blacklist

attackers
20.3 Enabling Anti IP Attack

This operation enables the function of anti IP attack. This function prevents users from
maliciously sending IP packets to the IP address of the device to enhance the device security.
Procedure
Step 1 Run the security anti-ipattack enable command to enable anti IP attack function.
----End
Example
To enable the function of anti IP attack, do as follows:
huawei(config)#security anti-ipattack enable
Anti-ipattack function : enable

Related Operation
Table 20-2 lists the related operation for enabling the function of anti IP attack.

Table 20-2 Related operation for enabling the function of anti IP attack
Disable the function of anti IP security anti-ipattack disable

attack
20.4 Enabling Anti ICMP Attack

This operation enables the function of anti ICMP attack.
Procedure
Step 1 Run the security anti-icmpattack enable command to enable anti ICMP attack.
----End
Example
To enable the function of anti ICMP attack, do as follows:
huawei(config)#security anti-icmpattack enable
Anti-icmpattack function : enable

Related Operation
Table 20-3 lists the related operation for enabling the function of anti ICMP attack.
Table 20-3 Related operation for enabling the function of anti ICMP attack
Disable the function of anti ICMP attack security anti-icmpattack disable
20.5 Enabling Source Route Filtering

This operation enables the function of source route filtering. This function filters the IP packet
containing the route option field.

Context
By default, the source route packet is not discarded.
Procedure
Step 1 Run the security source-route enable command to enable the function of source route filtering.
----End
Example
To enable the function of source route filtering, do as follows:
huawei(config)#security source-route enable
Anti-icmpattack function : enable
Source-route filter function : enable

Related Operation
Table 20-4 lists the related operation for enabling the function of source route filtering.
Table 20-4 Related operation for enabling the function of source route filtering
Disable source route filtering security source-route disable

Context
The system supports up to four filtering MAC addresses.
Procedure
Step 1 Run the security mac-filter command to configure MAC address filtering.
Step 2 Run the display security mac-filter command to query the configured filtering MAC address.
----End

Example
To configure the MAC address 1000-0000-0000 as the filtering MAC address, do as follows:
huawei(config)#security mac-filter 1000-0000-0000
huawei(config)#display security mac-filter
--------- Mac Address ---------
1000-0000-0000
---- 1 mac address found ----
Related Operation
Table 20-5 lists the related operation for configuring MAC address filtering.
Table 20-5 Related operation for configuring MAC address filtering

Delete the filtering MAC address undo security mac-filter
20.7 Setting the Time to Detect Exceptional Disconnection

of the PPPoE/DHCP Users
This operation enables you to set the time to detect exceptional disconnection of the PPPoE/
DHCP users.
Context
l For PPPoE users, the timeout time includes aging period and overall aging time.
– The system checks the online/offline status of a user every aging period. When the
offline period of a user exceeds the aging period but is less than the overall aging time,
the offline time of the user will be accumulated.
– When the accumulated offline time exceeds the overall aging time, it is considered that
the user has been offline.
l By default, the PPPoE aging period is 90s, and the overall aging time is 360s.
l For DHCP users, the detection time contains only the timeout total time (1560s by default).
l By default, the DHCP overall aging time is 1560s.
Procedure
Step 1 Run the security timeout command to set the time to detect exceptional disconnection of the
PPPoE or DHCP users.
Step 2 Run the display security config command and you can find the information about the time to
detect the exceptional disconnection of the PPPoE/DHCP users.
----End
To set the timeout total time for PPPoE users as 1800s, do as follows:
huawei(config)#security pppoe timeout 1800


Anti-dos function : disable

To set the timeout total time for DHCP users as 1800s, do as follows:
huawei(config)#security dhcp timeout 1800
Anti-dos function : disable

20.8 Configuring the Black List

This operation enables you to configure a firewall black list, such as adding some IP addresses
to the firewall black list, so that the service packets from these IP addresses cannot pass the
firewall.
Prerequisite
The ACL applied to the firewall function exists.
Context
l The system supports up to 2000 items in a firewall black list.
l You can use the ACL rule when enabling the firewall black list function. In this case, the
priority level of the firewall black list is higher than that of the ACL rule. That is, the system
checks the firewall black list first, and then matches the ACL rule.
l The ACL rule used when the black list function is enabled can only be the advanced ACL
rule.
l The firewall black list function only takes effect to the service packets that are sent from
the user side.
Procedure
Step 1 Run the firewall blacklist item command to add a firewall black list item.
Step 2 Run the firewall blacklist enable command to enable the firewall black list item.
Step 3 Run the display firewall blacklist item command to show the configuration of the firewall black
list.
----End

Example
To add IP address 10.10.10.10 to a firewall black list with the aging time of 100 minutes, enable
the firewall black list function and apply ACL 3000, do as follows:
huawei(config)#firewall blacklist item 10.10.10.10 timeout 100
huawei(config)#firewall blacklist enable acl-number 3000
huawei(config)#display firewall blacklist item
Firewall blacklist items :
Current manual insert items : 1
Current automatic insert items : 0
Need aging items : 1
IP Reason InsertTime AgeTime

----------------------------------------------------------------
10.10.10.10 Manual 2006/02/16 09:58:50 100
Related Operation
Table 20-6 lists the related operations for configuring the firewall black list function.
Table 20-6 Related operations for configuring the firewall black list function
Disable the firewall black list undo firewall blacklist enable

function
Delete an item from a firewall undo firewall blacklist item

black list
20.9 Configuring the Firewall Function

This operation enables you to configure the firewall function to prohibit or allow the packets
that meet the criteria to pass the inband or outband management interface.
Prerequisite
The ACL applied to the firewall function exists.
Context
l Only one ACL can be configured respectively for the egress and ingress directions of the
inband or outband management interface.
l The ACL applied to the firewall function can be the basic ACL or the advanced ACL.
l The priority level of the ACL rule is superior to the default operation of firewall. That is,
the packets matching the ACL rule are handled based on the ACL rule, and those not
matching the rule are handled based on the default operation of firewall.
Figure 20-1 shows the flowchart for configuring the firewall function.

Figure 20-1 Flowchart for configuring the firewall function
Start
Enable the firewall function
Set the default operation of firewall
Apply ACL to the GE or ETH

port of the SCU board
End
Procedure
Step 1 Run the firewall enable command to enable the firewall function.
Step 2 Run the firewall default command to set the default operation of the firewall as deny.
Step 3 Run the interface meth 0 command to enter interface config mode.
Step 4 Run the firewall packet-filter command to apply ACL 2000 to the maintenance network port.
Step 5 Run the display firewall packet-filter statistics command and you can find the configuration.
----End
Example
To enable the firewall function, set the default operation of the firewall as deny, and apply ACL
2000 to the outband management interface to filter packets, do as follows:
huawei(config)#firewall enable
huawei(config)#firewall default deny
huawei(config-if-meth0)#firewall packet-filter 2000 inbound
huawei(config)#display firewall packet-filter statistics all
Interface: meth0
In-bound Policy: acl 2000
From 2006-02-16 10:00:26 to 2006-02-16 10:02:43
0 packets, 0 bytes, 0% permitted,
0 packets, 0 bytes, 0% denied,
0 packets, 0 bytes, 0% permitted default,
0 packets, 0 bytes, 0% denied default,
Totally 0 packets, 0 bytes, 0% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Related Operation
Table 20-7 lists the related operation for configuring the firewall function.

Table 20-7 Related operation for configuring the firewall function
Disable the firewall undo firewall enable

function
20.10 Configuring an Accessible Address Segment

This operation enables you to configure the accessible address segment for the firewall of a
Context
l The specified protocol types include: Telnet, SSH, and SNMP.
l Each firewall can be added with up to 10 address segments.
l When one address segment is added, the first address cannot be the same as the existed
one.
l When deleting one address segment, you can only input the first address of the address
segment.
Procedure
Step 1 Run the sysman ip-access command to add an accessible address segment.
Step 2 Run the display sysman ip-access telnet command to query the configuration of the accessible
address segment.
----End
Example
To add a legal address segment the refuse list of the telnet type, do as follows:
huawei (config)#sysman ip-access telnet 1.1.1.1 10.10.10.10
huawei(config)#display sysman ip-access telnet
IP-Access Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.1 10.10.10.10
--------------------------------------------
Related Operation
Table 20-8 lists the related operations for configuring an accessible address segment.
Table 20-8 Related operations for configuring an accessible address segment
Delete an accessible address segment undo sysman ip-access

Display the firewall configuration display sysman
20.11 Configuring the Inaccessible Address Segment

This operation enables you to add the inaccessible address segment for the firewall of the
Context
l The specified protocol type includes: telnet, SSH, and SNMP.
l Each firewall is allowed to add ten address segments.
l When you add an address segment, the start address cannot be the same as an existing one.
l To delete an address segment, input the start address of the address segment.
Procedure
Step 1 Run the sysman ip-refuse command to configure the inaccessible address segment.
Step 2 Run the display sysman ip-refuse command to query configuration of the accessible address
segment.
----End
Example
To add a address segment to the telnet IP-refuse table, do as follows:
huawei(config)#sysman ip-refuse telnet 1.1.1.10 10.10.10.1
huawei(config)#display sysman ip-refuse telnet
IP-Refuse Table:
--------------------------------------------
Index Start-IPAddr End-IPAddr
--------------------------------------------
1 1.1.1.10 10.10.10.1
--------------------------------------------
Related Operation
Table 20-9 lists the related operations for configuring the inaccessible address segment.
Table 20-9 Related operations for configuring the inaccessible address segment
Delete the inaccessible address undo sysman ip-refuse

segment
Display the configuration of firewall display sysman

Configuration Guide 21 Configuring the ADSL2+ Service
21 Configuring the ADSL2+ Service
About This Chapter
This chapter describes the ADSL2+ technology and how to configure the ADSL2+ service on
the MA5600.
21.1 Overview
This section describes the service description and service specifications of Asymmetrical Digital
Subscriber Line 2 plus (ADSL2+).
21.2 Configuration Example of the ADSL2+ PPPoE/IPoE Service
This example shows how to configure the ADSL2+ service so that the user can access the Internet
through the ADSL2+ lines in the PPPoE/IPoE mode.
21.3 Configuration Example of the ADSL2+ IPoA Service
through the ADSL2+ lines in the IPoA mode.
21.4 Configuration Example of the ADSL2+ PPPoA Service
through ADSL2+ lines in the PPPoA mode.
21.5 Adding an ADSL2+ Line Profile
This operation enables you to add an ADSL2+ line profile. This helps to include the parameters
needed by all the ADSL2+ ports in a line profile. After the line profile is configured successfully,
it can be directly used to activate the ports.
21.6 Adding an Extended ADSL2+ Line Profile
This operation enables you to add an extended ADSL2+ line profile. The extended ADSL2+
line profile is used to configure the extended parameters for an ADSL2+ port when the port is
activated. This helps to filter the sub-carrier that are unsuitable for carrying data.
21.7 Adding an ADSL2+ Alarm Profile
This operation enables you to add an ADSL2+ alarm profile. After the alarm profile is configured
and bound successfully, it can be directly used to activate the ports.
21.8 Activating an ADSL2+ Port
This operation enables you to activate an ADSL2+ port for transmitting service data.
21.9 Configuring the Port Rate Measurement Thresholds for an ADSL2+ Port

21 Configuring the ADSL2+ Service Configuration Guide
This operation enables you to configure the upstream and downstream rate measurement
thresholds for an ADSL2+ port.
21.10 Configuring IPoA/IPoE Protocol Conversion
The MA5600 supports the conversion between the IPoA and IPoE protocols. In this way, the
IPoA users can access the upper layer IP network to enhance the access ability and network
capability of the MA5600.
21.11 Configuring PPPoA/PPPoE Protocol Conversion
The MA5600 supports the conversion between the PPPoA and PPPoE protocols. In this way,
the PPPoA users can access the upper layer IP network to enhance the access ability and network
21.12 Querying an ADSL2+ Port
This operation enables you to query the comprehensive information about an ADSL2+ port.
21.13 Enabling the Auto PVC Configuration of an ADSL Modem
This operation enables a modem to automatically configure the VPI/VCI.

21.1 Overview
This section describes the service description and service specifications of Asymmetrical Digital
Subscriber Line 2 plus (ADSL2+).
Service Description
ADSL2+ adopts asymmetric transmission mode and features:
l High rate, up to 24 Mbit/s downstream and 1.2 Mbit/s upstream
l Long reach distance, up to 6.5 km
The MA5600 provides the ADSL2+ service through the ADGE board. An MA5600 shelf can
house up to 14 ADSL2+ boards. With each board providing 64 ADSL2+ ports, a shelf provides
up 896 ADSL2+ subscribers.
The MA5600 provides six encapsulation modes, including llc-Bridge, vcmux-Bridge, llc-IPoA,
vcmux-IPoA, llc-PPPoA and vcmux-PPPoA.
The MA5600 provides an Auto mode, including llc-Bridge, vcmux-Bridge, llc-IPoA, llc-PPPoA
and vcmux-PPPoA.
By default, the encapsulation mode is llc-Bridge.
Table 21-1 lists the encapsulation mode mapping between the MA5600 and the modem.
Table 21-1 Encapsulation mode mapping between the MA5600 and the modem
Service Type Modem Encapsulation Type MA5600 Encapsulation Type
PPPoA llc-PPPoA llc-PPPoA, Auto
vcmux-PPPoA vcmux-PPPoA, Auto
IPoA llc RFC1483/2684 Route llc-IPoA, Auto
vcmux RFC1483/2684 Route vcmux-IPoA
IPoE llc-Bridge llc-Bridge, Auto
vcmux-Bridge vcmux-Bridge, Auto
PPPoE llc-RFC1483/2684 Bridge llc-Bridge, Auto
vcmux-RFC1483/2684 Bridge vcmux-Bridge, Auto
vcmux- PPPoE vcmux-Bridge, Auto
llc-PPPoE llc-Bridge, Auto

21.2 Configuration Example of the ADSL2+ PPPoE/IPoE

Service
through the ADSL2+ lines in the PPPoE/IPoE mode.
Prerequisite
l The ADSL2+ service board is in the normal state.
Context
l The MA5600 can limit the rate of users through the configured traffic profile or the
configured ADSL2+ line profile. If the two profiles work together, the user bandwidth is
the minimum value defined in the two profiles. In this section, the traffic profile is taken
as an example. If the qualified rate of the port is lower than 96%, configure the data
manually. If the user bandwidth is insufficient, reconfigure the data of the traffic profile.
l Only the deactivated port can be bound with the line profile.
Networking
Figure 21-1 lists a sample network for configuring the ADSL2+ PPPoE/IPoE service.
Figure 21-1 Sample network for configuring the ADSL2+ PPPoE/IPoE service
10.1.1.1
Internet
Router
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
PPPoE/IPoE access
Modem
PC
Data Plan
Table 21-2 lists the data plan for configuring the ADSL2+ PPPoE/IPoE service.

Table 21-2 Data plan for configuring the ADSL2+ PPPoE/IPoE service
Item Data Remarks
Traffic profile Index: 7 Configure the access rate,

Access rate: 3072 kbit/s priority, and priority policy in
the traffic profile. When you
Priority: 6 add a service port, you can
Priority policy: Pvc-Setting specify the traffic profile to
restrict the access rate,
priority, and priority policy.
Line profile Index: 1002 (the default When activating the ADSL2
profile) + port, you can use the
parameters configured in the
line profile to negotiate with
the CPE. Upon successful
negotiation, the ADSL2+
port is activated and the lines
connecting to the port can
bear services.
Alarm profile Index: 1 (the default profile) Configure the alarm

threshold of the line
parameter in the alarm
profile. By binding the
threshold to a port, you can
monitor the conditions of the
lines connecting to the port.
In the default alarm profile,
all the alarm thresholds are
set as 0, which indicates that
line monitoring is disabled.
ADGE ADSL2+ port: 0/2/0 -
VLAN ID: 10 Keep it consistent with the

upper layer device.
Upstream/Downstream Configure the upstream/

bandwidth: 3 Mbit/s downstream bandwidth in the
traffic profile according to
the user demands.
In an ideal case, configure the
rate of the traffic profile as
3072 kbit/s. The actual
qualified rate of the port may
be lower than 96%.
Therefore, increase the rate to
meet the user demands.
SCU Upstream port: 0/7/0 -
Gateway IP address: It is the IP address of the

10.1.1.1/24 upper layer router.

Figure 21-2 shows the flowchart for configuring the ADSL2+ PPPoE/IPoE service.
Figure 21-2 Flowchart for configuring the ADSL2+ PPPoE/IPoE service

Start
Is there an No
appropriate traffic
profile?
Yes Add a traffic profile
Create a VLAN and add port(s)

to it
No
Is the port activated?
Yes
Deactivate the ADSL2+ port
No
Is there an
appropriate
line profile?
Yes Add a line profile
Do you need Yes

to add an extended
line profile?
No Add an extended line profile
Is there an No
appropriate alarm
profile?
Yes
Add an alarm profile
Bind the alarm profile
Bind the extended line profile

(optional)
Bind the line profile and

activate the ADSL2+ port
Save the data
End

NOTE
l To authenticate users on the BRAS, configure the name and password of the access user on the BRAS.
To assign IP addresses to users through the BRAS, configure the corresponding IP address pool on the
BRAS.
l In this example, the extended line profile is not configured. If required, refer to "21.6 Adding an
Extended ADSL2+ Line Profile."
Procedure
Step 1 Query and configure the traffic profile.
Command:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------

--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
--------------------------------------------------------------------------
Total Num : 7
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
--------------------------------------------------------------------------
The query result shows that traffic profile 7 is available.
Step 2 Create a VLAN and add a service port and an upstream port to the VLAN.
huawei(config)#service-port vlan 10 adsl 0/2/0 vpi 0 vci 35 multi-service user-
encap pppoe rx-cttr 7 tx-cttr 7
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports in
Batches" to add service ports in batches.
Step 3 Configure the ADSL2+ line profile.

If there is no appropriate line profile, add one. The default line profile 1002 is adopted in this
example.
Step 4 Bind the default alarm profile 1.

huawei(config-if-adsl-0/2)#alarm-config 0 1
Step 5 Bind the line profile and activate ADSL2+ port 0/2/0.
huawei(config)#interface adsl 0/2
huawei(config-if-adsl-0/2)#deactivate 0
huawei(config-if-adsl-0/2)#activate 0 profile-index 1002

huawei(config-if-adsl-0/2)#quit
huawei(config)#save
----End
Result
After the configuration, the user can access the Internet in the PPPoE/IPoE mode.
21.3 Configuration Example of the ADSL2+ IPoA Service

through the ADSL2+ lines in the IPoA mode.
Prerequisite
Context
l With the development of the IP network, IP access becomes the mainstream access mode
for digital subscriber line access multiplexers (DSLAMs). To be compatible with the user
side modems that adopt the ATM as the access mode, the MA5600 supports the conversion
between the IPoA protocol and the PPPoA protocol and that between the IPoE and the
PPPoE protocol, and enables IPoA/PPPoA users to transparently access the upper layer IP
network.
l Currently, the application service of IPoA/PPPoA users is the common Internet service.
l In the case of the IPoA access, you can select the dynamic IP address (without specifying
the source IP address) or the static IP address (specifying the source IP address) for the
packets. To switch from a dynamic address to a static address in the IPoA mode, you must
adopt the LLC-Bridge encapsulation first, and then adopt the IPoA static address
encapsulation.
as an example. If the qualified rate of the port is lower than 96%, configure the data
manually. If the user bandwidth is insufficient, reconfigure the data of the traffic profile.
l Only the deactivated port can be bound with the line profile.

Networking
Figure 21-3 shows a sample network for configuring the ADSL2+ IPoA service.
Figure 21-3 Sample network for configuring the ADSL2+ IPoA service
10.1.1.1
Internet
Router
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
IPoA access
Modem
PC
Data Plan
Table 21-3 lists the data plan for configuring the ADSL2+ IPoA service.
Table 21-3 Data plan for configuring the ADSL2+ IPoA service
Item Data Remarks
Traffic profile Index: 7 Configure the access rate, priority,

and priority policy in the traffic
Access rate: 3072 kbit/s profile. When you add a service port,
Priority: 6 you can specify the traffic profile to
limit the access rate, priority, and
Priority policy: Pvc-Setting priority policy.
Line profile Index: 1002 (the default When activating the ADSL2+ port,
profile) you can use the parameters
configured in the line profile to
negotiate with the customer premises
equipment (CPE).

Item Data Remarks
Alarm profile Index: 1 (the default profile) Configure the alarm threshold of the
line parameter in the alarm profile.
By binding the threshold to a port,
you can monitor the conditions of the
In the default alarm profile, all the
alarm thresholds are set as 0, which
indicates that line monitoring is
disabled.
VLAN ID: 10 Keep it consistent with the upper

layer device.
Upstream/Downstream Configure the upstream/downstream

bandwidth: 3 Mbit/s bandwidth in the traffic profile
according to the user demands.
In an ideal case, configure the rate of
the traffic profile as 3072 kbit/s. The
actual qualified rate of the port may
be lower than 96%. Therefore,
increase the rate to meet the user
demands.
Gateway IP address: It is the IP address of the upper layer

10.1.1.1/24 router.
Figure 21-4 shows the flowchart for configuring the ADSL2+ IPoA service.

Figure 21-4 Flowchart for configuring the ADSL2+ IPoA service
Start
No
Is there an
appropriate traffic
profile?
Bind the line profile
Create a VLAN and add

port(s) to it Bind the alarm profile
Bind the extended line profile

No (optional)
Yes Activate the ADSL2+ port

Configure a MAC address
pool
Is there an No
Enable protocol conversion
appropriate
line profile?
Yes Add a line profile Configure IPoA default

gateway
Do you need Yes
to add an extended
line profile? Set the encapsulation mode
Add an extended line profile

No
Save the data
Is there an No
appropriate alarm
profile?
End
Yes Add an alarm profile

NOTE
l To authenticate users on the broadband remote access server (BRAS), configure the name and password
of the access user on the BRAS. To assign IP addresses to users through the BRAS, configure the
corresponding IP address pool on the BRAS.
Procedure
Command:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
--------------------------------------------------------------------------

--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
--------------------------------------------------------------------------
Total Num : 7
--------------------------------------------------------------------------
If there is no appropriate traffic profile for use, create one.

huawei(config)#traffic table index 7 ip car 3072 priority 6 priority-policy pvc-
Setting
Step 2 Configure the VLAN.

NOTE

example.
Step 5 Bind default alarm profile 1.

Step 6 Configure the IPoA service.

1. Configure MAC address pool 0, which begins with 0000-0000-0001.
huawei(config)#mac-pool 0 0000-0000-0001
2. Enable the IPoA protocol conversion.

huawei(config)#ipoa enable
3. Configure the default IPoA gateway.

huawei(config)#ipoa default gateway 10.1.1.1
4. Set the IPoA service encapsulation mode of ADSL2+ port 0/2/0 as LLC-IPoA.
huawei(config)#encapsulation 0/2 start-portId 0 end-portId 10 type ipoa llc

huawei(config)#save
----End
Result
After the configuration, the user can access the Internet in the IPoA mode.
21.4 Configuration Example of the ADSL2+ PPPoA Service

through ADSL2+ lines in the PPPoA mode.
Prerequisite
Context
in DSLAMs. To be compatible with the use side modems that adopt the ATM as the access
mode, the MA5600 supports the conversion between the IPoA protocol and the PPPoA
protocol and that between the IPoE and the PPPoE protocol, and enables IPoA/PPPoA users
to transparently access the upper layer IP network.

as an example.
Networking
Figure 21-5 shows a sample network for configuring the ADSL2+ PPPoA service.
Figure 21-5 Sample network for configuring the ADSL2+ PPPoA service
10.1.1.1
Internet
Router
A CON
ETH
D MON
G
E
GE0/7/0
SCU MA5600
PPPoA access
Modem
PC
Data Plan
Table 21-4 lists the data plan for configuring the ADSL2+ PPPoA service.
Table 21-4 Data plan for configuring the ADSL2+ PPPoA service
Item Data Remarks
Traffic profile Index: 7 Configure the access rate,

Rate: 3072 kbit/s priority, and priority policy in
the traffic profile. When you
Priority: 6 add a service port, you can
specify the traffic profile to
restrict the access rate,
Line profile Index: 1002 (the default When activating the ADSL2
profile) + port, you can use the
parameters configured in the
line profile to negotiate with
the CPE.

Item Data Remarks


upper layer device.
Upstream/Downstream Configure the upstream/

bandwidth: 3 Mbit/s downstream bandwidth in the
traffic profile according to
the user demands.
In an ideal case, configure the
rate of the traffic profile as
3072 kbit/s. The actual
be lower than 96%.
Therefore, increase the rate to
meet the user demands.
Gateway IP address: It is the IP address of the

10.1.1.1/24 upper layer router.
Figure 21-6 shows the flowchart for configuring the ADSL2+ PPPoA service.

Figure 21-6 Flowchart for configuring the ADSL2+ PPPoA service
Start
No
Is there an
appropriate traffic
profile?
Create a VLAN and add

port(s) to it Bind the alarm profile
No Bind the extended line profile

Yes Activate the ADSL2+ port

Configure a MAC address
pool
Is there an No
Enable protocol conversion
appropriate
line profile?
Yes Add a line profile Set the encapsulation mode
Do you need to Yes

add an extended line
profile? Save the data
Add an extended line profile

No
End
Is there an No
appropriate alarm
profile?

NOTE
l To authenticate users on the BRAS, configure the name and password of the access user on the BRAS.
To assign IP addresses to users through the BRAS, configure the corresponding IP address pool on the
BRAS.
Procedure
Command:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------

--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
--------------------------------------------------------------------------
Total Num : 7
--------------------------------------------------------------------------
Step 2 Create a VLAN and add a service port and an upstream port to the VLAN.
NOTE

example.
Step 5 Bind the default alarm profile 1.

Step 6 Configure the PPPoA service.

1. Configure MAC address pool 0, which begins with 0000-0000-0001.
2. Enable the PPPoA protocol conversion.

huawei(config)#pppoa enable
3. Set the PPPoA service encapsulation mode of ADSL2+ port 0/2/0 as LLC-PPPoA.
huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type pppoa llc

huawei(config)#save
----End
Result
After the configuration, the user can access the Internet in the PPPoA mode.
21.5 Adding an ADSL2+ Line Profile

This operation enables you to add an ADSL2+ line profile. This helps to include the parameters
needed by all the ADSL2+ ports in a line profile. After the line profile is configured successfully,
it can be directly used to activate the ports.
Context
When configuring an ADSL2+ line profile, pay attention to the following points:
l Up to 1002 line profiles can be configured for the MA5600. 1, 1000, 1001 and 1002 are
default ones, which can be modified.
l ADSL2+ line profile contains a series of parameters, such as:
– Upstream/downstream rate
– Upstream/downstream interleaved depth
– Signal to Noise Ratio (SNR) margin
When a port is being activated, the ATU-R negotiates with the ATU-C based on the
parameters in the line profile, so as to determine whether the connection can be set up to
between them under the existing conditions.
l When the transmission mode is G.lite (G992.2/G992.4), you can select only "interleaved"
as the channel mode.
l When the downstream channel mode is fixed, the downstream rate must be equal to the
minimum rate.

l When setting the upstream/downstream SNR margin, make sure that the settings comply
with mini. SNR margin ≤ target SNR margin ≤ max. SNR margin.
l According to G.lite Standards, when the transmission mode is G.lite (G992.2/G992.4), the
supported rate ranges 64–1536 kbit/s in downstream, and 32–512 kbit/s in upstream.
l When setting the downstream SNR margin for rate downshift, make sure that it is larger
than or equal to the downstream mini. SNR margin. Similarly, the upstream SNR margin
for rate downshift shall be equal to or larger than the upstream mini. SNR margin.
Figure 21-7 and Figure 21-8 show the flowchart for configuring an ADSL2+ line profile.

Figure 21-7 Flowchart for configuring an ADSL2+ line profile-1
Start
No
Name the profile?
Yes
Set profile name
Select profile type: ADSL2+
No
Configure the Modem?
Yes
Select ADSL2+ working mode
Set trellis coding
Set downstream channel

bit swap
Set upstream channel bit swap
Interleaved
mode
Set channel mode
No
Set interleaved delay? Fast channel mode
Yes
Select downstream adapt mode
Set max. downstream
interleaved delay
Set SNR margin for

Set max. upstream interleaved Modem? B
delay No
Yes
Set target SNR margin in

downstream
Set min. SNR margin in

downstream
Set max. SNR margin in

downstream

Figure 21-8 Flowchart for configuring an ADSL2+ line profile-2
A
Set downstream SNR margin
Set target SNR margin in for rate downshift
upstream
Set downstream SNR margin
Set max. SNR margin in for rate upshift
upstream
Set min. SNR margin in Set upstream SNR margin for

upstream rate downshift
Set upstream SNR margin for

rate upshift
No
Set adjustment time? B
Yes
Set min. downshift time in
downstream

upstream

upstream
Set min. upshift time in

B upstream
No
Set bit rate?
Yes
Set min. transmit rate in
downstream
Set max. transmit rate in

downstream
Set min. transmit rate in

upstream
Set max. transmit rate in

upstream
End

Procedure
Run the adsl line-profile add command to add an ADSL2+ line profile.
----End
Example
Assume that:
l ADSL2+ work mode: G.dmt
l Maximum downstream delay: 8 ms
l Maximum upstream delay: 2 ms
l Minimum downstream rate: 1024 Kbit/s
l Maximum downstream rate: 32000 Kbit/s
l Minimum upstream rate: 32 Kbit/s
l Maximum upstream rate: 512 Kbit/s
To add an ADSL2+ line profile, do as follows:
huawei(config)#adsl line-profile add
{ <cr>|profile-index<L><2,999> }:
Command:
adsl line-profile add
Start adding profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n) [n]:
> Please choose default value type 0-adsl 1-adsl2+ (0~1) [0]:1
> Will you set basic configuration for modem? (y/n)[n]:y
Note: Setting to these mode of G992.3~5 will lead that the adsl ports that
are not support adsl2+ not be activated
ADSL transmission mode:
> 0: All (G992.1~5,T1.413)
> 1: Full rate(G992.1/3/5 or T1.413)
> 2: g.lite(G992.2/4) (ADSL over ISDN board doesn't support g.lite mode)
> 3: T1.413(ADSL over ISDN board doesn't support T1.413 mode)
> 4: g.dmt (G992.1/3/5)
> 5: g.hs (G992.1~5, G992.5 is prior)
> 6: G992.1
> 7: G992.2
> 8: G992.3
> 9: G992.4
> 10:G992.5
> 11: ADSL all (G992.1~2,T1.413)
> 12: ADSL&ADSL2(G992.1/3 or T1.413)
Please select (0~12) [0]: 4
> Trellis mode 0-disable 1-enable (0~1) [1]:

> Downstream channel bit swap 0-disable 1-enable (0~1) [1]:
> Upstream channel bit swap 0-disable 1-enable (0~1) [1]:
> Please select channel mode 0-interleaved 1-fast (0~1) [0]:
> Will you set interleaved delay? (y/n)[n]:y
> Maximum downstream interleaved delay(0~255 ms) [16]:8
> Maximum upstream interleaved delay(0~255 ms) [6]:2
> Please select form of transmit rate adaptation in downstream:
> 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]:
> Will you set SNR margin for modem? (y/n)[n]:
> Will you set parameters for rate? (y/n)[n]:y
> Minimum transmit rate in downstream (32~32000 Kbps) [32]: 1024
> Maximum transmit rate in downstream (32~32000 Kbps) [24544]: 32000

> Minimum transmit rate in upstream (32~6000 Kbps) [32]:

> Maximum transmit rate in upstream (32~6000 Kbps) [1024]: 512
Add profile 3 successfully
Table 21-5 lists parameters of an ADSL2+ line profile.
Table 21-5 Parameters of an ADSL2+ line profile

Profile Index You can input the line profile index or press Enter to enable
the system to allocate a profile index. The profile index is
unique.
ADSL2+ transmission mode Currently, there are six ADSL/ADSL2+ working modes:
G992.1, G992.2, G992.3, G992.4, G992.5 and T1.413.
l G992.2 adopts rather narrow frequency spectrum and low
upstream/downstream rate. Its frequency spectrum is only
half of that of G992.1 or T1.413; its maximum upstream
and downstream rates are 512 kbit/s and 1536 kbit/s
respectively.
l G992.1 and the T1.413 adopt similar rates: up to 8160
kbit/s in downstream, and up to 896 kbit/s in upstream.

Trellis mode The Trellis coding algorithm is used to boost SNR and
enhance line stability. It is usually enabled.
Upstream/Downstream When the conditions of an ADSL2+ channel get worse, the

channel bit swap SNR of a sub-carrier may deteriorate, resulting in failure in
bearing the bits allocated to the sub-carrier. With the bit swap
function, the system can swap the allocated bits from one
sub-carrier to another to avoid possible disconnection due to
the variation in characteristics.
channel mode There are two channel modes: interleave mode and fast
mode. Compared with fast mode, the interleave mode is
characterized by stable line connection, and longer
transmission delay.
l For common Internet access services, the interleave mode
is recommended.
l For services that are delay sensitive, such as Video On
Demand (VOD), fast mode is recommended.

Maximum downstream/ The larger the interleave delay, the higher the ADSL2+
upstream interleaved depth connection stability, but the longer the transmission delay.

Adapt mode in downstream/ There are three adapt modes:

upstream l 1-fixed
l 2-adaptAtStartup
l 3-adaptAtRuntime
SNR margin for modem The SNR margin refers to the additional tolerable SNR that
does not lead to the deterioration of the current line rate. The
larger the modem SNR margin, the higher the connection
stability, but the lower of the activated physical connection
rate.
Minimum SNR margin in In the process of ADSL2+ connection setup, if the calculated
downstream/upstream SNR margin is lower than the preset one, the port activation
will fail.
Maximal SNR margin in In the process of ADSL2+ connection setup, if the calculated
downstream/upstream target SNR margin of an ADSL2+ line is higher than the
preset max. SNR margin, the system will limit the
downstream max. SNR margin to the preset max. value.
Target SNR margin in The target SNR margin is the preserved SNR margin to
downstream/upstream ensure normal communication in the case of line SNR
deterioration. The larger the target SNR margin, the lower
the chance of occurrence of the line error, the safer the
system may be, but the lower the data transmission rate.
Therefore, the target SNR margin shall be adjusted based on
the actual line conditions.
Downstream/Upstream SNR When the SNR margin reaches this value, the system starts
margin for rate downshift to adjust the rate downwards.
Downstream/Upstream SNR When the SNR margin reaches this value, the system starts
margin for rate upshift to adjust the rate upwards.
Minimum upshift time in When the SNR margin reaches "SNR margin for rate
downstream/upstream upshift", the system will keep the current rate for a certain
period before adjusting the rate upwards.
Minimum downshift time in When the SNR margin reaches "SNR margin for rate
downstream/upstream downshift", the system will keep the current rate for a certain
period before adjusting the rate downwards.
Minimum bit rate in In the process of ADSL2+ connection setup, if the calculated
downstream/upstream upward/downward rate is lower than this value, the port
activation will fail.

Maximum bit rate in In setting up the ADSL2+ connection, if the line is in good
downstream/upstream condition and the calculated downstream/upstream rate of an
ADSL2+ line is higher than the preset max. value, the system
will limit the rate to the preset value while increasing the
SNR margin. If the line is in poor condition, and the
calculated downstream/upstream rate is lower than the set
max. rate, the system will set up the ADSL2+ connection at
the calculated rate, while maintaining the target SNR margin.
Related Operation
Table 21-6 lists the related operations for adding an ADSL2+ line profile.
Table 21-6 Related operations for adding an ADSL2+ line profile

Quickly add an ADSL2+ adsl line-profile quickadd The system adopts non-interactive
line profile mode for inputting parameters of
the command. The command
serves as a complement to the
command adsl line profile add.
Delete an ADSL2+ line adsl line-profile delete You cannot delete the default line
profile profiles or a referenced line profile.
Modify an ADSL2+ line adsl line-profile modify After the line profile is modified,
profile the system prompts that the profile
takes effect immediately
Quickly modify an adsl line-profile The system adopts non-interactive

ADSL2+ line profile quickmodify mode for inputting parameters of
the command. The command
command adsl line profile
modify.
Display an ADSL2+ line display adsl line-profile -

profile
21.6 Adding an Extended ADSL2+ Line Profile

This operation enables you to add an extended ADSL2+ line profile. The extended ADSL2+
line profile is used to configure the extended parameters for an ADSL2+ port when the port is
activated. This helps to filter the sub-carrier that are unsuitable for carrying data.

Context
An extended ADSL2+ line profile is used to configure the extended parameters for an ADSL2
+ port when the port is activated. The following are three major parameters:
l missingtone
When you set this parameter to the specified sub-carrier of the line, these sub-carriers
has no power output, and no bit is allocated to them.
If the noise of some bands is very unstable, you can set this parameter to forbid this
band. In this way, the line will not be affected by the band.
Some bands have special purposes in some regions. To prevent interference to these
bands, you can set the parameter to forbid these bands.
l Impulse Noise Protection (INP)
INP defines the capacity of resisting the impulse interference of the ADSL channel. Its
unit is DMT SYMBOL.
If INP is 1, it means that the current ADSL channel can resist the impulse noise of one
DMT SYMBOL.
l Maximum downstream power spectral density (PSD) margin
The maximum downstream PSD margin ranges from –40 dBm/Hz to –52 dBm/Hz. By
default, it is –40 dBm/Hz.
l L2 low power management mode configuration
The system allows you to set the switch for automatic entering or exiting L2 low power
mode, allowing or prohibiting the board automatically to enter or exit L2 low power
mode according to the data traffic.
The MA5600 supports up to 32 extended ADSL2+ line profiles. After an extended ADSL2+
line profile is configured, bind it with the ports and then directly reference it for activating the
ADSL2+ ports.
NOTE
l The H561ADBF board supports Annex.B working mode only. If the Annex type is incorrect and the
incorrect extended line profile is used to activate the port, the system automatically selects a suitable
parameter to ensure that the port can be activated normally.
l The H569ADEE board does not support Annex.B working mode. If the entered Annex type is Annex.B
and the incorrect extended line profile is used to activate the port,the system automatically selects a
suitable parameter to ensure that the port can be activated normally.
Procedure
Step 1 Run the adsl extline-profile add command to add an extended ADSL2+ line profile.
Step 2 Run the display adsl extline-profile command to query a configured extended ADSL2+ line
profile.
----End
Example
Add an extended ADSL2+ line profile and disable the tones 40-50, and then validate the
configuration. To set the minimum pulse noise protection parameter for the downstream line as
noProtection, transmission mode as G992.1, and Annex type as Annex.A, do as follows:

huawei(config)#adsl extline-profile add

{ <cr>|profile-index<L><1,32> }:
Command:
adsl extline-profile add
Notes: If pilot tone is included in the forbidden tones ,the link may not be
activated
When port activated with annexA in mode G992.1, 64tone is pilot
When port activated with annexB in mode G992.1, 96tone is pilot
neglected
>　 Do you want to name the profile (y/n) [n]:
> Will you configure the disabled tone? (y/n)[n]:y
> How many sections do you want to configure?(1-4)[4]:
> No.1 Please input the start index of the disabled tone(32-511)[32]:40
> Please input the end index of the disabled tone(32-511)[32]:50
> Do you want to validate the settings of this section? (y/n)[n]:y
> No.2 Please input the start index of the disabled tone(32-511)[32]:
> Please input the end index of the disabled tone(32-511)[32]:
> Will you configure the minimum INP in downstream? (y/n)[n]:y
> Minimum INP on downstream direction:
> 0--auto
> 1--noProtection(0)
> 2--halfSymbol(0.5)
> 3--singleSymbol(1)
> 4--twoSymbols(2)
> 5--fourSymbols(4)
Please select (0~5) [0]:
> Will you configure the minimum INP in upstream? (y/n)[n]:y
> Minimum INP on uptream direction:
> 0--auto
> 1--noProtection(0)
> 2--halfSymbol(0.5)
> 3--singleSymbol(1)
> 4--twoSymbols(2)
> 5--fourSymbols(4)
Please select (0~5) [0]:
> Will you configure the maximum PSD mask in downstream? (y/n)[n]:y
> Maximum PSD mask in downstream(40~52 -dBm/Hz) [40]:
> Warning: The configuration of transmission mode in extline-profle will
replace the one configured in line-profile when the transmission mode is enabled!
> Will you enable the transmission mode?(y/n)[n]:y
ADSL transmission mode in standard :
> 1: G992.1 2: G992.2 3: G992.3 4: G992.5 5: T1.413
> Please input the standard possible in use(1-5)[1,3-4]:
ADSL annex type :
> 1: Annex.A 2: Annex.B 3: Annex.L 4: Annex.M
> Please input the Annex possible in use(1-4)[1-4]:
> Will you configure the L2 parameter?(y/n)[n]:y
> L2 mode state: 0-disable,1-enable,2-force(0~2)[0]:2
> Warning: System can not support to force into or out of L2 power mode by
manually now!
> L2 mode state: 0-disable,1-enable,2-force(0~2)[0]:1
> Minimum L0 time interval between L2 exit and next L2 entry(0~255s)[255]:
> Minimum L2 time interval between L2 entry and first L2 trim(0~255s)[30]:
> Maximum aggregate transmit power reduction per L2 request or L2 power trim(0~
31db)[3]:
> Total maximum aggregate transmit power reduction in L2(0~31db)[9]:
huawei(config)#display adsl extline-profile 1
------------------------------------------------------------------

Profile Index : 1 Name: ADSL EXTLINEPROFILE 1
Minimum INP in downstream(DMT Symbol) :auto

Minimum INP in upstream(DMT Symbol) :auto
Maximum PSD mask in downstream(-dBm/Hz) :40
ADSL transmission mode in standard :G992.1,G992.3,G992.5
ADSL annex type :Annex.A,Annex.B,Annex.L,Annex.M
L2 mode state :enable
Minimum L0 time(s) :255
Minimum L2 time(s) :30
L2 interval power(db) :3
L2 total power(db) :9
Current configuration of each section:

Sections Value Effective
Section 1 40 - 50 y
Section 2 32 - 32 y
Section 3 32 - 32 y
Section 4 32 - 32 y
------------------------------------------------------------------
Related Operation
Table 21-7 lists the related operations for adding an extended ADSL2+ line profile.
Table 21-7 Related operations for adding an extended ADSL2+ line profile
Quickly add an adsl extline-profile The system adopts non-interactive mode

extended ADSL2+ quickadd for inputting parameters of the
line profile command. It is a complement to the adsl
extline-profile add command.
Delete an extended adsl extline-profile You cannot delete a referenced extended

ADSL2+ line profile delete line profile.
Modify an extended adsl extline-profile After the profile is modified, the system
ADSL2+ line profile modify prompts the profile takes effect
immediately.
Quickly modify an adsl extline-profile The system adopts non-interactive mode

extended ADSL2+ quickmodify for inputting parameters of the
line profile command.
Bind/unbind an (undo)extline-config To bind an extended ADSL2+ line

extended ADSL2+ profile with all ports on a board at a time,
line profile run the extline-config all command.
21.7 Adding an ADSL2+ Alarm Profile

This operation enables you to add an ADSL2+ alarm profile. After the alarm profile is configured
and bound successfully, it can be directly used to activate the ports.
Prerequisite
The ADSL2+ line meets the requirements of service provisioning.

Context
When adding an ADSL2+ alarm profile, you should pay attention to the following points:
l The MA5600 has a default ADSL2+ alarm profile named DEFVAL and numbered 1. You
can modify the profile but cannot delete it.
l The ADSL2+ alarm profile contains a series of alarm thresholds to measure and monitor
an activated ADSL2+ line. When a statistic reaches the threshold, the MA5600 sends the
alarm to the loghost and NMS.
Figure 21-9 shows the flowchart for adding an ADSL2+ alarm profile.

Figure 21-9 Flowchart for adding an ADSL2+ alarm profile
Configure ADSL2+ alarm profile Set threshold of negative difference

between current and past transmit
rate in interleaved mode
Set alarm profile index
Set LOF seconds in ATU-R

Set LOF seconds in ATU-C
Set LOS seconds in ATU-R

Set LOS seconds in ATU-C
Set LOP seconds in ATU-R

Set LOL seconds in ATU-C
Set errored seconds in ATU-R

Set LOP seconds in ATU-C
Set severely errored seconds in ATU-R

Set errored seconds in ATU-C
Set unavailable seconds in ATU-R

No
Report initialization failure?
Set threshold of positive difference
rate in fast mode
Yes
Set failed fast retrain seconds Set threshold of positive difference
in ATU-C between current and past transmit rate
in interleaved mode
Set severely errored seconds
in ATU-C Set threshold of negative difference
Set unavailable seconds in ATU-C rate in fast mode
Set threshold of negative difference

Set threshold fo positive difference between current and past transmit
between current and past transmit rate in interleaved mode
rate in fast mode
Set threshold of positive difference End

rate in interleaved mode
Set threshold of negative difference

betwen current and past transmit
rate in fast mode
Procedure
Run the adsl alarm-profile add command to add an ADSL2+ alarm profile.
----End

Example
To add an ADSL2+ alarm profile, with the index of 2, do as follows:
huawei(config-if-adsl-0/2)#adsl alarm-profile add 2
neglected
<ATU-C>
> The number of Loss of Frame Seconds (0~900) [0]:50
> The number of Loss of Signal Seconds (0~900) [0]:10
> The number of Loss of Link Seconds (0~900) [0]:
> The number of Loss of Power Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]:
> Enable or disable the Initial failure trap 0-disable 1-enable (0~1) [0]:
> The number of failed fast retrain seconds (0~900) [0]:10
> The number of severely errored seconds (0~900) [0]:
> The number of unavailable seconds (0~900) [0]:
> Threshold of positive difference between the current and the past transmit
rate in fast mode (0~31968Kbps) [0]:100
rate in interleaved mode (0~31968Kbps) [0]:
> Threshold of negative difference between the current and the past transmit
rate in fast mode (0~31968Kbps) [0]:
<ATU-R>
> The number of Loss of Frame Seconds (0~900) [0]:10
> The number of Loss of Signal Seconds (0~900) [0]:10
> The number of Loss of Power Seconds (0~900) [0]:10
Table 21-8 lists the parameters of an ADSL2+ alarm profile.
Table 21-8 Parameters of an ADSL2+ alarm profile
Index You can enter a profile index or press Enter to enable

the system to designate an index for it. The profile
index is unique.
The number of loss of frame Seconds Within any given 15-minute period, if the number of
downstream frame second loss exceeds the preset
value, an alarm is generated.
The number of loss of signal Seconds Within any given 15-minute period, if the number of
lost signal seconds exceeds the preset value, an alarm
is generated.

The number of loss of link seconds Within any given 15-minute period, if the number of
lost link seconds exceeds the preset value, an alarm is
generated.
The number of loss of power seconds Within any given 15-minute period, if the number of
lost power seconds exceeds the preset value, an alarm
is generated.
The number of errored seconds Within any given 15-minute period, if the number of
errored seconds exceeds the preset value, an alarm is
generated.
The number of failed fast retrain Within any given 15-minute period, if the number of
seconds failed retrain events exceeds the preset value, an alarm
is generated.
The number of severely errored Within any given 15-minute period, if the number of
seconds severely errored seconds exceeds the preset value, an
alarm is generated.
The number of unavailable seconds Within any given 15-minute period, if the number of
unavailable seconds exceeds the preset value, an
alarm is generated.
Threshold of positive difference Within any given 15-minute period, if the positive
between the current and the past difference between the current and the past transmit
transmit rate in fast mode rates in fast mode exceeds the preset value, an alarm
is generated.
Threshold of negative difference Within any given 15-minute period, if the negative
transmit rate in fast mode rates in fast mode exceeds the preset value, an alarm
is generated.
Threshold of positive difference Within any given 15-minute period, if the positive
transmit rate in interleaved mode rates in interleaved mode exceeds the preset value, an
alarm is generated.
Threshold of negative difference Within any given 15-minute period, if the negative
transmit rate in interleaved mode rates in interleaved mode exceeds the preset value, an
alarm is generated.
Related Operation
Table 21-9 lists the related operations for adding an ADSL2+ alarm profile.

Table 21-9 Related operations for adding an ADSL2+ alarm profile

Command...
Quickly add an ADSL2+ adsl alarm-profile The system adopts non-interactive

alarm profile quickadd mode for inputting the parameters of
the command. The command serves as
a complement to the adsl alarm profile
add command.
Delete an ADSL2+ alarm adsl alarm-profile You cannot delete the default alarm
profile delete profiles or a referenced alarm profile.
Modify an ADSL2+ adsl alarm-profile After the profile is modified, the system
alarm profile modify prompts that the profile takes effect
immediately.
Quickly modify an adsl alarm-profile The system adopts the non-interactive

ADSL2+ alarm profile quickmodify mode for inputting parameters of the
command. The command serves as a
complement to the adsl alarm profile
modify command.
Display an ADSL2+ display adsl alarm- -

alarm profile profile
Bind an ADSL2+ alarm alarm-config A configured alarm profile can take

profile effect only after it is bound with an
ADSL2+ port.
21.8 Activating an ADSL2+ Port

This operation enables you to activate an ADSL2+ port for transmitting service data.
Prerequisite
The ADSL2+ line profile has been configured.
Context
l Activating (or activation) refers to the training between the ATU-C and the ATU-R. During
the training process, the system checks the line distance and line state based on settings
included in the line profile, such as upstream/downstream line rate and SNR margin. The
ATU-C negotiates with the ATU-R to check whether the MA5600 can work well under the
existing conditions.
l If the training succeeds, the ATU-C can communicate with the ATU-R. At the moment,
the port works in activated state, and is ready for service data transmission.
l When the ATU-R is online, the activation process ends upon the completion of the training.
When the ATU-R gets offline, the communication is terminated, and the ATU-C is in
listening state. Once the ATU-R gets online, the training process begins automatically.
When the training succeeds, the port is activated.

l To activate an ADSL2+ port, you need to bind it with an ADSL2+ line profile. If no profile
is specified, the system will use the profile bound with the port last time to activate ADSL2
+ port.
Procedure
Step 1 Run the activate command to activate an ADSL2+ port.
Step 2 Run the display port state command to query the activated port.
----End
To activate all ports on ADSL2+ board in slot0/2 using line profile 1, do as follows:
huawei(config-if-adsl-0/2)#activate all profile-index 1
huawei(config-if-adsl-0/2)#display port state all
32 Activated 1 1 --
33 Activated 1 1 --
34 Activated 1 1 --
35 Activated 1 1 --
36 Activated 1 1 --
37 Activated 1 1 --
38 Activated 1 1 --
39 Activated 1 1 --
40 Activated 1 1 --
41 Activated 1 1 --
42 Activated 1 1 --
43 Activated 1 1 --
44 Activated 1 1 --
45 Activated 1 1 --
46 Activated 1 1 --
47 Activated 1 1 --
48 Activated 1 1 --
49 Activated 1 1 --
50 Activated 1 1 --
51 Activated 1 1 --
52 Activated 1 1 --
53 Activated 1 1 --
54 Activated 1 1 --
55 Activated 1 1 --
56 Activated 1 1 --
57 Activated 1 1 --
58 Activated 1 1 --
59 Activated 1 1 --
60 Activated 1 1 --
61 Activated 1 1 --
62 Activated 1 1 --
63 Activated 1 1 --
----------------------------------------------------------------------
Total number of activated port : 64
Total number of unactivated port: 0
To activate port 0 on the ADSL2+ board in slot 0/2 using line profile huawei, do as follows:
huawei(config-if-adsl-0/2)#activate 0 profile-name huawei
huawei(config-if-adsl-0/2)#display port state 0
----------------------------------------------------------------------
Port Status Line_Profile Alm_Profile Ext_Profile
----------------------------------------------------------------------
0 Activated 3 1 --
----------------------------------------------------------------------
Related Operation
Table 21-10 lists the related operations for activating an ADSL2+ port.

Table 21-10 Related operations for activating an ADSL2+ port
Deactivate an ADSL2+ deactivate After an ADSL port is deactivated,

port the communication link
established during activation
between the ATU-C and the ATU-
R will be disconnected. For service
transmission, activate the port
again.
Loop back ADSL port loopback -
21.9 Configuring the Port Rate Measurement Thresholds for

an ADSL2+ Port
This operation enables you to configure the upstream and downstream rate measurement
thresholds for an ADSL2+ port.
Context
l When an ADSL2+ port is activated, the upstream and downstream rate measurements states
change.
l If the host detects one rate measurement does not meet the system requirement, an alarm
will be reported to the NMS.
l If the host detects both the upstream and downstream rate measurements meet the system
requirement, a recovery alarm will be reported.
l The upstream and downstream rate measurement thresholds are set separately. If you need
to monitor both the upstream rate and downstream rate, set the upstream and downstream
rate measurement thresholds respectively.
l The upstream and downstream rate measurement thresholds can be set to rates or percents.
l The upstream and downstream rate measurement thresholds can be configured for all ADSL
boards for one time. They can also be configured for a specified ADSL port.
l The system generates alarms irrespective of whether the upstream and downstream rate
measurement thresholds meet the requirement. This does not affect other processing of a
port.
Procedure
Step 1 Run the adsl line-monitoring command to set the rate measurement thresholds for an ADSL2
+ port.
Step 2 Run the display adsl line-monitoring command to query the rate measurement thresholds
information of an ADSL2+ port.
----End

Example
To set the upstream rate measurement threshold of all ADSL boards as 80%, do as follows:
huawei(config)#adsl line-monitoring all rate-threshold upstream upstream-rate-pe
rcent 80
Command was executed successfully for slot : 0, 1, 2
huawei(config)#display adsl line-monitoring 0/2/0
Port ID : 0/2/0
Port Type : ADSL
Line Monitoring Upstream Rate-percent : 80 percent
Line Monitoring Downstream Rate-percent : 80 percent
To set the downstream rate measurement threshold of port 0/2/0 as 90%, do as follows:
huawei(config)#adsl line-monitoring port 0/2/0 rate-threshold downstream
downstream-rate-percent
90
huawei(config)#display adsl line-monitoring 0/2/0
Port ID : 0/2/0
Port Type : ADSL
Line Monitoring Upstream Rate-percent : 80 percent
Line Monitoring Downstream Rate-percent : 90 percent
21.10 Configuring IPoA/IPoE Protocol Conversion

The MA5600 supports the conversion between the IPoA and IPoE protocols. In this way, the
IPoA users can access the upper layer IP network to enhance the access ability and network
21.10.1 Enabling IPoA Protocol Conversion
This operation enables IPoA/IPoE protocol conversion.
21.10.2 Setting the Aging time of IPoA Forwarding Entry
This operation enables you to set the aging time of IPoA forwarding entry.
21.10.3 Setting the Default Gateway of the IPoA User
This operation enables you to configure the default gateway of the IPoA user.
21.10.4 Configuring the Encapsulation Type of the IPoA User
This operation enable you to configure the encapsulation type of the IPoA user.
21.10.1 Enabling IPoA Protocol Conversion

This operation enables IPoA/IPoE protocol conversion.
Procedure
Step 1 Run the ipoa enable command to enable IPoA protocol conversion.
Step 2 Run the display ipoa config command to query IPoA protocol conversion state.
----End
Example
To enable IPoA protocol conversion, do as follows:
Run the display ipoa config command and you can find the IPoA protocol conversion is enabled.

huawei(config)#display ipoa config

IPoA status : enable
IPoA user default gateway : 0.0.0.0
IPoA expire-time : 1200 s
Related Operation
Table 21-11 lists the related operations for enabling IPoA protocol conversion.
Table 21-11 Related operations for enabling IPoA protocol conversion
Disable IPoA protocol conversion ipoa disable
21.10.2 Setting the Aging time of IPoA Forwarding Entry

This operation enables you to set the aging time of IPoA forwarding entry.
Context
l By default, the aging time of IPoA forwarding entry is 1200s.
l When the aging time times out, the IPoA forwarding entry cannot be updated, and the
system regards users offline.
Procedure
Step 1 Run the ipoa expire-time command to set the aging time of IPoA forwarding entry.
Step 2 Run the display ipoa config command to query the correctly configured aging time of IPoA
forwarding entry.
----End
Example
To configure the aging time of IPoA forwarding entry as 300s, do as follows:
huawei(config)#ipoa expire-time 300
Run the display ipoa config command and you can find the aging time of IPoA forwarding entry
is set correctly.
Related Operation
Table 21-12 lists the related operation for setting the aging time of IPoA forwarding entry.

Table 21-12 Related operation for setting the aging time of IPoA forwarding entry
Query the IPoA configuration display ipoa config
21.10.3 Setting the Default Gateway of the IPoA User

This operation enables you to configure the default gateway of the IPoA user.
Context
l By default, the gateway of the IPoA user is 0.0.0.0.
l The default gateway of the IPoA user is the interface IP address of upper device that
connects to the MA5600. But not that of the MA5600 its own.
Procedure
Step 1 Run the ipoa deault gateway command to set the default gateway of the IPoA user.
Step 2 Run the display ipoa config command to query the default gateway of the IPoA user is set
correctly.
----End
Example
To set the default gateway of the IPoA user as 10.1.1.1, do as follows:
Run the display ipoa config command and you can find that the default gateway of the IPoA
user is set correctly.
Related Operation
Table 21-13 lists the related operations for setting the default gateway of the IPoA user.
Table 21-13 Related operations for setting the default gateway of the IPoA user
Restore the default gateway of the IPoA user undo ipoa default gateway
21.10.4 Configuring the Encapsulation Type of the IPoA User

This operation enable you to configure the encapsulation type of the IPoA user.

Context
l By default, LLC and VC-MUX are used for the IPoA encapsulation. You can set the
encapsulation type as needed.
l When configuring LLC for the IPoA service, pay attention to the following points:
– LLC encapsulation supports both dynamic and static source IP address learning. So you
do not need to specify the source IP address if the modem automatically reports the IP
address.
– When a default gateway has been configured for the IPoA service, you need not
configure the destination IP address for the IPoA user. In this case, the user’s destination
IP address is that of the default gateway.
– After you have configured IPoA encapsulation for an xDSL port, you can delete a virtual
port only after you have changed the encapsulation type to LLC bridge.
– Make sure the MAC address pool is configured before the encapsulation configuration.
Otherwise, the encapsulation configuration fails.
l When configuring VC-MUX for the IPoA service, pan attention to the following points:
– Since VC-MUX encapsulation supports only static source IP address learning, you must
specify the source IP address.
– When a default gateway has been configured for the IPoA service, you need not
configure the destination IP address for the IPoA user. In this case, the user’s destination
IP address is that of the default gateway.
– After you have configured IPoA encapsulation for an xDSL port, you can delete a virtual
port only after you have changed the encapsulation type to LLC bridge.
– Make sure the MAC address pool is configured before the encapsulation configuration.
Otherwise, the encapsulation configuration fails.
Procedure
Step 1 Run the encapsulation command to configure the encapsulation type of the IPoA user.
Step 2 Run the display encapsulation type command to query the configuration.
----End
Example
To configure the encapsulation type of the IPoA user as LLC, do as follows:
huawei(config)#encapsulation 0/2/0 vpi 0 vci 34
{ type<K> }:type
{ bridge<K>|pppoa<K>|auto<K>|ipoa<K> }:ipoa
{ llc<K>|vc-mux<K> }:llc
{ <cr>|srcIP<K>|dstIP<K> }:
Command:
encapsulation 0/2/0 vpi 0 vci 34 type ipoa llc
Changing encapsulation type may cause service interruption, are you sure to
make the operation? (y/n)[n]y
Set encapsulation type successfully
Run the display encapsulation type command to query the LLC-IPoA user.
huawei(config)#display encapsulation type ipoa llc
{ <cr>|number<K> }:
Command:
display encapsulation type ipoa llc
--------------------------------------------------------------------------

F/S /P VPI VCI ENCAP SRCIP DSTIP SRCIP-MODE

--------------------------------------------------------------------------
0/2 /0 0 34 llc_ip 0.0.0.0 1.1.1.1 dynamic
--------------------------------------------------------------------------
Total: 1
VLAN ID etc.), The vpi is access-end VLAN ID in vdsl port
To configure the encapsulation type of the IPoA user as VC-MUX, do as follows:

huawei(config)#encapsulation
{ frame/slot/port<S><1,15>|frame/slot<S><1,15> }:0/2/0 vpi 0 vci 34
{ type<K> }:type
{ bridge<K>|pppoa<K>|auto<K>|ipoa<K> }:ipoa
{ llc<K>|vc-mux<K> }:vc-mux
{ srcIP<K> }:srcIP 10.1.1.2
{ <cr>|dstIP<K> }:
Command:
encapsulation 0/2/0 vpi 0 vci 34 type ipoa vc-mux srcIP 10.1.1.2
Run the display encapsulation type command to query the VC-MUX-IPoA user.
huawei(config)#display encapsulation type ipoa vc-mux
{ <cr>|number<K> }:
Command:
display encapsulation type ipoa vc-mux
----------------------------------------------------------------------------
----------------------------------------------------------------------------
0/2 /0 0 34 vc_ip 10.1.1.2 10.1.1.1 static
----------------------------------------------------------------------------
Total: 1
VLAN ID etc.), The VPI is access-end VLAN ID in VDSL port
21.11 Configuring PPPoA/PPPoE Protocol Conversion

The MA5600 supports the conversion between the PPPoA and PPPoE protocols. In this way,
the PPPoA users can access the upper layer IP network to enhance the access ability and network
21.11.1 Enabling PPPoA Protocol Conversion
This operation enables you to convert the PPPoA protocol to PPPoE protocol, so that the PPPoA
user can access the upper layer IP network.
21.11.2 Configuring the Encapsulation Type of the PPPoA User
This operation enables you to configure the encapsulation type of the PPPoA user.
21.11.3 Enabling PPPoA/PPPoE MRU Negotiation
This operation enables you to enable PPPoA/PPPoE maximum receive unit (MRU) negotiation.
21.11.1 Enabling PPPoA Protocol Conversion

This operation enables you to convert the PPPoA protocol to PPPoE protocol, so that the PPPoA
user can access the upper layer IP network.

Procedure
Step 1 Run the pppoa enable command to enable PPPoA/PPPoE protocol conversion.
Step 2 Run the display pppoa config command to query the PPPoA/PPPoE protocol conversion state.
----End
Example
To enable the PPPoA/PPPoE protocol conversion, do as follows:
Run the display pppoa config command and you can query the PPPoA protocol conversion is
enabled.
huawei(config)#display pppoa config
Global PPPoA-to-PPPoE conversion : Enable
Max-receive-unit negotiate function: Disable
Related Operation
Table 21-14 lists the related operations for enabling PPPoA protocol conversion.
Table 21-14 Related operations for enabling PPPoA protocol conversion
Disable the PPPoA protocol conversion pppoa disable
21.11.2 Configuring the Encapsulation Type of the PPPoA User

This operation enables you to configure the encapsulation type of the PPPoA user.
Context
l By default, LLC and VC-MUX are used for the PPPoA encapsulation. You can set the
encapsulation type as needed.
l For PPPoA access, LLC and VC-MUX encapsulation are similar. Configure it based on
the actual access user type.
l After you have configured PPPoA encapsulation for an xDSL port, you can delete a virtual
service port only when you have changed the encapsulation type to LLC bridge.
l Be sure to configure the MAC address pool before the encapsulation configuration.
Otherwise, the encapsulation configuration will fail.
Procedure
Step 1 Run the encapsulation command to configure the encapsulation type of the PPPoA user.
Step 2 Run the display encapsulation type command to query the configuration.
----End

Example
To configure the encapsulation type of a PPPoA user as LLC, do as follows:
huawei(config)#encapsulation 0/2/0 vpi 0 vci 34
{ type<K> }:type
{ bridge<K>|pppoa<K>|auto<K>|ipoa<K> }:pppoa
{ llc<K>|vc-mux<K> }:llc
Command:
encapsulation 0/2/0 vpi 0 vci 34 type pppoa llc
Run the display encapsulation type command to query the LLC-PPPoA user.
huawei(config)#display encapsulation type pppoa llc
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0/2 /0 0 34 llc_ppp - - -
--------------------------------------------------------------------------
Total: 1
VLAN ID etc.), The vpi is access-end VLAN ID in vdsl port
21.11.3 Enabling PPPoA/PPPoE MRU Negotiation

This operation enables you to enable PPPoA/PPPoE maximum receive unit (MRU) negotiation.
Context
The MA5600 determines whether to segment and resemble packets according to the PPPoA/
PPPoE MRU configuration.
l MRU enabled
– The PC initiates the PPPoE connection and negotiates by MRU of 1492 bits. In this
case, the packets will be segmented and resembled.
l MRU disabled
– The MA5600 identifies the PPPoE packets converted from PPPoA packets. It adds a
Tag to the packets and then sends them to the upper layer BRAS. The BRAS negotiates
with the CPE according to the 1500-byte MRU. By doing so, the size of the MTU
between the CPE and the BRAS is equal to that of the standard MTU of the Ethernet.
In this case, the packet is not segmented and reassembled.
Procedure
Step 1 Run the pppoa mru enable command to enable PPPoA/PPPoE MRU negotiation.
Step 2 Run the display pppoa config command to query PPPoA and MRU switch state.
----End
Example
To enable the MRU negotiation, do as follows:
huawei(config)#pppoa mru enable
Run the display pppoa config command to query the PPPoA and MRU configuration.

huawei(config)#display pppoa config

Global PPPoA-to-PPPoE conversion : Enable
Max-receive-unit negotiate function: Enable
Related Operation
Table 21-15 lists the related operation for enabling PPPoA/PPPoE MRU negotiation.
Table 21-15 Related operation for enabling PPPoA/PPPoE MRU negotiation

Disable PPPoA/PPPoE MRU negotiation pppoa mru disable
21.12 Querying an ADSL2+ Port

This operation enables you to query the comprehensive information about an ADSL2+ port.
Context
An ADSL2+ port may be in activating, activated, deactivated or loopback state.
Figure 21-10 shows the status conversion of the ADSL2+ port.
Figure 21-10 Status conversion of the ADSL2+ port

Modem training
undo
activate succeeds
loopback
activating
Loopback deactivated deactivate Modem is off or activated
powered off
loopback deactivate
Procedure
Run the display interface adsl command to query the comprehensive information about an
ADSL2+ port.
----End
Example
To display the comprehensive information about ADSL2+ port 0/2/0, do as follows:
huawei#display interface adsl 0/2/0
Adsl 0/2/0 is down
The ADSL link is activating
Description : --
Bind line-profile No.1002 ADSL LINE PROFILE 1002
Bind alarm-profile No. 1 DEFVAL
Bind no ext-profile
BTV user bind profile name : --
Hardware is ATU-C
Last UP time : --
Last DOWN time : --

Current operational mode : No protocol selected /

Current downstream Rate : 0
Current upstream Rate : 0
Total count of line training : 1
Total Up stream cells num(cell) : 0
Total Up stream packets num(packet) : 0
Total Down stream cells num(cell) : 0
Total Down stream packets num(packet) : 0
Total Down stream packets discarded due to congestion(packet) : 0
PVC 0/35
PVC encapsulation : Bridge LLC
rx-cttr : 5
tx-cttr : 5
VLAN : 100
Max mac-address learning count : 255
Support Down MultiCast Stream : enable
Up stream cells num(cell) : 0
Up stream packets num(packet) : 0
Down stream cells num(cell) : 0
Down stream packets num(packet) : 0
Related Operation
Table 21-16 lists the related operations for querying an ADSL2+ port.
Table 21-16 Related operations for querying an ADSL2+ port

Query the status of an ADSL2+ port display port state
Query the settings of an ADSL2+ port display parameter
Query the performance statistics of an display statistics performance

ADSL2+ port
Query the bit allocation display line bit-allocation
Query the subcarrier SNR of the display line snr

activated line
Query the alarm status of an ADSL2+ display alarm state

port
Query the operation parameters of an display line operation

activated line
Set the switch controlling the detailed adsl line-operation detail

display of ADSL2+ line operations
Query the switch controlling the display adsl line-operation detail config
detailed display of ADSL2+ line
operations
21.13 Enabling the Auto PVC Configuration of an ADSL

Modem
This operation enables a modem to automatically configure the VPI/VCI.

Prerequisite
The modem must support the function of automatically configuring the VPI/VCI.
Procedure
Run the modem-learning command to enable the auto PVC configuration of an ADSL modem.
----End
Example
To enable the modem in slot 0/2 to automatically configure the PVC, do as follows:
huawei(config-if-adsl-0/2)#modem-learning enable
Related Operation
Table 21-17 lists the related operation for enabling an ADSL modem to automatically configure
the PVC.
Table 21-17 Related operation for enabling an ADSL modem to automatically configure the
PVC
Disable the auto PVC configuration of modem-learning disable

an ADSL modem

Configuration Guide 22 Configuring the SHDSL Service
22 Configuring the SHDSL Service
About This Chapter
This chapter describes the SHDSL technology and how to configure the SHDSL service on the
MA5600.
22.1 Overview
This section describes the SHDSL service and its specifications.
22.2 Configuration Example of the SHDSL IPoE/PPPoE Service
This example shows how to configure the SHDSL service so that the user can access the Internet
through the SHDSL lines in the IPoE/PPPoE mode.
22.3 Configuration Example of the SHDSL IPoA Service
This example shows how to configure the SHDSL IPoA service so that the user can access the
Internet through the SHDSL lines in the IPoA mode.
22.4 Configuration Example of the SHDSL PPPoA Service
This example shows how to configure the SHDSL PPPoA service so that the user can access
the Internet through the SHDSL lines in the PPPoA mode.
22.5 Adding an SHDSL Line Profile
This operation enables you to add an SHDSL line profile. The SHDSL line profile includes a
majority of parameters of the ports. After the line profile is configured, it can be used to activate
the ports.
22.6 Adding an SHDSL Alarm Profile
This operation enables you to add an SHDSL alarm profile. The SHDSL alarm profile is used
to set a group of alarm thresholds for measuring and monitoring the performances of an active
SHDSL line. When a statistic reaches the threshold, the MA5600 informs the device of the event,
and sends alarms to the NMS.
22.7 Binding an SHDSL Alarm Profile
This operation enables you to bind an SHDSL alarm profile to SHDSL ports to validate the alarm
profile after the SHDSL ports are activated.
22.8 Configuring the SHDSL Multi-Pair Binding
This operation enables you to configure the single-pair high-speed digital subscriber line
(SHDSL) multi-pair binding. The purpose of configuring the SHDSL multi-pair binding is to
improve the line rate.

22 Configuring the SHDSL Service Configuration Guide
22.9 Configuring the SHDSL EFM Multi-port Binding

This operation enables you to configure the SHDSL multi-port binding. The purpose of
configuring the SHDSL EFM multiple-port binding is to improve the line rate.
22.10 Activating an SHDSL Port
This operation enables you to activate an SHDSL port for service transmission.
22.11 Querying an SHDSL Port
This operation enables you to query the SHDSL port status to check the port conditions.
22.12 Configuring the Clock Mode

This operation enables you to configure the clock mode.

22.1 Overview
This section describes the SHDSL service and its specifications.
Service Description
The single-line high speed digital subscriber line (SHDSL) technology provides a symmetric
high-rate leased line access service over twisted pairs to meet the broadband access requirements
of the small and medium enterprises or SOHO users. SHDSL provides a distance from 3 km to
6 km.
The MA5600 provides the SHDSL service through the SHEA or SHEB board. The SHEB board
supports the SHDSL.bis line.
l The SHDSL.bis single twisted pair supports the symmetric rates from 192 kbit/s to 5696
kbit/s. The system can adjust the line rate automatically according to the line conditions.
The adjustment granularity is eight kbit/s.
l In theory, the system supports the binding of up to four pairs. The bi-directional rate ranges
from 768 kbit/s to 22784 kbit/s.
The SHDSL port supports the ATM/PTM mode activation. You can configure the corresponding
profiles to switch the mode of the SHDSL port between the ATM mode and the PTM mode.
l The system supports the binding of M-pair. In the ATM port encapsulation mode, the
system supports the binding of two-pair, three-pair, and four-pair. The rates are respectively
twice, three times and four times of the single-pair rate.
l The system supports the EFM binding. In the PTM port encapsulation mode, the system
supports the binding of up to four ports. The rate is the sum of the rates of the four ports.
NOTE
The SHEB board divides the 32 ports into eight groups in turn. Each group contains four ports. The port
involved in M-pair binding and that involved in EFM binding must belong to the same group.
For details on the SHDSL service, refer to the chapter "SHDSL.bis Access" in the MA5600
Feature Description.
The MA5600 provides the SHDSL service through the SHEA or SHEB board. Each SHEA or
SHEB board provides 32 SHDSL ports.
Table 22-1 lists the encapsulation type mapping between the MA5600 and the modem.
Table 22-1 Encapsulation type mapping between the MA5600 and the modem
Access Type Modem Encapsulation MA5600 Encapsulation Type

Type
IPoE RFC1483 Bridge Bridge or Auto
PPPoE RFC1483 Bridge Bridge or Auto
PPPoE Bridge or Auto

Access Type Modem Encapsulation MA5600 Encapsulation Type

Type
IPoA RFC1483 Route or IPoA IPoA or Auto
PPPoA PPPoA PPPoA or Auto
22.2 Configuration Example of the SHDSL IPoE/PPPoE

Service
This example shows how to configure the SHDSL service so that the user can access the Internet
through the SHDSL lines in the IPoE/PPPoE mode.
Prerequisite
l The SHEB board is in the normal state.
Context
l The MA5600 can restrict the user bandwidth through a traffic profile or an SHDSL line
profile. When both the traffic profile and the SHDSL line profile work, the smaller one of
the bandwidths restricted by the two profiles is used as the user bandwidth.
l In this example, the traffic is taken as an example. Make sure that the user bandwidth
configured in the line profile is larger than that configured in the traffic profile.
Networking
Figure 22-1 shows a sample network for configuring the SHDSL IPoE/PPPoE service.

Figure 22-1 Sample network for configuring the SHDSL IPoE/PPPoE service
10.1.1.1/24
Internet
Router
S CON
ETH
H MON
E
B
GE0/7/0
SCU MA5600
IPoE/PPPoE access
Modem
PC
Data Plan
Table 22-2 lists the data plan for configuring the SHDSL IPoE/PPPoE service.
Table 22-2 Data plan for configuring the SHDSL IPoE/PPPoE service
Item Data Remarks
Traffic profile Index: 1 (the default profile) Configure the access rate, priority,
l Rate: 2 Mbit/s and priority policy in the traffic
profile. When you add a service port,
l Priority: 6 you can specify the traffic profile to
l Priority policy: Pvc-Setting restrict the access rate, priority, and
priority policy.
demands.
Line profile Index: 2. The parameter values must To activate the SHDSL port, use the
be the same as those of the default parameters configured in the line
profile (with the index of 1). profile to negotiate with the CPE.
When the two parties negotiate
successfully, the SHDSL port is
activated and the lines connecting to
the port can bear services.

Item Data Remarks
disabled.
SHEB board SHDSL port: 0/5/0 -

SHDSL mode: ATM

layer device.
SCU board Upstream port: 0/7/0 -
Gateway IP address: 10.1.1.1/24 It is the IP address of the upper layer

router.
Figure 22-2 shows the flowchart for configuring the SHDSL IPoE/PPPoE service.

Figure 22-2 Flowchart for configuring the SHDSL IPoE/PPPoE service

Start
Add and confirm a board
No
Is there an
appropriate traffic
profile?
Yes
Add a traffic profile
Add a VLAN and add port(s)

to it
No
Yes
Deactivate the SHDSL port
Is there
an appropriate line
profile?
Yes
Add a line profile
Is there an
appropriate alarm
profile?
Yes
Bind the alarn profile

activate the SHDSL port
Set the service type
Save the data
End
Procedure
Step 1 Add an SHEB board and confirm it. Then insert the SHEB board into the MA5600 shelf. The
system automatically finds and confirms the SHEB board. If the SHEB board is in the auto-find
state, confirm the board through the command line.
Step 2 Check whether there is an appropriate traffic profile. If there is no appropriate traffic profile,
add one.
Command:


--------------------------------------------------------------------
--------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------
-------------------------------------------------------------------
--------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
-------------------------------------------------------------------
6 ubr 1 -- -- -- -- -- -- off/off/--
Total Num : 7
--------------------------------------------------------------------

Step 3 Create a VLAN and add a service port and an upstream port to it.
1. Create VLAN 10, and add upstream port 0/7/0 to it.
2. Add a service port to the VLAN.

huawei(config)#service-port vlan 10 shdsl mode atm 0/5/0 vpi 0 vci 35 multi-
serv
ice user-encap pppoe rx-cttr 1 tx-cttr 1
NOTE
If you need to enable services in bathes in actual configuration, refer to "9.12 Adding Service Ports
in Batches" to add service ports in batches.
Step 4 Make sure that the port is deactivated.

1. Run the display port state command to query the port status. If the port is already activated,
deactivate it first and then use the new line profile to reactivate it.
2. Deactivate SHDSL port 0/5/0.
huawei(config)#interface shl 0/5
huawei(config-if-shl-0/5)#deactivate 0
Step 5 Check whether there is an appropriate SHDSL line profile. Line profile 1 is the default line
profile with the bandwidth of 2048 kbit/s. In general, use the default line profile. In this example,
a new line profile is created.
huawei(config-if-shl-0/5)#quit
huawei(config)#shdsl line-profile add 2
During inputting,press 'Q' to quit,then settings at this time will be ignored
Do you want to name the profile (y/n) [n]:y

Please input profile name:prof_name_test

> pathmode(1--ATM;2--PTM)[1]:1
> G.SHDSL interface mode of line (1--two wire;2--four wire;3--six wire;4--eight
wire;)[1]:
> Do you use the default data to create a line profile?(y/n)[y]:n
> G.SHDSL minimum line rate(Value must be multiple of 64, except 2312kbps,
192~5696,2312 kbps)[2048]: 2048
> G.SHDSL maximum line rate (Value must be multiple of 64, except 2312kbps,
192~5696,2312 kbps)[2048]: 2048
> Power Spectral Density mode (1--symmetric;2--asymmetric)[1]:
> Transmission mode (1--G.991.2 Annex A;2--G.991.2 Annex B;3--support Annex A&B)
[3]: 1
> Remote enable (1--enabled;2--disabled)[1]:
> Probe enable (1--disabled;2--enabled)[1]:
> Do you config the target SNR margin?(y/n)[n]:y
> Downstream current target SNR margin(0~10 db)[0]: 3
> Downstream worst case target SNR margin(0~10 db)[0]: 2
> Upstream current target SNR margin(0~10 db)[0]: 9
> Upstream worst case target SNR margin(0~10 db)[0]: 8
> Target SNR margin bitmap(0x01~0x0f,bit0--down current,bit1-down worst,
bit2--up current,bit3--up worst)[1]:
Step 6 Check whether there is an appropriate alarm profile. If there is no appropriate alarm profile, add
one. In this example, the default alarm profile 1 is used.
1. An SHDSL alarm profile takes effect only when it is bound with a port.
2. By default, each port is bound with alarm profile 1 in system initialization. If the port has
been bound with another alarm profile, rebind it with alarm profile 1.
huawei(config-if-shl-0/5)#alarm-config 0 1
Step 7 Activate SHDSL port 0/5/0. Use profile 3 to activate SHDSL port 0.
huawei(config-if-shl-0/5)#activate 0 3
Step 8 Query the port status.

huawei(config-if-shl-0/5)#display port state 0
--------------------------------------------------------------------
Port Running Control Line Alarm Running Config Bind
ID Status Status Profile Profile Operation Operation Status
--------------------------------------------------------------------
0 Activated Active 3 1 Normal None Normal
--------------------------------------------------------------------

huawei(config)#save
----End
Result
After the configuration, the user can access the Internet in the IPoE/PPPoE mode.
22.3 Configuration Example of the SHDSL IPoA Service

This example shows how to configure the SHDSL IPoA service so that the user can access the
Internet through the SHDSL lines in the IPoA mode.
Prerequisite

Context
in DSLAMs. To be compatible with the user side modems that adopt the ATM as the access
Networking
Figure 22-3 shows a sample network for configuring the SHDSL IPoA service.
Figure 22-3 Sample network for configuring the SHDSL IPoA service
10.1.1.1/24
Internet
Router
S CON
ETH
H MON
E
B
GE0/7/0
SCU MA5600
IPoA access
Modem
PC
Data Plan
Table 22-3 shows the data plan for configuring the SHDSL IPoA service.

Table 22-3 Data plan for configuring the SHDSL IPoA service
Item Data Remarks
Traffic profile Index: 1 (the default profile) Configure the access rate,
l Rate: 2 Mbit/s priority, and priority policy
in the traffic profile. When
l Priority: 6 you add a service port, you
l Priority policy: Pvc-Setting can specify the traffic profile
to restrict the access rate,
In an ideal case, configure
the rate of the traffic profile
as 2048 kbit/s. The actual
be lower than 96%.
Therefore, increase the rate
to meet the user demands.
Line profile Index: 2. The parameter values must be the To activate the SHDSL port,
same as those of the default profile (with the use the parameters
index of 1). configured in the line profile
to negotiate with the CPE.
When the two parties
negotiate successfully, the
SHDSL port is activated and
the lines connecting to the
port can bear services.


SHDSL mode: ATM

upper layer device.
Gateway IP address: 10.1.1.1/24 It is the IP address of the

upper layer router.

Figure 22-4 shows the flowchart for configuring the SHDSL IPoA service.
Figure 22-4 Flowchart for configuring the SHDSL IPoA service

Start
Is there No
an appropriate traffic
profile
Create a VLAN and add port(s) to it
No
Yes
Is there No
an appropriate line
profile
Is there No
an appropriate alarm
profile

Configure the MAC address pool
Enable the IPoA protocol conversion
Configure the IPoA default gateway
Set the encapsulation mode
Save the data
End
Procedure
add one.
Command:
--------------------------------------------------------------------

--------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------
-------------------------------------------------------------------
--------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
-------------------------------------------------------------------
6 ubr 1 -- -- -- -- -- -- off/off/--
Total Num : 7
--------------------------------------------------------------------


serv
NOTE

Step 5 Check whether there is an appropriate SHDSL line profile. If there is no appropriate profile, add
one. Line profile 1 is the default line profile with the bandwidth of 2048 kbit/s. In general, use
the default line profile. In this example, a new line profile is created.
wire;)[1]:


> G.SHDSL minimum line rate(Value must be multiple of 64, except 2312kbps,192~5696
£¬2312 kbps)[2048]: 2048
> G.SHDSL maximum line rate (Value must be multiple of 64, except 2312kbps,192~5696
£¬2312 kbps)[2048]: 2048
[3]: 1
Step 6 Check whether there is an appropriate alarm profile. If there is no appropriate alarm profile, add
one. In this example, the default alarm profile 1 is used. An SHDSL alarm profile takes effect
only when it is bound with a port. By default, each port is bound with alarm profile 1 in system
initialization. If the port has been bound with another alarm profile, rebind it with alarm profile
1.
Step 7 Activate SHDSL port 0/5/0. Use profile 3 to activate port 0.

Step 8 Configure MAC address pool 0, which begins with 0000-0000-0001.

Step 9 Enable the IPoA protocol conversion.

Step 10 Configure the default IPoA gateway.

Step 11 Set the encapsulation mode of SHDSL port 0/5/0 as LLC-IPoA.

huawei(config)#encapsulation 0/5/0 vpi 0 vci 35 type ipoa llc srcIP 10.1.1.20
In the case of IPoA access, select the dynamic IP address (without specifying the source IP
address) or the static IP address (specifying the source IP address) for the packets. To switch
from a dynamic address to a static address in the IPoA mode, adopt the LLC-Bridge
encapsulation first, and then adopt the IPoA static address encapsulation.

--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------

huawei(config)#save
----End

Result
22.4 Configuration Example of the SHDSL PPPoA Service

This example shows how to configure the SHDSL PPPoA service so that the user can access
the Internet through the SHDSL lines in the PPPoA mode.
Prerequisite
Context
Networking
Figure 22-5 shows a sample network for configuring the SHDSL PPPoA service.

Figure 22-5 Sample network for configuring the SHDSL PPPoA service
10.1.1.1/24
Internet
Router
S CON
ETH
H MON
E
B
GE0/7/0
SCU MA5600
PPPoA access
Modem
PC
Data Plan
Table 22-4 shows the data plan for configuring the SHDSL PPPoA service.
Table 22-4 Data plan for configuring the SHDSL PPPoA service
Item Data Remarks
Traffic profile Index: 1 (the default profile) Configure the access rate, priority,
l Rate: 2 Mbit/s and priority policy in the traffic
profile. When you add a service port,
l Priority: 6 you can specify the traffic profile to
l Priority policy: Pvc-Setting restrict the access rate, priority, and
priority policy.
demands.
Line profile Index: 2. The parameter values must To activate the SHDSL port, use the
be the same as those of the default parameters configured in the line
profile (with the index of 1). profile to negotiate with the CPE.
When the two parties negotiate
successfully, the SHDSL port is
activated and the lines connecting to
the port can bear services.

Item Data Remarks
disabled.

SHDSL mode: ATM

layer device.
Gateway IP address: 10.1.1.1/24 It is the IP address of the upper layer

router.
Figure 22-6 shows the flowchart for configuring the SHDSL PPPoA service.

Figure 22-6 Flowchart for configuring the SHDSL PPPoA service
Start
Is there No
profile
Create a VLAN and add port(s) to it
No
Yes
Is there No
an appropriate line
profile
Is there No
profile

Enable the PPPoA protocol

conversion
Save the data
End

Procedure
add one.
Command:
--------------------------------------------------------------------
--------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------
-------------------------------------------------------------------
--------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
-------------------------------------------------------------------
6 ubr 1 -- -- -- -- -- -- off/off/--
Total Num : 7
--------------------------------------------------------------------

serv
NOTE

Step 5 Query whether there is an appropriate line profile.

1. If there is no appropriate line profile, add one.
2. Line profile 1 is the default line profile with the bandwidth of 2048 kbit/s. In general, use
the default line profile. In this example, a new line profile is created.
During inputting,press 'Q' to quit,then settings at this time will be
ignored
Do you want to name the profile (y/n)
[n]:y
> G.SHDSL interface mode of line (1--two wire;2--four wire;3--six wire;4--
eight wire;)[1]:
192~5696,2312 kbps)[2048]: 2048
192~5696,2312 kbps)[2048]: 2048
> Transmission mode (1--G.991.2 Annex A;2--G.991.2 Annex B;3--support Annex
A&B)[3]: 1
> Target SNR margin bitmap(0x01~0x0f,bit0--down current,bit1-down
worst,
Step 6 Check whether there is an appropriate alarm profile.

1. If there is no appropriate alarm profile, add one. In this example, the default alarm profile
1 is used.
2. An SHDSL alarm profile takes effect only when it is bound with a port.
3. By default, each port is bound with alarm profile 1 in system initialization. If the port has
been bound with another alarm profile, rebind it with alarm profile 1.
Step 7 Bind SHDSL port 0/5/0 by using the default alarm profile. Alarm profile 1 is the default alarm.
In general, use the default alarm profile. You can also configure other alarm profiles on demands.
Step 8 Activate SHDSL port 0/5/0. Use alarm profile 3 to activate SHDSL port 0.
Step 9 Configure the MAC address pool.


Step 10 Enable the PPPoA protocol conversion.

Step 11 Set the encapsulation type of SHDSL port 0/5/0 as LLC-PPPoA.


--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------

huawei(config)#save
----End
Result
After the configuration, you can access the Internet in the PPPoA mode.
22.5 Adding an SHDSL Line Profile

This operation enables you to add an SHDSL line profile. The SHDSL line profile includes a
majority of parameters of the ports. After the line profile is configured, it can be used to activate
the ports.
Context
Each SHDSL line of the MA5600 is associated with a specific channel mode, and is bound with
a line profile.
A configuration table can hold up to 103 line profiles.
The H569SHEB board supports the high rate SHDSL.bis feature.
The SHDSL port can be activated in the ATM/PTM mode, thus realizing ATM/PTM switching
in the manner of profile configuration.
Two default profiles, profile 1 and profile 100, cannot be deleted but can be modified.
Five default SHDSL line profiles, profiles 1, 100, 101, 102, and 103, cannot be deleted but can
be modified.
Figure 22-7 shows the flowchart for adding an SHDSL line profile.

Figure 22-7 Flowchart for adding an SHDSL line profile
Start
Set the index of the line profile
Set the transmission mode

Whethert to set No
the name of the SHDSL line
profile?
Set the remote enable function
Yes
Set the name of the line profile

Set the probe enable function
Select the SHDSL encapsulation

mode No
Whether to set the
target SNR margin
Yes
Set the interface mode of the SHDSL
line
Set the downstream current target
SNR margin
Yes
Whether to use
the default parameters to
create a new profile? Set the downstream worst case target
SNR margin
No
Set the SHDSL min. line rate Set the upstream current target SNR
margin
Set the SHDSL max. line rate Set the upstream worst case target
SNR margin
Set the power spectral density mode

Set the target SNR margin bitmap
End
Procedure
Run the shdsl line-profile add command to add an SHDSL line profile.
----End

Example
To add an SHDSL line profile with the index of 3, do as follows:
wire;)[1]:
192~5696,2312 kbps)[2048]: 2048
192~5696,2312 kbps)[2048]: 2048
[3]: 1
Table 22-5 lists the parameters of an SHDSL line profile.
Table 22-5 Parameters of an SHDSL line profile

Profile index You can enter a profile index or press Enter to enable the system
to allocate a profile index.
pathmode Selects line encapsulation mode. ATM and PTM are supported.
G.SHDSL interface Selects interface mode of line.

mode of line
G.SHDSL minimum Specifies the minimum line rate.

line rate
G.SHDSL maximum In the process of setting up an SHDSL connection, if the calculated

line rate downstream/upstream rate of an SHDSL line is higher than the set
maximum value, the system will limit the rate to the set value while
increasing the SNR margin. If the calculated downstream/upstream
rate is lower than the set maximum rate, the system will set up the
SHDSL connection at the calculated rate, while maintaining the
target SNR margin.
Power spectral density There are two types of PSD: symmetrical and asymmetrical.
mode

Transmission mode There are three types of SHDSL transmission modes:

l ITU-T G.991.2 Annex A
l ITU-T G.991.2 Annex B
l Annex A&B
Remote enable It specifies whether to manage the STU-R.
Probe enable l If this function is enabled, the system implements the line probe
function to search the best line rate.
l If this function is disabled, the system skips the line rate
adaptation process to shorten the time to set up the G.SHDSL
line.
l By default, the probe function is disabled.
Downstream/Upstream l The target SNR margin is the preserved SNR margin to ensure
current target SNR normal communication in the case of line SNR deterioration.
margin The larger the target SNR margin, the less chances of occurrence
of the line error, and the safer the system can be. Meanwhile,
the larger the target SNR margin, the lower the maximum data
transmission rate.
l Therefore, the target SNR margin must be adjusted based on the
actual line conditions.
Downstream/Upstream It specifies the downstream/upstream SNR threshold in the worst

worst case target SNR case.
margin
Target SNR margin Range: 0x01-0x0F.

bitmap l bit0=1: makes the settings of current downstream target SNR
(0x01~0x0f,bit0--down margin take effect.
current,bit1-down
worst, bit2--up l bit1=1: makes the settings of worst downstream target SNR
current,bit3--up worst) margin take effect.
l bit2=1: makes the settings of current upstream target SNR
margin take effect.
l bit3=1: makes the settings of worst upstream target SNR margin
take effect.
By default, the value is 0x01. That is, by default, the settings of
current downstream target SNR margin take effect.
22.6 Adding an SHDSL Alarm Profile

This operation enables you to add an SHDSL alarm profile. The SHDSL alarm profile is used
to set a group of alarm thresholds for measuring and monitoring the performances of an active
SHDSL line. When a statistic reaches the threshold, the MA5600 informs the device of the event,
and sends alarms to the NMS.

Context
There are two default alarm profiles, profile 1 and profile 100.
The default alarm profile cannot be deleted.
Figure 22-8 shows the flowchart for adding an SHDSL alarm profile.
Figure 22-8 Flowchart for adding an SHDSL alarm profile

Configure SHDSL alarm
profile
Set alarm profile index
Use default
parameter to create Yes
alarm profile?
No
Set loop attenuation threshold
Set SNR margin threshold
Set errored second threshold
Set SES threshold
Set CRC abnormality threshold
Set LOSW threshold
Set UAS threshold
End
Procedure
Run the shdsl alarm-profile add command to add an SHDSL alarm profile.
----End

Example
To add an SHDSL alarm profile with the index of 3, do as follows:
huawei(config)#shdsl alarm-profile add 3
Please input profile name:profile-3
> Do you use the default data to create an alarm profile?(y/n)[y]:n
> Loop attenuation threshold (0~127 db)[0]:
> SNR margin threshold (0~10 db)[0]:
> ES threshold (0~900 s)[0]:
> SES threshold (0~900 s)[0]:
> CRC anomaly threshold (0~58981500)[0]:
> LOSWS threshold (0~900 s)[0]:
> UAS threshold (0~900 s)[0]:
Table 22-6 lists the parameters of an SHDSL alarm profile.
Table 22-6 Parameters of an SHDSL alarm profile
Profile index You can enter a profile number or press Enter to enable the
system to designate a number for it. The profile index is unique,
and is in the range of 2 to 99.
Loop attenuation The system collects performance data generated within any 15-
threshold minute period. If the loop attenuation exceeds the threshold, the
system will report an alarm.
SNR margin threshold The system collects SNR related performance data generated
within any 15-minute period. If the SNR margin exceeds the
threshold, the system will report an alarm.
ES threshold The system collects ES related performance data generated

within any 15-minute period. If the accumulated ES exceeds the
SES threshold The system collects SES related performance data generated
within any 15-minute period. If the accumulative SES exceeds
the threshold, the system will report an alarm.
CRC anomalies number The system collects CRC related performance data generated
threshold within any 15-minute period. If the accumulative CRC exceeds
the threshold, the system will report an alarm.
LOSWS threshold The system collects LOSW related performance data generated
within any 15-minute period. If the LOSW exceeds the
UAS threshold The system collects UAS related performance data generated
within any 15-minute period. If the UAS exceeds the threshold,
the system will report an alarm.

Related Operation
Table 22-7 lists the related operations for adding an SHDSL alarm profile.
Table 22-7 Related operations for adding an SHDSL alarm profile
To... Run the Command ... Remarks
Delete an SHDSL shdsl alarm-profile delete You cannot delete the default alarm
alarm profile profiles or a referenced alarm
profile.
Query an SHDSL display shdsl alarm- Run the command in privilege mode
alarm profile profile or SHDSL config mode.
Quickly add an SHDSL shdsl alarm-profile The system adopts non-interactive

alarm profile quickadd mode for the input of the parameter
of the command. The command
serves as a complement to the shdsl
alarm-profile quickaddcommand.
Modify an SHDSL line shdsl line-profile modify The line profile is valid after being
profile modified.
Quickly modify an shdsl line-profile The command serves as a

SHDSL line profile quickmodify complement to the shdsl line-
profile quickmodify command.
22.7 Binding an SHDSL Alarm Profile

This operation enables you to bind an SHDSL alarm profile to SHDSL ports to validate the alarm
profile after the SHDSL ports are activated.
Context
Pay attention to the following points:
l An SHDSL alarm profile can take effect only when it is bound to a port and the port is
activated.
l You can bind an SHDSL alarm profile to the deactivated port only.
l By default, the system uses the alarm profile bound with the port last time, or alarm profile
1 if the port is to be bound for the first time.
Procedure
Step 1 Run the alarm-config command to bind an SHDSL alarm profile with a port.
Step 2 Run the display port state command to query whether the ports has been bound with the alarm
profile.
----End

Example
To bind alarm profile 3 to port 1 of the SHDSL board in slot 0/5, do as follows:
Run the display port state command and you can find the ports has been bound with the alarm
profile.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
1 Deactivated Deactive 1 3 Normal None Normal
---------------------------------------------------------------------------
22.8 Configuring the SHDSL Multi-Pair Binding

This operation enables you to configure the single-pair high-speed digital subscriber line
(SHDSL) multi-pair binding. The purpose of configuring the SHDSL multi-pair binding is to
improve the line rate.
Prerequisite
The port for configuring the SHDSL multi-pair binding must be deactivated and cannot be
configured with any service port.
Context
a line profile. A configuration table of SHDSL line profiles contains up to 103 line profiles.
Profile 1 is for activating the two-wire SHDSL port. Profile 100 is for activating the four-wire
SHDSL port. Profile 101 is for activating the six-wire SHDSL port. Profile 102 is for activating
the eight-wire SHDSL port.
In ATM port encapsulation mode, the system supports the binding of two-pair, three-pair, and
four-pair. The rates are respectively twice, three times and four times of the single-pair rate.
l The SHEB board divides the 32 ports into eight groups in turn. Each group contains four
ports. The ports for the multi-pair binding must belong to the same group.
l When configuring the SHDSL multi-pair binding, set the binding type as M-Pair. The
bound ports must be activated by a same profile simultaneously. Only the main port can
be configured. The configuration here refers to the operation of activating and deactivating
a port, configuring power backoff, and performing a loopback and canceling a loopback
on a port.
Procedure
Step 1 Run the interface shl command to enter the SHDSL mode.
Step 2 Run the port bind command to configure the SHDSL multi-pair binding.
Step 3 Run the service-port command to configure a service port.
----End

Example
To configure ports 0, 1 and 2 of the SHDSL board in slot 0/5 as three-pair, and to add the main
port to a service port, do as follows:
huawei(config-if-shl-0/5)#port bind m-pair 0-2
The M-Pair binding of port 0-2 is successful
huawei(config)#service-port vlan 10 shdsl mode atm 0/5/0 vpi 0 vci 35 multi-serv
Related Operation
Table 22-8 lists the related operation for configuring the SHDSL multi-pair binding.
Table 22-8 Related operation for configuring the SHDSL multi-pair binding
Add an SHDSL line profile shdsl line-profile add
Activate an SHDSL port activate
Deactivate an SHDSL port deactivate
22.9 Configuring the SHDSL EFM Multi-port Binding

This operation enables you to configure the SHDSL multi-port binding. The purpose of
configuring the SHDSL EFM multiple-port binding is to improve the line rate.
Prerequisite
The port for configuring the SHDSL EFM multi-port binding must be deactivated and cannot
be configured with any service port.
Context
a line profile. A configuration table of SHDSL line profiles contains up to 103 line profiles.
Profile 103 is used to activate the port that is for EFM multi-port binding.
In the PTM port encapsulation mode, the system supports the binding of up to four ports. The
rate is the summation of the ports.
l The SHEB board divides the 32 ports into eight groups in turn. Each group contains four
ports. The ports for the EFM multi-port binding must belong to the same group.
l When you configure the SHDSL EFM multi-port binding, set the binding type as EFM.
The bound ports are independent from each other. You need to configure the parameters
of each port respectively. The configuration here refers to the operation of activating and
deactivating a port, configuring power backoff, and performing a loopback and canceling
a loopback on a port.

Procedure
Step 1 Run the interface shl command to enter the SHDSL mode.
Step 2 Run the port bind command to configure the SHDSL EFM multi-port binding.
Step 3 Run the service-port command to configure a service port.
----End
Example
To configure ports 0, 1 and 2 of the SHDSL board in slot 0/5 as EFM multi-port binding, and
to add service ports to each port respectively, do as follows:
huawei(config-if-shl-0/5)#port bind efm 0-2
The EFM bonding of port 0-2 is successful
huawei(config)#service-port vlan 10 shdsl mode ptm 0/5/0 multi-serv
Related Operation
Table 22-9 lists the related operation for configuring the SHDSL EFM multi-port binding.
Table 22-9 Related operation for configuring the SHDSL EFM multi-port binding
Add an SHDSL line profile shdsl line-profile add
Activate an SHDSL port activate
22.10 Activating an SHDSL Port

This operation enables you to activate an SHDSL port for service transmission.
Prerequisite
There is a suitable SHDSL line profile.
Context
l Activating (or activation) refers to the training between the STU-C and the STU-R. During
the training process, the system will check the line distance and line state based on settings
included in the line profile, such as upstream/downstream line rate and SNR margin. The
STU-C negotiates with the STU-R to check whether the devices can work well under the
existing conditions.

l If the training succeeds, the STU-C can communicate with the STU-R. At the moment, the
port works in activated state, and is ready for service delivery.
l When the STU-R is online, the activation process ends after the completion of the training.
When the STU-R gets offline, the communication is terminated, and the ATU-C is in the
listening state. Once the STU-R gets online, the training process begins automatically.
l Before transmitting service traffic, an SHDSL port must be activated.
l If no profile index is entered during the activation operation, the system uses the profile
bound with the port last time to activate the port. If a port is to be activated for the first
time, the system uses the default line profile, namely profile 1.
l If you intend to use new parameters for an activated port, you must deactivate the port first,
and then activate it using the profile with the desired parameters.
Procedure
Step 1 Run the activate command to activate an SHDSL port.
Step 2 Run the display port state command to query the information of the SHDSL port.
----End
Example
To activate the SHDSL port 0 in slot 0/5 using line profile 1, do as follows:
Run the display port state command to query the SHDSL port information.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Related Operation
Table 22-10 lists the related operations for activating an SHDSL port.
Table 22-10 Related operations for activating an SHDSL port
Loopback an SHDSL port loopback
22.11 Querying an SHDSL Port

This operation enables you to query the SHDSL port status to check the port conditions.

Context
l An SHDSL port may be in activating, activated, deactivated or loopback state.
l Figure 22-9 shows the inter-conversion between the states.
Figure 22-9 Inter-conversion between the SHDSL port states

undo Modem training
loopback activate succeeds loopback
activating
Local Remote
deactivated deactivate activated
loopback Modem link failure loopback
or power-off
loopback deactivate undo
loopback
Procedure
Run the display port state command to query the SHDSL port state.
----End
Example
To query the configuration and running status of the port 0/5/0, do as follows:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 Activating Active 1 1 Normal None Normal
--------------------------------------------------------------------------
22.12 Configuring the Clock Mode

This operation enables you to configure the clock mode.
Context
The SHDSL port clock modes include:
l System clock synchronization

l Local clock synchronization
The network synchronization reference (NSR) clock mode takes effect only when the port is
reactivated.
l Activate it directly if the port is in deactivated state.

l Deactivate it and then reactivate it if the port is in activated state.
The SHEA board supports the configuration of the board level clock mode, but does not support
that of the port level clock mode.
The SHEB boars supports the configuration of the port level clock mode, but does not support
that of the board level clock mode.

Procedure
Step 1 For the SHEA board, configure the board level clock mode as follows:
1. Run the set clockmode command to configure the clock mode.
2. Run the display clockmode command to display the configured clock mode.
Step 2 For the SHEB board, configure the port level clock mode as follows:
1. Run the shdsl line-profile quickadd command to configure the clock mode when adding
a profile.
2. Run the deactivate command to deactivate the port whose clock mode needs to be
configured.
3. Run the activate command to activate the port whose clock mode needs to be configured.
----End
Example
To configure the clock mode of the SHEA board in slot 0/5 as system clock synchronization
mode, do as follows:
huawei(config-if-shl-0/5)#set clockmode system
The new clockmode will not take effect until the port is activated again.
Are you sure to set clockmode? (y/n)[n]:y
huawei(config-if-shl-0/5)#display clockmode
Clock mode: System
To configure the clock mode of port of the SHEB board as system clock synchronization mode,
do as follows:
huawei(config-if-shl-)#shdsl line-profile quickadd
{ profile-index<2,99>|line<K>|ptm<K> }:3
{ line<K>|ptm<K> }:line
{ two-wire<K>|four-wire<K>|six-wire<K>|eight-wire<K> }:two-wire
{ <cr>|rate<K>|psd<K>|transmission<K>|remote<K>|probe<K>|clockmode<K>|snr-margin
<K>|name<K> }:clockmode
{ clockmode<E><free-run,system> }:system
{ <cr>|snr-margin<K>|name<K> }:
Command:
shdsl line-profile quickadd 3 line two-wire clockmode system
huawei(config-if-shl-)#deactivate 0
Deactivate port 0 successfully
huawei(config-if-shl-)#activate 0 3
Send the command to activate port 0 successfully

Configuration Guide 23 Configuring the VDSL2 Service
23 Configuring the VDSL2 Service
About This Chapter
This chapter describes the VDSL2 technology and how to configure the VDSL2 service on the
MA5600.
23.1 Overview
The section describes the service description and service specifications of VDSL2 service.
23.2 Configuration Example of the VDSL2 PPPoE/IPoE Service
This example shows how to configure the VDSL2 PPPoE/IPoE service so that the user can access
the Internet through the VDSL2 lines in the PPPoE/IPoE mode.
23.3 Configuration Example of the VDSL2 IPoA Service
This example shows how to configure the VDSL2 IPoA service so that the user can access the
Internet through the VDSL2 lines in the IPoA mode.
23.4 Configuration Example of the VDSL2 PPPoA Service
This example shows how to configure the VDSL2 PPPoA service so that the user can access the
Internet through the VDSL2 lines in the PPPoA mode.
23.5 Adding a VDSL2 Line Profile
This operation enables you to add a VDSL2 line profile so as to include the majority of
parameters of all the VDSL2 ports in a line profile.
23.6 Adding a VDSL2 Channel Profile
This operation enables you to add a VDSL2 channel profile.
23.7 Adding a VDSL2 Line Template
This operation enables you to add a VDSL2 line template. The line profile binds the specified
line profile and channel profile. Use the line profile to activate ports.
23.8 Adding a VDSL2 Line Alarm Profile
This operation enables you to configure a VDSL2 line alarm profile so as to include the majority
of parameters of all the VDSL2 ports in a line alarm profile. After the alarm profile is configured
successfully, it can be directly used to activate the ports.
23.9 Adding a VDSL2 Channel Alarm Profile
This operation enables you to add a channel alarm profile containing alarm thresholds for channel
parameters.

23 Configuring the VDSL2 Service Configuration Guide
23.10 Adding a VDSL2 Alarm Template

This operation enables you to add a VDSL2 alarm template.
23.11 Binding an VDSL2 Alarm Template
This operation enables you to bind a VDSL2 alarm template with a port. After the port is
activated, monitor the line according to the alarm thresholds set in the ADSL2+ alarm template.
23.12 Activating a VDSL2 Port
This operation enables you to activate a VDSL2 port.
23.13 Querying a VDSL2 port
This operation enables you to query a VDSL2 port.

23.1 Overview
The section describes the service description and service specifications of VDSL2 service.
Service Description
Very High Speed DSL2 (VDSL2) adopts symmetric or asymmetric transmission mode, with the
reach distance of up to 3.5 km.
For details on VDSL2, refer to the chapter "VDSL2 Access" in the Feature Description.
l The MA5600 provides the VDSL2 service through the VDEA board or the VDBD board.
l An MA5600 shelf can house up to 14 VDSL2 boards. With each VDSL2 board providing
32 VDSL2 ports, a shelf supports up to 448 VDSL2 subscribers.
23.2 Configuration Example of the VDSL2 PPPoE/IPoE

Service
This example shows how to configure the VDSL2 PPPoE/IPoE service so that the user can access
the Internet through the VDSL2 lines in the PPPoE/IPoE mode.
Prerequisite
l The VDEA board works in the normal state.
l The upper layer router of the MA5600 has assigned the corresponding VLAN to the VDSL2
subscriber.
Context
The MA5600 can restrict the user bandwidth through the configured traffic profile or the
configured VDSL2 line profile. If the two profiles work together, the user bandwidth is the
minimum value defined in the two profiles.
Networking
Figure 23-1 shows a sample network for configuring the VDSL2 PPPoE/IPoE service.

Figure 23-1 Sample network for configuring the VDSL2 PPPoE/IPoE service
Internet
10.1.1.1/24 Router
V CON
ETH
D MON
E
A GE 0/7/0
SCU MA5600
PPPoE/IPoE access
Modem
PC
Data Plan
Table 23-1 lists the data plan for configuring the VDSL2 PPPoE/IPoE service.
Table 23-1 Data plan for configuring the VDSL2 PPPoE/IPoE service
Item Data Remarks

Access rate: 3072 kbit/s and priority policy in the traffic
profile. When you add a service
Priority: 6 port, you can specify the traffic
Priority policy: Pvc-Setting profile to restrict the access rate,

Item Data Remarks
Line profile Index: 3 When the VDSL port is activated,

Line profile: the VDSL port uses the line and
channel parameters configured in
l Index: 3 the line profile to negotiate with the
l Target downstream/upstream CPE. When the two parties
SNR margin: 12 dB negotiate successfully, the VDSL2
l Minimum downstream/ port is activated and the lines
upstream SNR margin: 0.5 dB connecting to the port can bear
services.
l Other parameters: default
setting
Channel profile:
l Index: 3
l Path mode: PTM
setting
Alarm profile Alarm profile index: 1 (the default Configure the alarm threshold of
profile) the line parameter in the alarm
profile. By binding the threshold to
a port, you can monitor the
conditions of the lines connecting
to the port.
disabled.
VDEA board VDSL2 port: 0/2/0 -

layer device.
Figure 23-2 shows the flowchart for configuring the VDSL2 PPPoE/IPoE service.

Figure 23-2 Flowchart for configuring the VDSL2 PPPoE/IPoE service
Start
No
Is there
profile?
Create a VLAN and add a port to it
No
Yes
Deactivate the VDSL2 port
Yes
Is there No
an appropriate line
profile?
Is there No
profile?
Activate the VDSL2 port
Save the data
End
Procedure
add one.
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------

0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------

Setting
Step 2 Create a VLAN and add ports to the VLAN.

1. Create a VLAN.
2. Add upstream port 0/7/0 to the VLAN.


huawei(config)#service-port vlan 10 vdsl mode ptm 0/2/0 multi-service user-
encap pppoe rx-cttr 7 tx-cttr 7
NOTE
Step 3 Configure the VDSL2 line profile.

You can add line profiles as required. Suppose that the profile you added is profile 3.
huawei(config)#vdsl line-profile add 3
neglected
> Transmission mode:
> 0: Custom
> 1: All (G992.1~5,T1.413,G993.2)
> 2: Full rate(G992.1/3/5,T1.413,G993.2)
> 3: G.DMT (G992.1/3/5,G993.2)
> 4: G.HS (G992.1~5,G993.2)
> 5: ADSL (G.992.1~5,T1.413)
> 6: VDSL (G993.2)
> Please select (0~6) [1]:0
> Current configured modes:

> 1-T1.413 2-G.992.1 (Annex A/B/C)

> 3-G.992.2 (Annex A/C) 4-G.992.3 (Annex A/B/I/J/L/M)
> 5-G.992.4 (Annex A/I) 6-G.992.5 (Annex A/B/I/J/M)
> 7-G.993.2 (Annex A/B/C)
> Please select 1-Modify 2-Delete 3-Save and quit [3]:1
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> Please select (1,2-3) [1]:2-6
> G.992.1: 1-All Annex 2-AnnexA 3-AnnexB 4-AnnexC (1,2-3) [1]:
> G.992.2: 1-All Annex 2-AnnexA 3-AnnexC (1,2-3) [1]:
> G.992.3: 1-All Annex 2-AnnexA 3-AnnexB 4-AnnexI 5-AnnexJ 6-AnnexL
> 7-AnnexM (1,2-3) [1]:2-6
> G.992.4: 1-All Annex 2-AnnexA 3-AnnexI (1,2-3) [1]:
> G.992.5: 1-All Annex 2-AnnexA 3-AnnexB 4-AnnexI 5-AnnexJ 6-AnnexM
> (1,2-3) [1]:2-5
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 3-G.992.2 (Annex A/C) 4-G.992.3 (Annex A/B/I/J/L)
> 5-G.992.4 (Annex A/I) 6-G.992.5 (Annex A/B/I/J)
> 7-G.993.2 (Annex A/B/C)
> Please select the form of transmit rate adaptation downstream:
> 1-fixed 2-adaptAtStartup (1~2) [2]:
> Please select the form of transmit rate adaptation upstream:
> Will you set SNR margin parameters? (y/n) [n]:y
> Target SNR margin downstream (0~310 0.1dB) [60]:
> Minimum SNR margin downstream (0~60 0.1dB) [0]:
> Maximum SNR margin downstream (60~310 0.1dB) [300]:
> Target SNR margin upstream (0~310 0.1dB) [60]:
> Minimum SNR margin upstream (0~60 0.1dB) [0]:
> Maximum SNR margin upstream (60~310 0.1dB) [300]:
> Will you set DPBO parameters? (y/n)[n]:y
> DPBO E-side electrical length (0~511 0.5dB) [0]:
> Will you set UPBO parameters? (y/n)[n]:y
> UPBO reference PSD per band, each band consists of two parameters[a, b].
Parameter a value from 40 dBm/Hz (coded as 0) to 80.95 dBm/Hz
(coded as 4095) in steps of 0.01 dBm/Hz; and b value from 0 (coded as 0)
to 40.95 dBm/Hz (coded as 4095) in steps of 0.01 dBm/Hz
> UPBO US1 band reference PSD parameter a(0~4095) [1650]:
> UPBO US1 band reference PSD parameter b(0~4095) [1020]:
> Will you force the CPE to use the electrical length to compute the UPBO:
> 1-forced, 2-auto(1~2) [2]:
> Will you set RFI notch configuration parameter? (y/n) [n]:y
> Please set the RFI notch band range, the format : tone index(0~4095)
> or begin tone index-end tone index. Begin tone index must not be more
> than end tone index, for example:20,25-30. You cannot set more than
> 16 ranges:1-20,50-100,400-700,1000-2000
> Will you set VDSL tone blackout configuration parameter? (y/n) [n]:y
> Please set the VDSL tone blackout range, the format : tone index(0~4095)
> 8 ranges:
> Will you set mode-specific parameters? (y/n) [n]:y
> 1-defmode
> Please select 1-Add 2-Modify 3-Save and quit [3]:1
> 2-adsl 3-adsl2Pots 4-adsl2Isdn
> 5-adsl2PlusPots 6-adsl2PlusIsdn 7-adsl2ReachExtended
> 8-vdsl2Pots 9-vdsl2Isdn
> Please select [2]:7
> Maximum nominal aggregate transmit power downstream
> (0~205 0.1dBm) [145]:

> Maximum nominal aggregate transmit power upstream

> (0~205 0.1dBm) [145]:
> Will you set PSD mask value downstream parameter? (y/n) [n]:
> Will you set PSD mask value upstream parameter? (y/n) [n]:
> 1-defmode 7-adsl2ReachExtended
> Please select 1-Add 2-Modify 3-Delete 4-Save and quit [4]:
Step 4 Configure the VDSL2 channel profile.

Suppose that VDSL2 channel profile 3 is added.
huawei(config)#vdsl channel-profile add 3
neglected
> Data path mode 1-ATM, 2-PTM, 3-Both (1~3) [3]:2
> Will you set the minimum impulse noise protection? (y/n) [n]:y
> Minimum impulse noise protection downstream:
> 1-noProtection 2-halfSymbol 3-singleSymbol 4-twoSymbols
> 5-threeSymbols 6-fourSymbols 7-fiveSymbols 8-sixSymbols
> 9-sevenSymbols 10-eightSymbols 11-nineSymbols 12-tenSymbols
> 13-elevenSymbols 14-twelveSymbols 15-thirteenSymbols 16-fourteenSymbols
> 17-fifteenSymbols 18-sixteenSymbols
> Please select (1~18) [1]:
> Minimum impulse noise protection upstream:
> Will you set interleaving delay parameters? (y/n) [n]:y
> Maximum interleaving delay downstream (0~200 ms) [20]:
> Maximum interleaving delay upstream (0~200 ms) [20]:
> Will you set parameters for rate? (y/n) [n]:y
> Minimum transmit rate downstream (128~100000 Kbps) [128]:
> Maximum transmit rate downstream (128~100000 Kbps) [100000]:
> Minimum transmit rate upstream (128~100000 Kbps) [128]:
> Maximum transmit rate upstream (128~100000 Kbps) [100000]:

Bind the configured line profile with the channel profile. Suppose that the index of the line profile
is 3.
huawei(config)#vdsl line-template add 3
Start adding template
neglected
> Do you want to name the template (y/n) [n]:
> Please set the line-profile index (1~128) [1]:3
> Will you set channel configuration parameters? (y/n) [n]:y
> Please set the channel number (1~2) [1]:
> Channel1 configuration parameters:
> Please set the channel-profile index (1~128) [1]:3
Add template 3 successfully
Step 6 Activate VDSL2 port 0/2/0.

Use line profile 3 to activate port 0.
huawei(config)#interface vdsl 0/2
huawei(config-if-vdsl-0/2)#activate 0 template-index 3
Step 7 Bind an alarm profile with the VDSL2 port.

NOTE
l In this example, the default alarm profile is adopted.
l If the default alarm profile is not adopted and you need to adopt alarm profile 2, run the vdsl alarm-
template add 2 command to add alarm profile 2, and then run the alarm-config 0 2 command to bind
the profile with the VDSL2 port.
l A VDSL2 alarm profile takes effect only when it is bound with a port. By default, each port is bound
with alarm profile 1.

huawei(config)#save
----End
Result
After the configuration, the user can access the Internet in the PPPoE/IPoE mode.
23.3 Configuration Example of the VDSL2 IPoA Service

This example shows how to configure the VDSL2 IPoA service so that the user can access the
Internet through the VDSL2 lines in the IPoA mode.
Prerequisite
subscriber.
Context
l The MA5600 can restrict the user bandwidth through the configured traffic profile or the
l In the case of IPoA access, select the dynamic IP address (without specifying the source
IP address) or the static IP address (specifying the source IP address) for the packets. To
switch from a dynamic address to a static address in the IPoA mode, you must adopt LLC-
Bridge encapsulation first, and then adopt the IPoA static address encapsulation.
Networking
Figure 23-3 shows a sample network for configuring the VDSL2 IPoA service.

Figure 23-3 Sample network for configuring the VDSL2 IPoA service
Internet
10.1.1.1/24 Router
V CON
ETH
D MON
E
A GE 0/7/0
SCU MA5600
IPoA access
Modem
PC
Data Plan
Table 23-2 lists the data plan for configuring the VDSL2 IPoA service.
Table 23-2 Data plan for configuring the VDSL2 IPoA service
Item Data Remarks


Item Data Remarks

services.
setting
Channel profile:
l Index: 3
l Path mode: PTM
setting
to the port.
disabled.

layer device.
Default IPoA IP address: 10.1.1.1/24 It is the IP address of the upper

gateway layer router.
Figure 23-4 shows the flowchart for configuring the VDSL2 IPoA service.

Figure 23-4 Flowchart for configuring the VDSL2 IPoA service
Start
No
Is there
profile?
No
Yes
Is there No
an appropriate line
Yes profile?
Add a line profile
Is there No
Yes profile?
Save the data
End
NOTE
When adding a service port, you can select the ATM or PTM as the data path mode. The PTM data path
mode does not support the PPPoA and IPoA modes.

Procedure
add one.
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------

Setting
Step 2 Create VLAN 10, and add upstream port 0/7/0 to it.

huawei(config)#service-port vlan 10 vdsl mode atm 0/2/0 vpi 0 vci 35 rx-cttr 7 tx-
cttr 7
NOTE

neglected


> 0: Custom
> 1: All (G992.1~5,T1.413,G993.2)
> 2: Full rate(G992.1/3/5,T1.413,G993.2)
> 3: G.DMT (G992.1/3/5,G993.2)
> 4: G.HS (G992.1~5,G993.2)
> 5: ADSL (G.992.1~5,T1.413)
> 6: VDSL (G993.2)
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> Please select (1,2-3) [1]:2-6
> 7-AnnexM (1,2-3) [1]:2-6
> (1,2-3) [1]:2-5
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> 1-forced, 2-auto(1~2) [2]:
> 16 ranges:1-20,50-100,400-700,1000-2000

> 8 ranges:
> 1-defmode
> (0~205 0.1dBm) [145]:
> (0~205 0.1dBm) [145]:

neglected
is 3.
neglected




NOTE

Configure MAC address pool 0, which begins with 0000-0000-0001.

Step 10 Enable the IPoA protocol conversion.

Step 11 Configure the default IPoA gateway.

Step 12 Set the encapsulation mode of VDSL2 port 0/2/0 as IPoA-LLC.

huawei(config)#encapsulation 0/2/0 vpi 0 vci 35 type ipoa llc srcIP 10.1.1.20

huawei(config)#save
----End
Result
23.4 Configuration Example of the VDSL2 PPPoA Service

This example shows how to configure the VDSL2 PPPoA service so that the user can access the
Internet through the VDSL2 lines in the PPPoA mode.
Prerequisite
subscriber.

Context
l The MA5600 can restrict the user bandwidth through the configured traffic profile or the
Networking
Figure 23-5 shows a sample network for configuring the VDSL2 PPPoA service.
Figure 23-5 Sample network for configuring the VDSL2 PPPoA service
Internet
10.1.1.1/24 Router
V CON
ETH
D MON
E
A GE 0/7/0
SCU MA5600
PPPoA access
Modem
PC
Data Plan
Table 23-3 lists the data plan for configuring the VDSL2 PPPoA service.

Table 23-3 Data plan for configuring the VDSL2 PPPoA service
Item Data Remarks


services.
setting
Channel profile:
l Index: 3
l Path mode: ATM
setting
to the port.
disabled.

layer device.
Default PPPoA IP address: 10.1.1.1/24 It is the IP address of the upper

gateway layer router.
Figure 23-6 shows the flowchart for configuring the VDSL2 PPPoA service.

Figure 23-6 Flowchart for configuring the VDSL2 PPPoA service
Start
No
Is there
profile?
No
Yes
Yes
Is there No
an appropriate line
profile?
Is there No
profile?
Save the data
End
NOTE
When adding a service port, you can select the ATM or PTM as the data path mode. The PTM data path
mode does not support the PPPoA and IPoA modes.
Procedure
add one.

Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------

Setting
Step 2 Create VLAN 10, and add upstream port 0/7/0 to it.

huawei(config)#service-port vlan 10 vdsl mode atm 0/2/0 vpi 0 vci 35 rx-cttr 7 tx-
cttr 7
NOTE

neglected
> 0: Custom
> 1: All (G992.1~5,T1.413,G993.2)
> 2: Full rate(G992.1/3/5,T1.413,G993.2)
> 3: G.DMT (G992.1/3/5,G993.2)
> 4: G.HS (G992.1~5,G993.2)
> 5: ADSL (G.992.1~5,T1.413)

> 6: VDSL (G993.2)

> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> Please select (1,2-3) [1]:2-6
> 7-AnnexM (1,2-3) [1]:2-6
> (1,2-3) [1]:2-5
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> 1-forced, 2-auto(1~2) [2]:
> 16 ranges:1-20,50-100,400-700,1000-2000
> 8 ranges:
> 1-defmode


> (0~205 0.1dBm) [145]:
> (0~205 0.1dBm) [145]:

neglected
is 3.
neglected



NOTE
Configure MAC address pool 0, which begins with 0000-0000-0001.

Step 10 Enable the PPPoA protocol conversion.

Step 11 Set the encapsulation mode of VDSL2 port 0/2/0 as PPPoA-LLC.


huawei(config)#save
----End
Result
After the configuration, the user can access the Internet in the PPPoA mode.
23.5 Adding a VDSL2 Line Profile

This operation enables you to add a VDSL2 line profile so as to include the majority of
parameters of all the VDSL2 ports in a line profile.
Context
l Up to 128 line profiles can be added for the MA5600. Line profile 1 is the default, which
can be modified but cannot be deleted.
l When the downstream channel mode is fixed, the downstream maximum rate must be equal
to the minimum rate.
l When setting the upstream/downstream SNR margin, make sure that the settings comply
with mini. SNR margin ≤ target SNR margin ≤ max. SNR margin.
Figure 23-7 shows the flowchart for adding a VDSL2 line profile.

Figure 23-7 Flowchart for adding a VDSL2 line profile
Start
Set VDSL tone blackout No

No configuration parameter?
Name the profile?
Yes Yes
Set VDSL tone blackout
Set the line profile configuration parameter
Set transmission mode

Set mode-specific No
parameters for modem?
Select the form of transmit rate
adaptation downstream
Yes
Select the form of transmit rate Select the mode to be configured
adaptation upstream
Select the form of transmit rate Set maximum nominal aggregate

adaptation upstream transmit power downstream
Set maximum nominal aggregate

Set SNR margin for No transmit power upstream
modem?
Yes
Set target SNR margin
Set PSD mask value No
downstream
downstream parameter?
Set minimum SNR margin
downstream
Yes
Set maximum SNR margin Set PSD mask value downstream
downstream parameter
Set target SNR margin upstream

Set PSD mask value No
Set minimum SNR margin upstream parameter?
upstream
Set maximum SNR margin Yes

upstream
Set PSD mask value upstream
parameter
Set RFI notch No

configuration parameter?
Set PBO control upstream
Yes
Set RFI notch
End
configuration parameter

Procedure
Step 1 Run the vdsl line-profile add command to add a VDSL2 line profile.
Step 2 Run the display vdsl line-profile command to query the added VDSL2 line profile.
----End
To add VDSL2 line profile 3, do as follows:

neglected
> 0: Custom
> 1: All (G992.1~5,T1.413,G993.2)
> 2: Full rate(G992.1/3/5,T1.413,G993.2)
> 3: G.DMT (G992.1/3/5,G993.2)
> 4: G.HS (G992.1~5,G993.2)
> 5: ADSL (G.992.1~5,T1.413)
> 6: VDSL (G993.2)
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)
> Please select (1,2-3) [1]:2-6
> 7-AnnexM (1,2-3) [1]:2-6
> (1,2-3) [1]:2-5
> 1-T1.413 2-G.992.1 (Annex A/B/C)
> 7-G.993.2 (Annex A/B/C)


> 1-forced, 2-auto(1~2) [2]:
> 16 ranges:1-20,50-100,400-700,1000-2000
> 8 ranges:
> 1-defmode
> (0~205 0.1dBm) [145]:
> (0~205 0.1dBm) [145]:
huawei(config)#display vdsl line-profile
{ <cr>|profile-index<L><1,128> }:3
Command:
display vdsl line-profile 3
------------------------------------------------------------------------------
Profile index: 3 Name: VDSL LINE PROFILE 3
Transmission mode:
T1.413 G.992.1(Annex A/B/C)
G.992.2(Annex A/C) G.992.3(Annex A/B/I/J/L)
G.992.4(Annex A/I) G.992.5(Annex A/B/I/J)
G.993.2(Annex A/B/C)
Form of transmit rate adaptation downstream : AdaptAtStartup
Form of transmit rate adaptation upstream : AdaptAtStartup
Target SNR margin downstream(0.1dB) : 60
Minimum downstream SNR margin(0.1dB) : 0
Maximum downstream SNR margin(0.1dB) : 300
Target SNR margin upstream(0.1dB) : 60
Minimum SNR margin upstream(0.1dB) : 0
Maximum SNR margin upstream(0.1dB) : 300
UPBO US1 band reference PSD parameters[a, b] : 1650,1020
UPBO use of electrical length to compute UPBO : Auto
RFI notch configuration：
Number Start Tone Stop Tone Start Frequency End Frequency
(KHz) (KHz)
1 1 20 4.3 90.5
2 50 100 215.6 435.5
3 400 700 1725.0 3023.0
4 1000 2000 4312.5 8629.3
<defmode>
G.993.2 profile : Profile12a
VDSL2 PSD class mask : AnnexB998-M1x-A(B8-1)

VDSL2 link use of U0 : Unused

Maximum nominal aggregate transmit power
downstream(0.1dBm) : 145
upstream(0.1dBm) : 145
<adsl2ReachExtended>
downstream(0.1dBm) : 145
upstream(0.1dBm) : 145
------------------------------------------------------------------------------
Table 23-4 lists the parameters of a VDSL2 line profile.
Table 23-4 Parameters of a VDSL2 line profile

Parameter Description Default
profile-index You can enter a profile index, or press Enter to -

enable the system to allocate a profile index. The
profile index is unique.
profile-name You can enter a profile index, or press Enter to -

enable the system to allocate a profile name.
VDSL2 transmission Currently, there are six VDSL2 working modes: All
mode l 0: Custom
l 1: All (G992.1~5,T1.413, G993.2)
l 2: Full rate(G992.1/3/5, T1.413, G993.2)
l 3: g.dmt (G992.1/3/5, G993.2)
l 4: g.hs (G992.1~5, G993.2)
l 5: ADSL (G.992.1~5, T1.413)
l 6: VDSL (G993.2)
The form of transmit rate Options include 1-fixed and 2-adaptAtStartup. AdaptAtS
adaptation upstream/ l In fixed mode, the line must be activated with the tartup
downstream specified downstream activation rate. mode
l In adaptAtStartup mode, after the line training,
the downstream activation rate is between the
minimum activation rate and the maximum
activation rate, but cannot change during the
showtime. Otherwise, the line must be trained
again.
Minimum SNR margin in In the process of VDSL2 connection setup, if the 0 dB

downstream/upstream calculated SNR margin is lower than the preset one,
the port cannot be activated.

Maximal SNR margin in In the process of VDSL2 connection setup, if the 300 dB
downstream/upstream calculated target SNR margin of a VDSL2 line is
higher than the preset maximum SNR margin, the
system will limit the downstream maximum SNR
margin to the preset maximum value.
Target SNR margin in The target SNR margin is the preserved SNR margin 60 dB
downstream/upstream to ensure normal communication in the case of line
SNR deterioration. If the target SNR margin is large
enough, the chance of the occurrence of the line
error is reduced. Even if the system is the safer, the
rate of data transmission is low. Therefore, the target
SNR margin must be adjusted based on the actual
line conditions.
DPBO parameters l DPBO E-side electrical length. It ranges from 0 -

to 511 and the actual range is 0 dB-255.5 dB. If
it is configured as 0, then DPBO function is
disabled and you can not configure the other
parameters.
l DPBO assumed exchange PSD mask.
l Scalar A (Local cable feature parameter scalar
A).
l Scalar B (Local cable feature parameter scalar
B).
l Scalar C (Local cable feature parameter scalar
C).
l DPBO minimum usable signal.
l DPBO span minimum frequency. It ranges from
0 to 2048 with the unit of 4.3125 KHz. So the
actual range is 0 KHz-8832 KHz.
l DPBO span maximum frequency. It ranges from
32 to 6956 with the unit of 4.3125 KHz. So the
actual range is 138 KHz -29997.75 KHz.

UPBO parameters l UPBO US1 band reference PSD parameter a -

(upstream band 1 reference Power Spectral
Density parameter a). It ranges from 4000 to 8096
with the unit of 0.01, so the actual value range is
from 40.00 to 80.96.
l UPBO US1 band reference PSD parameter b
Density parameter b). Its value range is ditto.
l UPBO US2 band reference PSD parameter a
Density parameter a). Its value range is ditto.
l UPBO US3 band reference PSD parameter a
Density parameter a). Its value range is ditto.
l Sets whether VTU-R adjusts the UPBO using the
electric distance configured by VTU-O.
mode-specific Power frequency spectrum setting. Each line can be -

parameters for modem configured with multiple transmission modes. Each
transmission mode has its corresponding frequency
parameters.
There must be a group of default power frequency
spectrum parameters in a line. Mapping it to the
profile, it is defmode. Not all transmission modes
shall be configured with corresponding power
frequency spectrum profile parameters. As defined
in the standard, for a transmission mode, find the
corresponding power frequency spectrum setting
with priority.
If you do not find it, use the default power frequency
spectrum parameter, that is, the parameter of the
defmode to activate the line.
RFI notch configuration RFI notch is used to avoid amateur radio Up to 16

for modem interference. To avoid radio interference, set several frequency
frequency ranges. Each range consists of the start ranges can
tone and the end tone. Notch the corresponding be set.
frequency ranges, that is, do not use these frequency
ranges. Up to 16 frequency ranges can be set.

PSD mask value The PSD mask defines the PSD of a series of Null for
upstream/downstream breakpoints of transmit frequency bands. Determine both
the PSD of each sub-carrier by interpolation upstream
between two breakpoints. There are up to 16 and
upstream breakpoints and there are up to 32 downstrea
downstream breakpoints. m PSD.
PBO control upstream This function guarantees that the SNR margin at the Auto
upstream channel receiver meets the upstream PSD
mask requirements but reduces the transmit power.
Power cutback This function checks whether to enable the Disabled

downstream downstream power cutback function.
Related Operation
Table 23-5 lists the related operations for adding a VDSL2 line profile.
Table 23-5 Related operations for adding a VDSL2 line profile
Delete a VDSL2 line vdsl line-profile delete You cannot delete the default line
profile profiles or a referenced line
profile.
Modify a VDSL2 line vdsl line-profile modify After modification, the system
profile prompts that the modified profile
takes effect immediately.
Quickly add a VDSL2 vdsl line-profile quickadd The system adopts non-
line profile interactive mode for the input of
the parameter of the command.
The command serves as a
complement to the vdsl line-
profile quickadd command.
Quickly modify a vdsl line-profile The system adopts non-

VDSL2 line profile quickmodify interactive mode for the input of
the parameter of the command.
The command serves as a
complement to the vdsl line-
profile quickmodifycommand.
23.6 Adding a VDSL2 Channel Profile

This operation enables you to add a VDSL2 channel profile.

Context
l The system has a default channel profile. The parameters in the default profile are the data
for reference. You can create channel profiles according to the line conditions.
l The created channel profiles are numbered from 2 to 128. You can specify the index or
press Enter to enable the system to allocate an index.
l You can type in parameters in interactive mode.
Figure 23-8 shows the flowchart for adding a VDSL2 channel profile.
Figure 23-8 Flowchart for adding a VDSL2 channel profile
Start
Set interleaved delay No
for modem?
No Yes
Name the profile?
Set maximum interleaved delay
downstream
Yes
Set the channel profile Set maximum interleaved delay

upstream
Select data path mode

No
Set parameters for rate?
Set the minimum No

impulse noise protection? Yes
Set minimum transmit rate
downstream
Yes
Set minimum impulse noise Set maximum transmit rate
protection downstream downstream
Set minimum impulse noise Set minimum transmit rate

protection upstream
upstream
Set maximum transmit rate

upstream
Start

Procedure
Step 1 Run the vdsl channel-profile add command to add a VDSL2 channel profile.
Step 2 Run the display vdsl channel-profile command to query the added channel profile.
----End
Example
To add VDSL2 channel profile 2, do as follows:
Add VDSL2 channel profile 2.
neglected
> Data path mode 1-ATM, 2-PTM, 3-Both (1~3) [3]:
Query the added VDSL2 channel profile.

huawei(config)#display vdsl channel-profile
Command:
display vdsl channel-profile 2
------------------------------------------------------------------------------
Profile index: 2 Name: VDSL CHANNEL PROFILE 2
Data path mode : Both
Minimum impulse noise protection downstream : NoProtection
Minimum impulse noise protection upstream : NoProtection
Maximum interleaving delay downstream(ms) : 20
Maximum interleaving delay upstream(ms) : 20
Minimum transmit rate downstream(Kbps) : 128
Maximum transmit rate downstream(Kbps) : 100000
Minimum transmit rate upstream(Kbps) : 128
Maximum transmit rate upstream(Kbps) : 100000
------------------------------------------------------------------------------
Table 23-6 lists the parameters of a VDSL2 channel profile.

Table 23-6 Parameters of a VDSL2 channel profile

profile-index You can enter a profile index, or press Enter to enable -

the system to allocate a profile index. The profile
index is unique.
profile-name You can enter a name or press Enter to enable the -

system to allocate a profile name.
Data path mode If the set mode is different from the mode supported -
by the physical line, guarantee that the line activation
with priority, and set adapting the board to the mode
supported.
Maximum Interleaved delay in downstream or upstream. It 20 ms

interleaved delay ranges from 0 ms to 200 ms.
downstream/
upstream
Minimum impulse There are 18 options for downstream/upstream. The first.

noise protection
downstream/
upstream
Minimum transmit Ranges from 128 kbit/s to 100000 kbit/s. 128 kbit/s
rate downstream/
upstream
Maximum transmit Ranges from 128 kbit/s to 100000 kbit/s. 100000 kbit/s
rate downstream/
upstream
Related Operation
Table 23-7 lists the related operations for adding a VDSL2 channel profile.
Table 23-7 Related operations for adding a VDSL2 channel profile

Delete a VDSL2 vdsl channel-profile delete You cannot delete the default
channel profile channel profiles or a referenced
channel profile.
Modify a VDSL2 vdsl channel-profile modify After modification, the system

channel profile prompts that the modified
profile takes effect
immediately.

Quickly add a VDSL2 vdsl channel-profile quickadd The system adopts non-
channel profile interactive mode for the input
of the parameter of the
command. The command
vdsl channel-profile add
command.
Quickly modify a vdsl channel-profile The system adopts non-

VDSL2 channel profile quickmodify interactive mode for the input
of the parameter of the
command. The command
vdsl channel-profile modify
command.
23.7 Adding a VDSL2 Line Template

This operation enables you to add a VDSL2 line template. The line profile binds the specified
line profile and channel profile. Use the line profile to activate ports.
Prerequisite
The line profile and the channel profile have been configured.
Context
l The system has a default line template. The parameters in the default profile are the data
for reference. You can create line profile according to the line conditions.
l The created channel profiles are numbered from 2 to 128. When creating a profile,  you
can specify the index or press Enter to enable the system to allocate an idle index.
l You can type in parameters in interactive mode.
Procedure
Step 1 Run the vdsl line-template add command to add a VDSL2 line template.
Step 2 Run the display vdsl line-template command to query the added line template.
----End
To add a VDSL2 line template, do as follows:

neglected


Query the added VDSL2 line template.

huawei(config)#display vdsl line-template
{ <cr>|template-index<L><1,128> }:2
Command:
display vdsl line-template 2
------------------------------------------------------------------------------
Template index: 2 Name: VDSL LINE TEMPLATE 2
Line profile index : 3
Channel1 profile index : 2
Channel1 rate adaptation ratio downstream : -
Channel1 rate adaptation ratio upstream : -
------------------------------------------------------------------------------
Table 23-8 lists the parameters of a VDSL2 line template.
Table 23-8 Parameters of a VDSL2 line template

Profile index You can enter a line template index, or press Enter to enable the system
to allocate a profile index. The profile index is unique.
Profile name You can enter a name or press Enter to enable the system to allocate
a profile name.
Line profile index The index of the configured line profile.
Channel number This enables you to set the number of channels the line supports. You
can configure the second channel only after you have configured the
first channel.
When modifying the line template, if you input a channel number that
is different from the last channel number, the system considers that
you will reconfigure the following channel number, and then the
configured parameters will be cleared.
Channel profile The index of the configured channel profile.

index
Related Operation
Table 23-9 shows the related operations for configuring a VDSL2 line template.

Table 23-9 Related operations for configuring a VDSL2 line template

Delete a VDSL2 line vdsl line-template delete You cannot delete a referenced
template extended line profile.
Modify a VDSL2 line vdsl line-template After modification, the system

template modify prompts that the modified profile
takes effect immediately.
Quickly add a VDSL2 line vdsl line-template The system adopts non-interactive
template quickadd mode for the input of the parameter
serves as a complement to the vdsl
line-template add command.
Quickly modify a VDSL2 vdsl line-template The system adopts non-interactive

line template quickmodify mode for the input of the parameter
serves as a complement to the vdsl
line-template modify command.
23.8 Adding a VDSL2 Line Alarm Profile

This operation enables you to configure a VDSL2 line alarm profile so as to include the majority
of parameters of all the VDSL2 ports in a line alarm profile. After the alarm profile is configured
successfully, it can be directly used to activate the ports.
Context
l The VDSL2 line alarm profile contains a series of alarm thresholds to measure and monitor
the performance of an activated VDSL2 line. When a statistic reaches the threshold, the
MA5600 sends the alarm to the log host and the NMS.
l When configuring a VDSL2 line alarm profile, you cannot delete profile 1, but you can
modify it. The created line alarm profiles are numbered 2–50.
Figure 23-9 shows the flowchart for adding a VDSL2 line alarm profile.

Figure 23-9 Flowchart for adding a VDSL2 line alarm profile
Start
No
Name the profile?
No
Set the line
thresholds for CPE?
Yes
Name the profile Yes

Set the number of forward error
correction seconds
set the line No

thresholds for CO? Set the number of errored seconds
Yes
Set the number of severely errored
Set the number of forward error
seconds
correction seconds
Set the number of loss of signal

Set the number of errored seconds seconds
Set the number of unavailable

Set the number of severely errored seconds
seconds
Set the number of failed full

Set the number of loss of signal initialization
seconds
End
Set the number of unavailable
seconds
Procedure
Step 1 Run the vdsl alarm-profile add command to add a VDSL2 line alarm profile.
Step 2 Run the display vdsl alarm-profile command to query the added VDSL2 line alarm profile.
----End
Example
To add a VDSL2 line alarm profile, do as follows:
Add VDSL2 line alarm profile 2.
huawei(config)#vdsl alarm-profile add 2
neglected
> Will you set the line thresholds for CO? (y/n) [n]:y

> The number of forward error correction seconds (0~900) [0]:10

> The number of errored seconds (0~900) [0]:
> The number of loss of signal seconds (0~900) [0]:
> Will you set the line thresholds for CPE? (y/n) [n]:y
> The number of forward error correction seconds (0~900) [0]:10
> The number of errored seconds (0~900) [0]:10
> The number of loss of signal seconds (0~900) [0]:
> The number of failed full initialization (0~900) [0]:5
Query the added VDSL2 line alarm profile.

huawei(config)#display vdsl alarm-profile
Command:
display vdsl alarm-profile 2
------------------------------------------------------------------------------
Profile index: 2 Name: VDSL ALARM PROFILE 2
<CO>
The number of forward error correction seconds : 10
The number of errored seconds : 0
The number of severely errored seconds : 0
The number of loss of signal seconds : 0
The number of unavailable seconds : 0
<CPE>
The number of forward error correction seconds : 10
The number of errored seconds : 0
The number of severely errored seconds : 0
The number of loss of signal seconds : 0
The number of unavailable seconds : 0
The number of failed full initialization : 5
------------------------------------------------------------------------------
Table 23-10 lists parameters of a VDSL2 line alarm profile.
Table 23-10 Parameters of a VDSL2 line alarm profile

Profile index You can enter a profile index or press Enter to enable the system
to designate an index for it. The profile index is unique.
Profile name The name of the configured line alarm profile.
Forward error correction Within the 15-minute performance data collection period, if the
seconds forward error correction seconds exceed the threshold, an alarm
is reported. Otherwise, no alarm is reported.
Errored seconds Within the 15-minute performance data collection period, if the
errored seconds exceed the threshold, an alarm is reported.
Otherwise, no alarm is reported.
Severely errored seconds Within the 15-minute performance data collection period, if the
severely errored seconds exceed the threshold, an alarm is
reported. Otherwise, no alarm is reported.

Loss of signal seconds Within the 15-minute performance data collection period, if the
loss of signal seconds exceeds the threshold, an alarm is
The number of unavailable Within the 15-minute performance data collection period, if the
seconds number of unavailable seconds exceeds the threshold, an alarm
is reported. Otherwise, no alarm is reported.
Failed full initialization Within the 15-minute performance data collection period, if the
failed full initialization times exceed the threshold, an alarm is
Related Operation
Table 23-11 shows the related operations for adding a VDSL2 line alarm profile.
Table 23-11 Related operations for adding a VDSL2 line alarm profile
Delete a VDSL2 line vdsl alarm-profile You cannot delete the default line alarm
alarm profile delete profiles or a referenced alarm profile.
Modify a VDSL2 line vdsl alarm-profile After modification, the system prompts
alarm profile modify that the modified profile takes effect
immediately.
Quickly add a VDSL2 vdsl alarm-profile The system adopts non-interactive

line alarm profile quickadd mode for the input of the parameter of
a complement to the vdsl alarm-profile
add command.
Quickly modify a vdsl alarm-profile The system adopts non-interactive

VDSL2 line alarm quickmodify mode for the input of the parameter of
profile the command. The command serves as
a complement to the vdsl alarm-profile
modify command.
23.9 Adding a VDSL2 Channel Alarm Profile

This operation enables you to add a channel alarm profile containing alarm thresholds for channel
parameters.
Context
You cannot delete channel alarm profile 1, but you can modify it. The created alarm profiles are
numbered 2 to 50.

Figure 23-10 shows the flowchart for adding a VDSL2 channel alarm profile.
Figure 23-10 Flowchart for adding a VDSL2 channel alarm profile
Start
set the channel No
thresholds for the CPE?
No
Name the profile? Yes
Set the number of coding
violations counts
Yes
Set the alarm profile Set the number of corrected

blocks counts
Set the threshold of channel

set the channel No
monitoring rate downstream
thresholds for the CO?
Set the threshold of channel

Yes
monitoring rate upstream
Set the number of coding
violations counts
End
Set the number of corrected

blocks counts
Procedure
Step 1 Run the vdsl channel-alarm-profile add command to add a VDSL2 channel alarm profile.
Step 2 Run the display vdsl channel-alarm-profile command to query the added VDSL2 channel
alarm profile.
----End
Example
To add channel alarm profile 2, do as follows:
Add channel alarm profile 2.
huawei(config)#vdsl channel-alarm-profile add 2
neglected
> Will you set the channel thresholds for CO? (y/n) [n]:y
> The number of coding violations counts (0~60000) [0]:10
> The number of corrected blocks counts (0~60000) [0]:
> Will you set the channel thresholds for CPE? (y/n) [n]:y
> The number of coding violations counts (0~60000) [0]:10
> The number of corrected blocks counts (0~60000) [0]:10
> The threshold of channel monitoring rate downstream

> (0~100000Kbps) [0]:2048

> The threshold of channel monitoring rate upstream
> (0~100000Kbps) [0]:4096
Query the added VDSL2 channel alarm profile.

huawei(config)#display vdsl channel-alarm-profile 2
------------------------------------------------------------------------------
Profile index: 2 Name: VDSL CHANNEL ALARM PROFILE 2
<CO>
The number of coding violations counts : 10
The number of corrected blocks counts : 0
<CPE>
The number of coding violations counts : 10
The number of corrected blocks counts : 10
The threshold of channel monitoring rate downstream(Kbps) : 2048
The threshold of channel monitoring rate upstream(Kbps) : 4096
------------------------------------------------------------------------------
Table 23-12 lists the parameters of VDSL2 channel alarm profile.
Table 23-12 Parameters of VDSL2 channel alarm profile

Profile index You can enter a profile index or press Enter to

enable the system to allocate an index for it. The
profile index is unique.
The number of coding violations Within the 15-minute performance data collection
counts period, if the number exceeds the set threshold, an
alarm is reported. 0 indicates no alarm is needed.
The number of corrected blocks counts Within the 15-minute performance data collection
period, if the number exceeds the set threshold, an
alarm is reported. 0 indicates no alarm is needed.
The threshold of channel monitoring If the activation rate of the current channel does not
rate upstream/downstream reach the set threshold, an alarm is reported. 0
indicates no alarm is needed.
Related Operation
Table 23-13 lists the related operations for adding a VDSL2 alarm profile.
Table 23-13 Related operations for adding a VDSL2 channel alarm profile
Delete a VDSL2 vdsl channel-alarm- You cannot delete the default channel
channel alarm profile profile delete alarm profiles and a reference channel
alarm profile.

Modify a VDSL2 vdsl channel-alarm- After modification, the system

channel alarm profile profile modify prompts the modified profile takes
effect immediately.
Quickly add a VDSL2 vdsl channel-alarm- The system adopts non-interactive

channel alarm profile profile quickadd mode for the input of the parameter of
a complement to the vdsl channel-
alarm-profile add command.
Quickly modify a vdsl channel-alarm- The system adopts non-interactive

VDSL2 channel alarm profile quickmodify mode for the input of the parameter of
profile the command. The command serves as
a complement to the vdsl channel-
alarm-profile modify command.
23.10 Adding a VDSL2 Alarm Template

This operation enables you to add a VDSL2 alarm template.
Prerequisite
The required line alarm profile and channel alarm profile has been configured.
Context
l The new alarm template binds the specified line alarm profile and channel alarm profile.
l If you do not specify the line alarm profile and alarm profile, the alarm template binds the
default line alarm profile and the channel alarm profile.
Procedure
Step 1 Run the vdsl alarm-template add command to add a VDSL2 alarm template.
Step 2 Run the display vdsl alarm-template command to query the VDSL2 alarm template.
----End
To add an alarm template with index of 2, do as follows:

huawei(config)#vdsl alarm-template add 2
neglected
> Please set the alarm-profile index (1~50) [1]:2
> Please set the channel1 alarm-profile index (1~50) [1]:2
Query the alarm template 2.

huawei(config)#display vdsl alarm-template 2

------------------------------------------------------------------------------
Template index: 2 Name: VDSL ALARM TEMPLATE 2
Line alarm profile index : 2
Channel1 alarm profile index : 2
------------------------------------------------------------------------------
Table 23-14 lists all parameters of a VDSL2 alarm template.
Table 23-14 Parameters for configuring a VDSL2 alarm template

Profile index You can enter an alarm template index, or press Enter to
enable the system to allocate a profile index. The profile
index is unique.
Profile name You can enter a name or press Enter to enable the system
to allocate a profile name.
Line alarm profile index The index of the configured line alarm profile.
Channel number l This enables you to set the number of channels the line
supports.
l You can configure the second channel only after you have
configured the first one.
l When modifying the alarm template, if you input a
channel number that is different from the last, the system
considers that you will reconfigure the following channel
number, and then the configured parameters will be
cleared.
Channel alarm profile index The index of the configured channel alarm profile.
Related Operation
Table 23-15 lists the related operations for adding a VDSL2 alarm template.
Table 23-15 Related operations for adding a VDSL2 alarm template

Delete a VDSL2 alarm vdsl alarm-template delete You cannot delete the default
template alarm profile and the referenced
alarm profile .
Modify a VDSL2 alarm vdsl alarm-template After modification, the system

template modify prompts that the modified
template takes effect immediately.

Quickly add a VDSL2 vdsl alarm-template The system adopts non-interactive

alarm template quickadd mode for the input of the
parameter of the command. The
command serves as a complement
to the vdsl alarm-template add
command.
Quickly modify a vdsl alarm-template The system adopts non-interactive

VDSL2 alarm template quickmodify mode for the input of the
parameter of the command. The
command serves as a complement
to the vdsl alarm-template
modify command.
Bind a VDSL2 alarm alarm-config A configured alarm profile can

template take effect only after it is bound
with a VDSL2 port.
23.11 Binding an VDSL2 Alarm Template

This operation enables you to bind a VDSL2 alarm template with a port. After the port is
activated, monitor the line according to the alarm thresholds set in the ADSL2+ alarm template.
Context
l The thresholds in the VDSL2 alarm template take effect only after the template is bound
with a port and the port is activated.
l By default, a port is bound with alarm template 1 and all the alarm thresholds in the template
are 0.
Procedure
Step 1 Run the alarm-config command to bind an alarm template with a port.
Step 2 Run the display port state command to query the binding between the alarm template and the
port.
----End
Example
To bind alarm template 2 with port 1 of the VDSL2 board in 0/5, do as follows:
huawei(config-if-vdsl-0/5)#alarm-config 1 2
huawei(config-if-vdsl-0/5)#display port state 1
-----------------------------------------------------------------
Port Status Loopback Line Template Alarm Template
-----------------------------------------------------------------
1 Activating Disable 1 2
-----------------------------------------------------------------

23.12 Activating a VDSL2 Port

This operation enables you to activate a VDSL2 port.
Prerequisite
The VDSL2 line template has been configured.
Context
Activation refers to the training between the VTU-C and VTU-R. During the training process,
the system checks the line distance and line status based on settings included in the line profile,
such as upstream/downstream line rate and SNR margin. The VTU-C negotiates with VTU-R
to check whether the system can work in the normal state under the existing conditions.
l To activate a VDSL2 port, you need bind it with a VDSL2 line template. If the template is
not specified, the system uses the profile bound wit the port last time to activate a VDSL2
port.
l If the training succeeds, the VTU-C can communicate with VTU-R. At the moment, the
port works in activated state, and is ready for service data communication.
l When the VTU-R is online, the activation process ends after the completion of the training.
When the VTU-R gets offline, the communication is terminated, and the VTU-C is in
listening state. Once the VTU-T gets online, the training process begins automatically.
Procedure
Step 1 Run the active command to activate all port on the service board.
Step 2 Run the display port state command to query the port status and the line profile bound to it.
----End
Example
To activate all port on the VDSL2 board in slot using line profile 1, do as follows:
huawei(config)#interface vdsl
huawei(config-if-vdsl-0/2)#activate all template-index 1
To query the port status and the line profile bound with it, do as follows:
huawei(config-if-vdsl-)#display port state all
-----------------------------------------------------------------
Port Status Loopback Line Template Alarm Template
-----------------------------------------------------------------
0 Activated Disable 1 1

-----------------------------------------------------------------
Total number of activated port : 24
Total number of unactivated port: 0
Related Operation
Table 23-16 lists the related operations for activating a VDSL2 port.
Table 23-16 Related operations for activating a VDSL2 port
Activate a VDSL2 port deactivate
Loopback a VDSL2 port loopback
23.13 Querying a VDSL2 port

This operation enables you to query a VDSL2 port.
Prerequisite
The VDSL2 line template has been configured.
Context
A VDSL2 port may be in activating, activated, deactivated or loopback state.
Inter-conversion between these states

Figure 23-11 shows the inter-conversion between these states.
Figure 23-11 Inter-conversion between these states

Modem training
undo
activate succeeds
loopback
activating
Loopback deactivated deactivate Modem is off or activated
powered off
loopback deactivate

Procedure
Run the display port state command to query comprehensive information of a VDSL2 port.
----End
Example
Example: To query a VDSL2 port0/2/0, do as follows:
huawei(config)#interface vdsl
huawei(config-if-vdsl-)#display port state 0
-------------------------------------------------------------------
Port Status Loopback Line_template Alm_template
-------------------------------------------------------------------
0 Deactivated Local 1 1
-------------------------------------------------------------------
Related Operation
Table 23-17 lists the related operations for querying a VDSL2 port.
Table 23-17 Related operations for querying a VDSL2 port

Query the settings of a VDSL2 port display parameter
Query the version of the VTU-C or VTU display inventory

Configuration Guide 24 Configuring Protection for Upstream Link
24 Configuring Protection for Upstream

Link
About This Chapter
This chapter describes how to configure the protection for the upstream link on the MA5600.
24.1 Overview
This chapter describes the service protection mechanism of the upstream port on the MA5600.
24.2 Configuration Example of the Upstream Link Protection
This operation enables you to back up upstream links.
24.3 Configuring a Protection Group
This operation enables you to configure a protection group. When the MA5600 is disconnected
from the upper layer device physically due to some unknown causes, the MA5600 uses the
standby line to transmit the subscriber services.
24.4 Configuring the Protection Group Weight
This operation enables you to configure the protection group weight. When there are multiple
protection groups on a control board, the system judges whether to implement active-standby
switchover according to the protection group weight.

24 Configuring Protection for Upstream Link Configuration Guide
24.1 Overview
This chapter describes the service protection mechanism of the upstream port on the MA5600.
Service Description
l The broadband access service of Internet becomes more and more popular, and users
demand for both high performance and stable network access. As a result, carriers prefer
the broadband access equipment that runs stably and has better automatic protection and
self-healing capability.
l The MA5600 adopts the active/standby mechanism to ensure the normal operation of the
service. In addition, it is designed with the service protection mechanism of the upstream
port. When the MA5600 is disconnected with the upper layer device physically due to some
unknown causes, the MA5600 uses the standby line to transmit the user services.
The MA5600 provides three detection modes of the active/standby switchover to achieve the
service protection of the upstream port.
l Port status detection mode: It means that the two ports of a protection group, or the ports
of the two boards are enabled. The port status determines whether to implement switchover.
l Delay detection mode: It means that only one port in a protection group is enabled, and the
other one is disabled. If the status of the port of the active control board is DOWN, disable
the port. Then, enable the port of the standby control board. If the status of the port of the
standby control board is UP, the switchover is performed. Otherwise, detection proceeds.
l Delay enhanced detection mode: It means that one port in a protection group is enabled
and the other one is disabled. If the status of the port of the active control board is DOWN,
do not disable the port. Enable the port of the standby control board directly. If the status
of the port of the standby control board is UP, the switchover is performed. Otherwise,
detection proceeds.
l Protection groups in the delay detection mode and the delay enhanced detection mode
support optical ports, and the configuration of the duration for a enabled port in standby
control board detection.
l The delay detection mode and delay enhanced detection mode support the configuration
of detection delay and detection frequency of a protection group.
l The delay detection mode and delay enhanced detection mode support the configuration
of the weight of protection groups. When there are multiple protection groups, the active/
standby switchover is performed only when the requirement is met, namely, the sum of the
weights of protection groups in the condition that the port of the active control board is
faulty and the port of the standby control board is normal is larger than that of protection
groups in the condition that the port of the active control board is normal and the port of
the standby control board is faulty.
l Link Aggregation Control Protocol (LACP) detection mode: In this mode, the link
aggregation protocol control is performed, the port fault is detected, and protection
switchover function is triggered.

24.2 Configuration Example of the Upstream Link

Protection
This operation enables you to back up upstream links.
Context
l The MA5600 supports three detection modes for link protection: port status detection, delay
detection mode, and delay enhanced detection mode.
l The two ports of a link protection cannot be on a same upstream board, but the port numbers
and port type of the two ports must be the same.
Networking
Figure 24-1 shows a sample network for configuring the upstream link protection.
Figure 24-1 Sample network for configuring the upstream link protection
Internet
Router
A CON
D ETH
MON
G
E
GE 0/7/1 GE 0/8/1
SCU SCU MA5600
Mode
m
PC
Figure 24-2 shows the flowchart for configuring the upstream link protection.

Figure 24-2 Flowchart for configuring the upstream link protection
Start
Configure the protection group
Create a VLAN
Add the upstrem port to the VLAN
Add a service port to the VLAN
Save the data
End
Data Plan
Table 24-1 shows the data plan for configuring the upstream link protection.
Table 24-1 Data plan for configuring the upstream link protection
Item Data
VLAN ID 10
Upstream port The 0/7/1 and 0/8/1
Protection group mode Status detection mode
Gateway IP address 10.1.1.1/24
Service port 0/2/0
Procedure
Step 1 Run the protect-group command to configure the protection group.
huawei(config)#protect
huawei(config-protect)#protect-group first 0/7/1 second 0/8/1 eth workmode
portstate
Step 2 Run the vlan to create a VLAN.

huawei(config-protect)#quit
Step 3 Run the port vlan command to add the upstream port to the VLAN.
Step 4 Run the service-port command add to a service port to the VLAN.

huawei(config)#save
----End
Verification
After the configuration, users can access the Internet. When the uplink of upstream port 0/7/1
fails, the system automatically transfers the services to the uplink of upstream port 0/8/1. In this
way, users can still access the Internet.
24.3 Configuring a Protection Group

This operation enables you to configure a protection group. When the MA5600 is disconnected
from the upper layer device physically due to some unknown causes, the MA5600 uses the
standby line to transmit the subscriber services.
Context
The two ports in a protection group must be on different upstream ports of the upstream board
and of the same type.
The two ports in the protection group must be in the same aggregation group, and the aggregation
group must contains only the only two ports.
Procedure
Step 1 Run the protect-group command to configure a protection group.
Step 2 Run the display protect-group command to query the protection group.
----End
Example
To configure a protection group that consists of ports 0/7/1 and 0/8/1, do as follows:
huawei(config-protect)#protect-group first 0/7/1 second 0/8/1 eth workmode
portstate
huawei(config-protect)#display protect-group
---------------------------------------------------------------------------
FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0/7/1 0/8/1 Enable First MainBoard-PORT PortState
---------------------------------------------------------------------------

Related Operation
Table 24-2 lists the related operation for configuring a protection group.
Table 24-2 Related operation for configuring a protection group
Delete a protection group undo protect-group
24.4 Configuring the Protection Group Weight

This operation enables you to configure the protection group weight. When there are multiple
protection groups on a control board, the system judges whether to implement active-standby
switchover according to the protection group weight.
Context
Only the delay detection mode and the delay enhanced detection mode support the configuration
of the protection group weight.
Procedure
Step 1 Run the protect-group command to configure the protection group on a port and configure the
protection group weight.
Step 2 Run the display protect-group command to query the protection group weight.
----End
Example
To configure the protection group on ports 0/7/1 and 0/8/1 in delay enhanced detection mode
and configure the protection group weight as 60, do as follows:
huawei(config-protect)#protect-group first 0/7/1 second 0/8/1 eth workmode timebis
weight 60
huawei(config-protect)#display protect-group
{ frame/slot<S><1,15>|<cr>|frame/slot/port<S><1,15> }:0/7/1
Command:
display protect-group 0/7/1
----------------------------------------------------------------------------------
------------
FirstIntf ：0/7/1
SecondIntf ：0/8/1
CurrentIntf ：First
Enable ：Enable
ProtectType ：ETH
WorkMode ：Timebis
Standby-On-Time（10ms）：40
Weight ：60
HoldTime（10ms）：0
----------------------------------------------------------------------------------
---------------

Configuration Guide 25 Configuring Device Subtending
25 Configuring Device Subtending
About This Chapter
This chapter describes the Ethernet technology and how to configure the device subtending on
the MA5600.
25.1 Overview
The MA5600 supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This section describes the service description and service
specifications of the subtending device.
25.2 Configuration Example of the Ethernet Access Service
The MA5600 provides the basic PPP over Ethernet (PPPoE) dialup service for the users
accessing through the ETH board that works in the normal state.
25.3 Configuration Example of the Subtended Network Through the SCU Board
The example shows how to subtend two MA5600 devices.
25.4 Configuration Example of Subtending Device Through the ETHA Board
This operation enables you to subtend two MA5600 devices.
25.5 Configuring the Working Mode of the ETH Board
This operation enables you to configure the working mode of the ETH board. In the private line
access, enterprise users directly access the device through the ETH board. In this case, you need
to run the related command to configure the working mode of the ETH board as QinQ.
25.6 Configuring the Physical Attributes of an Ethernet Port
25.7 Enabling the Flow Control on an Ethernet Port
This operation enables the flow control on an Ethernet port.
25.8 Enabling the Traffic Suppression
This operation enables the traffic suppression on a port to guarantee the stable network services.
25.9 Enabling the Ethernet Port Aggregation
This operation enables Ethernet port aggregation.
25.10 Mirroring an Ethernet Port
This operation enables the mirroring function of an Ethernet port. This helps analyze the cause
of a faulty port.

25 Configuring Device Subtending Configuration Guide
25.11 Adding an Ethernet Port to a VLAN

This operation enables you to add Ethernet ports to a VLAN.
25.12 Configuring the Outer QinQ VLAN of the Ethernet Port
This operation enables you to configure the outer QinQ VLAN of the Ethernet port. When the
ETH board works in QinQ mode, you need to configure the QinQ VLAN of the port.
25.13 Setting the Native VLAN for an Ethernet Port
This operation enables you to set the native VLAN for an Ethernet port.

25.1 Overview
The MA5600 supports multiple types of Ethernet ports and other DSLAM devices can be
subtended to these Ethernet ports. This section describes the service description and service
specifications of the subtending device.
Service Description
The MA5600 supports subtended through the Ethernet port. Multiple DSLAMs at different tiers
can be subtended through the GE/FE port to extend the network coverage and satisfy the
requirements for a large capacity.
For details on the subtended network, refer to the chapter "Subtended Network
Configuration" in the Feature Description.
The MA5600 provides Ethernet ports through the SCU board and ETH board.
The Ethernet ports provided by the SCU board are used for upstream service transmission and
subtended network configuration.
The ETH board also provides the basic PPPoE dialup access service.
Table 25-1 lists the Ethernet ports of the MA5600
Table 25-1 Ethernet ports of the MA5600
Port Type Port Working Mode Rate
100 Base-FX 100M single-mode/ Full duplex 100 Mbit/s

multiple-mode optical
port
1000 Base-TX 1000M electrical port l Full duplex l 10 Mbit/s

l Half duplex l 100 Mbit/s
l Auto negotiation l 1000 Mbit/s
1000 Base-SX 1000M multiple-mode l Full duplex 1000 Mbit/s

optical port l Auto negotiation
1000 Base-LX 1000M single-mode l Full duplex 1000 Mbit/s

optical port l Auto negotiation
25.2 Configuration Example of the Ethernet Access Service

The MA5600 provides the basic PPP over Ethernet (PPPoE) dialup service for the users
accessing through the ETH board that works in the normal state.

Context
The PPPoE protocol packets of the users accessing through the ETH board are transparently
transmitted through the MA5600 to the upper layer device for authentication.
Figure 25-1 Sample network for configuring the Ethernet access service
Router
Internet
CON
ETH
E MON
T
H
A
SCU MA5600
LSW
PC
Data Plan
Table 25-2 lists the data plan for the Ethernet access service.
Table 25-2 Data plan for the Ethernet access service
Item Data
MA5600 Uplink port: 0/7/0
ETH access port: 0/6/0
VLAN ID: 10
Prerequisite
l The working mode of the ETH board is normal.

Figure 25-2 shows the flowchart for configuring the Ethernet access service.
Figure 25-2 Flowchart for configuring the Ethernet access service
Start
Create a standard VLAN
Add sn uplink port
Add an access port
Save the data
End
Procedure
Step 1 Create a standard VLAN.
Step 2 Add an uplink port to the VLAN.

Step 3 Add an access port.


huawei(config)#save
----End
Result
After the configuration, the PCs of the access users can access the network through PPPoE
dialup.
25.3 Configuration Example of the Subtended Network

Through the SCU Board
The example shows how to subtend two MA5600 devices.
l All the network devices and lines are normal.

l All the boards in the MA5600 are in the normal state.

l The Ethernet port 0/7/1 of MA5600_A and the Ethernet port 0/7/0 of MA5600_B are of
the same port type.
l The Ethernet port 0/7/1 of MA5600_A and the Ethernet port 0/7/0 of MA5600_B are of
the same auto-negotiation for their rates and duplex modes.
l Perform the following tasks on MA5600_A. The MA5600_B need not be configured with
a subtended port. The other configurations of MA5600_B are the same as those of
MA5600_A.
Networking
Figure 25-3 show a sample network for configuring the subtended network.
Figure 25-3 Sample network for configuring the subtended network
IP
CON
ETH
MON
GE 0/7/0
GE 0/7/1
MA5600_A SCU
A
CON
D ETH
G MON
G
GE 0/7/0
GE 0/7/1
CPE SCU MA5600_B
PC
Figure 25-4 shows the flowchart for configuring the subtended network.

Figure 25-4 Flowchart for configuring the subtended network
Start
Add an upstream port to the

VLAN
Add a subtending port to the

VLAN
End
Procedure

Step 3 Add a subtending port to the VLAN.


huawei(config)#save
----End
Result
After the configuration, you can configure various services through both the MA5600_A and
MA5600_B. Users of MA5600_B can access the Internet.
25.4 Configuration Example of Subtending Device Through

the ETHA Board
This operation enables you to subtend two MA5600 devices.
Prerequisite
l The network device and the line are in the normal state.
l All boards of the MA5600 are in the normal state.
l Ethernet port 0/6/0 on MA5600_A and Ethernet port 0/7/0 on MA5600_B are of the same
type, and the port rate and duplex mode is auto negotiation.

l Configuration on MA5600_B is finished and it is not repeated here.
Networking
Figure 25-5 shows a sample network for subtending devices
Figure 25-5 Sample network for subtending devices
Internet
E CON
ETH
T
H
A
GE 0/6/0 GE 0/7/0
SCU MA5600_A
A CON
ETH
D
G
G
GE 0/7/1
SCU MA5600_B
Figure 25-6 shows the flowchart for configuring subtending devices

Figure 25-6 Flowchart for configuring subtending devices
Start
Add an upstream port to the

VLAN
Add a subtending port to the

VLAN
End
NOTE
The mentioned configuration is performed on MA5600_A. No subtending port is needed to be configured
on MA5600_B. For other configurations, they are the same on MA5600_A and MA5600_B.
Procedure
Step 2 Add an upstream port.

Step 3 Add a subtending port.


huawei(config)#save
----End
Result
After the configuration, the subtended devices can be configured with services and users
connected to MA5600_B can access the Internet.
25.5 Configuring the Working Mode of the ETH Board

This operation enables you to configure the working mode of the ETH board. In the private line
access, enterprise users directly access the device through the ETH board. In this case, you need
to run the related command to configure the working mode of the ETH board as QinQ.

Context
l The ETH board can work in normal mode or QinQ mode. The switchover of the working
mode of the ETH board will cause the resetting of the ETH board.
l If you need to switch the working mode of the ETH board from the normal mode to the
QinQ mode, check whether the ETH board is configured with the ETH OAM and the
multicast subtending port services. If the two services are configured, the switchover of the
working mode is rejected.
l If the working mode of the ETH board is switched from the normal mode to the QinQ mode,
and the native VLAN of the subtending port is not all "1"s, the switchover of the working
mode is rejected.
l If the working mode of the ETH board is switched from the QinQ mode to the normal mode,
and the QinQ VLAN of the subtending port is not all "1"s, the switchover of the working
mode is rejected.
l If the specified port is not in the specified VLAN, the switchover of the working mode is
rejected.
Procedure
Step 1 Run the eth mode command to configure the working mode of the ETH board.
Step 2 Run the display eth mode command to query the working mode of the ETH board.
----End
Example
To configure the working mode of the ETH board residing in slot 0/6 as the QinQ mode, do as
follows:
huawei(config)#eth mode qinq 0/6
This operation will reset the ETH board, are you sure to continue? (y/n)[n]:y
huawei(config)#display eth mode 0/6
Current eth mode is qinq
25.6 Configuring the Physical Attributes of an Ethernet Port

25.6.1 Setting the Auto-negotiation Mode of an Ethernet Port
This operation enables you to set the auto-negotiation mode of an Ethernet port.
25.6.2 Setting the Duplex Mode of an Ethernet Port
This operation enables you to set the duplex mode of an Ethernet port.
25.6.3 Setting the Rate of an Ethernet Port
This operation enables you to set the rate of an Ethernet port.
25.6.4 Setting the Network Cable Type of an Ethernet Port
This operation enables you to set the network cable type of an Ethernet port.
25.6.1 Setting the Auto-negotiation Mode of an Ethernet Port

This operation enables you to set the auto-negotiation mode of an Ethernet port.

Context
l By default, the auto-neg switch of the Ethernet electric port is enabled.
l By default, the auto-neg switch of the Ethernet optical port is disabled.
Procedure
Step 1 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port.
Step 2 Run the display port state command to query the configuration of the Ethernet port.
----End
Example
To disable the auto-negotiation mode of Ethernet port 0/7/1 on the SCU board, do as follows:
huawei(config-if-scu-0/7)#auto-neg 1 disable
huawei(config-if-scu-0/7)#display port state 1
Optics module status is absence
The port is active
Native VLAN ID is 1
Ethernet port is offline
Ethernet port is full duplex
Ethernet port rate is 1000M
Ethernet port does not support flow control
Ethernet port does not support line-selfadaptive
25.6.2 Setting the Duplex Mode of an Ethernet Port

This operation enables you to set the duplex mode of an Ethernet port.
Context
l The duplex of an Ethernet port can be full duplex, half duplex, or auto-negotiation. When
setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet port
must be the same as that of the interconnected port on the peer device. This prevents
communication failure.
l When a port is in auto-negotiation mode, to change its duplex mode to full duplex, disable
the auto-negotiation mode of the port first.
l This operation takes effect on the electrical port only.
l By default:
– The FE electrical port is in auto-negotiation mode.
– The FE optical port is in full duplex mode.
Procedure
Step 1 Run the auto-neg command to disable the auto negotiation mode of an Ethernet port.
Step 2 Run the duplex command to set the duplex mode of the Ethernet port.
Step 3 Run the display port state command to query the duplex mode of the port.
----End

Example
To change the auto-negotiation mode of Ethernet port 0/7/1 to full duplex, do as follows:
huawei(config-if-scu-0/7)#duplex 1 full
huaweii(config-if-scu-0/7)#display port state 1
Optics module status is normal
The port is active
Native VLAN ID is 1
25.6.3 Setting the Rate of an Ethernet Port

This operation enables you to set the rate of an Ethernet port.
Context
When setting the rate of an Ethernet port, make sure that the rate of the Ethernet port must be
the same as that of the interconnected port on the peer device. This prevents communication
failure.
By default:
l The rate of the FE/GE electrical port is auto-negotiation.
l The rate of the GE optical port is 1000 Mbit/s.
l The rate of the FE optical port is 100 Mbit/s.
l When a port is in auto-negotiation mode, to change its rate to a specific value, disable the
auto-negotiation mode first.
l The rate of the 1000 Mbit/s electrical port is not compulsorily 1000 Mbit/s but can be auto-
negotiated to 1000 Mbit/s.
Procedure
Step 1 Run the auto-neg command to set the rate of an Ethernet port.
Step 2 Run the speed command to query the configured rate of the Ethernet port.
----End
Example
To set the rate of a GE optical port to 1000 Mbit/s, do as follows:
huawei(config-if-scu-0/7)#speed 1 1000
The port is active
Native VLAN ID is 1

25.6.4 Setting the Network Cable Type of an Ethernet Port

This operation enables you to set the network cable type of an Ethernet port.
Context
l The Ethernet electrical port uses a straight-through cable or a crossover cable. To set the
type of the network cable of the Ethernet port, run the mdi command.
l The default network cable type is auto (auto-adaptive).
l Such setting only applies to the Ethernet electrical port.
l When the Ethernet electrical port is not in auto-negotiation mode, the network cable type
cannot be configured as auto.
Procedure
Step 1 Run the mdi command to set the network cable type of an Ethernet port.
Step 2 Run the display port state command to query the configured network cable type.
----End
Example
To set the network cable type of Ethernet electrical port 0/7/0 as straight-through cable, do as
follows:
huawei(config-if-scu-0/7)#mdi 1 normal
The port is active
Native VLAN ID is 1
Ethernet port is online
Line-adaptive function of the ethernet port is normal
25.7 Enabling the Flow Control on an Ethernet Port

This operation enables the flow control on an Ethernet port.
Context
When the traffic exceeds a certain level (> 1 Gbit/s for the GE port or > 100 Mbit/s for the FE
port), the MA5600 sends PAUSE frames to inform the remote PC to reduce the traffic so as to
reduce the packet loss rate, and response to the PAUSE frames sent from remote PC. The process
involved is called flow control.
l The control function requires the supports from both the MA5600 and the peer device. If
the peer device supports flow control, enable the flow control of the MA5600 If the peer
device does not support the flow control, disable the flow control of the MA5600.
l By default, the flow control on the Ethernet port is disabled.

Procedure
Step 1 Run the flow-control command to enable the flow control on an Ethernet port.
Step 2 Run the display port state command to query the set flow control.
----End
Example
To enable the flow control on all ports, do as follows:
huawei(config-if-scu-0/7)#flow-control all
huawei(config-if-scu-0/7)#display port state all
-----------------------------------------------------------------------------
Port Port Optic Native MDI Speed Duplex Flow- Active Link
Type Status VLAN (Mbps) Ctrl State
-----------------------------------------------------------------------------
0 GE absence 1 - 1000 full on active offline
1 GE absence 1 - 1000 full on active offline
-----------------------------------------------------------------------------
Related Operation
Table 25-3 lists the related operation for enabling the flow control of an Ethernet port.
Table 25-3 Related operation for enabling the flow control of an Ethernet port
To... Run the command...
Disable the flow control on the Ethernet port undo flow-control
25.8 Enabling the Traffic Suppression

This operation enables the traffic suppression on a port to guarantee the stable network services.
Context
There are three traffic suppression modes available:
l Broadcast storm suppression
Broadcast storm suppression refers to discarding broadcast traffic when it exceeds a

preset threshold to guarantee stable network services.
l Unknown unicast suppression
l Unknown multicast storm suppression
l By default, the level of broadcast storm suppression and unknown unicast suppression is
7.
l It is suggested to enable broadcast storm suppression according to network conditions.
l When IGMP Proxy or IGMP Snooping is enabled, unknown multicast packets are not
suppressed. When IGMP proxy and IGMP snooping are disabled, unknown multicast
packets are suppressed. By default, the level of unknown multicast suppression is 7.

Procedure
Step 1 Run the traffic-suppress command to enable the traffic suppression on a port.
Step 2 Run the display traffic-suppress command to query the configuration of the traffic suppression.
----End
To set broadcast storm suppression for all ports to level 1, do as follows:

huawei(config-if-scu-0/7)#traffic-suppress all broadcast value 1
huawei(config-if-scu-0/7)#display traffic-suppress 0
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
Current traffic suppression ID of broadcast : 1
Current traffic suppression ID of multicast : 7
Current traffic suppression ID of unicast : 7
To set unknown unicast suppression for port 0/7/0 to level 7, do as follows:

huawei(config-if-scu-0/7)#traffic-suppress 0 unicast value 1
---------------------------------------------------------------------
---------------------------------------------------------------------
1 6 145 12
2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
To set multicast packet suppression for port 0/7/0 to level 7, do as follows:

huawei(config-if-scu-0/7)#traffic-suppress 0 multicast value 1
---------------------------------------------------------------------
---------------------------------------------------------------------
1 6 145 12

2 12 291 24
3 24 582 48
4 48 1153 95
5 97 2319 191
6 195 4639 382
7 390 9265 763
8 781 18531 1526
9 1562 37063 3052
10 3125 74126 6104
11 6249 148241 12207
12 12499 296483 24414
---------------------------------------------------------------------
Related Operation
Table 25-4 lists the related operations for enabling traffic suppression.
Table 25-4 Related operations for enabling traffic suppression
Disable unknown unicast packet suppression undo traffic-suppress unicast
Disable unknown multicast packet suppression undo traffic-suppress multicast
Disable broadcast storm suppression undo traffic-suppress broadcast
25.9 Enabling the Ethernet Port Aggregation

This operation enables Ethernet port aggregation.
Context
Port aggregation means aggregation of multiple ports together to expand the bandwidth. The
input and output load can be distributed among the member ports.
l The SCU board supports up to 3 port aggregation groups.
l One aggregation group supports up to 6 Ethernet ports.
l Link Aggregation Control Protocol (LACP) is run in the static port aggregation but not in
the manual port aggregation.
When configuring the port aggregation, pay attention to the following points:
l All the ports must work in full duplex mode.

l The rates of all the ports must be the same, and cannot be configured as auto-negotiation.
l The default VLAN (PVID) and VLAN attributes of all the ports must be the same.
l One port belongs to only one aggregation group.
l No mirror destination port is included.

Procedure
Step 1 Run the duplex command to set the duplex mode of the Ethernet port.
Step 2 Run the speed command to set the port rate.
Step 3 Run the link-aggregation command to set the port aggregation.
Step 4 Run the display link-aggregation command to query the related information about the
aggregated ports.
----End
Example
To set the Ethernet port aggregation, do as follows:
huawei(config)#link-aggregation 0/7 0-1 ingress
huawei(config)#display link-aggregation all
------------------------------------------------------
Master port link-aggregation mode Port NUM
------------------------------------------------------
0/7/1 egress-ingress 2
------------------------------------------------------
Total: 1 link-aggregation(s)
Related Operation
Table 25-5 lists the related operation for enabling the Ethernet port aggregation.
Table 25-5 Related operation for enabling the Ethernet port aggregation
Delete the Ethernet port aggregation undo link-aggregation
25.10 Mirroring an Ethernet Port

This operation enables the mirroring function of an Ethernet port. This helps analyze the cause
of a faulty port.
Context
l You can configure only one mirroring destination port on the SCU board or ETH board.
l You can mirror multiple ports to one destination port.
l The mirroring destination port cannot be the aggregated port.
Procedure
Step 1 Run the mirror port command to enable the mirroring function of an Ethernet port.

Step 2 Run the display mirror command to query the configuration of the Ethernet port.
----End
Example
To mirror the transmit and receive packets of port 0 to port 1, do as follows:
huawei(config-if-scu-)#mirror port 0 1 all
Run the display mirror command and you can find that the port mirroring function is enabled.
huawei(config-if-scu-)#display mirror
------------------------------------------------
Source port Direction Destination port
------------------------------------------------
0 all 1
------------------------------------------------
Related Operation
Table 25-6 lists the related operation for enabling the mirroring function of an Ethernet port.
Table 25-6 Related operation for enabling the mirroring function of an Ethernet port
Display the mirroring of an display mirror

Ethernet port
25.11 Adding an Ethernet Port to a VLAN

This operation enables you to add Ethernet ports to a VLAN.
Procedure
Step 1 Run the port vlan command to add an Ethernet Port to a VLAN.
Step 2 Run the display vlan command to query the upstream port of a VLAN.
----End
Example
To add Ethernet port 0/7/0 to VLAN 2, do as follows:
huawei(config)#port vlan 2 0
Run the display vlan command to query the upstream port of the VLAN.
{ <cr>|to<K> }:
Command:
display vlan 2
VLAN ID: 2
VLAN type: MUX
VLAN attribute: common
------------------------------


------------------------------
/0 1 up
------------------------------
Related Operation
Table 25-7 lists the related operation for adding an Ethernet Port to a VLAN.
Table 25-7 Related operation for adding an Ethernet Port to a VLAN

Delete a port from a VLAN undo port vlan
25.12 Configuring the Outer QinQ VLAN of the Ethernet

Port
This operation enables you to configure the outer QinQ VLAN of the Ethernet port. When the
ETH board works in QinQ mode, you need to configure the QinQ VLAN of the port.
Context
When the ETH board adopts the private line access, the ETH board works in QinQ mode. In this
case, you need to configure the QinQ VLAN of the port. For how to configure the working mode
of the ETH board, refer to "25.5 Configuring the Working Mode of the ETH Board."
l If the ETH board works in normal mode, the QinQ VLAN of the port cannot be configured
and queried.
l If the ETH board works in QinQ mode, the QinQ VLAN of the port cannot be configured
and queried.
l If the specified port is not in the specified VLAN, the QinQ VLAN cannot be configured.
Procedure
Step 1 Run the interface eth command to enter the ETH mode.
Step 2 Run the qinq-vlan command to configure the QinQ VLAN of the ETH port.
----End
Example
To configure the QinQ VLAN of port 0 in slot 0/6 as 100, do as follows:
huawei(config)#interface eth 0/6/0
huawei(config-if-eth-0/6)#qinq-vlan 0 vlan 100
Related Operation
Table 25-8 lists the related operation for configuring the outer QinQ VLAN of the Ethernet port.

Table 25-8 Related operation for configuring the outer QinQ VLAN of the Ethernet port
Configure the working mode of the eth mode

ETH board
25.13 Setting the Native VLAN for an Ethernet Port

This operation enables you to set the native VLAN for an Ethernet port.
Context
l The default Native VLAN of the Ethernet ports is VLAN 1.
l When the Ethernet port is used as the upstream port:
– If the native VLAN of the Ethernet port is the same as the VLAN to which this Ethernet
port belongs, the Ethernet port will remove the VLAN Tag of the upstream packets.
– If the native VLAN of the Ethernet port is different from the VLAN to which this
Ethernet port belongs, the Ethernet port will keep the VLAN Tag of the upstream
packets.
l Before specifying the native VLAN of an Ethernet port, the VLAN must be included in the
port.
l Whether the native VLAN must be set for the upstream port depends on the upper-layer
equipment connected to the port.
– If the upper-layer equipment supports the packets containing the VLAN tag, the native
VLAN of the upstream port of the MA5600 must be different from the VLAN to which
the upstream port belongs.
– If the upper-layer equipment does not support the packets containing the VLAN tag,
the native VLAN of the upstream port of the MA5600 must be the same as the VLAN
to which the upstream port belongs.
l If the working mode of the ETH board is normal mode, the QinQ VLAN value of the port
cannot be configured or queried.
l If the working mode of the ETH board is QinQ mode, the Native VLAN value of the port
cannot be configured or queried.
Procedure
Step 1 Run the native-vlan command to set the native VLAN of an Ethernet port.
Step 2 Run the display port state command to query the configuration of the Native VLAN.
----End
Example
To set the native VLAN of Ethernet port0/7/0 as VLAN 10, do as follows:

The port is active

Native VLAN ID is 10
Ethernet port is online

Configuration Guide 26 Configuring ATM-DSLAM Access
26 Configuring ATM-DSLAM Access
About This Chapter
This chapter describes how to configure the ATM-DSLAM service supported by the MA5600.
26.1 Overview
This section describes ATM-DSLAM access service and specification on the MA5600.
26.2 Configuration Example of the ATM-DSLAM Access
This example shows how to configure the ATM-DSLAM so that the user can access the Internet
in OPTIC, IMA and E3 modes.
26.3 Setting the OPTIC Port Mode
This operation enables you to set the OPTIC port mode.
26.4 Setting the OPTIC Port Type
This operation enables you to set the optical port type.
26.5 Adding an IMA Group
This operation enables you to add an IMA group.
26.6 Setting the IMA Group Mode
This operation enables you to set the clock mode, CRC4 multiframe and scramble of the IMA
group.
26.7 Adding an IMA Link
This operation enables you to add an IMA link.
26.8 Setting the Line Type for an E3 Port
This operation enables you to set the line type for an E3 port.
26.9 Setting the E3 Port Type
This operation enables you to set the E3 port type.
26.10 Setting the Tx Clock of an E3 Port
This operation enables you to set the Tx clock of an E3 port.
26.11 Clearing the Statistics of an E3 Port
This operation enables you to clear the statistics of an E3 port.

26 Configuring ATM-DSLAM Access Configuration Guide
26.1 Overview
This section describes ATM-DSLAM access service and specification on the MA5600.
Service Description
In the evolution from ATM networks to IP networks, carriers will replace their ATM-DSLAM
network devices in the access layer with IP network devices. In this evolution, a large number
of ATM network devices still exist in the network for a long time. The MA5600 provides ATM
ports for lower level ATM network devices to access the network.
For details on the ATM subtending, refer to the chapter "ATM Subtending" in the Feature
Description.
The MA5600 supports ATM access through the subboards on the AIUG board. The subboards
provide 155M ATM ports, IMA E1 port or IMA E3 port to connect to the ATM-DSLAM devices
in the downstream direction.
Figure 26-1 shows a sample network of ATM-DSLAM access.
Figure 26-1 Sample network of the ATM-DSLAM access
FE/GE
MA5600
Ethernet
MPLS switching
GE bus
ATM access
Service traffic A ATM-DSLAM
Service traffic B
The MA5600 provides two upstream modes: through FE/GE ports on the SCU board or through
the MPLS module.
l Through the FE/GE ports on the SCU
In the upstream direction, service traffic A from the ATM-DSLAM is directly sent to
the upper layer device through the Ethernet switching module on the SCU.
l Through the MPLS module

In ATM over Ethernet mode, MPLS upstream supports mapping between PVC and
Pseudo Wire (PW); while in Ethernet mode, MPLS supports mapping between VLAN
and PW.
This chapter describes the configuration through the GE ports on the SCU board. For the
configuration through the MPLS, refer to the chapter "27 Configuring MPLS Access."
26.2 Configuration Example of the ATM-DSLAM Access

This example shows how to configure the ATM-DSLAM so that the user can access the Internet
in OPTIC, IMA and E3 modes.
Networking
Figure 26-2 shows a sample network for configuring the ATM-DSLAM access.
Figure 26-2 Sample network for configuring the ATM-DSLAM access

Router
Internet
CON
ETH
A MON
I
U
G
SCU MA5600
ATM-DSLAM
Modem
PC
Data Plan
Table 26-1 shows the data plan for configuring the ATM-DSLAM access.
Table 26-1 Data plan for configuring the ATM-DSLAM access
Item Data
AIUG Service port: 0/5/0
OPTIC port type: UNI

Item Data
SCU Upstream port: 0/7/0
NOTE
l In this example, only the configuration at the MA5600 side is introduced.

l Different subboards are needed for configuring ATM DSLAM access in different modes.
Figure 26-3 shows the flowchart for configuring the ATM-DSLAM access.
Figure 26-3 Flowchart for configuring the ATM-DSLAM access
Start
Set working mode of port
Configure port type
Create VLAN
Add upstream port
Add service port
End
Procedure
Step 1 Configure the OPTIC port.
1. Select the command mode.
huawei(config)#interface aiu 0/5
huawei(config-if-aiu-0/5)#sub-interface optic
huawei(config-if-aiu-0/5.optic)#
2. Set the port working mode.

huawei(config-if-aiu-0/5.optic)#port mode 0 stm-1
3. Set the interface type.

huawei(config-if-aiu-0/5.optic)#uni-nni-set 0 uni
huawei(config-if-aiu-0/5.optic)#quit
huawei(config-if-aiu-0/5)#quit
4. Create a VLAN.

5. Add the upstream port to the VLAN.

6. Add the service virtual port to the VLAN.

huawei(config)#service-port vlan 10 atm 0/5/0 vpi 1 vci 40 rx-cttr 2 upc off
tx-cttr 2 upc off
Step 2 Configure the IMA access.

huawei(config-if-aiu-0/5)#sub-interface ima
huawei(config-if-aiu-0/5.ima)#
2. Add an IMA group.

huawei(config-if-aiu-0/5.ima)#ima group add 0 version1.0 1 1 ctc 0 128 2 2 1
3. Add an IMA link.

huawei(config-if-aiu-0/5.ima)#ima link add 0 0
IMA link add successfully
4. Set the clock mode.

huawei(config-if-aiu-0/5.ima)#ima group mode clockmode 0 system
Set IMA group transmit clock successfully
5. Create a VLAN.
huawei(config-if-aiu-0/5.ima)#quit


huawei(config)#service-port vlan 10 atm 0/5/0 vpi 1 vci 40 rx-cttr 2 upc off
tx-cttr 2 upc off
Step 3 Configure the E3 port.

huawei(config-if-aiu-0/5)#sub-interface e3
huawei(config-if-aiu-0/5.e3)#
2. Set the line type for the port.

Run the linetype command to set the line type for the port. The line types include e3other,
e3Framed, and e3Plcp. By default, the line type is e3Framed.
For example, to set the line type to e3plcp, do as follows:

huawei(config-if-aiu-0/5.e3)#linetype
{ portId<0,3> }:0
{ linetype<E><e3other,e3Framed,e3Plcp> }:e3plcp
In this example, the default line type is used, so you do not need to set the line type.
3. Set the clock mode.
huawei(config-if-aiu-0/5.e3)#tx clock 0 line
4. Set the interface type.

huawei(config-if-aiu-0/5.e3)#uni-nni-set 0 uni

5. Create a VLAN.
huawei(config-if-aiu-0/5.e3)#quit


huawei(config)#service-port vlan 10 e30/5/0 vpi 1 vci 40 rx-cttr 2 upc off tx-
cttr 2 upc off
----End
Result
After the configuration, the users of the ATM-DSLAM can access the Internet in OPTIC , IMA
or E3 mode.
26.3 Setting the OPTIC Port Mode

This operation enables you to set the OPTIC port mode.
Context
155M ATM port supports C-3c/STS-3c mode and STM-1 mode.
l OC-3c is a signal rate level at the optical port of the Synchronous Optical Network
(SONET), the rate is 155 Mbit/s. STS-3c is the signal rate at the electrical port that
corresponds to OC-3c level.
l STM-1 is a signal rate level of the STM (Synchronous Transport Module) defined in SDH
(Synchronous Digital Hierarchy). The rate is 155 Mbit/s.
Procedure
Step 1 Run the port mode command to configure the OPTIC port mode.
Step 2 Run the display board command to query the configured OPTIC port mode.
----End
Example
To set port AIUG 0/5/0 mode as STM-1, do as follows:
huawei(config-if-aiu-0/5)#sub-interface optic
huawei(config-if-aiu-0/5.optic)#port mode 1 stm-1
Run the display board command and you can find the OPTIC port mode is set successfully.
huawei(config)#display board 0/5
---------------------------------------
Board Name : H561AIUG
Board Status : Normal
---------------------------------------
Subboard[0]: H511O1CTG Status: Failed

--------------------------------------------------------------------
Port Port Port Line Port Loop Optical Phy Line Rate IF
Type Status Signal Clock Type Type Type Type (Mbps) Type
--------------------------------------------------------------------
0 ATM Fail No System No Single Optical STM-1 155 UNI
--------------------------------------------------------------------
Related Operation
Table 26-2 lists the related operation for setting the OPTIC port mode.
Table 26-2 Related operation for setting the OPTIC port mode
Set the OPTIC port type uni-nni-set
26.4 Setting the OPTIC Port Type

This operation enables you to set the optical port type.
Prerequisite
The port type shall be the same as that of the peer.
Context
The MA5600 supports User Network Interface (UNI) and Network Node Interface (NNI).
l When you set the port type as UNI, the VPI value of the port shall be from 0 to 255, the
VCI value of the port shall be from 32 to 1023.
l When you set the port type as NNI, the VPI value of the port shall be from 0 to 4095, the
VCI value of the port shall be from 32 to 1023.
Procedure
Step 1 Run the uni-nni-set command to set the OPTIC port type.
Step 2 Run the display board command to query the configured OPTIC port type.
----End
Example
To set the type of port AIUG 0/5/0 as UNI, do as follows:
huawei(config-if-aiu-0/5.optic)#uni-nni-set 0 uni
Run the display board command and you can find the OPTIC port type is set successfully.
huawei(config)#display board 0/5
---------------------------------------
Board Status : Normal

---------------------------------------
Subboard[0]: H511O1CTG Status: Failed
--------------------------------------------------------------------
Port Port Port Line Port Loop Optical Phy Line Rate IF
Type Status Signal Clock Type Type Type Type (Mbps) Type
--------------------------------------------------------------------
0 ATM Fail No System No Single Optical STM-1 155 UNI
--------------------------------------------------------------------
Related Operation
Table 26-3 lists the related operation for setting the OPTIC port type.
Table 26-3 Related operation for setting the OPTIC port type
Set the OPTIC port mode port mode
26.5 Adding an IMA Group

This operation enables you to add an IMA group.
Context
The AIUG provides IMA ports through the subboards on the AIUG board.
l The AIUG board supports up to four IMA groups through the E8IT subboard.
l Each IMA group can be configured with one to eight E1 links.
l Each E1 link belongs to one IMA group only.
Procedure
Step 1 Run the ima group add command to add an IMA group.
Step 2 Run the display ima group parameter command to query the IMA group configuration.
----End
Example
To add IMA group 0, do as follows:
huawei(config-if-aiu-0/5)#sub-interface ima
huawei(config-if-aiu-0/5.ima)#ima group add
{ groupIndex<0,7> }:0
{ version<E><version1.1,version1.0> }:version1.0
{ minTxLinks<1,8> }:2
{ minRxLinks<1,8> }:2
{ clock<E><ctc,itc> }:itc
{ imaId<0,255> }:0
{ framelength<E><32,64,128,256> }:256
{ <cr>|alpha_value<1,2> }:
Command:
ima group add 0 version1.0 2 2 itc 0 256

IMA group add successfully
Run the display ima group command to query the configuration of the IMA group.
huawei(config-if-aiu-0/5.ima)#display ima group parameter 0
Command:
display ima group parameter 0
--------------------------------------------------------------------
NE symmetry : both config and operation symmetry
FE symmetry : NULL
Min Tx link : 2
Min Rx link : 2
NE clock : ITC
FE clock : NULL
Tx reference link : NULL
Rx reference link : NULL
Tx IMA ID : 0
Rx IMA ID : NULL
Tx frame length : 256
Rx frame length : NULL
Maximum differential delay(ms): 40
Alpha : 2
Beta : 2
Gamma : 1
Tx protocol version : 1.0
Rx protocol version : NULL
--------------------------------------------------------------------
Table 26-4 lists parameters of an IMA group.
Table 26-4 Parameters of an IMA group

Version Version 1.0 and version 1.1 are two IMA protocol versions defined by
ATM Forum. IMA groups supporting different versions cannot
interoperate with each other.
Link number MinTxLinks and minRxLinks represent the minimum number of links for
sending and receiving signals in the IMA group. When the number of
activated links reaches the minimum link number you set for an IMA
group, the IMA group is activated. The value of minTxLinks and
minRxLinks must be the same.
Clock mode CTC and ITC are two clock modes.

In common transmit clock (CTC) mode, all the links in an IMA group
have the same clock source. In independent transmit clock (ITC) mode,
clock sources for different links in an IMA group are different. ITC is
recommended if you set an IMA group to link clock mode.
Frame length Framelength is the size of an IMA frame. It represents the number of cells
carried in an IMA frame. The value can be 32, 64, 128, or 256. You are
recommended to set it to 128.

Invalid ICP cells Alpha_value indicates the number of invalid ICP cells, and the
recommended setting is 2.
Beta_value indicates the number of errored ICP cells, and the
recommended setting is 2.
Gamma_value indicates the number of valid ICP cells, and the default
setting is 1.
Related Operation
Table 26-5 lists the related operations for add an IMA group.
Table 26-5 Related operations for adding an IMA group

Delete an IMA ima group delete -

group
Block an IMA ima group block Make sure that an IMA group
group contains links before blocking it.
Add an IMA link ima link add -
Delete an IMA ima link delete If a link is the last one in an IMA
link group, the ima link delete command
cannot delete the link. Run the ima
group delete command to delete the
IMA group and the link.
26.6 Setting the IMA Group Mode

This operation enables you to set the clock mode, CRC4 multiframe and scramble of the IMA
group.
Prerequisite
The IMA subboard clock comes from the line recovery clock.
Context
The clock mode of the IMA subboard includes are system and line.
l System
– This is the default clock mode for an IMA subboard. If there is a clock subboard, the
clock subboard provides clock signals for the IMA subboard. If there is no clock
subboard, an IMA subboard itself provides clock signals.
l Line

– By default, CRC4 multiframe is disabled (the CRC4 switch is off).

– When the MA5600 interoperates with the devices of other vendors, make sure the E1
settings are the same at both sides. If the other side enables CRC4 multiframe, you need
to enable it on the MA5600.
– The setting of scramble must be the same for the two sides. That is, the scramble switch
must be on or off at the same time for both sides. By default, the scramble switch is off.
l Make sure the clock mode for an IMA group is system at one end of the link, and line at
the other end.
Procedure
Step 1 Run theima group mode command to set the IMA group mode.
Step 2 Run the display ima config command to query the configuration of the IMA group mode.
----End
To set the clock mode of an IMA group, do as follows:

huawei(config-if-aiu-0/5.ima)#ima group mode clockmode 0 line
Set IMA group transmit clock successfully
To enable CRC4 multiframe for an IMA group, do as follows:

huawei(config-if-aiu-0/5.ima)#ima group mode crc4-multiframe 0 on
Set CRC4 switch successfully
To enable scramble on an IMA Group, do as follows:

huawei(config-if-aiu-0/5.ima)#ima group mode scramble 0 on
Set scramble switch successfully
Run the display ima config command and you can find the IMA group mode is set successfully.
huawei(config-if-aiuu-0/5.ima)#display ima config
-------------------------------------------------------------------
GroupIndex State Loopback CRC4 Scramble TxClock Links
-------------------------------------------------------------------
0 Config - On On Line -
1 - - - - - -
2 - - - - - -
3 - - - - - -
------------------------------------------------------------------
------------------------------
Link ID Tx state Rx state
------------------------------
0 - -
1 - -
2 - -
3 - -
4 - -
5 - -
6 - -
7 - -
------------------------------
Related Operation
Table 26-6 lists the related operations for setting the IMA group mode.

Table 26-6 Related operations for setting the IMA group mode
Add an IMA group uni-nni-set
Delete an IMA group ima group delete
26.7 Adding an IMA Link

This operation enables you to add an IMA link.
Context
l On the E1 cables of the MA5600 you can see signs of T0, R0, T1, R1, and so on. Tx and
Rx belong to the same E1 link. When you configure IMA links, make sure that Tx at the
local end connects with Ry at the remote end, while Rx at the local end connects with Ty
at the remote end (x and y indicate link numbers).
l Add an IMA group before adding IMA links.
l If an IMA group has no links, you cannot add PVC to the group, loopback or block the
group.
Procedure
Step 1 Run the ima link add command to add an IMA link.
Step 2 Run the display ima config command to query the configuration of the IMA link.
----End
Example
To add a link 0 to IMA group 0, do as follows:
Run the display ima config command and you can find that the system prompts the IMA link
is added successfully.
huawei(config-if-aiu-0/5.ima)#display ima config
-------------------------------------------------------------------
GroupIndex State Loopback CRC4 Scramble TxClock Links
-------------------------------------------------------------------
0 Config - On On Line 0
1 - - - - - -
2 - - - - - -
3 - - - - - -
------------------------------------------------------------------
------------------------------
Link ID Tx state Rx state
------------------------------
0 Config Config
1 - -
2 - -
3 - -
4 - -

5 - -
6 - -
7 - -
------------------------------
Related Operation
Table 26-7 lists the related operations for adding an IMA link.
Table 26-7 Related operations for adding an IMA link
Add an IMA group ima group add -
Delete an IMA link ima link delete l To delete a link from one group
and add the link to another group,
first delete the link from both the
local and remote ends, and then
add the link again.
l If a link is the last one in an IMA
group, the ima link delete
command cannot delete the link.
Run the ima group delete
command to delete the IMA
group and the link.
Block an IMA link ima link block -
26.8 Setting the Line Type for an E3 Port

This operation enables you to set the line type for an E3 port.
Context
The E3 port supports three line types: e3other, e3Framed and e3Plcp.
l e3other complies with G.832.

l e3Framed complies with G.751 and does not adopt PLCP encapsulation.
l e3Plcp complies with G.751 and adopts PLCP encapsulation.
l By default, the line type of the E3 port is e3Framed.
Procedure
Step 1 Run the linetype command to set the line type for an E3 port.
Step 2 Run the display board command to query the configured line type of the E3 port.
----End

Example
To set the line type of the E3 port as e3plcp, do as follows:
huawei(config-if-aiu-0/5.e3)#linetype 0 e3plcp
Run the display board command and you can find the line type of the E3 port is configured
successfully.
huawei(config-if-aiu-0/5.e3)#display board 0/5
---------------------------------------
Board Status : Failed
---------------------------------------
Subboard[0]: H511E13T Status: Failed

--------------------------------------------------------------------
Port Port Port Line Port Loop Line Line Rate IF
Type Status Signal Clock Type Type Code (Kbps) Type
--------------------------------------------------------------------
0 E3 Fail No System No e3Plcp(G.751) HDB3 30528 UNI
--------------------------------------------------------------------
Related Operation
Table 26-8 lists the related operations for setting the line type of the E3 port.
Table 26-8 Related operations for setting the line type of an E3 port
Set the E3 port type uni-nni-set
Set the Tx clock of an E3 port tx clock
26.9 Setting the E3 Port Type

This operation enables you to set the E3 port type.
Context
The MA5600 supports User Network Interface (UNI) and Network Node Interface (NNI).
l When you set the port type as UNI, the VPI value of the port shall be from 0 to 255.
l When you set the port type as NNI, the VPI value of the port shall be from 0 to 4095.
l When you set the port type as UNI or NNI, the VCI value of the port shall be from 32 to
1023.
l The E3 port type shall be the same as that of the peer end.
The default port type is UNI.
Procedure
Step 1 Run the uni-nni-set command to set the E3 port type.

Step 2 Run the display board command to query the configuration the E3 port.
----End
Example
To set the E3 port type as UNI, do as follows:
huawei(config-if-aiu-0/5.e3)#uni-nni-set 0 uni
Run the display board command and you can find the E3 port type is set successfully.
---------------------------------------
---------------------------------------

--------------------------------------------------------------------
--------------------------------------------------------------------
0 E3 Fail No System No e3Plcp(G.751) HDB3 30528 UNI
--------------------------------------------------------------------
Related Operation
Table 26-9 lists the related operation for setting the E3 port type.
Table 26-9 Related operation for setting the E3 port type

Set the type of an E3 port uni-nni-set
26.10 Setting the Tx Clock of an E3 Port

This operation enables you to set the Tx clock of an E3 port.
Context
l The Tx clock includes two types: system and line.
l By default, the Tx clock is system.
Procedure
Step 1 Run the tx clock command to set the Tx clock of an E3 port.
Step 2 Run the display board 0/5 command to query the configured Tx clock of the port.
----End
Example
To set the Tx clock for port 0 as line, do as follows:

huawei(config-if-aiu-0/5.e3)#tx clock 0 line
Run the display board command and you can find that the Tx clock of the E3 port is set
successfully.
---------------------------------------
---------------------------------------

--------------------------------------------------------------------
--------------------------------------------------------------------
0 E3 Fail No Line No e3Plcp(G.751) HDB3 30528 UNI
--------------------------------------------------------------------
Related Operation
Table 26-10 lists the related operations for setting the Tx clock of an E3 port.
Table 26-10 Related operations for setting the Tx clock of an E3 port

Setting the line type of an E3 port linetype
Setting the E3 port type uni-nni-set
26.11 Clearing the Statistics of an E3 Port

This operation enables you to clear the statistics of an E3 port.
Procedure
Step 1 Run the clear statistic command to clear the statistics of an E3 port.
Step 2 Run the display statistic command to query the port statistics.
----End
Example
To clear the statistics of port 0, do as follows:
huawei(config-if-aiu-0/5.e3)#clear statistics 0
Run the display statistics command and you can find that the E3 port performance statistics is
cleared successfully.
huawei(config-if-aiu-0/5.e3)#display statistics 0
--------------------------------------------
Line coding violation events :0
Frame head bit errored events :0
Excessive zero of frame events :0
Parity check errored events :0

Far end block errored events :0

BIP errored of PLCP layer events :0
PLCP layer errored events :0
FEBE of PLCP layer events :0
Sent cells :0
Received cells :0
HEC bit errored corrected events :0
HEC bit errored uncorrected events :0
Receiving idle cells :0
-------------------------------------------

Configuration Guide 27 Configuring MPLS Access
27 Configuring MPLS Access
About This Chapter
This chapter describes the MPLS technology and how to configure the MPLS service on the
MA5600.
27.1 Overview
This section describes MPLS access service and its specifications on the MA5600.
27.2 Configuration Example of MPLS - Based on Binding the PVC with the PW Profile
The example shows how to set up the label distribution protocol (LDP) remote session, label
switching paths (LSP) and PW between the MA5600 and the router.
27.3 Configuration Example of MPLS- Based on Binding the VLAN with the PW Profile
The example shows how to set up the LDP remote session, LSP and PW between the
MA5600 and the router.
27.4 Basic Configuration of MPLS
This section describes basic configuration of MPLS.
27.5 Static LSP Configuration
This section describes how to configure a static LSP.
27.6 MPLS LDP Configuration
This section describes how to configure MPLS LDP.
27.7 PW Configuration
This section describes how to configure a PW template.

27 Configuring MPLS Access Configuration Guide
27.1 Overview
This section describes MPLS access service and its specifications on the MA5600.
Service Description
Multiprotocol Label Switching (MPLS) is derived from Internet Protocol version 4 (IPv4). The
core technology of MPLS involves multiple network protocols, including:
l Internet Protocol version 6 (IPv6)
l Internet Packet Exchange (IPX)
l Appletalk
l DECnet
l Connectionless Network Protocol (CLNP)
For details on the MPLS protocol, refer to the chapter "MPLS" in the Feature Description.
The MA5600 provides the MPLS function through the MPLS subboard attached to the SCU
board. MPLS architecture consists of the following two planes:
l Control Plane:
The Control Plane is connectionless. It distributes labels by using the current IP network.
l Forwarding Plane (also known as Data Plane):
The forwarding plane is connection-oriented. Through layer 2 network, such as ATM
network, this plane forwards packets rapidly based on the label forwarding table.
For more details, refer to RFC3031 Multiprotocol Label Switching Architecture.
NOTE
l To provide the MPLS function, the MA5600 can serve as only a provider edge (PE) device.
l For the MA5600, to subtend slave shelves,
l Only the master shelf supports MPLS function.
l The master shelf supports the ETH PWE3 and the ATM PWE3 services, and the slave shelf supports
only the ETH PWE3 service. (To support the ATM PWE3 service, a slave shelf must be separately
configured with the and the AIUG subboard, so as to serve as an independent PE to provide MPLS
upstream function.)
27.2 Configuration Example of MPLS - Based on Binding the

PVC with the PW Profile
The example shows how to set up the label distribution protocol (LDP) remote session, label
switching paths (LSP) and PW between the MA5600 and the router.
Networking
Figure 27-1 shows a sample network for configuring the multiprotocol label switching (MPLS)
based on binding the PVC with the PW profile.

Figure 27-1 Sample network for configuring the MPLS based on binding the PVC with the PW
profile
ISP
BRAS
Router
(lsr-id 3.3.3.8/32)
MPLS Network
5# 7#
A
S
I
C MA5600
U
U (lsr-id 4.4.4.4/32)
G
Data Plan
Table 27-1 lists the data plan for configuring the MPLS based on binding the PVC with the PW
profile.
Table 27-1 Data plan for configuring the MPLS based on binding the PVC with the PW profile
Item Data
MPLS LSR ID: 4.4.4.4/32
VLAN type: Standard VLAN

VLAN ID: 140
L3 interface IP address: 10.11.0.214/30
PW profile name: pwt

Remote address: 3.3.3.8
Type: ATM SDU

VLAN ID of the upstream port:: 140
Native VLAN ID of the upstream port: 140
AIUG Port: 0/5/0

VPI/VCI: 1/40
Router name LSR ID: 3.3.3.8/32

Figure 27-2 shows the flowchart for configuring the MPLS based on binding the PVC with the
PW profile.
Figure 27-2 Flowchart for configuring the MPLS based binding the PVC with the PW profile
Start
Configure OSPF
Configure the loopback interface
Configure LSR-ID of MPLS
Enable MPLS
Configure the VLAN interface
Enable the MPLS LDP
Enable the remote peer
Configure the MPLS LDP triggering

mechanism
Enable the MPLS L2VPN
Create a VLAN
Create a PW template
Bind the VLAN with the PW

template
End
Procedure
Step 1 Configure the open shortest path first (OSPF).
huawei(config)#ospf

Step 2 Configure the loopback interface.

huawei(config)#interface loopback 1
Step 3 Configure the label switch router (LSR) ID for the MPLS.
huawei(config)#mpls lsr-id 4.4.4.4
Step 4 Enable the MPLS.

huawei(config)#mpls
huawei(config-mpls)#quit
huawei(config)#mpls vlan 140
huawei(config-if-vlanif140)#mpls
Step 5 Configure a VLAN interface.

Step 6 Enable the MPLS LDP.

huawei(config)#mpls ldp
huawei(config-mpls-ldp)#quit
huawei(config-if-vlanif140)#mpls ldp
Step 7 Create a remote peer.

huawei(config)#mpls ldp remote-peer router
huawei(config-mpls-ldp-remote-router)#remote-ip 3.3.3.8
huawei(config-mpls-ldp-remote-router)#quit
Step 8 Configure the MPLS LDP triggering mechanism.

huawei(config)#mpls
huawei(config-mpls)#lsp-trigger host
huawei(config-mpls)#label advertise non-null
Step 9 Enable the MPLS L2VPN.

huawei(config)#mpls l2vpn
Step 10 Configure a service port.

huawei(config)#service-port vlan aoe atm 0/5/0 vpi 1 vci 40 rx-cttr 6 upc off tx-
cttr 6 upc off
Step 11 Create a PW profile.

huawei(config)#pw-template pwt
huawei(config-pw-template-pwt)#peer-address 3.3.3.8
huawei(config-pw-template-pwt)#pw-type atm sdu
huawei(config-pw-template-pwt)#quit
Step 12 Bind the PVC with the PW profile.

huawei(config)#pw-ac-binding pvc 0/5/0 vpi 1 vci 40 pw 106 pw-template pwt
----End

Result
After the configuration, LDP remote session, LSP and PW can be set up between the
The PW is in the up state.
27.3 Configuration Example of MPLS- Based on Binding the

VLAN with the PW Profile
The example shows how to set up the LDP remote session, LSP and PW between the
Networking
Figure 27-3 shows a sample network of the MPLS based on binding the VLAN with the PW
template.
Figure 27-3 Sample network of the MPLS based on binding the VLAN with the PW template
ISP
BRAS
Router
(lsr-id 3.3.3.8/32)
MPLS Network
A
S MA5600
D
C (lsr-id 4.4.4.4/32)
G
U
G
Data Plan
Table 27-2 shows the data plan for configuring the MPLS based on binding the VLAN with the
PW profile.
Table 27-2 Data plan for configuring the MPLS based on binding the VLAN with the PW profile
Item Data
MPLS Lsr id: 4.4.4.4/32

Item Data
VLAN type: standard VLAN

VLAN ID: 140
IP address: 10.11.0.214/30
PW profile name: pwt

Remote address: 3.3.3.8
Type: Ethernet Tagged

VLAN ID of the upstream port: 140
Native VLAN ID of the upstream port: 140
ADSL Port: 0/2/0

VPI/VCI: 1/100
Router Name Lsr id: 3.3.3.8/32
Figure 27-4 shows the flowchart for configuring the MPLS based on binding the VLAN with
the PW template.

Figure 27-4 Flowchart for configuring the MPLS based on binding the VLAN with the PW
profile
Start
Configure OSPF
Configure loopback interface
Configure LSR-ID of MPLS
Enable MPLS
Configure VLAN interface
Enable MPLS LDP
Enable remote peer
Configure MPLS LDP triggering

mechanism
Enable MPLS L2VPN
Create VLAN
Create PW profile
Bind PVC with PW
End
Procedure
Step 1 Configure OSPF.
huawei(config)#ospf

Step 2 Configure the loopback interface.

huawei(config)#interface loopback 1
Step 3 Configure MPLS Lsr id.

Step 4 Enable MPLS.

huawei(config)#mpls
Step 5 Configure the VLAN interface.

Step 6 Enable the MPLS LDP.

Step 7 Create the remote peer.

huawei(config)#mpls ldp remote-peer Router
huawei(config-mpls-ldp-remote-Router)#remote-ip 3.3.3.8
huawei(config-mpls-ldp-remote-Router)#quit
Step 8 Configure the MPLS LDP triggering mechanism.

Step 9 Enable the MPLS L2VPN.

Step 10 Add a service port.

Step 11 Create a PW template.

huawei(config)#pw-template pweth
huawei(config-pw-template-pweth)#peer-address 3.3.3.8
huawei(config-pw-template-pweth)#pw-type ethernet tagged
huawei(config-pw-template-pweth)#quit
Step 12 Bind the VLAN with the PW template.

huawei(config)#pw-ac-binding vlan 100 pw 107 pw-template pweth
----End
Result
After the configuration, the MA5600 can set up the LDP remote session with the router.
The LSP and PW can be created, and the PW is in up state.

27.4 Basic Configuration of MPLS

This section describes basic configuration of MPLS.
Context
NOTE
Before you configure other MPLS features, you must perform basic MPLS configuration on all routers
involved in MPLS forwarding in the MPLS domain.
27.4.1 Configuring the LSR ID

This operation enables you to configure the label switching router (LSR) ID.
27.4.2 Enabling MPLS
This operation enables the MPLS function.
27.4.1 Configuring the LSR ID

This operation enables you to configure the label switching router (LSR) ID.
Context
l In general, the address of the loopback interface is used as the LSR ID.
l An LSR has no default ID. Therefore, you must configure it manually.
l After configuring the LSR ID, you must enable MPLS. Then you can configure the other
MPLS features.
l You must enable the global MPLS first, and then enable the interface MPLS.
l The LSR ID is unique in the MPLS domain. By combining with the 2-byte label space
serial number, it forms the LDP identifier, which is used to identify the label space used
by the LSR, and to set up and maintain LDP session between LSRs.
Procedure
Step 1 Run the mpls lsr-id command to configure the LSR ID.
Step 2 Run the display current-configuration command and you can find the configuration of LSR
ID is successful.
----End
Example
To configure the LSR ID as 4.4.4.4, do as follows:
huawei(config)#display current-configuration section mpls
{ <cr>||<K> }:
Command:
display current-configuration section mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>

mpls lsr-id 4.4.4.4

#
return
Related Operation
Table 27-3 shows the related operations for configuring the LSR ID.
Table 27-3 Related operations for configuring the LSR ID
Enable/Disable MPLS (undo)mpls
Enable/Disable the MPLS VLAN (undo)mpls vlan
27.4.2 Enabling MPLS

This operation enables the MPLS function.
Context
l You must enable the global MPLS first and then enable the interface MPLS.
l You can only enable the MPLS of the standard VLAN.
Procedure
l In global config mode, run the mpls command to enable the MPLS globally.
l In global config mode, run the mpls vlan command to enable the MPLS of the VALN.
1. Run the mpls command to enable the MPLS of the VLAN.
2. Run the display mpls vlan command to query the MPLS state of the VLAN.
l In VLAN interface mode, run the mpls command to enable the MPLS of an interface.
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the mpls command to enable the MPLS.
3. Run the display mpls interface command to query the information about the interface
whose MPLS function is enabled.
----End
To enable the MPLS function globally, do as follows:

huawei(config)#mpls
To enable the MPLS function of VLAN 140, do as follows:

huawei(config)#display mpls vlan 140
Vlan 140 is enabled MPLS
To enter interface mode and enable the MPLS of a VLAN, do as follows:


huawei(config)#display mpls interface vlanif 140 verbose
No : 1
Interface : vlanif140
Status : Down
TE Attribute : Disable
LSPCount : 0
CR-LSPCount : 0
MPLS Config MTU : 1500
Interface MTU : 1500
MPLS Effective MTU : 1500
TE FRR : Disabled
Related Operation
Table 27-4 shows the related operations for enabling MPLS.
Table 27-4 Related operations for enabling MPLS
Configure the LSR ID mpls lsr-id
Disable MPLS undo mpls
Disable the MPLS VLAN undo mpls vlan
27.5 Static LSP Configuration

This section describes how to configure a static LSP.
27.5.1 Overview
This section describes LSP types and commands for configuring the static LSP.
27.5.2 Configuring the Ingress LSR of the Static LSP
This operation enables you to configure the ingress LSR of the static LSP.
27.5.3 Configuring the Egress LSR of the Static LSP
This operation enables you to configure the egress LSR of the static LSP.
27.5.4 Configuring the LSP CAR
This operation enables you to configure the LSP Committed Access Rate (CAR).
27.5.1 Overview
This section describes LSP types and commands for configuring the static LSP.
There are two types of LSPs: static LSP and dynamic LSP.
l Static LSP is configured manually.

l After you configure all LSRs along the static LSP, the LSP can work in the normal state.
l Dynamic LSP is generated by the routing protocol dynamically.
Table 27-5 lists the related commands for configuring the static LSP.

Table 27-5 Related commands for configuring the static LSP
Configure the ingress LSR of the static LSP static-lsp ingress
Configure the egress LSR of the static LSP static-lsp egress
Configure/Remove LSP CAR (undo) mpls car-lsp
Query the static LSP display mpls static-lsp
27.5.2 Configuring the Ingress LSR of the Static LSP

This operation enables you to configure the ingress LSR of the static LSP.
Context
If you specify the next hop address when configuring the static LSP, then you must specify the
next hop address when configuring the IP static route. Similarly, if you specify the egress when
configuring the static LSP, then you must specify the egress when configuring the IP static route.
Procedure
Step 1 Run the static-lsp ingress command to configure the ingress LSR of the static LSP.
Step 2 Run the display mpls static-lsp command to query the configured ingress LSR of the static
LSP.
----End
Example
To configure ingress LSR of the static LSP, do as follows:
huawei(config)#static-lsp ingress staticlsp1 destination 3.3.3.3 32 nexthop
10.11.11.213 out-label 8500
huawei(config)#display mpls static-lsp
<cr>|string<S><1,15>|verbose<K>|include<K>|exclude<K> }:
Command:
display mpls static-lsp
Name FEC I/O Label I/O If Stat
staticlsp1 3.3.3.3/32 NULL/8500 -/- Down
Related Operation
Table 27-6 lists the related operations for configuring ingress LSR of the static LSP.
Table 27-6 Related operations for configuring ingress LSR of the static LSP
Configure the egress LSR of the static LSP static-lsp egress
Enable/Disable LSP CAR (undo)mpls car-lsp

27.5.3 Configuring the Egress LSR of the Static LSP

This operation enables you to configure the egress LSR of the static LSP.
Procedure
Step 1 Run the static-lsp egress command to configure the egress LSR of the static LSP.
Step 2 Run the display mpls static-lsp command to query the configured egress LSR of the static LSP.
----End
Example
To configure egress LSR of the static LSP, do as follows:
huawei(config)#static-lsp egress staticslp3 incoming-interface vlanif 140 in-label
8400
huawei(config)#display mpls static-lsp
{ <cr>|string<S><1,15>|verbose<K>|include<K>|exclude<K> }:
Command:
display mpls static-lsp
Name FEC I/O Label I/O If Stat
staticlsp1 3.3.3.3/32 NULL/8500 -/- Down
staticslp3 -/- 8400/NULL Vlanif140/- Up
Related Operation
Table 27-7 lists the related operations for configuring egress LSR of the static LSP.
Table 27-7 Related operations for configuring egress LSR of the static LSP
Configure egress LSR of the static LSP static-lsp ingress
Enable/Disable the LSP CAR (undo)mpls car-lsp
27.5.4 Configuring the LSP CAR

This operation enables you to configure the LSP Committed Access Rate (CAR).
Procedure
Step 1 Run the mpls car-lsp static command to configure the LSP CAR.
Step 2 Run the display mpls car-lsp command and you can find the configuration of the LSP CAR is
successful.
----End

Example
To configure the bandwidth of static LSP staticlsp1 as 1000×64 kbit/s, do as follows. And the
system determines the burst value automatically based on the bandwidth.
huawei(config)#mpls car-lsp static lspname staticlsp1 burst 0 bandwidth 1000
huawei(config)#display mpls car-lsp static lspname staticlsp1
Static Lsp CAR Table
Total: 1
----------------------------------------------------
Lsp Name Burst(2KB) Bandwidth(64kbps)
----------------------------------------------------
*staticlsp1 AUTO 1000
----------------------------------------------------
Note: A '*' before an LSP-CAR means the CAR is invalid.
Related Operation
Table 27-8 lists the related operations for configuring the LSP CAR.
Table 27-8 Related operations for configuring LSP CAR

Configure the ingress of the static-lsp ingress

static LSP
Configure the egress of the static static-lsp egress

LSP
Query a static LSP display mpls static-lsp
Disable parameters of the LSP undo mpls car-lsp

CAR
27.6 MPLS LDP Configuration

This section describes how to configure MPLS LDP.
27.6.1 Overview
This section describes the LDP protocol.
27.6.2 Enabling the MPLS LDP
This operation enables the MPLS LDP.
27.6.3 Configuring Parameters of the LDP Basic Discovery
This operation enables you to configure parameters of the LDP basic discovery.
27.6.4 Configuring Parameters of the LDP Extended Discovery
This operation enables you to configure the parameters of the LDP extended discovery.
27.6.5 Configuring Parameters of the LDP Basic Session
This operation enables you to configure parameters for the LDP basic session.
27.6.6 Configuring Parameters of the LDP Extended Session
This operation enables you to configure parameters of the LDP extended session.
27.6.7 Configuring the LDP LSP Triggering Policy

This operation enables you to configure the LDP LSP triggering policy.
27.6.8 Configuring the LDP Label Retention Mode
This operation enables you to configure the LDP label retention mode.
27.6.9 Configuring the LDP Loopback Detection
This operation enables you to configure the LDP loopback detection.
27.6.10 Configuring the LDP MD5 Authentication
This operation enables you to configure the LDP MD5 authentication.
27.6.11 Enable the LDP MTU Signaling Function
This operation enables the LDP MTU signaling function.
27.6.1 Overview
This section describes the LDP protocol.
If the LDP is adopted as the label distribution protocol in an MPLS domain to set up LSP, LDP
sessions should be established between LSRs along the LSP to perform information exchange
such as label mapping and release.
The LDP uses Hello hold timer to maintain the LDP adjacency and session hold timer to maintain
the LDP session. In most applications, you can adopt the default value of the two timers. In some
special cases, you can modify the parameter as required. Modifying the hold timer may cause
the original session to be recreated. The LSP originally created on the basis of this session will
be deleted and needs to be recreated.
27.6.2 Enabling the MPLS LDP

This operation enables the MPLS LDP.
Context
l You must enable the MPLS first and then enable the MPLS LDP.
l You can only enable the MPLS of the standard VLAN.
Procedure
l In the global config mode:
1. Run the mpls ldp command to enable the MPLS LDP globally.
2. Run the display current-configuration command and you can query the global
MPLS LDP is enabled successfully.
l In VLAN interface mode:
1. Run the mpls ldp command to enable the MPLS LDP of a VLAN interface.
2. Run the display mpls interface command and you can query the MPLS LDP of the
VLAN interface is enabled successfully.
----End
To enable the MPLS LDP globally, do as follows:

[MA5600V300R003: 3002]

#
[mpls]
<mpls>
mpls lsr-id 4.4.4.4
mpls
#
[mpls-ldp]
<mpls-ldp>
mpls ldp
#
return
To enable the MPLS LDP of VLAN interface 140, do as follows:

huawei(config)#interface vlanif
{ <1-4000> }:140
huawei(config)#display mpls interface vlanif 140
Command:
display mpls interface vlanif 140
Interface Status TE Attr LSP Count CRLSP Count Effective MTU
Vlanif140 Down Dis 0 0 1500
Related Operation
Table 27-9 lists the related operations for enabling the MPLS LDP.
Table 27-9 Related operations for enabling the MPLS LDP
Query information of display mpls ldp -

MPLS LDP
Query information of display mpls ldp session -

the peer session
Disable the MPLS undo mpls ldp Disabling LDP on the interface
LDP will interrupt all LDP sessions
on the interface. All the LSPs
based on these sessions will be
deleted accordingly.
27.6.3 Configuring Parameters of the LDP Basic Discovery

This operation enables you to configure parameters of the LDP basic discovery.
Context
l In the VLAN interface, the link Hello timer can be configured. In remote peer mode, the
target Hello timer can be configured.
l By default, the link Hello duration is 15s, and the target Hello duration is 45s.

l Generally, the default can meet the requirement. Modifying the Hello timer duration will
result in recreating the original session, and all the LSPs based on the session will be deleted
and needs to be recreated.
l Run the mpls ldp transport-address command to configure the LDP transmission address.
By default, the address is the local LSR ID.
Procedure
l Set the Hello timer duration.
1. Run the mpls ldp timer command to set the Hello timer duration.
2. Run the display mpls ldp command to query the configuration of the Hello timer
duration.
l Configure the LDP transmission address.
1. Run the mpls ldp transport-address command to configure the LDP transmission
address.
2. Run the display mpls ldp command to query the configuration of the LDP
transmission address.
----End
To set the Hello timer duration, do as follows:

huawei(config-if-vlanif140)#mpls ldp timer hello-hold 15
huawei(config)#display mpls ldp interface vlanif 140
{ <cr>||<K> }:
Command:
display mpls ldp interface vlanif 140
LDP Interface Information
--------------------------------------------------------------------
Interface Name : vlanif140
LDP ID : 4.4.4.4:0 Transport Address : 4.4.4.4
Entity Status : Inactive Interface MTU : 1500
Configured Hello Timer : 15 Sec
Negotiated Hello Timer : 15 Sec
Configured Keepalive Timer : 45 Sec
Label Advertisement Mode : Downstream Unsolicited
Hello Message Sent/Rcvd : 0/0 (Message Count)
--------------------------------------------------------------------
To configure the LDP transmission address, do as follows:

huawei(config-if-vlanif140)#mpls ldp transport-address vlanif 140
{ <cr>||<K> }:
Command:
--------------------------------------------------------------------
--------------------------------------------------------------------

Related Operation
Table 27-10 lists the related operations for configuring parameters of the LDP basic discovery.
Table 27-10 Related operations for configuring parameters of LDP basic discovery
Query information of the peer display mpls ldp session

session
Query an MPLS LSP display mpls lsp
27.6.4 Configuring Parameters of the LDP Extended Discovery

This operation enables you to configure the parameters of the LDP extended discovery.
Context
Only one local session or one remote session can exist between two LSRs. The local session has
a higher priority than the remote session.
l When a local adjacency already exists with the remote peer, the remote adjacency will not
be created.
l When a remote adjacency exists and a local adjacency is created for the remote peer, the
remote peer will be deleted.
Procedure
l Set the Hello timer duration.
1. Run the mpls ldp remote-peer remotepeer command to enter MPLS LDP remote
peer mode.
2. Run the mpls ldp timer hello-hold command to set the Hello timer duration.
l Configure the LDP transmission address.
1. Run the interface vlanif command to enter VLAN interface mode.
2. Run the mpls ldp transport-address command to configure the LDP transmission
address.
----End

huawei(config)#mpls ldp remote-peer remotepeer
huawei(config-mpls-ldp-remote-remotepeer)#mpls ldp timer hello-hold 45
To configure the LDP transmission address, do as follows:

huawei(config-if-vlanif20)#mpls ldp transport-address vlanif 140

Verification
After you specify the remote LSR ID as the remote-ip, the local LSR will send LDP Targeted
Hello message to the remote-ip, thus discovering the LDP neighbor and establishing the remote
session.
Related Operation
Table 27-11 lists the related operations for configuring the parameters of the LDP extended
discovery.
Table 27-11 Related operations for configuring the parameters of the LDP extended discovery

session
Query the MPLS LSP display mpls lsp
Query the MPLS LDP display mpls ldp
27.6.5 Configuring Parameters of the LDP Basic Session

This operation enables you to configure parameters for the LDP basic session.
Context
l By default, the value of the timer keepalive-hold is 45s.
l If there are more than one enabled LDP links between two LSRs, the keepalive-hold time
of all links must be the same. Otherwise, the session may be unstable.
Procedure
Step 1 Run the interface vlanif command to enter vlan interface mode.
Step 2 Run the mpls ldp timer keepalive-hold command to configure the timer keepalive-hold
duration.
Step 3 Run the display mpls ldp command to query the configuration of the timer keepalive-hold
duration.
----End
Example
huawei(config-if-vlanif140)#mpls ldp timer keepalive-hold 45
{ <cr>||<K> }:
Command:

--------------------------------------------------------------------
--------------------------------------------------------------------
Related Operation
Table 27-12 lists the related operations for configuring parameters of the LDP basic session.
Table 27-12 Related operations for configuring parameters of the LDP basic session

session
27.6.6 Configuring Parameters of the LDP Extended Session

This operation enables you to configure parameters of the LDP extended session.
Procedure
Step 1 Run the mpls ldp remote-peer remotepeer command to enter MPLS LDP remote peer mode.
Step 2 Run the mpls ldp timer keepalive-hold command to set the Hello timer duration.
----End
Example
huawei(config)#mpls ldp remote-peer remotepeer
huawei(config-mpls-ldp-remote-remotepeer)#mpls ldp timer keepalive-hold 45
Related Operation
Table 27-13 lists the related operations for configuring parameters of the LDP extended session.
Table 27-13 Related operations for configuring parameters of the LDP extended session

session

27.6.7 Configuring the LDP LSP Triggering Policy

This operation enables you to configure the LDP LSP triggering policy.
Context
l The IGP route entry that is included in the host or IP address prefix list can trigger LDP to
set up an LSP.
l By default, no route entry can trigger LDP to set up an LSP.
l The host or IP address prefix list is only effective on the static route and the IGP route.
Procedure
Step 1 Run the mpls command to enter MPLS mode.
Step 2 Run the lsp-trigger command to configure the LDP LSP triggering policy.
Step 3 Run the display current-configuration command to query the configuration of the LDP LSP
triggering policy.
----End
Example
To configure the triggering policy based on the host, do as follows:
huawei(config)#mpls
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 4.4.4.4
mpls
lsp-trigger host
#
[mpls-ldp]
<mpls-ldp>
mpls ldp
#
[mpls-ldp-remote]
<mpls-ldp-remote-remotepeer>
mpls ldp remote-peer remotepeer
#
return
Related Operation
Table 27-14 lists the related operations for configuring the LDP LSP triggering policy.

Table 27-14 Related operations for configuring the LDP LSP triggering policy

session
27.6.8 Configuring the LDP Label Retention Mode

This operation enables you to configure the LDP label retention mode.
Context
There are two label retention modes:
l liberal: For the label mapping received from the neighboring LSR, the LSR will retain it,
no matter whether the neighboring LSR is at its next hop. Therefore, the LSR can
accommodate itself to the route changes rapidly.
l conservative: For the label mapping received from the neighboring LSR, the LSR will
retain it only when the neighboring LSR is at its next hop. Therefore, the LSR can distribute
and retain fewer labels.
Procedure
Step 1 Run the mpls ldp command to enable the MPLS LDP globally.
Step 2 Run the label-retention command to configure the LDP label retention mode.
Step 3 Run the display mpls ldp command to query the configuration of the LDP label retention mode.
----End
To set the LDP label retention mode as liberal, do as follows:

huawei(config-mpls-ldp)#label-retention liberal
huawei(config)#display mpls ldp
{ <cr>||<K>|all<K>|verbose<K>|interface<K>|peer<K>|session<K>|remote-peer<K>|
lsp<K> }:
Command:
display mpls ldp
LDP Global Information
--------------------------------------------------------------------
Protocol Version : V1 Neighbor Liveness : 600 Sec
Graceful Restart : Off FT Reconnect Timer : 300 Sec
MTU Signaling : On Recovery Timer : 300 Sec
LDP Instance Information
--------------------------------------------------------------------
Instance ID : 0 VPN-Instance :
Instance Status : Active LSR ID : 4.4.4.4
Hop Count Limit : 32 Path Vector Limit : 32
Loop Detection : Off
DU Re-advertise Timer : 10 Sec DU Re-advertise Flag : On

DU Explicit Request : Off Request Retry Flag : On

Label Distribution Mode : Independent Label Retention Mode : Liberal
--------------------------------------------------------------------
Related Operation
Table 27-15 lists the related operations for configuring the LDP label retention mode.
Table 27-15 Related operations for configuring the LDP label retention mode
Query information of the peer session display mpls ldp session
27.6.9 Configuring the LDP Loopback Detection

This operation enables you to configure the LDP loopback detection.
Prerequisite
There are two types of the LDP loopback detection: maximum hops and path vectors.
l Maximum hops: If the specified value is exceeded, the system considers that the loopback
occurs, and the LSP fails to set up. By default, the maximum hop is 32.
l Path vectors: The maximum value of LSP shall be specified. By default, the maximum path
vector is 32.
Context
l Before starting the loopback detection for the MPLS domain, it is required that all LSRs
be configured with loopback detection function. However, in setting up an LDP session,
the loopback detection configuration of both sides can be different.
l By default, the loopback detection is disabled.
l The loopback detection configuration is only effective on the established LSP.
l The system considers that the loopback occurs in any of the following conditions, and the
LSP fails to set up:
– The LSR record already exists in the path vector table.
– The maximum value of the path hop is exceeded.
Procedure
Step 2 Run the loop-detect command to start the loopback detection.
Step 3 Run the hops-count command to set the maximum hops for the loopback detection.
Step 4 Run the path-vectors command to set the maximum value of path vectors.

Step 5 Run the display mpls ldp command to query the configuration of the LDP loopback detection.
----End
Example
To configure the LDP loopback detection with the maximum hop of 30 and the maximum path
vector of 30, do as follows:
huawei(config-mpls-ldp)#loop-detect
huawei(config-mpls-ldp)#hops-count 30
huawei(config-mpls-ldp)#path-vectors 30
{ <cr>||<K>|all<K>|verbose<K>|interface<K>|peer<K>|session<K>|remote-peer<K>|lsp
<K> }:
Command:
display mpls ldp
--------------------------------------------------------------------
--------------------------------------------------------------------
Loop Detection : On
--------------------------------------------------------------------
Related Operation
Table 27-16 lists the related operations for configuring the LDP loopback detection.
Table 27-16 Related operations for configuring the LDP loopback detection
Query information of the peer session display mpls ldp session
Query a MPLS LSP display mpls lsp
27.6.10 Configuring the LDP MD5 Authentication

This operation enables you to configure the LDP MD5 authentication.
Context
l To enhance the security of the LDP session connection, you can configure MD5
authentication to the TCP used by the LDP.
l By default, the LDP MD5 authentication is not configured.

Procedure
Step 2 Run the md5-password command to configure the LDP MD5 authentication.
Step 3 Run the display current-configuration command to query the configuration of the LDP MD5
authentication.
----End
Example
To configure the connection password of the TCP used by the LDP as password, which is
displayed in cipher text, and the peer LSR ID as 3.3.3.3, do as follows:
huawei(config-mpls-ldp)#md5-password cipher 3.3.3.3 password
[MA5600V300R003: 3002]
[device-config]
<device-config>
board add 0/4 ADE
[vlan-config]
<vlan-config>
vlan 140 mux
port vlan 2 0/7 2
[config]
<config>
mplsvlan 2
stp enable
[mpls]
<mpls>
mpls lsr-id 4.4.4.2
mpls
label advertisenon-null
lsp-triggerhost
mplsl2vpn
[mpls-ldp]
<mpls-ldp>
mpls ldp
md5-password cipher 3.3.3.3 S;IKAY5^0NWQ=^Q`MAF4<1!!
md5-password cipher 10.1.1.3 S;IKAY5^0NWQ=^Q`MAF4<1!!
[vlanif]
<vlanif2>
interface vlanif2
description
HUAWEI, MA5600 Series, Vlanif2 Interface
ipaddress 10.1.1.2 255.255.255.0
mpls
mpls ldp
[meth]
<meth0>
interfacemeth0
descriptionHUAWEI, MA5600 Series, MEth0 Interface
ip
address 192.168.1.2 255.255.255.0
#
return
Related Operation
Table 27-17 lists the related operations for configuring the LDP MD5 authentication.

Table 27-17 Related operations for configuring the LDP MD5 authentication

session
27.6.11 Enable the LDP MTU Signaling Function

This operation enables the LDP MTU signaling function.
Context
l To detect path MTU correctly, the IP router needs to know the MTU of each link connected
to it.
l The LDP can automatically calculate the minimum MTU value of all the interfaces on each
LSP. At the ingress LSR, the MPLS determines the size of the forwarded packets based on
the calculated minimum MTU value. In this way, the system can avoid sending larger
packets at the ingress LSR, which may result in forwarding failure at the transit LSR.
l By default, the LDP MTU signaling is enabled.
l Enabling/Disabling MTU signaling function may result in recreating original session. LSPs
that are created based on this session will be deleted and needs to be recreated.
Procedure
Step 2 Run the mtu-signalling command to enable the LDP MTU signaling function.
Step 3 Run the display mpls ldp command and you can query the configuration of the LDP MTU
signaling function.
----End
Example
To enable the LDP MTU signaling function, do as follows:
huawei(config-mpls-ldp)#mtu-signaling
{ <cr>||<K>|all<K>|verbose<K>|interface<K>|peer<K>|session<K>|remote-peer<K>|lsp
<K> }:
Command:
display mpls ldp
--------------------------------------------------------------------
--------------------------------------------------------------------

Loop Detection : On
--------------------------------------------------------------------
Related Operation
Table 27-18 lists the related operation for enabling the LDP MD5 MTU signaling function.
Table 27-18 Related operation for enabling the LDP MD5 MTU signaling function
Disable the LDP MTU signaling undo mtu-signalling

function
27.7 PW Configuration
This section describes how to configure a PW template.
27.7.1 Enable the MPLS L2VPN
This operation enables the MPLS L2VPN.
27.7.2 Configuring a PW Template
This operation enables you to configure a PW template.
27.7.3 Binding a PVC with a PW Template
This operation enables you to bind a PVC with a PW template.
27.7.4 Binding a VLAN with a PW Template
This operation enables you to bind a VLAN with a PW template.
27.7.1 Enable the MPLS L2VPN

This operation enables the MPLS L2VPN.
Procedure
Step 1 Run the mpls l2vpn command to enable the MPLS L2VPN.
Step 2 Run the display current-configuration command and you can find the MPLS L2VPN is
enabled successfully.
----End
Example
To enable the MPLS L2VPN, do as follows:
[MA5600V300R003: 3002]

#
[mpls]
<mpls>
mpls lsr-id 4.4.4.4
mpls
lsp-trigger host
mpls l2vpn
#
[mpls-ldp]
<mpls-ldp>
mpls ldp
loop-detect
hops-count 30
path-vectors 30
#
[mpls-ldp-remote]
<mpls-ldp-remote-remotepeer>
mpls ldp remote-peer remotepeer
#
return
Related Operation
Table 27-19 lists the related operation for enabling the MPLS L2VPN.
Table 27-19 Related operation for enabling the MPLS L2VPN

Disable the MPLS L2VPN undo mpls l2vpn
27.7.2 Configuring a PW Template

This operation enables you to configure a PW template.
Procedure
Step 1 Run the pw-template command to create a PW template.
Step 2 Run the peer-address command to specify the peer IP address.
Step 3 Run the pw-type command to specify the PW template type.
Step 4 Run the display pw-template command to query the PW template.
----End
Example
To create PW profile pwt1 with the peer IP address of 3.3.3.3 and the profile type of ATM in
SDU mode, do as follows:
huawei(config)#pw-template pwt1
huawei(config-pw-template-pwt1)#peer-address 3.3.3.3
huawei(config-pw-template-pwt1)#pw-type atm sdu
huawei(config)#display pw-template
{ <cr>|string<S><1,19> }:
Command:
display pw-template

Total PW template number : 1

PW Template Name : pwt1
PeerIP : 3.3.3.3
Tnl Policy Name : --
PW Type : atm sdu
CtrlWord : Enable
MTU : 1500
MaxAtmCells : 1
Total PW : 0, Static PW : 0, LDP PW : 0
27.7.3 Binding a PVC with a PW Template

This operation enables you to bind a PVC with a PW template.
Context
You can bind a PVC with a PW template in the following two modes:
l NTO1 mode: One PW template can be bound with multiple PVCs. To differentiate PVCs,
the VPI and VCI values must be changed at the egress of the PW template.
l SDU mode: One PW template can be bound with a PVC. The VPI and VCI values remain
unchanged at the egress of the PW template.
Procedure
Step 1 Run the pw-ac-binding pvc command to bind a PVC with a PW profile.
Step 2 Run the display pw-ac-binding command and you can find a PVC is bound with a PW template
successfully.
----End
Example
To bind the PVC between the ADSL port 0/2/0 and the control board with PW template
PWT1, do as follows:
huawei(config)#pw-ac-binding pvc
{ frame/slot/port<S><1,15>|frame/slot<S><1,15> }:0/2/0
{ vpi<K> }:vpi 0
{ vci<K> }:vci 35
{ pw<K>|outvpi<K> }:pw
{ pw-id<1,4294967294> }:10
{ pw-template<K> }:pw-template
{ pw-template-name<S><1,19> }:pwt1
huawei(config)#display pw-ac-binding pw 10
Total : 1 (Up/Down : 1/0 Static/Dynamic : 0/1)
-------------------------------------------------------------------------
AC PW PW PW RECEIVE TRNS TEMPLATE
ID ID STATE TYPE LABEL LABEL NAME
--------------------------------------------------------------------------
0/2/0 0 35 10 up dynamic 9351 19 pwt1
--------------------------------------------------------------------------
Note : AC ID should be:
F/S/P VPI VCI (F--Frame, S--Slot, P--Port)
F/S/G VPI VCI (F--Frame, S--Slot, G--IMA GROUPINDEX)
VLAN ID
Related Operation
Table 27-20 lists the related operations for binding a PVC with a PW template.

Table 27-20 Related operations for binding a PVC with a PW template

Create a PW template pw-template
Bind a VLAN with a PW template pw-ac-binding vlan
27.7.4 Binding a VLAN with a PW Template

This operation enables you to bind a VLAN with a PW template.
Procedure
Step 1 Run the pw-ac-binding vlan command to bind a VLAN with a PW profile.
Step 2 Run the display pw-ac-binding command and you can find the VLAN is bound with the PW
template successfully.
----End
Example
To bind standard VLAN 20 with PW template PWT1, do as follows:
huawei(config)#pw-ac-binding vlan 20 pw 100 pw-template pwt1
huawei(config)#display pw-ac-binding pw 100
Total : 1 (Up/Down : 1/0 Static/Dynamic : 0/1)
-------------------------------------------------------------------------
AC PW PW PW RECEIVE TRNS TEMPLATE
ID ID STATE TYPE LABEL LABEL NAME
--------------------------------------------------------------------------
0/2/0 0 35 100 up dynamic 9351 19 pwt1
--------------------------------------------------------------------------
Note : AC ID should be:
F/S/P VPI VCI (F--Frame, S--Slot, P--Port)
F/S/G VPI VCI (F--Frame, S--Slot, G--IMA GROUPINDEX)
VLAN ID
Related Operation
Table 27-21 lists the related operations for binding a VLAN with a PW template.
Table 27-21 Related operations for binding a VLAN with a PW template

Create a PW template pw-template

Configuration Guide 28 Configuring MPLS RSVP-TE
28 Configuring MPLS RSVP-TE
About This Chapter
This chapter describes the MPLS RSVP-TE technology and how to configure MPLS RSVP-TE
on the MA5600
28.1 Overview
This section describes applications of extended Resource ReSerVation Protocol (RSVP-TE) to
the MA5600.
28.2 Configuration Example for Establishing an MPLS TE Tunnel by Using RSVP-TE
This example shows how to establish an MPLS TE tunnel by using RSVP-TE.
28.3 Configuring Basic MPLS TE Capability
This operation enables you to configure the basic capability of MPLS TE.
28.4 Configuring an MPLS TE Tunnel by Using Dynamic Signaling
This operation enables you to configure an MPLS TE tunnel by using dynamic signaling.
28.5 Configuring Advanced RSVP-TE Features
This operation enables you to configure the advanced RSVP-TE features.
28.6 Tuning the Establishment of CR-LSP
This operation enables you to tune the establishment of CR-LSP.
28.7 Tuning the Establishment of an MPLS TE Tunnel
This operation enables you to tune the establishment of an MPLS TE tunnel.

28 Configuring MPLS RSVP-TE Configuration Guide
28.1 Overview
This section describes applications of extended Resource ReSerVation Protocol (RSVP-TE) to
the MA5600.
Service Description
MPLS TE is a technology that integrates TE with MPLS. Using this technology, you can create
an LSP tunnel to a specified path, to reserve resources and implement re-optimization.
In the case of scarcity of resources, MPLS TE helps to preempt the bandwidth resource of the
LSP tunnels with low priority based on the priority and preemption parameter. This meets the
demands for the LSPs with large bandwidth or VIP customers. MPLS TE also provides
protection against link or node failure through the use of path backup and fast reroute (FRR).
With MPLS TE, administrators must create some LSPs and bypass congestion nodes. Thus, this
eliminates network congestion.
The major functions of MPLS TE are as follows:
l Static LSP processing: It creates and deletes LSPs.
l Constrained Route-Label Switched Path (CR-LSP) processing: It processes various kinds
of CR-LSPs.
NOTE
For details of MPLS TE, refer to the Requirements for Traffic Engineering Over MPLS (RFC2702).
l To provide the MPLS function, the MA5600 can serve as only a PE device.
l For the MA5600, to subtend slave shelves,
l Only the master shelf supports MPLS function.
l The master shelf supports the ETH PWE3 and the ATM PWE3 services, and the slave shelf supports
only the ETH PWE3 service. (To support the ATM PWE3 service, a slave shelf must be separately
configured with the and the AIUG subboard, so as to serve as an independent PE to provide MPLS
upstream function.)
28.2 Configuration Example for Establishing an MPLS TE

Tunnel by Using RSVP-TE
This example shows how to establish an MPLS TE tunnel by using RSVP-TE.
Networking
Figure 28-1 shows the sample network for establishing an MPLS TE tunnel by using RSVP-
TE.

Figure 28-1 Sample network for establishing an MPLS TE tunnel by using RSVP-TE
Router
10.1.1.2/24 10.1.2.1/24
LSR-id
2.2.2.2/32
LSR-id LSR-id
10.1.1.1/24 10.1.2.2/24
1.1.1.1/32 3.3.3.3/32
MA5600_A MA5600_B
Data Plan
Table 28-1 lists the data plan for establishing an MPLS TE tunnel by using RSVP-TE.
Table 28-1 Data plan for establishing an MPLS TE tunnel by using RSVP-TE
Item Data
MA5600_A lsr-id: 1.1.1.1/32
Port: 0/7/2
VLAN: 10
IP address of layer 3 interface (interface connected with router):
10.1.1.1/24
MA5600_B lsr-id: 3.3.3.3/32
Port: 0/7/2
VLAN: 20
IP address of layer 3 interface (interface connected with router):
10.1.2.2/24
Router lsr-id: 2.2.2.2/32
IP address of the interface connected with MA5600_A: 10.1.1.2/24
IP address of the interface connected with MA5600_B: 10.1.2.1/24
Before establishing an MPLS TE tunnel, make sure that:
l The IP addresses and masks of interfaces are configured as a sample network. After the
configuration, LSRs can ping each other successfully.

l The OSPF protocol is configured on all MA5600 devices and routers, and the configured
routes are advertised successfully. Otherwise, the static routes are configured.
Figure 28-2 shows the flowchart for establishing an MPLS TE tunnel.
Figure 28-2 Flowchart for establishing an MPLS TE tunnel
Start
Configure the MPLS basic capability,

enable MPLS TE, RSVP-TE and CSPF
Configure OSPF TE
Configure the MPLS TE attribute of links
Configure MPLS TE tunnel
Save the data
End
Procedure
Step 1 Configure the MPLS basic capability, and enable the MPLS TE, RSVP-TE and CSPF.
1. Enable globally the MPLS basic functions and the MPLS TE basic functions.
MA5600_A(config)#mpls lsr-id 1.1.1.1
MA5600_A(config)#mpls
MA5600_A(config-mpls)#mpls te
MA5600_A(config-mpls)#mpls rsvp－te
MA5600_A(config-mpls)#mpls te cspf
MA5600_A(config-mpls)#quit
2. Enable the MPLS basic functions and the MPLS TE functions on interfaces.
MA5600_A(config)#vlan 10 standard
MA5600_A(config)#mpls vlan 10
MA5600_A(config)#port vlan 10 0/7 0
MA5600_A(config)#interface vlanif 10
MA5600_A(config-if-vlanif10)#ip address 10.1.1.1 24
MA5600_A(config-if-vlanif10)#mpls
MA5600_A(config-if-vlanif10)#mpls te
MA5600_A(config-if-vlanif10)#mpls rsvp-te
MA5600_A(config-if-vlanif10)#mpls te cspf
NOTE
The configuration of MA5600_B is the same as that of MA5600_A. So, it is not described here.

Step 2 Configure OSPF TE.

MA5600_A(config)#ospf 100
MA5600_A(config-ospf-100)#opaque-capability enable
MA5600_A(config-ospf-100)#area 0
MA5600_A(config-ospf-100-area-0.0.0.0)#mpls-te enable standard-complying
MA5600_A(config-ospf-100-area-0.0.0.0)#quit
NOTE
The configuration of MA5600_B is the same as that of MA5600_A. So, it is not described here.
Step 3 Configure the MPLS TE attribute of links on MA5600_A and MA5600_B respectively.
MA5600_A(config-if-vlanif10)#mpls te max-link-bandwidth 2048
MA5600_A(config-if-vlanif10)#mpls te max-reservable-bandwidth 1024
MA5600_A(config-if-vlanif10)#quit
MA5600_B(config)#interface vlanif 20
MA5600_B(config-if-vlanif20)#mpls te max-link-bandwidth 2048
MA5600_B(config-if-vlanif20)#mpls te max-reservable-bandwidth 1024
MA5600_B(config-if-vlanif20)#quit
Step 4 Configure the MPLS TE tunnel from MA5600_A to MA5600_B.

MA5600_A(config)#interface tunnel 10
MA5600_A(config-if-tunnel10)#tunnel-protocol mpls te
MA5600_A(config-if-tunnel10)#destination 3.3.3.3
MA5600_A(config-if-tunnel10)#mpls te tunnel-id 10
MA5600_A(config-if-tunnel10)#mpls te signal-protocol rsvp-te
MA5600_A(config-if-tunnel10)#mpls te bandwidth bc0 512
MA5600_A(config-if-tunnel10)#mpls te commit
MA5600_A(config-if-tunnel10)#quit

MA5600_A(config)#save
MA5600_B(config)#save
----End
Result
After the configuration, do as follows to display the configuration result on MA5600_A:
Run the display mpls te tunnel-interface tunnel command and you can find the configuration
of the tunnel.
28.3 Configuring Basic MPLS TE Capability

This operation enables you to configure the basic capability of MPLS TE.
Context
The configuration of basic MPLS TE capability is required in various MPLS TE feature
configurations. To use the MPLS TE features, you must perform further configuration besides
basic configuration.
28.3.1 Enabling MPLS TE Feature
This operation enables the MPLS TE feature.
28.3.2 Creating an MPLS TE Tunnel
This operation enables you to create an MPLS TE tunnel.

28.3.1 Enabling MPLS TE Feature

This operation enables the MPLS TE feature.
Context
l You must enable the basic MPLS TE capability before enabling the MPLS TE feature.
l You must globally enable MPLS TE and then enable the feature on corresponding
interfaces.
l In the MPLS view, when the MPLS TE feature is disabled, the feature on corresponding
interfaces is also disabled and the CR-LSP tunnels are deleted.
l The CR-LSPs on the interface are deleted when the MPLS TE feature is disabled in the
interface view.
l By default, the MPLS TE feature is disabled.
Procedure
l In the MPLS view, run the mpls te command to globally enable the MPLS TE feature.
1. Enter the MPLS mode.
2. In the MPLS view, run the mpls te command to globally enable the MPLS TE feature.
l In the interface view, run the mpls te command to enable the MPLS TE feature on the
interface.
1. Enter VLAN interface mode.
2. Run the mpls te command to enable the MPLS TE feature on the interface.
3. Run the display mpls interface command to display information about the interface
whose MPLS TE feature has been enabled.
----End
To globally enable the MPLS feature, do as follows:

huawei(config)#mpls
{ car-lsp<K>|qos<K>|lsr-id<K>|oam<K>|<cr>|ldp<K>|l2vpn<K>|te<K> }:
Command:
mpls
huawei(config-mpls)#mpls te
{ tie-breaking<K>|path<K>|cspf<K>|<cr> }:
Command:
mpls te
Info: Mpls te starting, please wait... OK!
To enter the interface mode and enable the MPLS TE feature of the VLAN interface, do as
follows:
huawei(config-if-vlanif20)#mpls te
{ max-reservable-bandwidth<K>|max-link-bandwidth<K>|link<K>|bandwidth<K>|metric<
K>|<cr> }:
Command:
mpls te
huawei(config)#display mpls interface vlanif 20
{ <cr>|verbose<K> }:verbose

Command:
display mpls interface vlanif 20 verbose
No : 1
Interface : vlanif20
Status : Up
TE Attribute : Enable
LSPCount : 0
CR-LSPCount : 0
MPLS Config MTU : Please set the MPLS MTU!
Interface MTU : 1500
MPLS Effective MTU : 1500
TE FRR : Disabled
Related Operation
Table 28-2 lists the related operation for enabling MPLS TE feature.
Table 28-2 Related operation for enabling MPLS TE feature

Disable MPLS TE feature undo mpls te
28.3.2 Creating an MPLS TE Tunnel

This operation enables you to create an MPLS TE tunnel.
Context
l The tunnel interface must have an IP address to implement the traffic forwarding feature.
No peer address exists because the MPLS TE tunnel is unidirectional.
l The destination address of the tunnel is LSR ID of the egress node.
l If MPLS TE parameters on a tunnel interface change, run the mpls te commit command
to validate them.
Procedure
Step 1 Run the interface tunnel command to create a tunnel interface and enter tunnel interface mode.
Step 2 Run the tunnel-protocol mpls te command to configure tunnel protocol to be MPLS TE.
Step 3 Run the destination command to configure the destination address of the tunnel.
Step 4 Run the mpls te tunnel-id command to configure tunnel ID.
Step 5 Run the mpls te commit command to commit the current tunnel configuration.
Step 6 Run the display current-configuration command to display information about the tunnel.
----End
Example
Assume that:
l Destination address: 202.100.100.100

l Tunnel name: 10
l Tunnel ID: 10
To create the MPLS TE tunnel, do as follows:
huawei(config)#interface tunnel 10
huawei(config-if-tunnel10)#tunnel-protocol mpls te
huawei(config-if-tunnel10)#destination 202.100.100.100
NOTE
The destination address of the tunnel is recommended to be configured as the address of the loopback port
of the peer device.
huawei(config-if-tunnel10)#mpls te tunnel-id 10
huawei(config-if-tunnel10)#mpls te commit
huawei(config-if-tunnel10)#quit
huawei(config)#display current-configuration section tunnel
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
description tunnel-10
tunnel-protocol mpls te
destination 202.100.100.100
mpls te tunnel-id 10
#
return
Related Operation
Table 28-3 lists the related operation for creating an MPLS TE tunnel.
Table 28-3 Related operation for creating an MPLS TE tunnel

Configure LSR ID mpls lsr-id
28.4 Configuring an MPLS TE Tunnel by Using Dynamic

Signaling
This operation enables you to configure an MPLS TE tunnel by using dynamic signaling.
Context
The dynamic signaling protocol adjusts the path of a TE tunnel based on dynamic changes of
the network, and applies advanced features, such as backup and FRR.
The process for configuring an MPLS TE through the dynamic signaling protocol is as follows:
28.4.1 Configuring Bandwidth of Links
This operation enables you to configure bandwidth of links.
28.4.2 Enabling OSPF TE
This operation enables you to enable OSPF TE.
28.4.3 Configuring the MPLS TE Explicit Path

This operation enables you to configure the MPLS TE explicit path.

28.4.4 Configuring Constraints of an MPLS TE Tunnel
This operation enables you to configure constraints for an MPLS TE tunnel.
28.4.5 Configuring CSPF
This operation enables you to configure CSPF algorithm of an MPLS.
28.4.6 Establishing an MPLS TE Tunnel by Using RSVP-TE
This operation enables you to establish an MPLS TE tunnel by using RSVP-TE.
28.4.1 Configuring Bandwidth of Links

This operation enables you to configure bandwidth of links.
Context
l The mpls te max-link-bandwidth bandwidth-value command is used to set the maximum
bandwidth of MPLS TE links. The bandwidth applies to both MPLS traffic and common
Best-Effort traffic.
l The mpls te max-reservable-bandwidth command is used to configure the maximum
reservation bandwidth of MPLS TE links. The bandwidth applies to only MPLS traffic.
Procedure
l Configure the maximum bandwidth of MPLS TE links.
1. Run the mpls te max-link-bandwidth command to configure the maximum
bandwidth of MPLS TE links.
2. Run the display current-configuration command to display the maximum bandwidth
of MPLS TE links.
l Configure the maximum reservation bandwidth.
1. Run the mpls te max-reservable-bandwidth command to configure the maximum
reservation bandwidth of MPLS TE links.
2. Run the display current-configuration command to display maximum reservation
bandwidth of MPLS TE links.
----End
To set the maximum bandwidth of both MPLS TE links 4096 kbit/s and BC1 as 2048 kbit/s, do
as follows:
huawei(config-if-vlanif20)#mpls te max-link-bandwidth 4096 bc1 2048
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-link-bandwidth 4096 bc1 2048
#
<vlanif30>
interface vlanif30

#
return
To set the maximum reservation bandwidth of both MPLS TE links 1024 kbit/s and BC1 as 512
kbit/s, do as follows:
huawei(config-if-vlanif20)#mpls te max-reservable-bandwidth 1024 bc1 512
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te max-reservable-bandwidth 1024 bc1 512
#
<vlanif30>
interface vlanif30
#
return
Related Operation
Table 28-4 lists the related operations for configuring bandwidth of links.
Table 28-4 Related operations for configuring bandwidth of links
Cancel the configuration of undo mpls te max-link-bandwidth

maximum bandwidth on MPLS
TE links
Cancel the configuration of undo mpls te max-reservable-bandwidth

maximum reservation
bandwidth on MPLS TE links
28.4.2 Enabling OSPF TE

This operation enables you to enable OSPF TE.
Context
By default, the OSPF TE capability is disabled.
Procedure
Step 1 Run the ospf command to enter OSPF mode.
Step 2 Run the opaque-capability enable command to enable the OSPF opaque capability.
Step 3 Run the area command to enter the OSPF area view.

Step 4 Run the mpls-te enable command to enable TE in current OSPF area.
Step 5 Run the display current-configuration command to display the configuration of the current
OSPF.
----End
Example
To enable TE in OSPF area 100, do as follows:
huawei(config-ospf-100)#opaque-capability enable
huawei(config-ospf-100-area-0.0.0.100)#mpls-te enable standard-complying
huawei(config)#display current-configuration section ospf
[MA5600V300R003: 3002]
#
[ospf]
<ospf-100>
ospf 100
opaque-capability enable
area 0.0.0.100
mpls-te enable standard-complying
#
return
Related Operation
Table 28-5 lists the related operations for enabling OSPF TE.
Table 28-5 Related operations for enabling OSPF TE
Disable the MPLS TE feature undo mpls-te In the OSPF area view
in the current OSPF area
Display the configuration of display ospf -

the OSPF
28.4.3 Configuring the MPLS TE Explicit Path

This operation enables you to configure the MPLS TE explicit path.
Context
l MPLS TE explicit path is configured on the ingress node.
l The explicit path consists of a series of nodes. An IP address in the explicit path is the IP
address of interface on the node. In general, the address of the loopback interface on a node
is used as the destination address.
l The two kinds of relations that exist between adjacent nodes on an explicit path are as
follows:
– Strict next-hop: Two nodes must be connected directly.

– Loose next-hop: Other routers exist between the two nodes.

l By default, the explicit path includes the next hop in strict mode. The explicit path specifies
nodes that must be passed or cannot be passed to reach a destination.
Procedure
Step 1 Run the explicit-path enable command to create an explicit path and enter explicit path view.
Step 2 Run the next hop command to specify the next hop of the explicit path.
Step 3 Run the list hop command to display the configuration of the MPLS TE explicit path.
----End
Example
To configure an MPLE TE path named huaweipath with IP addresses 202.100.100.100 and
202.100.200.200, do as follows:
huawei(config)#explicit-path huaweipath enable
huawei(config-explicit-path-huaweipath)#next hop 202.100.100.100 include strict
huawei(config-explicit-path-huaweipath)#next hop 202.100.200.200 include loose
huawei(config-explicit-path-huaweipath)#list hop
{ <cr>|ip_addr<X.X.X.X> }:
Command:
list hop
Path Name : huaweipath Path Status : Enabled
1 202.100.100.100 Strict Include
2 202.100.200.200 Loose Include
Related Operation
Table 28-6 lists the related operations for configuring the MPLS TE explicit path.
Table 28-6 Related operations for configuring the MPLS TE explicit path
Display the configuration of the display explicit-path

explicit path
Delete an MPLS TE explicit path undo explicit-path
Insert a node to the explicit path add hop
Modify the node address of explicit modify hop

address
Delete a node from the explicit path delete hop
28.4.4 Configuring Constraints of an MPLS TE Tunnel

This operation enables you to configure constraints for an MPLS TE tunnel.

Procedure
Step 1 Run the interface tunnel command to create or enter the tunnel interface view of the MPLS TE
tunnel.
Step 2 Run the mpls te bandwidth command to configure bandwidth for the tunnel.
Step 3 Run the mpls te path explicit-path command to configure the explicit path used for the MPLS
TE tunnel.
Step 5 Run the display current-configuration command to display the information about the tunnel.
----End
Example
To configure the constraints for an MPLS TE tunnel, do as follows:
huawei(config-if-tunnel10)#mpls te bandwidth bc0 8192
huawei(config-if-tunnel10)#mpls te path explicit-path huaweipath
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te bandwidth bc0 8192
mpls te path explicit-path huaweipath
#
return
Related Operation
Table 28-7 lists the related operations for configuring constraints for an MPLS TE tunnel.
Table 28-7 Related operations for configuring constraints for an MPLS TE tunnel
Cancel the configuration of undo mpls te bandwidth

bandwidth for an MPLS TE tunnel
Cancel the configuration of the undo mpls te path

explicit path used by an MPLS TE
tunnel
28.4.5 Configuring CSPF

This operation enables you to configure CSPF algorithm of an MPLS.

Context
l You must enable CSPF first and then you can configure relevant CSPF functions.
l Whenever a link is Down, a CSPF failed link timer starts. If the IGP deletes or modifies
this link before the timer expires, the CSPF is notified of this deletion and modification.
The CSPF then updates the link in the TEDB and stops the timer. If the timer expires and
the IGP does not delete the link, the status of the link is Up.
l By default, CSPF of an MPLS area is disabled and the interval for starting up the failed
timer is 10s.
Procedure
Step 1 Run the mpls command to enter the MPLS view.
Step 2 Run the mpls te cspf command to enable CSPF of the node.
Step 3 Run the mpls te cspf timer failed-link command to set the interval for starting up to the failed
timer.
Step 4 Run the display current-configuration command to display CSPF configuration of the MPLS.
----End
Example
To enable CSPF of an MPLS and set the interval for starting up the failed timer as 100s, do as
follows:
huawei(config)#mpls
huawei(config-mpls)#mpls te cspf
huawei(config-mpls)#mpls te cspf timer failed-link 100
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls te cspf
mpls te cspf timer failed-link 100
#
return
Related Operation
Table 28-8 lists the related operations for configuring the CSPF of an MPLS.
Table 28-8 Related operations for configuring CSPF of an MPLS
Disable the CSPF of an MPLS undo mpls te cspf
Restore the default interval for undo mpls te cspf timer failed-link
starting up the failed timer

28.4.6 Establishing an MPLS TE Tunnel by Using RSVP-TE

This operation enables you to establish an MPLS TE tunnel by using RSVP-TE.
Context
l In the MPLS view, run the mpls rsvp-te command to enable the RCVP-TE feature. In the
VLAN interface view, run the mpls rsvp-te command to enable the RSVP-TE feature of
interfaces.
l In the MPLS view, once the RSVP-TE feature is disabled globally, the RSVP-TE feature
on each interface is disabled at the same time.
l By default, the RSVP-TE feature is disabled.
l To run the mpls rsvp-te command, run the mpls command and the mpls te command to
enable the MPLS and the MPLS TE features. Enable RSVP-TE feature first before
configuring other RSVP-TE functions.
Procedure
Step 2 Run the mpls rsvp-te command to enable RSVP-TE.
Step 3 In VLAN interface mode, run the mpls rsvp-te command to enable RSVP-TE on the VLAN
interface.
Step 4 In tunnel interface mode, run the mpls te signal-protocol rsvp-te command to specify RSVP-
TE as the signaling of the tunnel.
Step 5 In tunnel interface mode, run the mpls te commit command to commit the current tunnel
configuration.
----End
Example
To establish an MPLS TE tunnel by using RSVP-TE, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te
huawei(config-if-vlanif20)#mpls rsvp-te
huawei(config-if-tunnel100)#mpls te signal-protocol rsvp-te
Related Operation
Table 28-9 lists the related operation for establishing an MPLS TE tunnel by using RSVP-TE.
Table 28-9 Related operation for establishing an MPLS TE tunnel by using RSVP-TE
Disable RSVP-TE feature undo mpls rsvp-te

28.5 Configuring Advanced RSVP-TE Features

This operation enables you to configure the advanced RSVP-TE features.
Context
RSVP-TE provides diversified configuration options. It guarantees reliability and network
resource availability, and offers some applications of MPLS TE advanced features.
Before configuring advanced RSVP-TE features, complete the following tasks:

l Configuring the MPLS basic capability
l Configuring the basic MPLS TE capability
l Using RSVP-TE to establish the MPLS TE tunnel
28.5.1 Configuring RSVP Hello Extension

This operation enables you to configure RSVP Hello extension.
28.5.2 Configuring RSVP Resource Reservation Style
This operation enables you to configure RSVP resource reservation style.
28.5.3 Configuring RSVP Timers
This operation enables you to configure RSVP timers, including configuring the refresh interval
for Path and Resv messages, timeout multiplier of PSB and RSB and timeout multiplier of
blockade state.
28.5.4 Enabling RSVP Message Transmission Reliability
This operation enables the reliability of RSVP message transmission.
28.5.5 Enabling RSVP-TE Srefresh Function
This operation enables RSVP-TE Summary Refresh (Srefresh) function.
28.5.6 Enabling RSVP-TE Reservation Confirmation Mechanism
This operation enables RSVP-TE reservation confirmation mechanism.
28.5.7 Enabling RSVP Authentication
This operation enables RSVP authentication.
28.5.1 Configuring RSVP Hello Extension

This operation enables you to configure RSVP Hello extension.
Context
l The RSVP Hello extension is used to detect the reachability of RSVP neighboring nodes.
Before enabling RSVP Hello extension, you must enable RSVP-TE feature first. Only after
the RSVP Hello extension is enabled, you can configure parameters.
l In the MPLS view, run the mpls rsvp-te hello command to globally enable the RSVP Hello
mechanism. Run the mpls rsvp-te hello command to enable the RSVP Hello mechanism
in the VLAN interface view.
l By default, the RSVP Hello extension is disabled. When the RSVP Hello extension is
enabled, the refresh interval of Hello message is 3 seconds.

l By default, the maximum loss times of Hello message is 3.
Procedure
Step 2 Run the mpls rsvp-te hello command to globally enable RSVP Hello extension.
Step 3 Run the mpls rsvp-te hello-lost command to configure the maximum loss times of Hello
message.
Step 4 Run the mpls rsvp-te timer hello command to configure the refresh interval of Hello message.
Step 5 In the VLAN interface view, run the mpls rsvp-te hello command to enable the RSVP Hello
extension of the VLAN interface.
Step 6 Run the display current-configuration command to display the configuration.
----End
Example
Assume that:
l VLAN interface: 20
l Maximum times for consecutively receiving no Hello message: 6
l Refresh interval of Hello message: 10s
To configure the RSVP Hello extension, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te hello
huawei(config-mpls)#mpls rsvp-te hello-lost 6
huawei(config-mpls)#mpls rsvp-te timer hello 10
huawei(config-if-vlanif20)#mpls rsvp-te hello
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te timer hello 10
mpls rsvp-te hello-lost 6
mpls te cspf
#
return
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te


mpls rsvp-te
mpls rsvp-te hello
#
<vlanif30>
interface vlanif30
#
return
Related Operation
Table 28-10 lists the related operations for configuring RSVP Hello extension.
Table 28-10 Related operations for configuring RSVP Hello extension

Disable RSVP Hello extension undo mpls rsvp-te hello

mechanism
Restore the default loss times of undo mpls rsvp-te hello-lost

Hello message
Restore the default refresh interval of undo mpls rsvp-te timer hello
Hello message
28.5.2 Configuring RSVP Resource Reservation Style

This operation enables you to configure RSVP resource reservation style.
Context
l By default, the resource reservation style is Shared-Explicit (SE) style.
l Only the RSVP-TE protocol has resource reservation style and styles available are: SE style
and fixed filter (FF) style.
Procedure
Step 1 Run the interface tunnel command to enter the tunnel interface view.
Step 2 Run the mpls te resv-style command to specify resource reservation style for the tunnel.
Step 4 In global config mode, run the display current-configuration command to display the
configuration.
----End
Example
To specify resource reservation style FF for establishing a CR-LSP tunnel, do as follows:
huawei(config-if-tunnel20)#mpls te resv-style ff

[MA5600V300R003: 3002]
#
<tunnel10>
interface tunnel10
#
<tunnel20>
interface tunnel20
mpls te resv-style ff
mpls te commit
#
return
Related Operation
Table 28-11 lists the related operation for configuring the resource reservation style.
Table 28-11 Related operation for configuring the resource reservation style
Restore the default resource reservation undo mpls te resv-style

style
28.5.3 Configuring RSVP Timers

This operation enables you to configure RSVP timers, including configuring the refresh interval
for Path and Resv messages, timeout multiplier of PSB and RSB and timeout multiplier of
blockade state.
Context
l RSVP maintains path and resource through refresh message. The mpls rsvp-te timer
refresh command is used to configure refresh interval, that is, the interval for sending a
refresh message.
l ResvErr message creates blockade state on a node to solve the problem of "killer
reservation" and forward or create smaller requests. Blockade state timeout = Blockstate
timeout multiplier x Path/Resv message refresh-time.
l The mpls rsvp-te keep-multiplier command is used to configure timeout multiplier of
PSB and RSB. Timeout time = (keep-multiplier + 0.5) x 1.5 x refresh-time. If no refresh
message is received within the timeout time, a fault occurs to the link and the reserved
resource must be deleted.
l By default, the refresh interval of Path/Resv message is 30 seconds; the timeout multiplier
of PSB and RSB is 3; the timeout multiplier of blockade state is 4.
Procedure

Step 2 Run the mpls rsvp-te timer refresh command to configure the refresh interval for Path and
Resv messages.
Step 3 Run the mpls rsvp-te keep-multiplier command to configure the timeout multiplier of PSB and
RSB.
Step 4 Run the mpls rsvp-te blockade-multiplier command to configure the timeout multiplier of
blockade state.
----End
Example
To set the refresh interval for Path and Resv message to 50s, the timeout multiplier of PSB and
RSB to 5 and the timeout multiplier of blockade state to 5, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te timer refresh 50
huawei(config-mpls)#mpls rsvp-te keep-multiplier 5
huawei(config-mpls)#mpls rsvp-te blockade-multiplier 5
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te timer refresh 50
mpls rsvp-te keep-multiplier 5
mpls rsvp-te blockade-multiplier 5
mpls te cspf
#
return
Related Operation
Table 28-12 lists the related operations for configuring RSVP timers.
Table 28-12 Related operations for configuring RSVP timers
Restore the default refresh interval undo mpls rsvp-te timer refresh
for Path and Resv messages
Restore the default timeout multiplier undo mpls rsvp-te keep-multiplier

of PSB and RSB
Restore the default timeout multiplier undo mpls rsvp-te blockade-multiplier

of blockade state

28.5.4 Enabling RSVP Message Transmission Reliability

This operation enables the reliability of RSVP message transmission.
Context
l Reliability refers to the Message_ID extension mechanism and it is used to confirm the
RSVP message. Thus, the transmission reliability of the RSVP message is improved. Before
enabling the Message-ID mechanism, you must enable RSVP-TE feature first. After
enabling the Message_ID mechanism on the interface, configure the retransmission
parameters.
l By default, the reliability function of an interface is disabled; the retransmission interval
and increment are 600 ms and 1 ms respectively.
Procedure
Step 2 Run the mpls rsvp-te reliability command to enable reliability on the interface.
Step 3 Run the mpls rsvp-te timer retransmission command to configure retransmission parameters.
----End
Example
To enable the reliability on the VLAN interface 20 and set the retransmission interval and
increment to 600 ms and 2 ms respectively, do as follows:
huawei(config-if-vlanif20)#mpls rsvp-te reliability
huawei(config-if-vlanif20)#mpls rsvp-te timer retransmission retransmit-value
600 increment-value 2
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te reliability
mpls rsvp-te timer retransmission retransmit-value 600 increment-value 2
#
<vlanif30>
interface vlanif30
#
return

Related Operation
Table 28-13 lists the related operations for configuring RSVP message transmission reliability.
Table 28-13 Related operations for configuring RSVP message transmission reliability
Disable RSVP message transmission undo mpls rsvp-te reliability

reliability
Cancel the configuration of undo mpls rsvp-te timer retransmission

retransmission parameters
28.5.5 Enabling RSVP-TE Srefresh Function

This operation enables RSVP-TE Summary Refresh (Srefresh) function.
Context
l Enabling Srefresh prohibits the traditional time-driving refresh on the current interface.
Srefresh message is used to refresh the state of path and reserved resources.
l By default, Srefresh is disabled on the interface.
Procedure
Step 2 Run the mpls rsvp-te srefresh command to enable Srefresh on the interface.
----End
Example
To enable RSVP-TE Srefresh on VLAN interface 20, do as follows:
huawei(config-if-vlanif20)#mpls rsvp-te srefresh
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello

mpls rsvp-te srefresh

#
<vlanif30>
interface vlanif30
#
return
Related Operation
Table 28-14 lists the related operation for enabling RSVP-TE Srefresh.
Table 28-14 Related operation for enabling RSVP-TE Srefresh

Disable RSVP-TE Srefresh function undo mpls rsvp-te srefresh
28.5.6 Enabling RSVP-TE Reservation Confirmation Mechanism

This operation enables RSVP-TE reservation confirmation mechanism.
Context
l The reservation confirmation is initiated by the receiver of Path message. An object that
requires confirming the reservation is carried along the Resv message sent by the receiver.
l By default, RSVP-TE reservation confirmation function is disabled.
NOTE
Receiving the ResvConf message does not mean that resource reservation succeeds. It only means that
resources are reserved successfully on the farthest upstream node where this Resv message arrives. These
resources may still be preempted by other applications later.
Procedure
Step 2 Run the mpls rsvp-te resvconfirm command to enable the reservation confirmation mechanism
of the node.
----End
Example
To enable the reservation confirmation mechanism on a node, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls rsvp-te resvconfirm
[MA5600V300R003: 3002]
#
[mpls]
<mpls>

mpls lsr-id 100.10.10.10

mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te resvconfirm
mpls te cspf
#
return
Related Operation
Table 28-15 lists the related operation for enabling RSVP-TE reservation confirmation
mechanism.
Table 28-15 Related operation for enabling RSVP-TE reservation confirmation mechanism
Disable RSVP-TE reservation undo mpls rsvp-te resvconfirm

confirmation mechanism
28.5.7 Enabling RSVP Authentication

This operation enables RSVP authentication.
Context
l Before enabling RSVP authentication on a VLAN interface, enable the RSVP-TE feature
first.
l After RSVP authentication is enabled, RSVP-TE transmits authentication summary
generated by authentication key and hash algorithm. A summary of all messages received
at or sent from the interface is calculated by using the authentication key.
l By default, the RCVP authentication is disabled.
Procedure
Step 2 Run the mpls rsvp-te authentication command to enable RSVP authentication.
----End
Example
To enable the RSVP authentication on a node, do as follows:

huawei(config-if-vlanif20)#mpls rsvp-te authentication cipher huaweiuser

[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te authentication cipher TBESB1:RIXa"..$6++O5YQ!!
#
return
Related Operation
Table 28-16 lists the related operation for enabling RSVP authentication.
Table 28-16 Related operation for enabling RSVP authentication
Disable the RSVP authentication undo mpls rsvp-te authentication
28.6 Tuning the Establishment of CR-LSP

This operation enables you to tune the establishment of CR-LSP.
Context
CSPF uses the TEDB and constraints to calculate the appropriate paths and establishes CR-LSP
through the signaling protocol. MPLS TE provides many ways to influence the CSPF
computation for tuning the CR-LSP establishment.
l Tie-breaking
CSPF only calculates the shortest path to reach the tunnel destination. During the path
computation, if there are several paths with the same metric, you can select one of them.
l Route pinning
The feature that a CR-LSP is not reestablished as routes change is called route pinning.
l Administrative group and affinity property
The affinity property of the MPLS TE tunnel determines the links that the tunnel uses.
The affinity property coordinates with link administrative group to decide what links
the tunnel uses.

l Reoptimization
Dynamically optimizing CR-LSP is to periodically recompute routes for CR-LSP. If

the route by recomputation is better than the route in use, then a new CR-LSP is
established, according to the route recomputed. The services are switched from the old
CR-LSP to the new CR-LSP, and the old one is deleted.
NOTE
The configuration described in this section must be used together with the CSPF and the CR-LDP or RSVP-
TE protocol.
28.6.1 Configuring Tie-Breaking of CSPF

This operation enables you to configure tie-breaking of CSPF.
28.6.2 Configuring Route Pinning of CSPF
This operation enables you to configure the route pining of CSPF.
28.6.3 Configuring Administrative Group and Affinity Property
This operation enables you to configure the administrative group and affinity property.
28.6.4 Configuring Reoptimization for CR-LSP
This operation enables you to configure reoptimization for CR-LSP.
28.6.1 Configuring Tie-Breaking of CSPF

This operation enables you to configure tie-breaking of CSPF.
Context
l The default setting in the MPLS view is random.
l The tunnel takes the tie-breaking policy configured in its tunnel interface view as a priority.
If there is no related configuration in that view, it uses the method in the MPLS view.
Procedure
Step 1 Run the mpls command to enter MPLS view.
Step 2 Run the mpls te tie-breaking command to configure tie-breaking methods on the current node
for selecting the path policy when there are several paths with the same metric.
Step 3 In tunnel interface mode, run the mpls te tie-breaking command to configure tie-breaking
methods on the tunnel interface for selecting the path policy when there are several paths with
the same metric.
Step 4 Run the mpls te commit command to commit the current configuration.
----End
Example
To set the tie-breaking method on the current node to random and that on tunnel 100 as maximal
ratio of the idle bandwidth, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls te tie-breaking random

huawei(config-if-tunnel10)#mpls te tie-breaking least-fill
[MA5600V300R003: 3002]
#
[mpls]
<mpls>
mpls lsr-id 100.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te resvconfirm
mpls te cspf
#
return
[MA5600V300R003: 2002]
#
[tunnel]
<tunnel100>
interface tunnel10
mpls te tie-breaking least-fill
mpls te commit
#
return
Related Operation
Table 28-17 lists the related operation for configuring tie-breaking of CSPF.
Table 28-17 Related operation for configuring tie-breaking of CSPF
Restore the default tie-breaking methods for undo mpls te tie-breaking

selecting a path
28.6.2 Configuring Route Pinning of CSPF

This operation enables you to configure the route pining of CSPF.
Context
l By default, route pinning is disabled.

l If the route pinning is enabled, then the MPLS TE reoptimization or auto bandwidth
adjustment cannot be used at the same time.
Procedure
Step 1 Run the interface tunnel command to enter the tunnel interface view of the MPLS TE tunnel.
Step 2 Run the mpls te route-pinning command to enable the route pining function.
Step 3 In the Tunnel interface view, run the mpls te commit command to commit the current
configuration.
----End
Example
To enable the tunnel pining of tunnel 100, do as follows:
huawei(config-if-tunnel10)#mpls te route-pinning
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te commit
#
return
Related Operation
Table 28-18 lists the related operation for configuring route pining.
Table 28-18 Related operation for configuring route pining
Disable the route pining of a tunnel interface undo mpls te route-pinning
28.6.3 Configuring Administrative Group and Affinity Property

This operation enables you to configure the administrative group and affinity property.

Context
l By default, the values of administrative group, affinity property and mask are all 0x0.
l The modification of administrative group and affinity attribute is valid only for new LSPs
but not for the established ones. Modifying the affinity property of the tunnel affects the
established LSP after the modification is committed, and TE tunnel path is recalculated.
Procedure
Step 2 Run the mpls te link administrative group command to configure administrative group of the
VLAN interface.
Step 3 In tunnel interface mode, run the mpls te affinity property command to configure affinity
property for the tunnel.
Step 4 In tunnel interface mode, run the mpls te commit command to commit the current configuration.
----End
Example
To set the values of administrative group and affinity property to 0x0101 and the mask to 0x303,
do as follows:
huawei(config)#interface vlan 20
huawei(config-if-vlanif20)#mpls te link administrative group 0x0101
Info: The configuration will take into effect ONLY for the newly created LSP.
huawei(config-if-tunnel10)#mpls te affinity property 0x101 mask 0x303
[MA5600V300R003: 3002]
#
[vlanif]
<vlanif2>
interface vlanif2
#
<vlanif20>
interface vlanif20
ip address 202.100.100.1 255.255.255.0
mpls
mpls te
mpls te link administrative group 101
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te authentication cipher TBESB1:RIXa"..$6++O5YQ!!
#
<vlanif30>
interface vlanif30
[MA5600V300R003: 3002]
#

[tunnel]
<tunnel10>
interface tunnel10
mpls te affinity property 101 mask 303
mpls te commit
#
return
Related Operation
Table 28-19 lists the related operations for configuring administrative group and affinity
property.
Table 28-19 Related operations for configuring administrative group and affinity property
Restore the default administrative group undo mpls te link administrative group
Restore the default affinity property of an undo mpls te affinity property

MPLS TE tunnel
28.6.4 Configuring Reoptimization for CR-LSP

This operation enables you to configure reoptimization for CR-LSP.
Context
l By default, reoptimization is disabled. The default timing reoptimization interval is 3600s.
l After configuring the timing reoptimization in the tunnel view, return to the user view and
run the mpls te reoptimization command to re-optimize the optimized tunnels
immediately. When the mpls te reoptimization command is executed, the reoptimization
timer resets and starts to count the time again.
l The CR-LSP reoptimization cannot be configured when the route pining is enabled.
Procedure
Step 1 Run the interface tunnel command to enter tunnel interface mode.
Step 2 Run the mpls te reoptimization command to enable periodic reoptimization of the MPLS TE
tunnel.
Step 4 Run the mpls te reoptimization command to reoptimize the TE tunnel. (Optional)
----End

Example
To reoptimize the tunnel 100 and set the periodic reoptimization interval to 1000s, do as follows:
huawei(config-if-tunnel10)#mpls te reoptimization frequency 1000
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te reoptimization frequency 1000
mpls te commit
#
return
Related Operation
Table 28-20 lists the related operation for configuring reoptimization of CR-LSP.
Table 28-20 Related operation for configuring reoptimization of CR-LSP

Disable the reoptimization of CR-LSP on undo mpls te reoptimization

a tunnel
28.7 Tuning the Establishment of an MPLS TE Tunnel

This operation enables you to tune the establishment of an MPLS TE tunnel.
Context
During the establishment of the MPLS TE tunnel, certain specific configuration is required for
practical application to ensure the security and stability of data transmission.
NOTE
The configurations introduced in this section must be used together with the CR-LDP or the RSVP-TE
protocol. The MA5600 supports only the RSVP-TE protocol.
28.7.1 Configuring Loop Detection

This operation enables you to configure loop detection.
28.7.2 Configuring the Route Record and the Label Record
This operation enables you to configure the route record and the label record.
28.7.3 Configuring Parameters of Tunnel Reestablishment

This operation enables you to configure the parameters of tunnel reestablishment.

28.7.4 Configuring Tunnel Priority
This operation enables you to configure tunnel setup priority and hold priority.
28.7.1 Configuring Loop Detection

This operation enables you to configure loop detection.
Context
l By default, loop detection is disabled.
l The loop detection mechanism of TE allows a maximum hop count of 32. If the path
information table contains the record of the local LSR, or the hop count of the path exceeds
the maximum value, it is considered that a loop occurs and the establishment of LSP fails.
Procedure
Step 2 Run the mpls te loop-detection command to enable loop detection on tunnel creation.
----End
Example
To enable loop detection on tunnel 100, do as follows:
huawei(config-if-tunnel10)#mpls te loop-detection
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te loop-detection
mpls te commit
#
return
Related Operation
Table 28-21 lists the related operation for configuring loop detection.

Table 28-21 Related operation for configuring loop detection

Disable loop detection undo mpls te loop-detection
28.7.2 Configuring the Route Record and the Label Record

This operation enables you to configure the route record and the label record.
Context
By default, the route record and the label record are disabled.
Procedure
Step 1 Run the interface tunnel command to enter the tunnel interface view of the MPLS TE tunnel.
Step 2 Run the mpls te record-route command to enable the route record and the label record on tunnel
establishment.
----End
Example
To enable the route record and label record for tunnel 100 on tunnel establishment, do as follows:
huawei(config-if-tunnel10)#mpls te record-route lable
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te record-route label
mpls te commit
#
return
Related Operation
Table 28-22 lists the related operation for configuring route record and label record.

Table 28-22 Related operation for configuring route record and label record
Disable route record and label record on undo mpls te record-route

tunnel establishment
28.7.3 Configuring Parameters of Tunnel Reestablishment

This operation enables you to configure the parameters of tunnel reestablishment.
Context
l If the establishment of a tunnel fails, the system attempts to re-establish the tunnel within
a certain interval until the attempts exceed the maximum reestablishment times.
l By default, the creation retry times are 5 and the interval for tunnel reestablishment is 10
seconds.
Procedure
Step 2 Run the mpls te retry command to specify the retry times for tunnel reestablishment.
Step 3 Run the mpls te timer retry command to specify the interval for tunnel reestablishment.
----End
Example
To specify the retry times for tunnel establishment as 3 and the interval for tunnel reestablishment
as 5s, do as follows:
huawei(config-if-tunnel10)#mpls te retry 3
huawei(config-if-tunnel10)#mpls te timer retry 5
[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te retry 3
mpls te timer retry 5


mpls te commit
#
return
Related Operation
Table 28-23 lists the related operations for configuring parameters of tunnel reestablishment.
Table 28-23 Related operations for configuring parameters of tunnel establishment

Restore the default retry times for tunnel undo mpls te retry
reestablishment
Restore the default interval for tunnel undo mpls te timer retry
reestablishment
28.7.4 Configuring Tunnel Priority

This operation enables you to configure tunnel setup priority and hold priority.
Context
l Both the setup priority and the hold priority range from 0 to 7. The smaller the value is, the
higher the priority is. By default, the setup priority and the hold priority are 7.
l If only the tunnel setup priority is configured, the hold priority is the same as the setup
priority.
l The setup priority should not be higher than the hold priority.
Procedure
Step 2 Run the mpls te priority command to configure the setup priority and hold priority for the MPLS
TE tunnel.
Step 3 Run the mpls te timer retry command to configure the interval for tunnel reestablishment.
----End
Example
To configure the setup priority as 6 and hold priority as 3 for tunnel 100, do as follows:
huawei(config-if-tunnel10)#mpls te priority 6 3


[MA5600V300R003: 3002]
#
[tunnel]
<tunnel10>
interface tunnel10
mpls te retry 3
mpls te timer retry 5
mpls te priority 6 3
mpls te commit
#
return
Related Operation
Table 28-24 lists the related operation for configuring tunnel priority.
Table 28-24 Related operation for configuring tunnel priority

Restore the default setup priority and hold undo mpls te priority
priority of an MPLS TE tunnel

Configuration Guide 29 Configuring the VLAN Stacking Wholesale Service
29 Configuring the VLAN Stacking

Wholesale Service
About This Chapter
This chapter describes the VLAN stacking wholesale service and how to configure the service
on the MA5600.
29.1 Overview
This section describes how to use the VLAN stacking attribute to implement the wholesale
service and to extend the VLAN ID function.
29.2 Configuration Example of the Wholesale Service
This example shows how to configure the wholesale service so that the services provisioned by
the ISP can be quickly delivered to the specified user group.

29 Configuring the VLAN Stacking Wholesale Service Configuration Guide
29.1 Overview
This section describes how to use the VLAN stacking attribute to implement the wholesale
service and to extend the VLAN ID function.
Service Description
The MA5600 provides two tags (one is an inner tag and the other is an outer tag) in the 802.1Q
format for a packet through the VLAN stacking attribute. The packet carries two VLAN tags
and accesses the layer 2 switch network. The system forwards the packet in the layer 2 switch
network according to the outer VLAN tag of the packet.
l Wholesale service
In a layer 2 metropolitan area network (MAN), there may exist multiple Internet service
providers (ISPs). To quickly deliver the services provided by the ISPs to a specified user
group, you can use the outer VLAN tag of the packet to identify the ISP and use the inner
VLAN tag of the packet to identify the user. In this way, different user groups can access
the specified ISP network in batches based on different outer VLAN tags, and obtain the
corresponding services provided by the ISP.
NOTE
In the wholesale service, the upper layer device must work in the layer 2 mode, and forward packets
based on the VLAN and the MAC address.
l VLAN ID extension
In the VLAN ID extension, the outer VLAN tag is used to identify the access device and
the inner VLAN tag is used to identify the access users. The BRAS identifies access users
according to the layer 2 VLAN tags. In this way, the number of users identified by VLAN
IDs increases. Meanwhile, the number of the users accessing the BRAS increases.
NOTE
The VLAN ID extension needs the support of the BRAS.
For the features of the VLAN stacking and the details on the features, refer to the chapter "VLAN
Stacking" in the MA5600 Feature Description.
The MA5600 supports up to 4000 VLANs configured with the VLAN stacking attribute.
The following VLANs cannot be configured with the VLAN stacking attribute:
l Super VLANs
l Sub VLANs
l VLANs configured with the layer 3 interface
l System default VLAN
29.2 Configuration Example of the Wholesale Service

This example shows how to configure the wholesale service so that the services provisioned by
the ISP can be quickly delivered to the specified user group.

Networking
Figure 29-1 shows a sample network for configuring the wholesale service
ISP1 provides the broadband services for users 1 and 2, and ISP2 provides the broadband services
for users 3 and 4. Based on the VLAN stacking feature, the MA5600 adds the outer VLAN tag
to differentiate ISPs and the inner VLAN tag to differentiate users, and forwards the user packets
to the layer 2 network. Then the layer 2 switch forwards the user packets to the specified ISP
BRAS based on the outer VLAN tag. The ISP BRAS peels the outer VLAN tag and identifies
the user based on the inner VLAN tag. After passing the ISP BRAS authentication, the user can
obtain the services provided by the ISPs.
Figure 29-1 Sample network for configuring the wholesale service
Internet
ISP1 VLAN ID: 60 VLAN ID: 61 ISP2
BRAS BRAS
MA5600
Modem
User 1 User 2 User 3 User 4
Data Plan
Table 29-1 lists the data plan for configuring the wholesale service.
Table 29-1 Data plan for configuring the wholesale service
Item Data
ISP1 user group Upstream port: 0/7/0
Upstream VLAN ID (outer VLAN tag): 60


Item Data
User 1:
l ADSL2+ port: 0/2/0
l VPI/VCI: 0/35 (the same as that of the modem)
l Inner VLAN tag: 11
User 2:
ISP2 user group Upstream port: 0/7/0
Upstream VLAN ID (outer VLAN tag): 61

User 3:
User 4:
Figure 29-2 shows the flowchart for configuring the wholesale service.

Figure 29-2 Flowchart for configuring the wholesale service
Start
Create a VLAN
Set the VLAN attribute as stacking
Add an upstream port to the VLAN
Set the inner VLAN tag
Save the data
End
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 60-61 smart
Step 2 Set the VLAN attribute.

huawei(config)#vlan attrib 60-61 stacking

huawei(config)#port vlan 60-61 0/7 0

Step 5 Set the inner VLAN tag.

huawei(config)#stacking label 0/2/0 11

huawei(config)#save
----End

Result
After passing the ISP1 BRAS authentication, users 1 and 2 can obtain the services provided by
ISP1.
After passing the ISP2 BRAS authentication, users 3 and 4 can obtain the services provided by
ISP2.

Configuration Guide 30 Configuring the QinQ VLAN Leased Line Service
30 Configuring the QinQ VLAN Leased

Line Service
About This Chapter
This chapter describes the QinQ VLAN leased line service and how to configure the service on
the MA5600.
30.1 Overview
This section describes the application of the QinQ feature to the leased line access service.
30.2 Configuration Example of the QinQ VLAN Leased Line Service
This example shows how to configure the leased line access based on the QinQ feature to provide
a secure channel for data transmission between private networks of the enterprise.
30.3 Enabling Transparent Transmission of BPDUs
This operation enables transparent transmission of Bridge Protocol Data Units (BPDUs). Then,
the BPDUs of private networks (upstream/downstream packets with the MAC addresses ranging
from 01-80-c2-00-00-00 to 01-80-c2-00-00-2f) can be transparently transmitted based on the
QinQ function of the public network.

30 Configuring the QinQ VLAN Leased Line Service Configuration Guide
30.1 Overview
This section describes the application of the QinQ feature to the leased line access service.
Service Description
The QinQ feature is applied to the broadband leased line access service. By using the resources
of the public network, the QinQ feature provides a transparent and secure data channel for the
private network of an enterprise.
The MA5600 uses the QinQ feature to add a VLAN tag of the public network (QinQ VLAN)
for the packet that accesses the local device and carries the tag of the private network. Carrying
the VLAN tag of the private network, the packet is forwarded in the public network based on
the VLAN tag of the public network and then the packet reaches the remote MA5600. The remote
MA5600 peels the outer VLAN tag of the packet, and then sends the packet to the remote private
network of the enterprise.
For the features of QinQ and the details on the features, refer to the chapter "QinQ VLAN" in
the MA5600 Feature Description.
l Lease line access mode
The MA5600 uses the SHDSL access mode to provide a symmetric upstream/downstream
bandwidth of 2 Mbit/s for the enterprise.
l Transparent transmission of a BPDU packet
The MA5600 can transparently transmit a BPDU packet of a private network to a remote
private network through the QinQ leased line access service.
l Connection type of the lease line access service
– Single PVC for single service
– Single PVC for multiple services (differentiated by encapsulation types)
l QinQ VLAN application limitation
The MA5600 supports up to 4000 QinQ VLANs.
The following VLANs cannot be configured as QinQ VLANs:
– Super VLANs
– Sub VLANs
– VLANs configured with the layer 3 interface
– System default VLAN
30.2 Configuration Example of the QinQ VLAN Leased Line

Service
This example shows how to configure the leased line access based on the QinQ feature to provide
a secure channel for data transmission between private networks of the enterprise.

Prerequisite
l The service boards are in the normal state.
l The upper layer network is in layer 2 mode, and forwards packets based on the VLAN and
the MAC address.
Networking
Figure 30-1 shows a sample network for configuring the QinQ VLAN leased line service.
The two branches of enterprise A are connected to the MAN through MA5600_A and
MA5600_B respectively. Configure the QinQ leased line access for enterprise A on
MA5600_A and MA5600_B respectively so that the private services and BPDU packets of
enterprise A can be transparently transmitted through the public network.
Figure 30-1 Sample network for configuring the QinQ VLAN leased line service
MAN
L2/L3 L2/L3
S CON S CON
ETH ETH
H ESC
H ESC
E E
B B GE 0/7/0
GE 0/7/0
SCU MA5600_A SCU MA5600_B

Modem
Modem
LSW LSW
Enterprise A Enterprise B
Data Plan
Table 30-1 lists the data plan for configuring the QinQ VLAN leased line service.
Table 30-1 Data plan for configuring the QinQ VLAN leased line service
Item Data
MA5600_A SHEBPort:0/5/0

Item Data
Upstream VLAN ID: 50

VLAN attribute: QinQ
BPDU transparent transmission: enable
Traffic profile index: 5 (the default). Access rate: 2 Mbit/s

VPI/VCI: 0/35 (the same as that of the modem)
MA5600_B The same as the data plan of MA5600_A
Figure 30-2 shows the flowchart for configuring the QinQ VLAN leased line service.
Figure 30-2 Flowchart for configuring the QinQ VLAN leased line service
Start
Create a VLAN
Set the VLAN attribute as QinQ
Enable transparent transmission of

BPDU packets
Add an upstream port to the VLAN
Save the data
End
The configuration of MA5600_A is the same as that of MA5600_B. In this section, the
configuration of MA5600_A is taken as an example to describe how to configure the QinQ
VLAN leased line service.

Procedure
Step 1 Create a VLAN.
Step 2 Set the VLAN attribute.

Step 3 Enable transparent transmission of BPDU packets.

huawei(config)#bpdu tunnel enable

huawei(config)#port vlan 50 0/7/0

huawei(config)#service-port vlan 50 shdsl 0/5/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5

huawei(config)#save
----End
Result
The private networks of enterprise A, which is located on two sites, can communicate with each
other in the normal state and the services can be transmitted between the two networks.
30.3 Enabling Transparent Transmission of BPDUs

This operation enables transparent transmission of Bridge Protocol Data Units (BPDUs). Then,
the BPDUs of private networks (upstream/downstream packets with the MAC addresses ranging
from 01-80-c2-00-00-00 to 01-80-c2-00-00-2f) can be transparently transmitted based on the
QinQ function of the public network.
Context
l When the transparent transmission of BPDUs is enabled, the layer 2 BPDUs under the
QinQ VLAN can be transparently transmitted.
l Otherwise, these BPDUs cannot be transparently transmitted.
Procedure
Step 1 Run the bpdu tunnel enable command to enable transparent transmission of BPDUs.
Step 2 Run the display bpdu tunnel config command to display transparent transmission status of
BPDUs.
----End
Example
To enable transparent transmission of the L2 BPDUs, do as follows:
huawei(config)#bpdu tunnel enable
huawei(config)#display bpdu tunnel config
BPDU tunnel function is enabled

Related Operation
Table 30-2 lists the related operation for enabling transparent transmission of BPDUs.
Table 30-2 Related operation for enabling transparent transmission of BPDUs

Disable transparent transmission of BPDUs bpdu tunnel disable

Configuration Guide 31 Configuring the Multicast Service
31 Configuring the Multicast Service
About This Chapter
This chapter describes the multicast service and how to configure the service on the MA5600.
31.1 Overview
This chapter describes multicast and its application to the MA5600.
31.2 Configuration Example of IGMP Proxy Multicast Service
This example shows how to realize the IGMP proxy multicast service.
31.3 Configuration Example of IGMP Snooping
This example shows how to configure the IGMP snooping multicast service.
31.4 Configuration Example of Multicast Service in Subtending Mode
This example shows how to configure the multicast service in subtending mode.
31.5 Configuring Multicast Service in MSTP Networking
This operation enables you to configure multicast service in MSTP networking.
31.6 Setting the IGMP Mode
This operation enables you to set the IGMP mode, including IGMP proxy and IGMP snooping.
31.7 Configuring an IGMP Upstream Port
This operation enables you to add an IGMP upstream port and set its mode and assigned
bandwidth rate.
31.8 Specifying a Subtending Port
This operation enables you to specify a subtending port. To subtend the MA5600 to a slave shelf
with multicast service users, you need to define the port connecting to the slave shelf as a
subtending port.
31.9 Configuring a Program for a Static Subtending Port
This operation enables you to add a program for a static subtending port.
31.10 Configuring IGMP Global Parameters
This section describes how to configure the IGMP global parameters.
31.11 Adding a Program
This operation enables you to add one or more programs to the program library.

31 Configuring the Multicast Service Configuration Guide
31.12 Managing Multicast Bandwidth

This section describes how to manage multicast bandwidth.
31.13 Configuring an Authority Profile
This section describes how to configure an authority profile.
31.14 Configuring Multicast Users
This section describes how to configure multicast users.
31.15 Configuring the Preview Function
This section describes how to configure the preview function.
31.16 Configuring the Logging Function
This section describes how to configure the logging function.

31.1 Overview
This chapter describes multicast and its application to the MA5600.
Service Description
With the advent of multimedia, video, and data warehouse in the Internet, the multicast service
is becoming increasingly popular in service applications. It is widely applied in streaming,
remote learning, video conferencing, video on demand (VOD), net gaming, internet data center
(IDC), and other point-to-multipoint fields.
For details on the multicast service, refer to the chapter "Multicast" in the Feature
Description.
Designed with carrier-class multicast operability, the MA5600 supports multicast protocols
(from user to network), paving the way for provisioning value-added broadband multicast
services.
The MA5600 supports operable and manageable controlled multicast services. The MA5600
supports two modes: IGMP proxy and IGMP snooping. In IGMP proxy mode, the MA5600
supports V2/V3. In IGMP snooping mode, the MA5600 supports V2.
The MA5600 supports:
l 1024 multicast groups

l Multicast preview, with the maximum number of configurable previews in a day, preview
duration and preview interval
l Audience statistics supported
l Controllable multicast to control users' access to multicast groups and authority profiles.
l Authority profile types are: watch, preview, forbidden and idle. The priorities of the four
types of authority profiles are configurable to satisfy different requirements for multicast
operations.
31.2 Configuration Example of IGMP Proxy Multicast

Service
This example shows how to realize the IGMP proxy multicast service.

l There exists the multicast source in the network and its IP address is known.
l The related service boards are normal.
Networking
Figure 31-1 shows the sample network the IGMP proxy application.

Figure 31-1 Sample network of the IGMP proxy application
Internet
Video server
Router
A CON
D ETH
MON
G
E
GE0/7/1
MA5600
Modem Modem
PC PC
Data Plan
Table 31-1 lists the data plan for configuring IGMP proxy.
Table 31-1 Data plan for configuring IGMP proxy

Item Data
Upstream port 0/7/1
Program library The multicast server provides three programs. Uplink port 0/7/1
and VLAN 2 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
Authority profile Profile 0

In authority profile 0, the user is allowed to access program1
(224.1.1.1) and program2 (224.1.1.2) in the program library.
User Multicast user 1, with service port of 0/2/0, VPI/VCI of 0/35 and
bound with authority profile 0
Multicast user 2, with service port of 0/2/1, VPI/VCI of 0/35, with
no authentication.

Item Data
Port (on the upper layer IP address: 10.0.0.254

router) connected to the
MA5600
Modem VPI/VCI of modem connected to the port: 0/35.
Figure 31-2 shows the flowchart for configuring IGMP proxy.
Figure 31-2 Flowchart for configuring IGMP proxy
Multicast service configuration
Start Set IGMP Proxy mode
Configure IGMP
Configure the xDSL port upstream port
(Optional) Configure
Create a Smart VLAN
IGMP global parameters
Add the upstream port to

the VLAN Configure program library
Set native VLAN for the

port (Optional)Configure
preview attributes
Configure the service port

Configure authority profile
VLAN configuration
Configure multicast user
End
Procedure
Step 1 Configure the xDSL port.
In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do
not have to configure a line profile.
Step 2 Configure a VLAN.

1. Create a VLAN.

2. Add an upstream port to the VLAN.

3. Configure the native VLAN of the port.

4. Add service ports to the VLAN.

Step 3 Configure the multicast service.

1. Set the multicast mode.
huawei(config)#btv
huawei(config-btv)#igmp mode proxy
NOTE
By default, the multicast mode is proxy. Therefore, you do not have to set it usually.
2. Configure the IGMP upstream port.
huawei(config-btv)#igmp uplink-port-mode program
huawei(config-btv)#igmp uplink-port 0/7/1 100
3. Configure the global parameters.

For details, refer to "31.10 Configuring IGMP Global Parameters."
4. Configure the program library.
huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 sourceip
192.168.1.2 vlan 2 bind 0/7/1 hostip 10.0.0.254
192.168.1.2 vlan 2 bind 0/7/1 hostip 10.0.0.254
192.168.1.2 vlan 2 bind 0/7/1 hostip 10.0.0.254
5. Configure the authority profile.

huawei(config-btv)#igmp profile profile-name profile0 program-name program1
watch
watch
6. Configure the multicast users.

huawei(config-btv)#igmp user add port 0/2/1 adsl 0 35 no-auth max-program 8
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 auth max-program 8
huawei(config-btv)#igmp user bind-profile port 0/2/0 profile-name profile0
huawei(config-btv)#quit

huawei(config)#save
----End
Result
l User 1 can watch program 1 and program 2, but cannot watch program 3.
l User 2 can watch all programs.
31.3 Configuration Example of IGMP Snooping

This example shows how to configure the IGMP snooping multicast service.

Prerequisite
Before configuring IGMP snooping, make sure that:
Networking
Figure 31-3 shows a sample network for configuring the IGMP snooping.
Figure 31-3 Sample network for configuring the IGMP snooping
Internet
Video server
Router
A CON
D ETH
MON
G
E
GE0/7/1
MA5600
Modem Modem
PC PC
Data Plan
Table 31-2 lists the data plan for configuring IGMP snooping.
Table 31-2 Data plan for configuring IGMP snooping

Item Data
Upstream port 0/7/1

Item Data
Program library The multicast server provides three programs. Uplinnk port
0/7/1 and VLAN 2 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
Authority profile Profile 0

In authority profile 0, the user is allowed to access program1
(224.1.1.1) and program2 (224.1.1.2) in the program library.
User Multicast user 1, with service port of 0/2/0, VPI/VCI of 0/35, and
bound with authority profile 0.
Multicast user 2, with service port of 0/2/1, VPI/VCI of 0/35, with
no authentication.
Port (on the upper layer IP address: 10.0.0.254

router) connected to the
MA5600
Modem VPI/VCI of modem connected to the port: 0/35.
Figure 31-4 shows the flowchart for configuring the IGMP snooping.

Figure 31-4 Flowchart for configuring the IGMP snooping

Start Set IGMP mode
Configure IGMP upstream

Configure the xDSL port port
Create a Smart VLAN IGMP Snooping global
parameters


preview attributes

VLAN configuration
End
Procedure
Step 1 Configure the xDSL port.
In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do
not have to configure a line profile.
Step 2 Configure a VLAN.

1. Create a VLAN.
2. Add an upstream port to the VLAN.

3. Configure the native VLAN of the port.

4. Add service ports to the VLAN.


1. Set the multicast mode.
huawei(config)#btv
huawei(config-btv)#igmp mode snooping

2. Configure the IGMP upstream port.

3. Configure the global parameters.

For details, refer to "31.10 Configuring IGMP Global Parameters."
huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 2 bind
0/7/1 hostip 10.0.0.254
0/7/1 hostip 10.0.0.254
0/7/1 hostip 10.0.0.254
5. Configure the authority profile.

watch
watch
6. Configure the multicast users.

huawei(config-btv)#igmp user add port 0/2/1 adsl 0 35 no-auth max-program 8
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 auth max-program 8

huawei(config)#save
----End
Result
31.4 Configuration Example of Multicast Service in

Subtending Mode
This example shows how to configure the multicast service in subtending mode.
Networking
Figure 31-5 shows a sample network for configuring the subtended multicast service.

Figure 31-5 Sample network for configuring the subtended multicast service
Internet
Video server
Router
CON
ETH
MON
GE0/7/0
GE0/7/1
MA5600_A
A CON
D ETH
MON
G
E
GE0/7/0
GE0/7/1
MA5600_B
Modem Modem
PC PC
Data Plan
Table 31-3 lists the data plan for configuring the subtended multicast service.
Table 31-3 Data plan for configuring the subtended multicast service
Item Data
MA5600_A SCU board

The SCU board provides an upstream port (0/7/0) to connect to the upper
layer multicast router (with IP address of 10.0.0.254) and a subtending port
(0/7/1) to connect to the MA5600_B.
VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
Add port 1 on the SCU board to VLAN 100 as the subtending port.

Item Data
The multicast server provides three programs. Uplink port 0/7/0 and
VLAN 100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
The IP address of the port of the upper layer router that is interconnected
to the MA5600 is 10.0.0.254.
MA5600_B VLAN
Add port 0 on the SCU board to VLAN 100 as the upstream port of this
VLAN.
The multicast server provides three programs. Uplink port 0/7/0 and
VLAN 100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
Authority profile
Set profile 0 as the authority profile. Based on this profile, users can watch
program 1 (224.1.1.1) and program 2 (224.1.1.2) in the program library.
ADSL board
In slot 0/2, the ADSL board is bound with the default line profile (profile
1). The VPI/VCI of the modem connected to the ADSL port is 0/35
(default).
User
Add two users 0/2/0 and 0/2/1. Bind port 0/2/0 with profile 0 and port
0/2/1 does not need authentication.
Figure 31-6 and Figure 31-7 show the flowchart for configuring multicast service in subtending
mode.

Figure 31-6 Flowchart for configuring multicast service in subtending mode (MA5600_A)
Configure IGMP mode
Start Set IGMP upstream port
(Optional) Configure IGMP

Create a VLAN
global parameters
Add upstream port

Configure program library
Set native VLAN for

the port Configure the subtending
port
VLAN configuration
End
Figure 31-7 Flowchart for configuring multicast service in subtending mode (MA5600_B)
Start Set IGMP Proxy mode
Configure IGMP
Configure the xDSL port upstream port
Create a VLAN IGMP global parameters


preview attributes

VLAN configuration
End

Procedure
l Procedure for configuring MA5600_A
1. Configure a VLAN.
– Create a VLAN.
– Add upstream ports to the VLAN.

huawei(config)#port vlan 100 0/7 0-1
– Set the native VLAN of the ports.

2. Configure the multicast service.

– Set the multicast mode.
huawei(config)#btv
– Configure the IGMP upstream port.

– Configure the program library.

192.168.1.2 vlan 100 bind 0/7/0 hostip 10.0.0.254
192.168.1.2 vlan 100 bind 0/7/0 hostip 10.0.0.254
192.168.1.2 vlan 100 bind 0/7/0 hostip 10.0.0.254
– Configure the multicast subtending port.

huawei(config-btv)#igmp cascade-port 0/7/1 static enable
3. Save the data.

huawei(config)#save
l Procedure for configuring MA5600_B

1. Configure the xDSL port.
In this example, the ADSL port is bound with the default line profile (profile 1002).
2. Configure a VLAN.
– Create a VLAN.
– Add an upstream port to the VLAN.

– Set the native VLAN of the port.

– Add service ports to the VLAN.

huawei(config)#service-port vlan 100 adsl 0/2/0 vpi 0 vci 35 rx-cttr 6
tx-cttr 6
tx-cttr 6

huawei(config)#btv



192.168.1.3 vlan 100 bind 0/7/0
huawei(config-btv)#igmp program add name program2 ip 224.1.1.2
192.168.1.3 vlan 100 bind 0/7/0
huawei(config-btv)#igmp program add name program3 ip 224.1.1.3
192.168.1.3 vlan 100 bind 0/7/0
– Configure the authority profile.

huawei(config-btv)#igmp profile profile-name profile0 program-name
program1 watch
program2 watch
– Configure the multicast user.

huawei(config-btv)#igmp user add port 0/2/1 adsl 0 35 no-auth
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 auth
huawei(config-btv)#igmp user bind-profile port 0/2/0 profile-name
profile0
Save the data.huawei(config-btv)#quit huawei(config)#save
----End
Result
31.5 Configuring Multicast Service in MSTP Networking

This operation enables you to configure multicast service in MSTP networking.
Prerequisite
Networking
Figure 31-8 shows the sample network of the multicast service in MSTP networking.
Three MA5600 devices (MA5600_A, MA5600_B and MA5600_C) make up the MSTP ring
network. All services are transmitted upstream to the IP network through MA5600_A.
MA5600_C subtends MA5600_D through the GE port.
In this figure:
MA5600_A, MA5600_B and MA5600_C are configured in a same MSTP region named hwrg.
Instance 1 is created, the VLAN to which the upstream ports and subtending ports of the devices
belong is mapped to instance 1. MA5600_A is configured as the CIST root, and as the region
root of instance 1.

Figure 31-8 Sample network of the multicast service in MSTP networking
Multicast
Server
IP
Router
2 3 7
0
A A
1
D D
G G 2
E E 3
SCU MA5600_A
2 3 7 2 7
A A 0 A 0
D D D 1
1 G 2
G G
E E 2 E 3
SCU SCU MA5600_C

MA5600_B
2 7
A 0
D
G
E
SCU MA5600_D
ADSL2+
Modem
PC
Data Plan
Table 31-4 lists the data plan for the sample network of the multicast service in MSTP
networking.

Table 31-4 Data plan for the sample network of the multicast service in MSTP networking
Item Data
MA5600_A The SCU board:

l Provides the upstream port 0/7/0 to interconnect with the upper layer
multicast router (10.0.0.254).
l Provides the port 0/7/1 to connect with MA5600_B.
l Provides the port 0/7/2 to connect with MA5600_D.
l Provides the port 0/7/3 to connect with MA5600_C.
VLAN:
Add the ports 0/7/0, 0/7/1 and 0/7/2 on the SCU board to VLAN 100, which
are used as the upstream port of the VLAN.
The native VLAN of the port is set to 100.
The multicast server provides three programs. Uplink port 0/7/0 and VLAN
100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
MA5600_B The SCU board:

l Provides the port 0/7/0 to connect with MA5600_A.
l Provides the port 0/7/1 to connect with MA5600_C.
VLAN:
l Add the ports 0/7/0 and 0/7/1 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.
The multicast server provides three programs. VLAN 100 is bound.

program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
MA5600_C The SCU board:

l Provides the port 0/7/0 to connect with MA5600_A.
l Provides the port 0/7/1 to connect with MA5600_B.

Item Data
VLAN:
l Add the ports 0/7/0 and 0/7/1 on the SCU board to VLAN 100, which are
used as the upstream port of the VLAN.
l The native VLAN of the port is set to 100.
l Add the ports 0/7/0, 0/7/1 and 0/7/2 on the SCU board to VLAN 100, which
are used as the upstream port of the VLAN.
The multicast server provides three programs. VLAN 100 is bound.

program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
MA5600_D VLAN:
Add the port 0/7/0 on the SCU board to VLAN 100, which is used as the
upstream port of the VLAN.
The multicast server provides three programs. Uplink port 0/7/0 and VLAN
100 are bound.
program 1: 224.1.1.1
program 2: 224.1.1.2
program 3: 224.1.1.3
Authority profile: Users bound with authority profile profile0 can watch
program1 and program2, and preview program3.
Modem: The VPI/VCI of the modem connected to the port is 0/35.
Multicast user:
l Multicast user 1: The service virtual port is 0/2/0, VPI/VCI is 0/35, and
authority profile profile0 is bounded.
l Multicast user 2: The service virtual port is 0/2/1, VPI/VCI is 0/35, without
authentication.
Figure 31-9 and Figure 31-10 show the flowchart for configuring the multicast service in
MSTP networking mode.

Figure 31-9 Flowchart for configuring multicast service in MSTP networking on MA5600_A,
MA5600_B and MA5600_C
Multicast service
configuration
Start Set IGMP mode
Enable the RSTP Configure IGMP

function upstream port
Configure IGMP global

Create the VLAN
parameters (optional)
Add the upstream

port Configure program
library

port Configure IGMP
subtending port
VLAN configuration
End
Figure 31-10 Flowchart for configuring multicast service in MSTP networking on MA5600_D

Start
Set IGMP Proxy mode
Enable the RSTP

function Configure IGMP
upstream port
Configure the xDSL port Configure IGMP global

parameters (optional)
Create the VLAN

Configure program
library
Configure preview
attributes (optional)
port
Configure authority
profile
Configure the virtual port
VLAN configuration Configure multicast user
End
Procedure
l Configuration of MA5600_A.
1. Enable MSTP.
– Enable the MSTP function.

huawei(config)#stp enable
– Configure the MSTP region name.

huawei(stp-region-configuration)#region-name hwrg
– Configure MSTP instance 1.

huawei(stp-region-configuration)#instance 1 vlan 100
– Activate MSTP region configuration.

STP actives region configuration, it may take several minutes,are
you sure to active region configuration? [Y/N][N]y
– Configure the priority of MA5600_A in the instance.

huawei(stp-region-configuration)#quit
2. Configure the VLAN.

– Create the VLAN.
– Add the upstream port.

huawei(config)#port vlan 100 0/70-2
– Set the native VLAN of the upstream port.


huawei(config)#btv

huawei(config-btv)#igmp uplink-port-modemstp

192.168.1.2 vlan 100 bind 0/7/0 hostip 10.0.0.254
192.168.1.2 vlan 100 bind 0/7/0 hostip 10.0.0.254
192.168.1.2 vlan 100 bind 0/7/0 hostip 10.0.0.254

4. Save the data.

huawei(config)#save
l Configuration of MA5600_B.
1. Enable MSTP.


– Activate the MSTP region configuration.





huawei(config)#btv


192.168.1.2 vlan 100
192.168.1.2 vlan 100
192.168.1.2 vlan 100

huawei(config-btv)#igmp cascade-port 0/7/1 quickleave enable
4. Save the data.

huawei(config)#save
l Configuration of MA5600_C.
1. Enable MSTP.


– Activate the MSTP region configuration.



huawei(config)#port vlan 100 0/70-1



huawei(config)#btv



huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan
100
huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan
100
huawei(config-btv)#igmp program add name program3 ip 224.1.1.3 vlan 100
4. Save the data.

huawei(config)#save
l Configuration of MA5600_D.
1. Configure the xDSL port.
In this example, the ADSL2+ port uses the system default line profile (profile 1002).


– Add the service virtual port.

tx-cttr 6
tx-cttr 6

huawei(config)#btv


bind 0/7/0
bind 0/7/0
bind 0/7/0
– Configure the authority profile.

program1 watch


program2 watch
program3 preview
– Configure the preview parameters.

NOTE
l Configure the preview parameters as follows: The preview time for program 3 is 150s,
the preview attempts are 6 times, and the permitted interval for preview is 60s.
l Run the igmp preview auto-reset-time command to set the time to reset the preview
attempt. In this example, set the time to 00:00:00 every day.
huawei(config-btv)#igmp preview program name program3 preview-duration
150
huawei(config-btv)#igmp preview program name program3 preview-times 6
huawei(config-btv)#igmp preview program name program3 preview-interval
60
huawei(config-btv)#igmp preview auto-reset-time 00:00:00
– Configure the multicast user.

huawei(config-btv)#igmp user bind-profile port 0/2/0 profile-name
profile0
4. Save the data.

huawei(config)#save
----End
Result
l User 1 can watch program 1 and program 2, and can preview program 3.
31.6 Setting the IGMP Mode

This operation enables you to set the IGMP mode, including IGMP proxy and IGMP snooping.
Context
l The configuration in IGMP snooping is the same as that in IGMP proxy. The difference
only lies in the internal protocol processing.
l In IGMP snooping mode, the host function, prejoin function, unsolicited report function
and static program adding function are not available.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp mode command to set the IGMP mode.
Step 3 Run the display igmp proxy command to query the current multicast mode.
----End

Example
To set the IGMP proxy mode, do as follows:
huawei(config)#btv
Are you sure to change IGMP mode?(y/n)[n]: y
huawei(config-btv)#display igmp proxy
--------------------------------------------------------
Program number of license : 1024
IGMP mode : proxy
Authorization : enable
Robustness variable : 2
General query interval(s) : 125
General query response time(0.1s) : 100
Specific query interval(0.1s) : 10
Specific query response time(0.1s) : 8
Specific query number : 2
V1 router present timeout(s) : 400
Unsolicited report interval(s) : 10
Uplink port mode : program
Log switch : enable
User action report switch : disable
Preview switch : enable
Recognition time(s) : 30
The time of reset preview-count : 04:00:00
Auto create log interval(h) : 2
Right mode : profile mode
Bandwidth management switch : enable
Bandwidth assigned for user(%) : 100
Report proxy switch : disable
Leave proxy switch : disable
IGMP Packet encapsulation : all

IGMP ECHO switch : disable
---------------------------------------------------------
31.7 Configuring an IGMP Upstream Port

This operation enables you to add an IGMP upstream port and set its mode and assigned
bandwidth rate.
Context
The IGMP upstream port works in any of the following modes:
In program mode, the IGMP upstream port is the port that is specified when you configure the
program.
In MSTP mode, the IGMP upstream port is the root port used by MSTP.
In broadcast mode, the IGMP packets are transmitted from the specified VLAN to upstream
direction, and the upper layer device specifies the upstream port that receives the multicast
stream.
In protect mode, the IGMP upstream port supports the port protection group function.
By default, the IGMP upstream port works in program mode.
If you set a port to a subtending port, then it cannot be used as an upstream port that works in
program or protect mode, but it can work in broadcast or MSTP mode.

Procedure
Step 2 Run the igmp uplink-port-mode command to set the working mode of the upstream port.
Step 3 Run the igmp uplink-port command to add an IGMP upstream port.
Step 4 Run the display igmp uplink-port command to query the details of the IGMP upstream port.
----End
Example
To set that the IGMP upstream port works in program mode, set port 0/7/0 as the upstream port,
and set the assigned bandwidth rate as 100%, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp uplink-port 0/7/0
----------------------------------------
IGMP version : IGMP V2
Program number : 2
V1 router present timer(s) : 0
Assigned bandwidth(%) : 100%
Used bandwidth(%) : 0.5000%
----------------------------------------
Related Operation
Table 31-5 lists the related operations for configuring the IGMP upstream port.
Table 31-5 Related operations for configuring the IGMP upstream port
Delete an IGMP upstream undo igmp uplink-port

port
Modify an IGMP upstream igmp uplink-port modify

port
31.8 Specifying a Subtending Port

This operation enables you to specify a subtending port. To subtend the MA5600 to a slave shelf
with multicast service users, you need to define the port connecting to the slave shelf as a
subtending port.
Context
l An upstream port that works in program, broadcast or protect mode cannot be specified as
a subtending port.

l If a subtending port is configured with the static attribute, the MA5600 does not process
any leave packet because the programs added to the port are not subject to aging, unless
the subtending port or the program is deleted manually.
l If a subtending port is configured with the quick leave attribute, when receiving leave
packets, the MA5600 cuts off the video stream, instead of sending specific group queries.
l The priority of the static attribute is higher than that of the quick leave attribute.
l The mode mode parameter of the command igmp cascade-port is used to configure the
application mode of the subtending port in IGMP snooping.
– In snooping mode, the IGMP packets reported by user will be processed in normal
snooping mode.
– In forward mode, the IGMP packets are forwarded without process.
– In discard mode, the IGMP packets are denied for process.
Procedure
Step 2 Run the igmp cascade-port command to configure a static subtending port.
Step 3 Run display igmp cascade-port command to query the IGMP subtending port.
----End
Example
To specify a subtending port of port 0/7/1, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp cascade-port 0/7/1
Command:
display igmp cascade-port all
----------------------------------------------------------------------------
Port | Active | IGMP | V2 Port Present | Static | Quick | Port
| Program | Version | Timer(0.1s) | Join | Leave | Mode
----------------------------------------------------------------------------
0/7/1 0 IGMP V3 0 Yes No snooping
----------------------------------------------------------------------------
Total: 1
Related Operation
Table 31-6 lists the related operation for specifying a subtending port.
Table 31-6 Related operation for configuring a subtending port

Delete an IGMP subtending port undo igmp cascade-port
31.9 Configuring a Program for a Static Subtending Port

This operation enables you to add a program for a static subtending port.

Context
To add or delete a program to or from a subtending port, make sure that the subtending port is
configured with static attributes.
Procedure
Step 1 Run the igmp static-join cascade-port command to configure a program for a static subtending
port.
Step 2 Run the display igmp cascade-port command to display the settings of the IGMP subtending
port, as well as the number of programs sent to the port.
----End
Example
To add program 224.1.1.1 to static subtending port 0/7/1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.1 sourceid
192.168.1.1
huawei(config-btv)#display igmp cascade-port 0/7/1
-------------------------------------------
Port : 0/7/1
IGMP version : IGMP V2
V1 router present timer(0.1s) : 0
Static join : enable
Quick leave : disable
Port Mode : snooping
-------------------------------------------
Active Program list:
Index Program Name IP sourceip
------------------------------------------------------
1 PROGRAM-1 224.1.1.1 192.168.1.1
-------------------------------------------------------
Total: 1
Related Operation
Table 31-7 lists the related operation for configuring a program for a static subtending port.
Table 31-7 Related operation for configuring a program for a static subtending port
Delete a program from the static subtending port undo igmp static-join cascade-port
31.10 Configuring IGMP Global Parameters

This section describes how to configure the IGMP global parameters.
31.10.1 Enabling the IGMP Proxy Authorization
This operation enables the IGMP proxy authorization.
31.10.2 Setting the Robustness Variable
This operation enables you to set the robustness variable.

31.10.3 Setting the General Query Interval

This operation enables you to set the interval of the general query issued by the querier.
31.10.4 Setting the Maximum Response Time to the General Query
This operation enables you to set the maximum response time to the general query.
31.10.5 Setting the Number of Specific Queries
This operation enables you to set the number of specific queries.
31.10.6 Setting the Specific Query Interval
This operation enables you to set the specific query interval.
31.10.7 Setting the Maximum Response Time to the Specific Query
This operation enables you to set the maximum response time to a specific query. After the
system issues a specific query, the user must respond to the query within the maximum response
time.
31.10.8 Setting the Unsolicited Report Interval
This operation enables you to set the unsolicited report interval.
31.10.9 Setting the TTL for a V2 Router
This operation enables you to set the time to live (TTL) for a V2 router. The TTL for a V2 router
refers to the period between the router's receiving a V2 query and its sending an IGMPV2 report.
After receiving the query packet of the V2 version from the upper layer router, the MA5600
enables an aging timer of V2 router to the upstream port. Before the timer expires, the upstream
port sends the V2 report to the upstream.
31.10.10 Setting the Preview Recognition Time
This operation enables you to set the preview recognition time. When the preview recognition
time is set, any preview that is not exceeding this duration will not be considered as valid, and
will not be logged.
31.10.11 Enabling the User Action Report Function
This operation enables the user action report function.
31.10.12 Enabling the Proxy of the IGMP Report Packet
This operation enables the proxy of the IGMP report packets.
31.10.13 Enabling the Proxy of the IGMP Leave Packet
This operation enables the proxy of the IGMP leave packet.
31.10.14 Set the Permitted Encapsulation Mode of IGMP Packets
This operation enables you to set the permitted encapsulation mode of IGMP packets.
31.10.15 Enabling IGMP Echo Function
This operation enables you to enable the IGMP echo function.
31.10.1 Enabling the IGMP Proxy Authorization

This operation enables the IGMP proxy authorization.
Context
By default, the IGMP proxy authorization is enabled.
To enable authentication of the "auth" users, you need to enable the IGMP proxy authorization
first.

Procedure
Step 2 Run the igmp proxy authorization enable command to enable the IGMP proxy authorization.
Step 3 Run the display igmp proxy command to check whether the IGMP proxy authorization is
enabled.
----End
Example
To enable the IGMP proxy authentication, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy authorization enable
--------------------------------------------------------
IGMP mode : proxy
V2 General query response time(0.1s) : 100

V2 Specific query response time(0.1s) : 8


Log switch : enable

Uplink port force to V2 switch : enable
Default source IP : 192.168.1.1
---------------------------------------------------------
Related Operation
Table 31-8 lists the related operation for enabling the IGMP proxy authorization.
Table 31-8 Related operation for enabling the IGMP proxy authorization
Disable the IGMP proxy authentication igmp proxy authorization disable

31.10.2 Setting the Robustness Variable

This operation enables you to set the robustness variable.
Context
l The robustness variable defines the reliability of a system. It determines the aging time of
a member and the packet retransmit count. If a subnet is unstable, and prone to packet loss,
you need to enhance the robustness.
l By default, the variable is 2.
Procedure
Step 2 Run the igmp proxy router robustness command to set the robustness variable of the system.
Step 3 Run the display igmp proxy command to query the robustness variable.
----End
Example
To set the robustness variable of the system as 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router robustness 5
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------

Related Operation
Table 31-9 lists the related operation for setting the robustness variable.
Table 31-9 Related operation for setting the robustness variable

Restore the default robustness variable undo igmp proxy router robustness
31.10.3 Setting the General Query Interval

This operation enables you to set the interval of the general query issued by the querier.
Context
By default, the general query interval is 125s.
Procedure
Step 2 Run the igmp proxy router gen-query-interval command to set the interval of the general
query issued by the querier.
Step 3 Run the display igmp proxy to display the interval of the general query issued by the querier.
----End
Example
To set the query interval as 200s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-query-interval 200
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable



---------------------------------------------------------
Related Operation
Table 31-10 lists the related operation for setting the general query interval.
Table 31-10 Related operation for setting the general query interval
Restore the default general query interval undo igmp proxy router gen-query-interval
31.10.4 Setting the Maximum Response Time to the General Query

This operation enables you to set the maximum response time to the general query.
Context
The maximum response time determines the time taken by a multicast user in responding to a
query packet. By increasing the maximum response time, you can reduce the burst of response
packet traffic.
The default setting is 100 in the unit of 0.1s, that is, 10s.
The maximum response time to the general query must be smaller than the general query interval.
Procedure
Step 2 Run the igmp proxy router gen-response-time command to set the maximum response time
to the general query.
Step 3 Run the display igmp proxy to display the maximum response time to the general query.
----End
Example
To set the maximum response time as 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-response-time v2 200
--------------------------------------------------------

IGMP mode : proxy




Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-11 lists the related operation for setting the maximum response time to the general
query.
Table 31-11 Related operation for setting the maximum response time to the general query
Restore the default maximum response undo igmp proxy router gen-response-time
time for the general query
31.10.5 Setting the Number of Specific Queries

This operation enables you to set the number of specific queries.
Context
After receiving a leave packet from a user, the MA5600 sends a query packet to the user, as long
as the attribute of such a leave packet is not "fast leave". With the set query number, the
MA5600 considers that the user has left if response is not received after it has queried the user
according to the set specific query count and has waited for a period equal to the maximum
response time.
The default setting is 2.

Procedure
Step 1 Run the igmp proxy router sp-query-number command to set the number of specific queries.
Step 2 Run the display igmp proxy command to display the number of specific queries.
----End
Example
To set the specific query count as 5, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-number 5
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-12 lists the related operation for setting the number of specific queries.
Table 31-12 Related operation for setting the number of specific queries
Restore the default number of specific undo igmp proxy router sp-query-number
queries

31.10.6 Setting the Specific Query Interval

This operation enables you to set the specific query interval.
Context
The default setting is 10 in the unit of 0.1s, that is, 1s.
Procedure
Step 2 Run the igmp proxy router sp-query-interval command to set the specific query interval.
Step 3 Run the display igmp proxy command to display the specific query interval.
----End
Example
To set the specific query interval as 2s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-interval 20
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-13 lists the related operation for setting the specific query interval.

Table 31-13 Related operation for setting the specific query interval
Restore the default specific query interval undo igmp proxy router sp-query-interval
31.10.7 Setting the Maximum Response Time to the Specific Query

This operation enables you to set the maximum response time to a specific query. After the
system issues a specific query, the user must respond to the query within the maximum response
time.
Context
The default setting is 8 in the unit of 0.1s, that is, 0.8s.
The maximum response time to a specific query must be smaller than the specific query interval.
Procedure
Step 2 Run the igmp proxy router sp-response-time command to set the maximum response time to
a specific query.
Step 3 Run the display igmp proxy command to display the maximum response time to a specific
query.
----End
Example
To set the maximum response time for a specific query as 5 (0.5s), do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-response-time v2 5
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable



---------------------------------------------------------
Related Operation
Table 31-14 lists the related operation for setting the maximum response time for the specific
query.
Table 31-14 Related operation for setting the maximum response time for the specific query
Restore the default maximum response undo igmp proxy router sp-response-time
time for the specific query
31.10.8 Setting the Unsolicited Report Interval

This operation enables you to set the unsolicited report interval.
Context
When the IGMP proxy works in unsolicited report mode, it sends reports to the upper layer
router at the set interval.
By default, the report interval is 10s.
Procedure
Step 1 Run the igmp proxy router report-interval command to set the unsolicited report interval.
Step 2 Run the display igmp proxy command to display the unsolicited report interval.
----End
Example
To set the unsolicited report interval as 200s, do as follows:
huawei(config-btv)#igmp proxy router report-interval 200
--------------------------------------------------------
IGMP mode : proxy


Log switch : enable
---------------------------------------------------------
Related Operation
Table 31-15 lists the related operation for setting the unsolicited report interval.
Table 31-15 Related operation for setting the unsolicited report interval
Restore the default unsolicited report undo igmp proxy router report-interval
interval
31.10.9 Setting the TTL for a V2 Router

This operation enables you to set the time to live (TTL) for a V2 router. The TTL for a V2 router
refers to the period between the router's receiving a V2 query and its sending an IGMPV2 report.
After receiving the query packet of the V2 version from the upper layer router, the MA5600
enables an aging timer of V2 router to the upstream port. Before the timer expires, the upstream
port sends the V2 report to the upstream.
Context
By default, the TTL for a V2 router is 400s.
Procedure
Step 2 Run the igmp proxy router time-to-live command to set the TTL for a V2 router.
Step 3 Run the display igmp proxy command to query the TTL for the V2 router.
----End
Example
To set the TTL of the V2 router as 200s, do as follows:

huawei(config)#btv
huawei(config-btv)#igmp proxy router timeout v2 200
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-16 lists the related operation for setting the TTL for a V2 router.
Table 31-16 Related operation for setting the TTL for a V2 router
Restore the default TTL for a V2 router undo igmp proxy router timeout v2
31.10.10 Setting the Preview Recognition Time

This operation enables you to set the preview recognition time. When the preview recognition
time is set, any preview that is not exceeding this duration will not be considered as valid, and
will not be logged.
Context
By default, the recognition time is 30s.

Procedure
Step 2 Run the igmp proxy recognition-time command to set the preview recognition time.
Step 3 Run the display igmp proxy command to display the preview recognition time.
----End
Example
To set the preview recognition time to 20s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy recognition-time 20
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-17 lists the related operation for setting the preview recognition time.
Table 31-17 Related operation for setting the preview recognition time
Restore the default preview recognition undo igmp proxy recognition-time

time

31.10.11 Enabling the User Action Report Function

This operation enables the user action report function.
Context
By default, the action report function for the BTV user is disabled.
Procedure
Step 2 Run the igmp user-action-report command to set the user action report function.
Step 3 Run the display igmp proxy command to display the status of the user action report function.
----End
Example
To enable the BTV user action report function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user-action-report enable
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable
User action report switch : enable

---------------------------------------------------------
Related Operation
Table 31-18 lists the related operation for enabling the user action report function.

Table 31-18 Related operation for enabling the user action report function
Disable the user action report function igmp user-action-report disable
31.10.12 Enabling the Proxy of the IGMP Report Packet

This operation enables the proxy of the IGMP report packets.
Prerequisite
The proxy of the IGMP report packet takes effect only in IGMP snooping mode.
Context
l With the proxy of the IGMP report packet enabled, when the report packet of the user is
sent, the system checks whether this user is the first to order the program.
– If yes, the packet is forwarded to the upstream direction.
– If no, the packet is dropped.
l When the proxy is enabled, the proxy substitutes the user to create the IGMP report packet
in response to the upstream query packet, and only forwards the packet of adding the first
user.
l When the proxy is disabled, all the legal user's IGMP report packets are forwarded to the
upstream direction.
l The proxy can only create and forward the IPoE IGMP report packet.
Procedure
Step 1 Run the igmp report-proxy command to enables the proxy of the IGMP report packets.
Step 2 Run the display igmp proxy command to display status of the proxy of the IGMP report packets.
----End
Example
To enable the proxy of the IGMP report packet, do as follows:
huawei(config-btv)#igmp report-proxy enable
--------------------------------------------------------
IGMP mode : proxy
Log switch : enable

User action report switch : enable

---------------------------------------------------------
Related Operation
Table 31-19 lists the related operation for enabling the proxy of the IGMP report packet.
Table 31-19 Related operation for enabling the proxy of the IGMP report packet
Disable the proxy of the IGMP report igmp report-proxy disable

packet
31.10.13 Enabling the Proxy of the IGMP Leave Packet

This operation enables the proxy of the IGMP leave packet.
Context
l When the proxy is enabled, only the IPoE leave packets of the user are created and
forwarded.
l When the proxy is disabled, all of the IPoE packets of the user are forwarded.
l The proxy of the IGMP leave packet has no effect on the PPPoE packets.
Procedure
Step 1 Run the igmp leave-proxy command to enable the proxy of the IGMP leave packet.
Step 2 Run the display igmp proxy command to display the status of the proxy of the IGMP leave
packet.
----End
Example
To enable the proxy of the IGMP leave packet, do as follows:
huawei(config-btv)#igmp leave-proxy enable
--------------------------------------------------------
IGMP mode : proxy


Log switch : enable
Leave proxy switch : enable
---------------------------------------------------------
Related Operation
Table 31-20 lists the related operation for enabling the proxy of the IGMP leave packet.
Table 31-20 Related operation for enabling the proxy of the IGMP leave packet
Disable the proxy of the IGMP leave igmp leave-proxy disable

packet
31.10.14 Set the Permitted Encapsulation Mode of IGMP Packets

This operation enables you to set the permitted encapsulation mode of IGMP packets.
Context
l By default, the default encapsulation mode of IGMP packets is all, that is, the permitted
encapsulation modes of user-side packets are: PPPoE, IPoA and IPoE.
l When the permitted encapsulation mode of IGMP packets is PPP, the permitted
encapsulation mode of user-side packets is PPPoE.
l When the permitted encapsulation mode of IGMP packets is IP, the permitted encapsulation
mode of user-side packets is IPoA and IPoE.
Procedure
Step 2 Run the igmp encapsulation command to set the permitted encapsulation mode of IGMP
packets.

Step 3 Run the display igmp proxy command to query the permitted encapsulation mode of IGMP
packets.
----End
Example
To set the permitted encapsulation mode of IGMP packets as ppp, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp encapsulation ppp
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable
IGMP Packet encapsulation : ppp

---------------------------------------------------------
31.10.15 Enabling IGMP Echo Function

This operation enables you to enable the IGMP echo function.
Context
l By default, the IGMP echo function is disabled.
l The IGMP echo function takes effect only in snooping mode.
– When the IGMP echo is enabled, the system sends IGMP over PPP message and IGMP
over IP message to the upper layer device.
– When the IGMP echo is disabled, the system sends only IGMP over PPP message to
the upper layer device.

Procedure
Step 2 Run the igmp echo command to enable the IGMP echo function.
Step 3 Run the display igmp proxy command to query the state of the IGMP echo function.
----End
Example
To enable the IGMP echo function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp echo enable
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

IGMP ECHO switch : enable
---------------------------------------------------------
31.11 Adding a Program

This operation enables you to add one or more programs to the program library.
Context
l When adding a program, configure the attributes of the program. The configurable
attributes include program name, multicast IP address, uplink port bound to a program,
VLAN ID of the program and so on.

l A program name contains up to 16 characters.

l The configured upstream port of the program must be the same as that planned in the actual
networking.
l The multicast IP address segment 224.0.0.1–224.0.0.255 is used for transmitting the local
protocol packets. Do not assign the IP address in this segment to the multicast programs.
l The last 23 bits of the multicast IP address will vary with different multicast programs.
Otherwise, the mapping MAC addresses will conflict.
Procedure
Step 1 Run the igmp program add command to add a program.
Step 2 Run the display igmp program command to display the program.
----End
Example
Assume that:
l Program name: BTV-100
l IP address of the program: 224.1.1.2
l VLAN ID of the program: 1
l Upstream port bound: 0/7/0
l Bandwidth of the program: 2 Mbit/s
l Host function: enabled
l Prejoin function: enabled
l Unsolicited report: disabled
l Logging function: enabled
l Other parameters: default settings
To add a program to the program library, do as follows:

huawei(config-btv)#igmp program add name BTV-100 ip 224.1.1.2 vlan 1 bind 0/7/0
bandwidth 2048 host enable prejoin enable unsolicited disable log enable
huawei(config-btv)#display igmp program ip 224.1.1.2
---------------------------------------------
Program index : 2
Validity : valid
Program name : BTV-100
IP address : 224.1.1.2
Uplink port : 0/7/0
VLAN ID : 1
Host attribute : enable
Log attribute : enable
Prejoin attribute : enable
Across VLAN attribute : enable
Unsolicited attribute : disable
Preview duration(s) : 120
Preview times : 8
Preview interval(s) : 120
Priority : 7
Host IP : 0.0.0.0
Bandwidth(kbps) : 2048
Numbers of watching : 0
---------------------------------------------

Related Operation
Table 31-21 lists the related operations for adding a program.
Table 31-21 Related operations for adding a program
Rename a program igmp program rename A program name uniquely

identifies a program in the
program library.
Delete a program igmp program delete Deleting a program that a user

is watching will force the user
offline.
Modify a program igmp program modify l You can modify only one
program attribute at a time.
l Batch modification of the
program name is not
allowed.
l Modification of program IP
address is not allowed.
l Modifying the VLAN,
upstream port or priority
bound with a program will
get the associated user
offline.
31.12 Managing Multicast Bandwidth

This section describes how to manage multicast bandwidth.
31.12.1 Enabling the Bandwidth Management Function
This operation enables multicast bandwidth management.
31.12.2 Setting Upstream Port Bandwidth
This operation enables you to set the bandwidth of the upstream port. For details, refer to
"Configuring an IGMP Upstream Port".
31.12.3 Setting User Bandwidth
This operation enables you to configure the user bandwidth.
31.12.1 Enabling the Bandwidth Management Function

This operation enables multicast bandwidth management.
Context
l Multicast bandwidth management involves:
– Upstream port bandwidth

– User bandwidth
l When the multicast bandwidth management function is disabled, the system does not check
the upstream port bandwidth and user bandwidth.
– If the number of the programs being watched is smaller than the maximum number of
the programs that can be watched, the user can get online even if the user bandwidth
exceeds the limited value.
– If the number of programs being watched exceeds the maximum number of the programs
that can be watched, the user cannot get online.
l When the multicast bandwidth management function is enabled, the system checks only
the upstream port bandwidth. When the user gets online and the CAC function is enabled,
the system checks the user bandwidth.
– If the bandwidth used by the upstream port exceeds the allocated value, the program
ordered by the user will be suspended in descending order of the program index. Once
the bandwidth used by the upstream port is equal to the allocated one, the suspended
program can be replayed.
– If the bandwidth used by the upstream port does not exceed the allocated value, the
system checks the user bandwidth when the user gets online. The user can get online
only when the used bandwidth is less than the allocated one.
l If the used bandwidth exceeds the allocated one, the system checks as follows.
– If the number of the programs being watched exceeds the maximum value, the system
delivers the specific group query message to all the programs being watched. If there
are some programs which are not being watched (while the MA5600 has regarded them
being watched), the system deletes them from the user program list. In this case, the
number of programs being watched can be released.
– If the user's residual bandwidth is not enough, the system delivers the specific group
query message to all the programs being watched. If there are some programs which
are not being watched while the MA5600 has regarded them being watched for some
reason, the system deletes them from the user program list. In this case, some occupied
bandwidth can be released.
Procedure
Step 2 Run the igmp bandwidthcac command to enable the bandwidth management function.
Step 3 Run the display igmp proxycommand to display the bandwidth management function.
----End
Example
To enable bandwidth management of IGMP proxy, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp bandwidthcac enable
--------------------------------------------------------
IGMP mode : proxy




Log switch : enable

---------------------------------------------------------
Table 31-22 lists the related operation for enabling the bandwidth management function.
Table 31-22 Related operation for enabling the bandwidth management function
Disable IGMP proxy bandwidth igmp bandwidthCAC disable

management
31.12.2 Setting Upstream Port Bandwidth

This operation enables you to set the bandwidth of the upstream port. For details, refer to
"Configuring an IGMP Upstream Port".
31.12.3 Setting User Bandwidth

This operation enables you to configure the user bandwidth.
Context
This function takes effect when the multicast CAC function is enabled. The utilization is the
ratio of the multicast CAC bandwidth to the physical port line rate.
l For an ADSL user, the utilization is the ratio of multicast CAC bandwidth to the activation
rate of the ADSL port.
l For an SHDSL user, the utilization is the ratio of multicast CAC bandwidth to the maximum
downstream rate specified in the line profile of the SHDSL port.

Procedure
Step 2 Run the igmp user-bandwidth-utilization command to set the user bandwidth.
Step 3 Run the display igmp proxy command to display the user bandwidth.
----End
Example
To set user bandwidth utilization to 50%, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user-bandwidth-utilization 50
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
31.13 Configuring an Authority Profile

This section describes how to configure an authority profile.
31.13.1 Setting the Authority Mode
This operation enables you to set the authority mode.
31.13.2 Modifying an Authority Profile
This operation enables you to modify an authority profile.
31.13.3 Renaming an Authority Profile

This operation enables you to rename an authority profile.
31.13.1 Setting the Authority Mode

This operation enables you to set the authority mode.
Context
The MA5600 supports two authority modes:
l User mode (usermode): used for multicast user management.
l Profile mode (profilemode): used for multicast profile management.
The default is profile mode.

Some multicast configuration commands can be used in certain authority mode. For example:
l igmp profile rename, igmp profile { profile-name | profile-index }, and igmp user bind-
profile must be run in profile mode.
l igmp user grant-program must be run in user mode.
Procedure
Step 2 Run the igmp right-mode command to set the authority mode.
Step 3 Run the display igmp proxy command to display the authority mode.
----End
Example
To set the authority mode as profile mode, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp right-mode profilemode
The profile data will lose after this operation,
are you sure to change the right mode?(y/n)[n]:y
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable



---------------------------------------------------------
31.13.2 Modifying an Authority Profile

This operation enables you to modify an authority profile.
Context
By default, the system names the 2000 profiles as profile 1, profile 2, …, and profile N.
The program authority can only be any one of watch, preview, forbidden and idle.
When modifying the program authority of an authority profile, make sure that the authority mode
is profile mode.
Procedure
Step 2 Run the igmp profile command to add the authority to watch program “BTV-1” to profile 1.
Step 3 Run the display igmp profile command to display the configuration of the authority profile.
----End
Example
To add program “BTV1” with authority of watch to profile 1, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp profile profile-name profile1 program-name BTV-1 watch
huawei(config-btv)#display igmp profile profile-name profile1
Profile index : 1
Profile name : Profile1
Program number : 1
User Reference Number : 0
Program list
-----------------------------------------------
Program name IP address Right
-----------------------------------------------
BTV-1 224.1.1.1 watch
-----------------------------------------------
Total:1
Related Operation
Table 31-23 lists the related operation for modifying an authority profile.

Table 31-23 Related operation for modifying an authority profile
Set the priority for user authorities igmp right-priority
31.13.3 Renaming an Authority Profile

This operation enables you to rename an authority profile.
Context
l When renaming the program authority of an authority profile, make sure that the authority
mode is profile mode.
l The new authority profile name cannot be identical to an existing one.
l The authority profile name is not case sensitive.
Procedure
Step 1 Run the igmp profile rename command to rename an authority profile.
Step 2 Run the display igmp profile command to display the authority profile.
----End
Example
To rename profile 1 as “VIP-channel”, do as follows:
huawei(config-btv)#igmp profile rename profile1 VIP-channel
huawei(config-btv)#display igmp profile all
----------------------------------------------------------------------
index Profile name Program number User Reference Number
----------------------------------------------------------------------
0 Profile0 1 0
1 VIP-channel 0 0
2 Profile2 0 0
3 Profile3 0 0
4 Profile4 0 0
5 Profile5 0 0
6 Profile6 0 0
7 Profile7 0 0
8 Profile8 0 0
9 Profile9 0 0
10 Profile10 0 0
11 Profile11 0 0
12 Profile12 0 0
13 Profile13 0 0
14 Profile14 0 0
15 Profile15 0 0
16 Profile16 0 0
17 Profile17 0 0
18 Profile18 0 0
19 Profile19 0 0

31.14 Configuring Multicast Users

This section describes how to configure multicast users.
31.14.1 Adding a BTV User
This operation enables you to add a BTV user.
31.14.2 Modifying the Attributes of a User
This operation enables you to modify the attributes of a user.
31.14.3 Blocking a BTV User
This operation enables you to block a BTV user. A blocked user cannot watch a program until
the user is unblocked.
31.14.4 Binding a User with an Authority Profile
This operation enables you to bind an auth user with an authority profile. An auth user can watch
programs of an authority profile only when the user is bound with the profile in authority profile
mode.
31.14.5 Granting Program Authorities to a User
This operation enables you to grant program authorities to a user or to modify the granted
program authorities.
31.14.6 Enabling the Function of Monitoring the BTV User
This operation enables the function of monitoring the BTV user.
31.14.1 Adding a BTV User

This operation enables you to add a BTV user.
Context
l When adding a BTV user, you must specify a PVC for carrying IGMP packets for this user.
l Each BTV user can watch up to eight programs at the same time. By default, a BTV user
can watch eight programs at the same time.
l An authentication (auth) user must be bound with some authority profiles to watch the
programs. The user who does not need authentication (no-auth) can watch all programs in
the multicast server. In this case, no authority needs to be configured for the user.
l To authorize a user with the authority to watch a program:
– Select profilemode if you bind the line profile to the user port.
– Select usermode if you bind the program to the user port.
l The configured authority profiles will be removed if you change the authority mode from
the profile mode to the user mode.
l You can add a user only when both the PVC for carrying IGMP packets and the PVC for
carrying the program stream exist.
Procedure
Step 2 Run the igmp user add command to add a BTV user.

Step 3 Run the display igmp user command to display the BTV user.
----End
Example
To add a user under port 0/2/0 as a BTV user (no-auth user), do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp user all
Command:
display igmp user all
Operation is running, please waiting...
-----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Video Log Available
profiles leave Interface Interface switch programs
-----------------------------------------------------------------------------
0/2/0 - offline no-auth enable 0/35 0/35 enable 8
-----------------------------------------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID.
The 'auto' means VPI/VCI autosense.
Related Operation
Table 31-24 lists the related operations for adding a BTV user.
Table 31-24 Related operations for adding a BTV user
Delete a BTV user igmp user delete
Modify a BTV user igmp user modify
31.14.2 Modifying the Attributes of a User

This operation enables you to modify the attributes of a user.
Context
The user attributes include PVC, authorization, quick leave, log switch, and maximum number
of channel programs to be watched.
You can modify only one attribute of a user at a time.
Procedure
Step 1 Run the btv to enter BTV mode.
Step 2 Run the igmp user modify command to modify the attributes of a user.
Step 3 Run the display igmp user command to query the multicast user information.
----End

Example
To define user 0/2/0 as a user who needs authorization, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user modify port 0/2/0 auth
Are you sure to modify user by port?(y/n)[n]:y
huawei(config-btv)#display igmp user all
-----------------------------------------------------------------------------
User Bind State Auth Quick IGMP Video Log Available
profiles leave Interface Interface switch programs
-----------------------------------------------------------------------------
0/2/0 0 offline auth enable 0/35 0/35 enable 8
-----------------------------------------------------------------------------
Total: 1
Related Operation
Table 31-25 lists the related operations for modifying the attributes of a user.
Table 31-25 Related operations for modifying the attributes of a user

Add a BTV user igmp user add
Delete a BTV user igmp user delete
31.14.3 Blocking a BTV User

This operation enables you to block a BTV user. A blocked user cannot watch a program until
the user is unblocked.
Context
After a BTV user is blocked, the user is disconnected from the program that the user is watching.
l If the IP address or index of the program being watched is not specified, the system will
block the user port. In addition, the user's access requests for any program after he goes
offline will be denied until the user is unblocked.
l If the IP address or index of the program being watched is specified, the system will only
block the specified program. After the user gets offline, the user still can demand any
program except the blocked one.
Procedure
Step 2 Run the igmp user block command to block a BTV user.
Step 3 Run the display igmp user command to display the information on the BTV user.
----End

Example
To block user 0/2/0, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp user block port 0/2/0
huawei(config-btv)#display igmp user port 0/2/0
{ <cr>|grant-program-list<K> }:
Command:
display igmp user port 0/2/0
User : 0/2/0
State : block
Authentication : no-auth
Quick leave : enable
IGMP flow Type : -
IGMP flow Parameter : -
Video Interface : 0/35
Video flow Type : -
Video flow Parameter : -
Log switch : enable
Grant programs : -
IGMP version : -
Available programs : 8
Mode : snooping
Process After Auth Fail : forward
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%) : 0
quick leave time(0.1s) : 0
Related Operation
Table 31-26 lists the related operation for blocking a BTV user.
Table 31-26 Related operation for blocking a BTV user
Unblock a BTV user undo igmp user block
31.14.4 Binding a User with an Authority Profile

This operation enables you to bind an auth user with an authority profile. An auth user can watch
programs of an authority profile only when the user is bound with the profile in authority profile
mode.
Context
A user port can be bound with multiple profiles. However, "no-auth" user cannot be bound with
any profile.
Up to 256 profiles can be bound to a user.
When binding an authority profile with a BTV user, make sure that the authority mode is profile
mode.

Procedure
Step 2 Run the igmp user bind-profile command to bind an authority profile.
Step 3 Run the display igmp user command to display the authority profile bound with the user.
----End
Example
To bind user 0/2/0with “profile0”, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp user port 0/2/0
{ <cr>|epon<K>|grant-program-list<K> }:
Command:
display igmp user port 0/2/0
User : 0/2/0
State : offline
Authentication : auth
Quick leave : enable
IGMP Interface : 0/35
Type of service port : -
Parameter of service port: -
Log switch : enable
Bind profiles : 1
IGMP version : -
Available programs : 1
Mode : snooping
Process After Auth Fail : discard
Used bandwidth(kbps) : 0
The percentage of used
bandwidth to port rate(%): 0
quick leave time(0.1s) : 0
Bind profile list
---------------------------------------------
index Profile name Program number
---------------------------------------------
0 Profile0 0
---------------------------------------------
Total: 1
Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID
Related Operation
Table 31-27 lists the related operation for binding a user with an authority profile.
Table 31-27 Related operation for binding a user with an authority profile
Unbind an authority profile from a user undo igmp user bind-profile
31.14.5 Granting Program Authorities to a User

This operation enables you to grant program authorities to a user or to modify the granted
program authorities.

Context
l You can grant program authorities to a user based on the port, slot or Smart VLAN. Or you
can grant program authorities to all users using the igmp user grant-program all
command.
l In terms of the validity preference, program authorities can be divided into forbidden,
preview, watch and idle.
l When granting program authorities to a user or when modifying the granted program
authorities, make sure that the authority mode is user mode.
Procedure
Step 2 Run the igmp user grant-program command to grant program authorities to a user.
Step 3 Run the display igmp user port grant-program-list command to display the user program
authorities.
----End
Example
To grant users under port 0/2/0 with the authorities to watch programs from 224.1.1.1 to
224.1.2.1, do as follows:
huawei(config-btv)#igmp user grant-program port 0/2/0 ip 224.1.1.1 to-ip 224.1.2.1
sourceip 192.168.1.1 watch
huawei(config-btv)#igmp proxy authorization enable
huawei(config-btv)#display igmp user port 0/2/0 grant-program-list
---------------------------------------------
Program name IP address sourceip Right
---------------------------------------------
PROGRAM-0 224.1.1.1 192.168.1.1 watch
PROGRAM-1 224.1.2.1 192.168.1.1 watch
---------------------------------------------
Total:2
31.14.6 Enabling the Function of Monitoring the BTV User

This operation enables the function of monitoring the BTV user.
Context
Before enabling the function of monitoring the BTV user, you must perform the following
operations:
l Run the terminal debugging command to enable the debugging information output
function.
l Run the debugging igmp all to enable the function of monitoring all BTV users.
Procedure
Run the debugging igmp command to enable the function of monitoring the BTV user.
----End

Example
To monitor a BTV user port, do as follows:
huawei(config)#debugging igmp port 0/2/0
Related Operation
Table 31-28 lists the related operation for enabling the function of monitoring BTV users.
Table 31-28 Related operation for enabling the function of monitoring BTV users
Disable the function of monitoring BTV undo debugging igmp

users
31.15 Configuring the Preview Function

This section describes how to configure the preview function.
31.15.1 Enabling the Preview Function
This operation enables the preview function.
31.15.2 Setting the Preview Parameters
This operation enables you to set the preview parameters, including preview duration, preview
times, and preview interval.
31.15.3 Setting the Preview Auto Reset Time
This operation enables you to set the preview auto reset time. When the preview auto reset time
is set, the system will clear the preview count to zero at the specified time.
31.15.4 Clearing the Preview Records Manually
This operation enables you to clear all preview records manually, including the record of the
preview logout time and count.
31.15.1 Enabling the Preview Function

This operation enables the preview function.
Context
With the preview function disabled, users with preview authority cannot view any program.
Procedure
Step 2 Run the igmp preview enable command to enable the IGMP preview function.
Step 3 Run the display igmp proxy command to check whether the preview function is enabled.
----End

Example
To enable the IGMP preview function, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview enable
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-29 lists the related operation for enabling the preview function.
Table 31-29 Related operation for enabling the preview function

Disable the IGMP preview function igmp preview disable
31.15.2 Setting the Preview Parameters

This operation enables you to set the preview parameters, including preview duration, preview
times, and preview interval.

Context
When the preview function is disabled, all the users with the preview authority cannot watch
any program.
By default:
l The preview duration is 120s.
l The preview times are eight.
l The preview interval is 120s.
Procedure
Step 1 Run the igmp preview program command to configure the preview parameters.
Step 2 Run the display igmp program command to display the preview parameters.
----End
Example
To set the preview duration of program1 to 150s, do as follows:
huawei(config-btv)#igmp preview program index 1 preview-duration 150
huawei(config-btv)#igmp preview program index 1 preview-times 5
huawei(config-btv)#igmp preview program index 1 preview-interval 100
huawei(config-btv)#display igmp program index 1
---------------------------------------------
Program index : 1
Validity : valid
Program name : cctv-1
IP address : 224.1.1.1
Uplink Port : 0/7/0
VLAN ID : 1
Host attribute : enable
Log attribute : enable
Prejion attribute : disable
Across VLAN attribute : enable
Unsolicited attribute : disable
Preivew duration(s) : 150
Preivew times : 5
Preivew interval(s) : 100
Priority : 0
Numbers of watching : 0
---------------------------------------------
Watching IGMP cascade port :
0/7/1
---------------------------------------------
31.15.3 Setting the Preview Auto Reset Time

This operation enables you to set the preview auto reset time. When the preview auto reset time
is set, the system will clear the preview count to zero at the specified time.
Context
By default, the preview auto reset time is 04:00:00 am each day.

Procedure
Step 2 Run the igmp preview auto-reset-time command to set the preview auto reset time.
Step 3 Run the display igmp proxy command to display the display the preview auto reset time.
----End
Example
To set the preview auto reset time as 05:00:00 am each day, do as follows:
huawei(config)#btv
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-30 lists the related operation for setting the preview auto reset time.
Table 31-30 Related operation for setting the preview auto reset time
Restore the default preview auto reset undo igmp preview auto-reset-time
time

Reset the record of the preview logout igmp preview reset record
time manually
Reset the record of the preview logout igmp preview reset count
count manually
31.15.4 Clearing the Preview Records Manually

This operation enables you to clear all preview records manually, including the record of the
preview logout time and count.
Context
The system records the previous preview logout time automatically. If a user previews a program
at an interval smaller than the value preset by running the igmp preview program command,
the user will not be allowed to preview the program again.
Procedure
l Reset the record of the preview logout time manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset record command to clear all the records of the preview
logout time manually.
l Reset the record of the preview logout count manually.
1. Run the btv command to enter BTV mode.
2. Run the igmp preview reset countcommand to clear all the records of the preview
logout count manually.
----End
Example
To clear all the records of the preview logout time manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
To clear all the records of the preview logout count manually, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview reset record
Related Operation
Table 31-31 lists the related operation for resetting the preview record.

Table 31-31 Related operation for resetting the preview record

Set the preview auto reset igmp preview auto-reset-time

time
31.16 Configuring the Logging Function

This section describes how to configure the logging function.
31.16.1 Enabling the Logging Function
This operation enables you to enable the logging function so that the operations can be logged.
31.16.2 Setting the Logging Interval
This operation enables you to set the automatic log generation interval for a long-time online
user.
31.16.3 Configuring Log Reporting
This operation enables you to configure the log reporting function.
31.16.4 Collecting Log Statistics
This operation enables you to collect statistics on user logs for audience statistics.
31.16.1 Enabling the Logging Function

This operation enables you to enable the logging function so that the operations can be logged.
Context
By default, the logging function is enabled.
Procedure
Step 1 Run the igmp proxy log enable command to enable the logging function.
Step 2 Run the display igmp proxy command to display the status of the logging switch.
----End
Example
To enable the IGMP proxy logging function, do as follows:
huawei(config-btv)#igmp proxy log enable
--------------------------------------------------------
IGMP mode : proxy




Log switch : enable

---------------------------------------------------------
Related Operation
Table 31-32 lists the related operations for enabling the logging function.
Table 31-32 Related operations for enabling the logging function
Disable the IGMP proxy logging function igmp proxy log disable
Display the logs of IGMP users display igmp log
31.16.2 Setting the Logging Interval

This operation enables you to set the automatic log generation interval for a long-time online
user.
Context
The MA5600 can record the logs automatically. When a user watches a program for a long time,
and the time exceeds the time interval for generating the log, the system generates a log
automatically. This log can be used for billing in case that no log is generated when a user
becomes offline abnormally after watching a program for a long time.
By default, the logging interval is two hours.
Procedure
Step 2 Run the igmp proxy log-interval command to set the logging interval.

Step 3 Run the display igmp proxy command to display the set logging interval.
----End
Example
To set the log generation interval as one hour, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy log-interval 1
--------------------------------------------------------
--------------------------------------------------------
IGMP mode : proxy



Log switch : enable

---------------------------------------------------------



Log switch : enable



---------------------------------------------------------
Related Operation
Table 31-33 lists the related operation for setting the logging interval.
Table 31-33 Related operation for setting the logging interval
Restore the default logging interval undo igmp proxy log-interval
31.16.3 Configuring Log Reporting

This operation enables you to configure the log reporting function.
Context
The logs are reported based on the combination of port, program IP address, and time range.
Procedure
Run the igmp log report command to configure the log reporting function.
----End
Example
To report the logs of the program with IP address 225.1.1.1, and multicast source IP address
192.168.1.1 that are generated during the period from 2006-1-10 9:00:00 to 2006-1-10 18:30:00,
do as follows:
huawei(config)#btv
huawei(config-btv)#igmp log report ip 225.1.1.1 sourceip 192.168.1.1 time 2006-1-10
9:00:00 end 2006-1-10 18:30:00
Reporting log has finished
Reported log number: 50
Related Operation
Table 31-34 lists the related operations for configuring log reporting.

Table 31-34 Related operations for configuring log reporting
Stopping log reporting igmp log stop-report If the system is reporting the
user log, the command stops
the log reporting. If not, the
system prompts errors.
Clear user logs igmp log reset -
Display the log statistics display igmp log statistic -
31.16.4 Collecting Log Statistics

This operation enables you to collect statistics on user logs for audience statistics.
Context
The log statistics mainly include the programs ordered and related time parameters, can be
regarded as the dynamic on-demand information.
You can collect the statistics based on a pot, an IP address, or all users.
Procedure
Step 2 Run the display igmp log command to display the logs.
----End
Example
To collect statistics on all user logs, do as follows:
huawei(config)#btv
huawei(config-btv)#display igmp log all
{ <cr>||<K> }:
Command:
display igmp log all
-----------------------------------------------------------------------------
Port Program-IP sourceip Mode Join-time Leave-time
----------------------------------------------------------------------------
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 19:29:48 2006-04-15
19:39:32
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 19:26:25 2006-04-15
19:29:46
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 18:51:58 2006-04-15
19:26:24
0/3/0 10.10.10.1 192.168.1.1 W 2006-04-15 18:43:14 2006-04-15
18:51:57
-----------------------------------------------------------------------------
Total: 4
Note: P(Mode) indicates preview, W(Mode) indicates watch,
N(Mode) indicates no authority
F(Mode) indicates preview times full out

Configuration Guide 32 Configuring the Triple Play Service
32 Configuring the Triple Play Service
About This Chapter
This chapter describes the triple play service and how to configure the service on the
MA5600.
32.1 Overview
This section describes the description and specifications of the triple play service.
32.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services
This example shows how to configure the triple play service - multiple PVCs for multiple
services.
32.3 Configuration Example of Triple Play - Based on the User-Side VLAN
This example shows how to configure the triple play service - single PVC for multiple services
(based on the user-side VLAN).
32.4 Configuration Example of Triple Play - Based on 802.1p
This operation shows how to configure the triple play service by means of single PVC for
multiple services based on 802.1p.
32.5 Configuration Example of the Triple Play Service - Based on the Service Encapsulation
Type
This operation enables you to configure the triple play service - single PVC for multiple services
(based on the service encapsulation type). Users connect to multiple terminals through the home
gateway to implement multiple services, such as Internet, VoIP and IPTV services.

32 Configuring the Triple Play Service Configuration Guide
32.1 Overview
This section describes the description and specifications of the triple play service.
Service Description
With the rapid development of the broadband services, more and more users demand high
bandwidth for abundant services such as video service, voice service, and data service.
For details on the triple play service, refer to the chapter "Triple Play" in the Feature
Description.
The MA5600 can support the triple play service.
In the triple play application, the VoIP, IPTV, and Internet services are transmitted over one
cable to the MA5600 through the home gateway or the optical access modem in a centralized
manner.
l The VoIP and IPTV services adopt DHCP method. The DHCP option60 domain is used to
identify different terminals. The MA5600 can identify different DHCP option60 domains,
and transmit packets of different terminals to different DHCP servers. In this way, the
terminals can obtain IP addresses from the corresponding DHCP servers.
l Point-to-Point over Ethernet (PPPoE) is used for Internet service access.
Table 32-1 shows the modes supported by the MA5600 to provide the triple player service.
Table 32-1 Modes to provide the triple play service

Mode Description
Multiple PVC for multiple It needs to configure the existing modem.

services It adopts different PVCs to differentiate the service traffic.

Mode Description
Single PVC for multiple It is unnecessary to configure the existing modem. The PVC
services resources are saved.
l When it differentiates the service traffic based on user-side
VLAN:
It differentiates the service traffic based on the VLAN

ID contained in the packets sent from the user port PVC.
The user packets are labeled with different upstream
VLAN IDs, and the previous VLAN IDs in the user
packets are removed.
l When it differentiates the service traffic based on user-side
encapsulation type:
It differentiates the service traffic based on the

encapsulation type (IPoE/PPPoE) of the user packets
sent from the user port PVC. The user packets are labeled
with different upstream VLAN IDs.
l When it differentiates the service traffic based on the user-
side 802.1p value:
It differentiates the service based on the 802.1p value of

the user packets. The user packets are mapped to
different upstream VLANs.
32.2 Configuration Example of Triple Play - Multiple PVCs

for Multiple Services
This example shows how to configure the triple play service - multiple PVCs for multiple
services.
Prerequisite
Before configuring the triple play service, make sure that:
l All kinds of boards of the device run in the normal state.
Networking
Figure 32-1 shows a sample network for configuring the triple play service-multiple PVCs for
multiple services.

Figure 32-1 Sample network for configuring the triple play service -multiple PVCs for multiple
services
OSS & RADIUS server/

Multicase sever RADIUS proxy
Internet
I NM
S
TG
IP IPTV DHCP server
Softswitch
Router VoIP DHCP server
BRAS
LAN switch
A A CON
ETH
D D
E E
GE0/7/0
F F
SCU MA5600
HG 1 HG 2
DHCP PPPoE DHCP DHCP PPPoE DHCP
STB STB
IP Phone PC TV IP Phone PC TV
In Figure 32-1, both user 1 (home gateway 1) and user 2 (home gateway 2) adopt triple play
networking.
Data Plan
Table 32-2shows the data plan for configuring the triple play service -multiple PVCs for multiple
services.
Table 32-2 Data plan for configuring the triple play service -multiple PVCs for multiple services
Item Data
ADGE board Downstream ports 0/2/0 and 0/2/1. The ports use the default line
profile.
Internet: VPI/VCI 0/37
VoIP: VPI/VCI 0/36

Item Data
IPTV: VPI/VCI 0/35
Traffic profile CAR Internet: 1 Mbit/s

value
VoIP: 1 Mbit/s
IPTV: no restriction
Uplink port 0/7/0
VLAN Internet: smart VLAN 2
VoIP: smart VLAN 3
IPTV: smart VLAN 4
DHCP VoIP: DHCP option60 domain voice, Gateway 10.1.1.1.

DHCP server group 1, IP addresses of DHCP server group: 20.1.1.2
and 20.1.1.3.
IPTV: DHCP option60 domain of STB video, gateway 10.2.2.1.

DHCP server group 2, IP addresses of DHCP server group: 20.2.2.2
and 20.2.2.3.
Program library Program BTV-1, multicast address 224.1.1.1, bind upstream port
0/7/0 with VLAN 4.
Program BTV-2, multicast address 224.1.1.2, bind upstream

port0/7/0 with VLAN 4.
Authority profile Profile 0, profile 0 has the authority to watch BTV-1.
IGMP user User 1 connected to port 0/2/0 can watch all programs.
User 2 connected to port 0/3/0 can watch program BTV-1 only.
Priority 802.1p priority: VoIP 6, IPTV 5, Internet 1.
Context
l DHCP option60 domain value of the Set Top Box (STB) and Ethernet Phone (Ephone)
varies with the terminals. In the actual application, refer to the user guides of the STB and
the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The configured domain
name is a character string containing no space.
l Ensure that before configuring triple play service, the service board and the upstream board
have been added correctly.
l In the configuration process, when the VoIP and the IPTV services are used in a same
VLAN, you need to add the service ports of the VoIP and the IPTV services to the same
VLAN, configure the master/slave IP address for the VLAN, and bind different DHCP
domains and DHCP-server groups to the VLAN to decide how to allocate IP addresses.
That is, the VLAN is configured with two gateway. The IPTV and VoIP services coexist.

l In the configuration process, when the VoIP and IPTV services are used in different VLANs
(this configuration example considers this condition as an example), you need to make sure
that the DHCP servers used by the VoIP and IPTV services interconnect with the DHCP
L3 interface.
Figure 32-2 shows the flowchart for configuring the triple play service-multiple PVCs for
multiple services.
Figure 32-2 Flowchart for configuring the triple play service-multiple PVCs for multiple
services
Start
Internet IPTV
Select service
type
VoIP
Configure the VLAN and Configure the VLAN and Configure the VLAN and
its upstream port its upstream port its upstream port
Configure the traffic profile Configure the traffic profile Configure the traffic profile
Configure the service port Configure the service port Configure the service port
Configure DHCP Relay Configure DHCP Relay
Configure IGMP Proxy
End
Procedure
l Configure Internet service.
1. Configure the VLAN and the upstream port.
2. Configure the traffic profile.

Because VoIP, IPTV and Internet services are transmitted through the same port, it is
necessary to set the 802.1p priority for each service.
In general, the VoIP service has the highest priority, and the Internet service has the
lowest priority. In this example, set the traffic profile index as 7, and the priority of
the Internet service as 1.
huawei(config)#traffic table index 7 ip car 1024 priority 1 priority-
policy pvc-Setting

3. Configure the service port.
Add the service port to the VLAN and use the traffic profile created in the previous
step.
huawei(config)#service-port vlan 2 adsl 0/2/0 vpi 0 vci 37 rx-cttr 7 tx-
cttr 7
cttr 7
4. Save the data.

huawei(config)#save
l Configure VoIP service.

1. Create the VLAN and its upstream port.
Set the traffic profile index as 8, and the priority of the VoIP service as 6.
policy pvc-Setting
Add the service port to the VLAN, and use the traffic profile created in the previous
step.
cttr 8
cttr 8
4. Configure DHCP relay.
The VoIP service and the video service adopt DHCP mode. The DHCP option60
domain is used to differentiate the service type. In this example, set the DHCP
option60 domain of the VoIP service as voice.
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3 //The IP addresses of
the DHCP server used by the VoIP service are 20.1.1.2 and 20.1.1.3.
huawei(config)#dhcp domain voice //Please refer to the actual domain
value of the DHCP option 60
huawei(config-dhcp-domain-voice)#dhcp-server 1
huawei(config-dhcp-domain-voice)#quit
huawei(config-if-vlanif3)#dhcp domain voice gateway 10.1.1.1 //The IP
address of the DHCP L3 interface is 10.1.1.1. The IP address of the DHCP
server can be either a master IP address or a slave IP address. In this
example, the master IP address 20.1.1.2 is configured. The master IP
address 20.1.1.3 must interconnect with the DHCP L3 interface.
5. Save the data.

huawei(config)#save
l Configure IPTV service.

1. Create the VLAN and its upstream port.

In this example, set the traffic profile index as 9 and the priority of IPTV service as
5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting
CAUTION
On the MA5600, if the PVC is configured with priority, the priority of the multicast
packets borne by the PVC takes no effect.
Add the service port to the VLAN and use traffic profile 9.
cttr 9
cttr 9

In this example, set the DHCP option60 domain of the IPTV as video.
huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 //The IP addresses of
the DHCP server used by the VoIP service are 20.2.2.2 and 20.2.2.3.
huawei(config)#dhcp domain video //Please refer to the actual domain
value of the DHCP option 60
huawei(config-dhcp-domain-video)#dhcp-server 2
huawei(config-dhcp-domain-video)#quit
huawei(config-if-vlanif4)#dhcp domain video gateway 10.2.2.1 //The IP
address of the DHCP L3 interface is 10.2.2.1. The IP address of the DHCP
server can be either a master IP address or a slave IP address. In this
example, the master IP address 20.2.2.2 is configured. The slave IP
address 20.2.2.3 must interconnect with the DHCP L3 interface.
5. Configure the multicast data.

To provision video service, the multicast proxy and programs need to be set.
huawei(config)#btv
huawei(config－btv)#igmp uplink-port 0/7/0 100
huawei(config-btv)#igmp program add name BTV-1 ip 224.1.1.1 vlan 4 bind
0/7/0
0/7/0
huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1
watch
6. Save the data.

huawei(config)#save
----End

Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in the PPPoE mode.
l The VoIP user can make VoIP phones.
l The IPTV user connected to port 0/2/0 can watch all programs. and the user connected to
port 0/2/1 can watch program1 only.
32.3 Configuration Example of Triple Play - Based on the

User-Side VLAN
This example shows how to configure the triple play service - single PVC for multiple services
(based on the user-side VLAN).
Prerequisite
l All kinds of boards of the device run in the normal state.
Networking
Figure 32-3 shows a sample network for configuring the triple play service - single PVC for
multiple services.

Figure 32-3 Sample network for configuring the triple play service - single PVC for multiple
services
OSS & RADIUS Server/
Multicast Server
RADIUS Proxy
Internet NMS
TG
IP
IPTV DHCP Server
Softswitch
Router VoIP DHCP Server
BRAS
LAN Switch
A A CON
ETH
D D
G G
GE0/7/0
G G
SCU MA5600
Home gateway 1 Home gateway 2
STB STB
In the Figure 32-3, both user1 (home gateway 1) and user2 (home gateway 2) adopt the triple
play networking.
Data Plan
Table 32-3 shows the data plan for configuring the triple play service - single PVC for multiple
services.
Table 32-3 Data plan for configuring the triple play service - single PVC for multiple services
Item Data
ADGE board Service port 0/2/0 and 0/3/0. The ports use the default line profile.
VPI/VCI: 0/35

Item Data
Traffic profile CAR Internet: 1 Mbit/s

value VoIP: 1 Mbit/s
IPTV: no restriction
Upstream port 0/7/0
Upstream VLAN Internet: smart VLAN 102

VoIP: smart VLAN 103
IPTV: smart VLAN 104
User-side VLAN Internet: smart VLAN 2

VoIP: smart VLAN 3
IPTV: smart VLAN 4
DHCP VoIP:
DHCP option60 domain voice, gateway 10.1.1.1. DHCP server
group 1, IP addresses are 20.1.1.2 and 20.1.1.3.
IPTV:
DHCP option60 domain for STB video, gateway 10.2.2.1. DHCP
server group 2, IP addresses are 20.2.2.2 and 20.2.2.3.
0/7/0 with VLAN 4.
Program BTV-2, multicast address 224.1.1.2, bind upstream port
0/7/0 and VLAN 4.
Authority profile Profile 0, profile 0 can watch program BTV-1 in the program library.
IGMP user User 1 connected to port 0/2/0 can watch all programs.
User 2 connected to port 0/3/0 can watch program BTV-1 only.
Priority 802.1p priority: VoIP 6, IPTV 5, Internet 1.
Context
l DHCP option60 domain value of the STB and Ephone varies with the terminals. In the
actual application, refer to the user guides of the STB and the Ephone.
l Run the dhcp domain command to set the DHCP domain name. The configured domain
name is a character string containing no space.
l Before configuring the triple play services, make sure that the service boards and the
upstream board are added correctly.
NOTE
In this configuration, the service traffic is differentiated based on the user-side VLAN.
Figure 32-4 shows the flowchart for configuring the triple play service - single PVC for multiple
services.

Figure 32-4 Flowchart for configuring the triple play service - single PVC for multiple services
Start
Internet IPTV
Selet service
type
VoIP
upstream port upstream port upstream port
Configure the virtual port Configure the virtual port Configure the virtual port
End
Procedure
l Configure Internet service.
1. Configure the VLAN and its upstream port.
Because the VoIP, IPTV, and Internet services are transmitted through the same port,
it is necessary to set the 802.1p priority for each service.
policy pvc-Setting
step.
huawei(config)#service-port vlan 102 adsl 0/2/0 vpi 0 vci 35 multi-service
user-vlan 2 rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save



Set the traffic profile index as 8 and the priority of the VoIP service as 6.
policy pvc-Setting

step.

The VoIP service and the video service adopt DHCP mode. The DHCP option60
domain is used to differentiate the service type. In this example, set the DHCP
option60 domain of the VoIP service as voice.
huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3
huawei(config)#dhcp domain voice
huawei(config-dhcp-domain-voice)# dhcp-server 1
huawei(config-if-Vlanif103)#dhcp domain voice gateway 10.1.1.1
5. Save the data.

huawei(config)#save


In this example, set the traffic profile index as 9, the priority of IPTV service as 5.
pvc-Setting

step.

CAUTION

In this example, set the DHCP option60 domain of the IPTV service as video.
huawei(config)#dhcp domain video
huawei(config-dhcp-domain-video)#quit
huawei(config-if-vlanif104)#dhcp domain video gateway 10.2.2.1
5. Set multicast data.

To provision the IPTV service, the multicast proxy and programs need to be set.
huawei(config)#btv
huawei(config-btv))#igmp mode proxy

0/7/0
0/7/0
watch
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 user-vlan 4 no-auth

max-program 8
huawei(config-btv)#igmp user add port 0/3/0 adsl 0 35 user-vlan 4 auth
6. Save the data.

huawei(config)#save
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l The Internet user can realize dial-up access to the Internet in PPPoE mode.
l The VoIP user can make VoIP phones.
l The IPTV user connected to port 0/2/0 can watch all programs. The user connected to port
0/3/0 can watch program BTV-1 only.
32.4 Configuration Example of Triple Play - Based on 802.1p

This operation shows how to configure the triple play service by means of single PVC for
multiple services based on 802.1p.

Prerequisite
l All boards are in the normal state.
Networking
Figure 32-5 shows a sample network for configuring the triple play service by means of single
PVC for multiple services.
Figure 32-5 Sample network for configuring the triple play service by means of single PVC for
multiple services
OSS & RADIUS Server/
Multicast Server
RADIUS Proxy
Internet NMS
TG
IP
IPTV DHCP Server
Softswitch
Router VoIP DHCP Server
BRAS
LAN Switch
A A CON
ETH
D D
G G
GE0/7/0
G G
SCU MA5600
Home gateway 1 Home gateway 2
STB STB
In Figure 32-5, both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play
networking.

Data Plan
Table 32-4 shows the data plan for configuring the triple play service by means of single PVC
for multiple services.
Table 32-4 Data plan for configuring the triple play service by means of single PVC for multiple
services
Item Data
ADGE Service ports 0/2/0 and 0/3/0 applies the default line profile.
VPI/VCI: 0/35
Traffic profile CAR Internet service: 1 Mbit/s

value VoIP service: 1 Mbit/s
IPTV service: not limited
Upstream port 0/7/0
Upstream VLAN Internet service: smart VLAN 102

VoIP service: smart VLAN 103
IPTV service: smart VLAN 104
User VLAN Internet service: smart VLAN 2

VoIP service: smart VLAN 3
User-side 802.1p Internet service: 2

VoIP service: 3
IPTV service: 4
DHCP VoIP:
l DHCP option60 domain: voice gateway: 10.1.1.1
l DHCP server group: 1
l IP addresses of DHCP server group 1: 20.1.1.2 and 20.1.1.3
IPTV:
l DHCP option60 domain of STB: video
l Gateway: 10.2.2.1
l DHCP server group: 2
l IP addresses of DHCP server group 2: 20.2.2.2 and 20.2.2.3
0/7/0 with VLAN 4.
Program BTV-2, multicast address 224.1.1.2, bind upstream port
0/7/0 and VLAN 4.
Authority profile Profile 0: Profile 0 has the authority to watch program BTV-1.

Item Data
IGMP user User1: Port 0/2/0 can watch all the programs.
User2: Port 0/3/0 can watch only BTV-1.
Priority 802.1p priority:

l VoIP: 6
l IPTV: 5
l Internet: 1
Context
l DHCP option60 domain value of the STB and IP phone varies with the terminals. In the
actual application, refer to the user guides of the STB and the IP phone.
l Run the dhcp domain command to set the DHCP domain name. The domain name is a
character string containing no space.
l Before configuring the service, make sure that service boards and the upstream board have
been added correctly.
NOTE
In this configuration, the service traffic is differentiated based on the user-side VLAN.
Figure 32-6 shows the flowchart for configuring the triple play service-single-PVC for multi-
service.
Figure 32-6 Flowchart for configuring the triple play service-single-PVC for multi-service
Start
Internet IPTV
Selet service
type
VoIP
upstream port upstream port upstream port
Configure the virtual port Configure the virtual port Configure the virtual port
End

Procedure
l Configure the Internet service.

Because the VoIP, IPTV, and Internet services are transmitted through the same port,
it is necessary to set the 802.1p priority for each service.
policy pvc-Setting

step.
user-8021p 2 user-vlanuser-vlan 2 rx-cttr 7 tx-cttr 7
user-8021p 2 user-vlan 2 rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save
l Configure the VoIP service.


In this example, set the traffic profile index as 8 and the priority of the VoIP service
as 6.
policy pvc-Setting

step.
4. Set DHCP relay.

The VoIP service and VoIP service adopt DHCP mode. The DHCP option60 domain
is used to differentiate the service type. In this example, set the DHCP option60
domain of the VoIP service as voice.
huawei(config)#dhcp domain voice //


huawei(config-if-vlanif103)#dhcp domain voice gateway 10.1.1.1
5. Save the data.

huawei(config)#save
l Configure the IPTV service.


In this example, set the traffic profile index as 9 and the priority of the VoIP service
as 5.
pvc-Setting

step.
CAUTION
4. Set DHCP relay.

In this example, set the DHCP optio60 domain of the IPTV service as video.
huawei(config-dhcp-domain-video)# dhcp-server 2

To provision the IPTV service, the multicast proxy and programs need to be set.
huawei(config)#btv

0/7/0
0/7/0


watch
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 user-vlan 4 no-auth

max-program 8
huawei(config-btv)#igmp user add port 0/3/0 adsl 0 35 user-vlan 4 auth
6. Save the data.

huawei(config)#save
----End
Result
After the configuration, the triple play service (Internet, VoIP, and IPTV) is available.
l Internet users can access the Internet through PPPoE dial-up.
l VoIP users can set conversation to each other.
l IPTV users: the user connected at port 0/2/0 can watch all the programs, and the user
connected at 0/3/0 can watch BTV-1 only.
32.5 Configuration Example of the Triple Play Service -

Based on the Service Encapsulation Type
This operation enables you to configure the triple play service - single PVC for multiple services
(based on the service encapsulation type). Users connect to multiple terminals through the home
gateway to implement multiple services, such as Internet, VoIP and IPTV services.
Prerequisite
l All boards of the device run in the normal state.
Networking
Figure 32-7 shows the sample network for configuring the triple play service - single PVC for
multiple services (based on the service encapsulation type).
In this figure, both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play
networking. The Internet, VoIP, and IPTV services use the same PVC to carry the service stream.
After different service stream accesses the MA5600, the MA5600 differentiates the services
based on the service encapsulation type. The MA5600 provides different QoS for the service
streams based on the traffic priorities in the PVC. The Internet service adopts the PPPoE mode.
The VoIP and IPTV services adopt the DHCP mode and obtain IP addresses in DHCP standard
mode from the DHCP server.

Figure 32-7 Sample network for configuring the triple play service - single PVC for multiple
services (based on the service encapsulation type)
OSS & RADIUS server/

Multicase sever RADIUS proxy
Internet
I NM
S
TG
IP IPTV DHCP server
Softswitch
Router VoIP DHCP server
BRAS
LAN switch
A A CON
ETH
D D
E E
GE0/7/0
F F
SCU MA5600
HG 1 HG 2
STB STB
Data Plan
Table 32-5 lists the data plan for configuring the triple play service - single PVC for multiple
services (based on the service encapsulation type).
Table 32-5 Data plan for configuring the triple play service - single PVC for multiple services
(based on the service encapsulation type)
Item Data
ADGE Service ports 0/2/0 and 0/3/0 adopt the default line profile.
VPI/VCI: 0/35
CAR in the Internet service: 1 Mbit/s

traffic profile VoIP service: 1 Mbit/s
IPTV service: no restriction
Uplink port 0/7/0

Item Data
Upstream Internet service: smart VLAN 102

VLAN VoIP service: smart VLAN 103
Service Internet service: PPPoE

encapsulatio VoIP service: IPoE
n type
IPTV service: IPoE
DHCP VoIP: DHCP option60 domain is "voice", and gateway is 10.1.1.1

IP addresses of DHCP server group 1: 20.1.1.2 and 20.1.1.3
IPTV: DHCP option60 domain for the set top box (STB) is "video", and
gateway is 10.2.2.1
IP addresses of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program Program BTV-1, with the multicast address of 224.1.1.1. It is bound with
library uplink port 0/7/0 and VLAN 4.
Program BTV-2, with the multicast address of 224.1.1.2. It is bound with
uplink port 0/7/0 and VLAN 4.
Authority Sets profile 0 with the authority to watch program BTV-1.

profile
IGMP user User 1 connecting to port 0/2/0 can watch all programs.
User 2 connecting to port 0/3/0 can watch only program TV-1.
Priority 802.1p priority is adopted. The priority of the VoIP service is 6. The priority
of the IPTV service is 5. The priority of the Internet service is 1.
Figure 32-8 shows the flowchart for configuring the triple play service - single PVC for multiple
services (based on the service encapsulation type).

Figure 32-8 Flowchart for configuring the triple play service - single PVC for multiple services
(based on the service encapsulation type)
Start
Internet IPTV
Select service
type
VoIP
its upstream port its upstream port its upstream port
Configure the service port Configure the service port Configure the service port
End
Procedure
l Configure the Internet service.
1. Configure a VLAN and add it to the uplink port.
Since the VoIP, IPTV, and Internet services are transmitted through the same port, it
is necessary to set the 802.1p priority for each service.
policy pvc-Setting
step.
user-encp pppoe rx-cttr 7 tx-cttr 7
user-encp pppoe rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save


Set the traffic profile index as 8, and the 802.1p priority of the VoIP service as 6.
policy pvc-Setting
step.
user-encp ipoe rx-cttr 8 tx-cttr 8
user-encp ipoe 3 rx-cttr 8 tx-cttr 8
The voice and the video services adopt the DHCP access mode. The DHCP option60
domain is used to classify different service types. In this example, set the DHCP
domain of the VoIP service as "voice".
huawei(config)#dhcp domain voice //Refer to the actual domain value of
DHCP Option 60
5. Save the data.

huawei(config)#save

In this example, set the traffic profile index as 9 and the 802.1p priority of the VoIP
service as 5.
pvc-Setting
Add the service port to the VLAN and use traffic profile 9.
huawei(config)#service-port 100 vlan 104 adsl 0/2/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 9 tx-cttr 9
huawei(config)#service-port 101 vlan 104 adsl 0/3/0 vpi 0 vci 35 multi-
service user-encp ipoe rx-cttr 9 tx-cttr 9

CAUTION
On the MA5600, if the PVC is configured with a priority, the priority of the multicast
packets carried by the PVC takes no effect.

Set the DHCP relay data of the video service and set the DHCP option60 domain as
"video".
huawei(config)#dhcp domain video //Refer to the actual domain value of
DHCP Option 60
huawei(config-dhcp-domain-video)# dhcp-server 2

huawei(config)#btv

0/7/0
0/7/0
watch
huawei(config-btv)#igmp user add port 0/2/0 adsl 0 35 user-encp ipoe no-

auth max-program 8
huawei(config-btv)#igmp user add port 0/3/0 adsl 0 35 user-encp ipoe auth
6. Save the data.

huawei(config)#save
----End
Result
After the configuration, the triple play service (Internet, VoIP and IPTV services) is available.
l The Internet user can access the Internet in PPPoE dialup mode.
l The VoIP user can make and receive phone calls.
l The IPTV user: The user connecting to port 0/2/0 can watch all the programs, and the user
connecting to port 0/3/0 can watch only program BTV-1.

Configuration Guide 33 Configuring the Ethernet OAM
33 Configuring the Ethernet OAM
About This Chapter
This chapter describes the Ethernet OAM technology and how to configure Ethernet OAM on
the MA5600.
33.1 Overview
This chapter describes Ethernet Operation Administration & Maintenance (OAM) and its
application to the MA5600.
33.2 Configuration Example of Ethernet OAM
This example shows how to configure the Ethernet OAM on the MA5600.
33.3 Creating an MD
This operation enables you to create an Maintenance Domain (MD).
33.4 Creating an MA
This operation enables you to create a Maintenance Association (MA).
33.5 Creating an MEP
This operation enables you to create an Maintenance association End Point (MEP).
33.6 Creating an RMEP
This operation enables you to create a Remote Maintenance association End Point (RMEP).
33.7 Enabling the CFM Globally
This operation enables the Connectivity Fault Management (CFM) globally.
33.8 Enabling the CFM Alarm Globally
This operation enables the CFM alarm globally.
33.9 Enabling the Administration Function of an MEP
This operation enables the administration function of an MEP.
33.10 Enabling the CC Transmission of an MEP
This operation enables the Continuity Check (CC) transmission of an MEP.
33.11 Enabling the Global Detection Function of an RMEP
This operation enables the global detection function of a Remote Maintenance association End
Point (RMEP).

33 Configuring the Ethernet OAM Configuration Guide
33.12 Enabling RMEP Detection Function

This operation enables the detection function of the RMEP.
33.13 Configuring Priorities for Transmitting CCMs/LTMs
This operation enables you to configure priorities for transmitting Continuity Check Messages
(CCMs)/LinkTrace Messages (LTMs) of an MEP.
33.14 Configuring the Interval for an MA to Transmit a CC
This operation enables you to configure the interval for an MA to transmit a CC.
33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs
This operation enables you to configure the base address of multicast destination MAC addresses
of CCMs/LTMs. To send CCMs/LTMs, an MEP must be specified with a multicast address.
Because the protocol does not specify the format of it, the multicast address is configurable to
enhance the intercommunication and compatibility of the MA5600.
33.16 Configuring Loop Detection Function
Loopback Message (LBM) helps an MEP to locate a fault in an MA. This operation enables you
to configure the loop detection function.
33.17 Configuring Linktrace Function
LTMs are used to detect the Maintenance domain Intermediate Point (MIP) path between two
MEPs. This operation enables you to configure an LTM.

33.1 Overview
This chapter describes Ethernet Operation Administration & Maintenance (OAM) and its
application to the MA5600.
Service Description
OAM is an effective method to reduce the cost on network maintenance and it connects to the
access convergence network through the upstream network port. OAM starts from or terminates
at the upstream network port. You can perform OAM configuration management through NMS.
NMS maintains the network based on the reported information on OAM status and alarms.
For details on the Ethernet OAM protocol, refer to the chapter "Ethernet OAM" in the Feature
Description.
IEEE P802.1ag CFM provides an end-to-end fault detection method.
CFM defines the process for diagnosing a fault in an Ethernet domain. CFM is a multipoint-to-
multipoint application scenario and it provides end-to-end fault detection and diagnosis for the
entire Ethernet network.
The MA5600 supports Ethernet OAM mechanism of CFM protocol, including fault detection
and diagnosis methods, including connectivity check, loop detection and link trace.
33.2 Configuration Example of Ethernet OAM

This example shows how to configure the Ethernet OAM on the MA5600.
Networking
Figure 33-1 shows a sample network for configuring Ethernet OAM.
Figure 33-1 Sample network for configuring Ethernet OAM
Router
0 / 7/ 0 0 / 7 /1
MA5600_A MA5600_B
Data Plan
Table 33-1 lists the data plan for configuring Ethernet OAM.

Table 33-1 Data plan for configuring Ethernet OAM

Item Data
MA5600_A Port: 0/7/0

Smart VLAN: 100
MEP: 2/6/0, MEP-id: 260, RMEP-id: 2260, CC-interval: 1m
MA5600_B Port: 0/7/1

Smart VLAN: 200
MEP: 2/6/0, MEP-id: 2260, RMEP-id: 260, CC-interval: 1m
Context
Before configuring the Ethernet OAM, make sure that:
l The network devices and the lines are normal.
l The router supports Ethernet OAM.
Figure 33-2 shows the flowchart for configuring Ethernet OAM.

Figure 33-2 Flowchart for configuring Ethernet OAM
Start
Create and configure a VLAN
Configure an MD
Configure an MA
Configure an MEP
Configure a RMEP
Set interval for the MA to transmit

CCMs (Optional)
Enable local CFM function globally
Enable remote CFM function

globally
Save the data
End
Procedure
Step 1 Create and configure a VLAN.
Step 2 Configure an MD.

huawei(config)#cfm md 2 name-format string huawei level 3
Step 3 Configure an MA.

huawei(config)#cfm ma 2/6 name-format string huawei-6 vlan 100
Step 4 Configure an MEP.

huawei(config)#cfm mep 2/6/0 mepid 260 direction outward port
0/7/0 priority 7
Step 5 Configure an RMEP.

huawei(config)#cfm remote-mep 2/6/0 remote-mepid 2260

Step 6 (Optional) Set the interval for the MA to transmit CCMs.

huawei(config)#cfm ma 2/6 cc-interval 1m
Step 7 Enable the local CFM globally.

huawei(config)#cfm enable
Step 8 Enable the remote CFM globally.

huawei(config)#cfm remote-mep-detect enable

huawei(config)#save
NOTE
Configuration on MA5600_B is the same as that on MA5600_A and it is not repeated here.
----End
Result
After the configuration, run the display cfm statistics mep command on the MA5600_A or
MA5600_B and you can find packet statistics. Of the statistics, neither "CCM Sent Pkt Num"
nor "CCM Received Pkt Num" values zero.
33.3 Creating an MD
This operation enables you to create an Maintenance Domain (MD).
Context
l Ethernet CFM provides a fault diagnosis process in an Ethernet domain. It divides the
network into up to eight levels. Multiple levels can exist on a bridge simultaneously to
manage different MDs.
l Up to three MDs can be created in the system.
l The administration domain of CFM comprises bridges while the maintenance domain is
combined by bridges and maintenance levels.
TIP
Huawei recommends classifying the administrator domain into three levels: customer domain, provider
domain and operator domain that use 7-5, 4-3 and 2-0 levels respectively.
Procedure
Step 1 Run the cfm md command to create an MD.
Step 2 Run the display cfm md command to query the configuration state of the MD.
----End
Example
Assume that:
l MD index: 2
l Name type: string

l Name: huawei
l Level: 3
To create the MD, do as follows:
huawei(config)#cfm md 2 name-format string huawei level 3
huawei(config)#display cfm md
{ <cr>|mdindex<0,2> }:
Command:
display cfm md
-----------------------------------------------------------------------
MD MD MD MD
Index NameType Name Level
-----------------------------------------------------------------------
0 dns 1 7
1 dns feifei 6
2 string huawei 3
-----------------------------------------------------------------------
Total: 3
Related Operation
Table 33-2 lists the related operation for creating an MD.
Table 33-2 Related operation for creating an MD

Delete an MD undo cfm md The deleted MD must not be

configured with any MA.
33.4 Creating an MA
This operation enables you to create a Maintenance Association (MA).
Context
l The created MA must belong to an existing MD and associate with an existing VLAN. The
VLAN must not associate with any other MA.
l By default, the interval for sending a CCM is 60s.
l By default, detection of the remote MEP in an MA is enabled.
l The system supports 48 MAs and each MD can be configured with up to 48 MAs.
Procedure
Step 1 Run the cfm ma command to create an MA.
Step 2 Run the display cfm md command to query the configuration state of the MA.
----End
Example
Assume that:

l MA index: 2/47
l MA name type: string
l MA name: huawei-ma-10
l MA VLAN ID: 20
To create the MA, do as follows:
huawei(config)#cfm ma 2/10 name-format string huawei-ma-10 vlan 20
huawei(config)#display cfm ma 2/10
MA Index : 2/10
MA NameType : string
MA Name : huawei-ma-10
MA VlanID : 20
MA CC Interval : 1m
MA Remote-mep-detect : enable
Related Operation
Table 33-3 lists the related operations for creating an MA.
Table 33-3 Related operations for creating an MA
Delete an MA undo cfm ma The deleted MA must not be

configured with any MEP or
RMEP.
Configure the interval cfm ma cc-interval You can configure only the
for an MA to send CCMs created MA.
Enable the detection of cfm ma remote-mep-detect

remote MEP in an MA enable
33.5 Creating an MEP

This operation enables you to create an Maintenance association End Point (MEP).
Context
l MA consists of Maintenance Points (MPs) and MP is defined to be on bridge ports.
Therefore, MP is a combination of bridge port, VLAN and maintenance level.
l MP can be an MEP or an MIP. MEP initiates and responds to CFM messages while MIP
does not initiate CFM messages but transparently transmits or responds to CFM messages.
l Currently, ports on the MA5600 can function only as MEP.
l Only one MEP can be created within an MA.
l By default, the administrative state of MEP is enabled, the priority of CFM message is 7
and the transmission of CCMs is enabled.
l To create an MEP, the associated MD and MA must be created successfully. Moreover, on
the VLAN that associates with the MA, there must be a port to be associated with the created
MEP.

Procedure
Step 1 Run the cfm mep command to create an MEP.
Step 2 Run the display cfm mep command to query the configuration state of the MEP.
----End
Example
Assume that:
l MEP index: 2/4/0
l MEP ID: 100
l MEP direction: outward
l MEP port: 0/15/0
l MEP priority: 5
To create the MEP, do as follows:
huawei(config)#cfm mep 2/4/0 mepid 100 direction outward port 0/15/0 priority 5
huawei(config)#display cfm mep
2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Direction : outward
MEP Port : 0/15/0
MEP Admin Status : enable
MEP CC Status : enable
MEP Priority : 5
MEP Alarm Status : -
Related Operation
Table 33-4 lists the related operation for creating an MEP.
Table 33-4 Related operation for creating an MEP
Delete an MEP undo cfm mep
33.6 Creating an RMEP

This operation enables you to create a Remote Maintenance association End Point (RMEP).
Context
l Unique MEP IDs must exist in an MA.
l A local MEP can be associated with up to six RMEPs.

l MEPs that are mutually remote to each other must be in the same MA.
Procedure
Step 1 Run the cfm remote-mep command to create an RMEP.
Step 2 Run the display cfm ma command to query the configuration state of the MEP.
----End
Example
To create an RMEP with remote-mepid 200 for local MEP 2/4/0, do as follows:
huawei(config)#cfm remote-mep 2/4/5 remote-mepid 200
MA Index : 2/4
MA VlanID : 50
MA CC Interval : 1m
-----------------------------------------------------------------------
MEP MEP MEP Admin CC Alarm
Index MEPID Direction Port Status Status Priority Status
-----------------------------------------------------------------------
2/4/0 100 outward 0/7/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
Remote MEP Remote MEP Remote MEP
Index MEPID Mac-address
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1
Related Operation
Table 33-5 lists the related operation for creating an RMEP.
Table 33-5 Related operation for creating an RMEP
Delete an RMEP undo cfm remote-mep
33.7 Enabling the CFM Globally

This operation enables the Connectivity Fault Management (CFM) globally.
Context
l When the CFM is enabled, the CFM packets are to be captured and the functions of
Continuity Check, loop detection and linktrace are enabled.

l When the CFM is disabled, the CFM packets should not be captured and the functions of
Continuity Check, loop detection and linktrace are enabled.
l By default, the CFM is disabled.
Procedure
Step 1 Run the cfm enable command to enable the CFM globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End
Example
To enable the CFM globally, do as follows:
huawei(config)#cfm enable
huawei(config)#display cfm
{ <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : enable
Remote-mep-detect Status : disable
Alarm Status : enable
CC/LT Base-mac-address : 0180-c200-0100
Related Operation
Table 33-6 lists the related operation for enabling the CFM globally.
Table 33-6 Related operation for enabling the CFM globally

Disable CFM switch globally cfm disable
33.8 Enabling the CFM Alarm Globally

This operation enables the CFM alarm globally.
Context
l When the CFM alarm is enabled, alarms detected by the CFM are reported.
l When the CFM is disabled, alarms detected by the CFM are not reported.
l By default, the CFM alarm is enabled globally.
Procedure
Step 1 Run the cfm alarm enable command to enable the CFM alarm globally.
Step 2 Run the display cfm command to query the configuration state of the CFM.
----End

Example
To enable the CFM alarm globally, do as follows:
huawei(config)#cfm alarm enable
Command:
display cfm
Related Operation
Table 33-7 lists the related operation for enabling CFM alarm globally
Table 33-7 Related operation for enabling CFM alarm globally

Disable the CFM alarm globally cfm alarm disable
33.9 Enabling the Administration Function of an MEP

This operation enables the administration function of an MEP.
Context
l MEP administrative state identifies the availability of MEP function. When the
administrative function of an MEP is disabled, the MEP is unable to send and receive
CCMS. The loop detection function and linktrace functions are not permitted.
l By default, the administration function of an MEP is enabled.
Procedure
Step 1 Run the cfm mep enable command to enable the administration function of an MEP.
----End
Example
To enable the administration function of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 enable
huawei(config)#display cfm mep 2/4/0
Command:
display cfm mep 2/4/0
MEP Index : 2/4/0
MEP ID : 100
MEP Port : 0/7/0


MEP Priority : 5
Related Operation
Table 33-8 lists the related operation for enabling the administration function of an MEP.
Table 33-8 Related operation for enabling the administration function of an MEP
Disable the administration function of cfm mep disable

an MEP
33.10 Enabling the CC Transmission of an MEP

This operation enables the Continuity Check (CC) transmission of an MEP.
Context
By default, the CC transmission of an MEP is enabled.
Procedure
Step 1 Run the cfm mep cc enable command to enable the CC transmission of an MEP.
----End
Example
To enable the CC transmission of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 cc enable
MEP Index : 2/4/0
MEP ID : 100
MEP Port : 0/7/0
MEP Priority : 5
Related Operation
Table 33-9 lists the related operation for enabling the CC transmission of an MEP.

Table 33-9 Related operation for enabling the CC transmission of an MEP
Disable the CC transmission of an MEP cfm mep cc disable
33.11 Enabling the Global Detection Function of an RMEP

This operation enables the global detection function of a Remote Maintenance association End
Point (RMEP).
Context
l The global detection function of an RMEP is used to avoid unnecessary alarm at the period
of network CFM configuration, due to that the CFM function is enabled on each node at
different times.
l By default, the global detection function of an RMEP is disabled.
l The system detects the RMEP configured in the MA of the MEP, and generates alarm on
the CC packet loss and RDI, when the following four conditions are met:
– CFM is enabled globally.
– The global detection function of the RMEP is enabled.
– MEP of each administrative state is enabled.
– The detection function of the remote MEP of the MA corresponding to each
administrative state is enabled.
Procedure
Step 1 Run the cfm remote-mep-detect enable command to enable the global detection function of
an RMEP.
Step 2 Run the display cfm command to query the configuration of the CFM.
----End
Example
To enable the global detection function of an RMEP, do as follows:
huawei(config)#cfm remote-mep-detect enable
huawei(config)#display cfm { <cr>|md<K>|ma<K>|mep<K>|statistics<K> }:
Command:
display cfm
CFM Global Status : disable
Related Operation
Table 33-10 lists the related operation for enabling the global detection function of an RMEP.

Table 33-10 Related operation for enabling the global detection function of an RMEP
Disable the global detection function of cfm remote-mep-detect disable

an RMEP
33.12 Enabling RMEP Detection Function

This operation enables the detection function of the RMEP.
Context
l When the detection function of the RMEP is enabled, the RMEP configured in the MA is
detected. Alarms are generated when the CC loss or RDI error occurs.
l When the detection function of the RMEP is disabled, the RMEP configured in the MA is
not detected.
l By default, the detection function of the RMEP is enabled.
Procedure
Step 1 Run the cfm ma remote-mep-detect enable command to enable the detection function of the
RMEP.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To enable the detection function of MA 2/4, do as follows:
huawei(config)#cfm ma 2/4 remote-mep-detect enable
MA Index : 2/4
MA VlanID : 50
MA CC Interval : 1m
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/0 100 outward 0/7/0 enable enable 5 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1

Related Operation
Table 33-11 lists the related operation for enabling detection function of the RMEP.
Table 33-11 Related operation for enabling detection function of the RMEP
Disable the detection of the RMEP cfm ma remote-mep-detect disable
33.13 Configuring Priorities for Transmitting CCMs/LTMs

This operation enables you to configure priorities for transmitting Continuity Check Messages
(CCMs)/LinkTrace Messages (LTMs) of an MEP.
Context
The priority for transmitting CCMs/LTMs of an MEP ranges 0-7. The smaller the priority value,
the higher priority. By default, the priority for transmitting CCMs/LTMs of an MEP is 7.
Procedure
Step 1 Run the cfm mep priority command to configure the priorities for transmitting CCMS/LTMs
of an MEP.
----End
Example
To set the priorities for transmitting CCMs/LTMs of MEP 2/4/0 to 3, do as follows:
huawei(config)#cfm mep 2/4/0 priority 3
MEP Index : 2/4/0
MEP ID : 100
MEP Port : 0/7/0
MEP Priority : 3
Related Operation
Table 33-12 lists the related operation for configuring the priorities for transmitting CCMs/
LTMs of an MEP.

Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of
an MEP
Enable the administration function of an cfm mep enable

MEP
33.14 Configuring the Interval for an MA to Transmit a CC

This operation enables you to configure the interval for an MA to transmit a CC.
Prerequisite
Before you configure the interval, the CC transmission state of MEPs in the MA must be disabled.
Context
l By default, the interval for an MA management entity to transmit a CC is 1 minute.
l At present, the MA5600 supports intervals of 1 minute and 10 minutes.
Procedure
Step 1 Run the cfm ma cc-interval command to configure the interval for an MA to transmit a CC.
Step 2 Run the display cfm ma command to query the configuration state of the MA.
----End
Example
To set the interval for an MA to send a CC to 10 minutes, do as follows:
huawei(config)#cfm ma 2/4 cc-interval 10m
MA Index : 2/4
MA VlanID : 50
MA CC Interval : 10m
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/0 100 outward 0/7/0 enable disable 3 -
-----------------------------------------------------------------------
Total: 1
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2/4/5 200 -
-----------------------------------------------------------------------
Total: 1

Related Operation
Table 33-13 lists the related operation for configuring the interval for an MA to transmit a CC.
Table 33-13 Related operation for configuring the interval for an MA to transmit a CC
Configure CC transmission state of an cfm mep cc { enable | disable }

MEP
33.15 Configuring the Base Address of Multicast

Destination MAC Addresses of CCMs/LTMs
This operation enables you to configure the base address of multicast destination MAC addresses
of CCMs/LTMs. To send CCMs/LTMs, an MEP must be specified with a multicast address.
Because the protocol does not specify the format of it, the multicast address is configurable to
enhance the intercommunication and compatibility of the MA5600.
Context
l By default, the base multicast destination MAC address is 0180-C200-0000.
l Currently, the format of the base MAC address is 0180-C2xx-xxx0. The part of 0180-C2
is specified in the protocol and the part of xxx-xxx in the middle must be configured.
NOTE
The base address of multicast destination MAC addresses refers to the addresses of MEPs in different MDs.
The multicast addresses used for sending the CCMs/LTMs are derived from the base multicast destination
MAC address by changing the last digit of it. The last digit of the multicast address used by MEP to send
CCMs should be consistent with the MD level (0–7)to which it beglogs, while that used by the MEP to
LTMS match the MD level plus 8 (8–F).
Procedure
Step 1 Run the cfm base-mac-address command to configure the base multicast destination MAC
address.
Step 2 Run the display cfm command to query the configuration status of the CFM.
----End
Example
To configure the base multicast destination MAC address as 0180-C211-1110, do as follows:
huawei(config)#cfm base-mac-address 0180-C211-1110
Command:
display cfm

33.16 Configuring Loop Detection Function

Loopback Message (LBM) helps an MEP to locate a fault in an MA. This operation enables you
to configure the loop detection function.
Prerequisite
Before enabling the MEP loop detection function, you must enable the CFM function globally
and enable the administrative state of the corresponding MEP.
Context
l LBM is a unicast message and the unicast MAC address is the address of MEP or MIP
discovered by CC or linktrace (LT). The MEP at the source end generates an LBM and the
index of destination MEP is added into the LBM. By generating an LBM, the MEP activates
the timer to calculate the time. When the destination MEP receives the LBM, it sends a
Loopback Reply (LBR) to the source MEP. The loopback is successful.
l By default, the count of LBMs to be sent is 4; the interval for sending LBMs is 1 x 100 ms;
the priority of LBM is the same as that of CCM.
Procedure
Step 1 Run the cfm loopback command to configure the loop detection function.
Step 2 Run the display cfm statistics command to query the statistics of CFM.
----End
Example
Assume that:
l Count of LBMs: 5
l Interval: 1000 ms
l Priority: 6
To configure that LBM from MEP 2/4/0 is sent to the equipment with the MAC address
0000-0000-0009, do as follows:
huawei(config)#cfm loopback mep 2/4/0 dst-mac-address 0000-0000-0009 count 5
interval 10 priority 6
LBR Lost : Sequence-Num = 1
LB Operation: LBM-Sent = 4 , LBR-Received = 0 , LBR-Lost = 4
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0

LBM DstMac Mismatch Drop Num : 0

LBR Sent Pkt Num : 0
LBR Received Pkt Num : 0
LBR Out of Order Num : 0
LBR Wrong Pattern Drop Num : 0
LBR Not Work Drop Num : 0
LBR DstMAC Mismatch Drop Num : 0
LBR SrcMAC Mismatch Drop Num : 0
LBR Wrong TransID Drop Num : 0
LBR Level Mismatch Drop Num : 0
LTM Sent Pkt Num : 0
LTM Received Pkt Num : 0
Related Operation
Table 33-14 lists the related operations for configuring loop detection function.
Table 33-14 Related operations for configuring loop detection function
Configure linktrace function cfm link-trace
Enable administration function of CFM cfm enable

globally
Enable the administration of an MEP cfm mep enable
33.17 Configuring Linktrace Function

LTMs are used to detect the Maintenance domain Intermediate Point (MIP) path between two
MEPs. This operation enables you to configure an LTM.
Context
l An LTM is the message with a known multicast address. But LTM is not multicasted and
additional information on the message indicates the destination MAC address of the MEP.
When the LTM is forwarded by MPs to the destination MEP in a unicast way, each MP
along the path responds an LTR to the source MEP. In this way, the source MEP obtains
the information on MPs along the transmission path and records the MAC addresses of
these MPs.
l By default, the priority of an LTM is the same as that of a CCM.
l Before enabling the loop detection of an MEP, you must enable CFM function globally
and enable the administration of the corresponding MEP.
Procedure
Step 1 Run the cfm link-trace command to configure Linktrace function.
Step 2 Run the display cfm statistics command to query the statistics of CFM packets.
----End

Example
To set that LT packet from MEP 0/2/4 is sent to the equipment with MAC address
0000-0000-0001 and the priority is 6, do as follows:
huawei(config)#cfm link-trace mep 2/4/0 dst-mac-address 0000-0000-0001 priority
6
huawei(config)#display cfm statistics mep 2/4/0
Command:
display cfm statistics mep 2/4/0
CCM Sent Pkt Num : 5037
CCM Received Pkt Num : 0
CCM Xcon Pkt Received Num : 0
CCM Error Pkt Received Num : 0
CCM Wrong Pattern Drop Num : 0
LBM Sent Pkt Num : 9
LBM Received Pkt Num : 0
LBM Wrong Pattern Drop Num : 0
LBM DstMac Mismatch Drop Num : 0
LBR Sent Pkt Num : 0
LBR Received Pkt Num : 0
LBR Out of Order Num : 0
LBR Wrong Pattern Drop Num : 0
LBR Not Work Drop Num : 0
LBR DstMAC Mismatch Drop Num : 0
LBR SrcMAC Mismatch Drop Num : 0
LBR Wrong TransID Drop Num : 0
LBR Level Mismatch Drop Num : 0
LTM Sent Pkt Num : 1
LTM Received Pkt Num : 0
Related Operation
Table 33-15 lists the related operations for configuring Linktrace function.
Table 33-15 Related operations for configuring Linktrace function

Configure loop detection function cfm loopback
Enable administration of CFM globally cfm enable
Enable administration of an MEP cfm mep enable

Configuration Guide 34 Configuring the MPLS OAM
34 Configuring the MPLS OAM
About This Chapter
This chapter describes the MPLS OAM technology and how to configure the service on the
MA5600.
34.1 Overview
This section describes the MPLS OAM function and its applications on the MA5600.
34.2 Configuration Example of Detection of MPLS OAM for Static LSP Connectivity
This example shows how to configure the function of MPLS OAM to detect the static LSP
connectivity.
34.3 Configuration Example of MPLS OAM Protection Switchover
This example shows how to configure MPLS OAM protection switchover.
34.4 Configuring the MPLS OAM Function of the Ingress
This operation enables you to configure the MPLS OAM function of the ingress.
34.5 Configuring the MPLS OAM Function of the Egress
This operation enables you to configure the MPLS OAM function of the egress.
34.6 Configuring the Tunnel Protection Group
This operation enables you to configure the tunnel protection group.
34.7 Switching Over Protection Group Manually
This operation enables you to switch over the protection group manually. In this case, the traffic
in the protection group can be switched over to the related channel.
34.8 Enabling the Protection Group to Output the Debugging Information
This operation enables the protection group to output the debugging information.

34 Configuring the MPLS OAM Configuration Guide
34.1 Overview
This section describes the MPLS OAM function and its applications on the MA5600.
Service Description
Operation Administration & Maintenance (OAM) is a key method to reduce the network
maintenance cost. The MPLS OAM mechanism is designed for this purpose.
MPLS supports multiple layer 2 (L2) and layer 3 (L3) protocols. It provides the OAM mechanism
independent of any upper or lower layer.
By the MPLS OAM mechanism, the MA5600 detects and locates effectively the defects inside
the network at the MPLS layer. Then, it reports and handles the defects. When the fault occurs,
the system triggers the protection switchover.
34.2 Configuration Example of Detection of MPLS OAM for

Static LSP Connectivity
This example shows how to configure the function of MPLS OAM to detect the static LSP
connectivity.
Networking
Figure 34-1 shows a sample network of detection of MPLS OAM for static LSP connectivity.
Figure 34-1 Sample network of detection of MPLS OAM for static LSP connectivity
Tunnel 10
Tunnel-id 10
LSR-id
4.4.4.4/32
10.1.1.2/24 10.1.4.1/24
Router B
10.1.1.1/24 Tunnel 20 10.1.4.2/24

Tunnel-id 20
LSR-id Router A LSR-id
1.1.1.1/32 3.3.3.3/32
10.1.2.1/24 10.1.2.2/24 10.1.3.1/24 10.1.3.2/24
MA5600_A LSR-id MA5600_B

2.2.2.2/32

Data Plan
Table 34-1 shows the data plan for detection of MPLS OAM for static LSP connectivity.
Table 34-1 Data plan for detection of MPLS OAM for static LSP connectivity
Item Data
MA5600_A lsr-id: 1.1.1.1/32
Port: 0/7/2
VLAN: 10
IP address of the port connecting to Router A: 10.1.2.1/24
Port: 0/7/3
VLAN: 11
IP address of the port connecting to Router B: 10.1.1.1/24
The static LSP passes Router A and targets MA5600_B.
MA5600_B lsr-id: 3.3.3.3/32
Port: 0/7/2
VLAN: 30
Port: 0/7/3
VLAN: 31
The static LSP passes Router B and targets MA5600_A
Router A lsr-id: 2.2.2.2/32
IP address of the port connecting to MA5600_A: 10.1.2.2/24
IP address of the port connecting to MA5600_B: 10.1.3.1/24
Router B lsr-id: 4.4.4.4/32
Prerequisite
Before the configuration, make sure that:
l Set the IP addresses and the masks of the ports based on the sample network. After that,
LSRs can ping the peer LSRs.

l Configure the OSPF protocol on all MA5600 devices and routers, and the configured routes
are declared successfully.
Figure 34-2 shows the flowchart for detection of MPLS OAM for static LSP connectivity.
Figure 34-2 Flowchart for detection of MPLS OAM for static LSP connectivity
Start
Enable the basic function of MPLS

and MPLS TE function
Configure the static LSP to be

detected
Configure the revertive tunnel static

LSP
Configure the MPLS OAM function of

the ingress of the LSP
Configure the MPLS OAM function of

the egress of the LSP
Save the data
End
Procedure
Step 1 Enable the basic function of MPLS and the function of MPLS TE.
1. Enable the basic function of MPLS and the function of MPLS TE globally.
2. Enable the basic function of MPLS and the function of MPLS TE of the interface.


NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses
MA5600_A as an example
Step 2 Configure the static LSP to be detected. The ingress is MA5600_A, the intermediate node of the
LSP is Router A, and the egress is MA5600_B.
1. On MA5600_A, use the static LSP to configure the MPLS TE tunnel targeting
MA5600_B.
MA5600_A(config-if-tunnel20)#mpls te signal-protocol static
2. Configure MA5600_A as the ingress of the static LSP.

MA5600_A(config)#static-lsp ingress tunnel-interface tunnel 200
destination 3.3.3.3 nexthop 10.1.2.2 out-label 20
3. Configure Router A as the intermediate node of the static LSP. The configuration of the
router is not described here.
4. Configure MA5600_B as the egress of the static LSP.
MA5600_B(config)#static-lsp egress 200 incoming-interface vlanif 30
in-label 8210
Step 3 Configure the revertive tunnel static LSP, with the ingress of MA5600_B, The intermediate node
of the LSP is Router B, and the egress of the CR-LSP is MA5600_A.
1. On MA5600_B, use the static LSP to configure the MPLS TE tunnel that targets
MA5600_A.
MA5600_B(config)#interface tunnel 10
MA5600_B(config-if-tunnel10)#tunnel-protocol mpls te
MA5600_B(config-if-tunnel10)#destination 1.1.1.1
MA5600_B(config-if-tunnel10)#mpls te tunnel-id 100
MA5600_B(config-if-tunnel10)#mpls te signal-protocol static
MA5600_B(config-if-tunnel10)#mpls te commit
MA5600_B(config-if-tunnel10)#quit
2. Configure MA5600_B as the ingress of the static LSP.

MA5600_B(config)#static-lsp ingress tunnel-interface tunnel 10
destination 1.1.1.1 nexthop 10.1.4.1 out-label 40
3. Configure Router B as the intermediate node of the static LSP. The configuration of the
router is not described here.
4. Configure MA5600_A as the egress of the static LSP.
MA5600_A(config)#static-lsp egress 10 incoming-interface vlanif 10
in-label 8230
Step 4 Configure the MPLS OAM function of the ingress of the LSP to be detected.
MA5600_A(config-mpls)#mpls oam
MA5600_A(config)#mpls oam ingress tunnel 20 type ffd frequency 100
backward-lsp lsr-id 3.3.3.3 tunnel-id 10
MA5600_A(config)#mpls oam ingress enable all

Step 5 Configure the MPLS OAM function of the egress of the LSP to be detected.
MA5600_B(config)#mpls
MA5600_B(config-mpls)#mpls oam
MA5600_B(config-mpls)#quit
MA5600_B(config)#mpls oam egress lsp-name 20 type ffd frequency 100
backward-lsp tunnel 10 private
MA5600_A(config)#mpls oam egress enable all

----End
Result
After the configuration, run the shutdown command on Router A to disable the port connected
to MA5600_B to simulate the link fault. Run the display mpls oam egress all command on
MA5600_B and you can find that MA5600_B detects the fault.
34.3 Configuration Example of MPLS OAM Protection

Switchover
This example shows how to configure MPLS OAM protection switchover.
Networking
Figure 34-3 shows a sample network of the MPLS OAM protection switchover.
Figure 34-3 Sample network of MPLS OAM protection switchover
Tunnel 10
Tunnel-id 10
LSR-id
4.4.4.4/32
10.1.1.2/24 10.1.4.1/24
Router B
Tunnel 10
10.1.1.1/24 Tunnel-id 10
10.1.4.2/24
LSR-id Router A LSR-id

1.1.1.1/32
3.3.3.3/32
10.1.2.1/24 10.1.2.2/24 10.1.3.1/24 10.1.3.2/24
MA5600_A LSR-id MA5600_B
2.2.2.2/32
Tunnel 20
Tunnel-id 20

Data Plan
Table 34-2 shows the data plan for the MPLS OAM protection switchover.
Table 34-2 Data plan for the MPLS OAM protection switchover
Item Data
MA5600_A lsr-id: 1.1.1.1/32
Port: 0/7/2
VLAN: 10
Port: 0/7/3
VLAN: 11
The active tunnel passes Router A and targets MA5600_B

The standby tunnel passes Router B and targets MA5600_B
MA5600_B lsr-id: 3.3.3.3/32
Port: 0/7/2
VLAN: 30
Port: 0/7/3
VLAN: 31
The revertive tunnel passes Router B and targets MA5600_A
Router A lsr-id: 2.2.2.2/32
Router B lsr-id: 4.4.4.4/32
Prerequisite
l Set the IP addresses and the masks of the ports based on the sample network. After that,
LSRs can ping the peer LSRs.
l Configure the OSPF protocol on all MA5600 devices and routers, and the configured routes
are declared successfully. Otherwise, the static routes are configured.

Figure 34-4 shows the flowchart for configuring MPLS OAM protection switchover.
Figure 34-4 Flowchart for configuring MPLS OAM protection switchover
Start
Enable the basic function of MPLS
Enable the function of MPLS TE,

RSVP-TE and CSPF
Enable OSPF TE
Configure the MPLS TE attributes of

the link
Configure the explicit path of MPLS TE
Configure the MPLS TE tunnel
Configure the tunnel protection group
Configure the MPLS OAM function
Save the data
End
Procedure
Step 1 Enable the basic function of MPLS, and the functions of MPLS TE, RSVP-TE and CSPF.
1. Enable the basic function of MPLS, and the function of MPLS TE globally.
MA5600_A(config-mpls)#mpls rsvp-te
2. Enable the basic function of MPLS and the function of MPLS TE of the interface.


MA5600_A(config-mpls)#mpls rsvp-te
NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses
MA5600_A as an example
Step 2 Enable OSPF TE.

MA5600_A(config)#ospf 100
MA5600_A(config-ospf-100)#opaque-capability enable
MA5600_A(config-ospf-100)#area 0
MA5600_A(config-ospf-100-area-0.0.0.0)#mpls-te enable standard-complying
MA5600_A(config-ospf-100-area-0.0.0.0)#quit
NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses MA5600_A as
an example
Step 3 Configure the MPLS TE attributes of the link.

NOTE
The configuration of MA5600_A is the same as that of MA5600_B. This procedure uses MA5600_A as
an example
Step 4 Configure the explicit path of MPLS TE.

1. On MA5600_A, configure its explicit path to MA5600_B.
MA5600_A(config)#explicit-path 1a2 enable
MA5600_A(config-explicit-path-1a2)#next hop 10.1.2.2 include strict
MA5600_A(config-explicit-path-1a2)#next hop 10.1.3.2 include loose
MA5600_A(config-explicit-path-1a2)#quit
MA5600_A(config)#explicit-path 1b2 enable
MA5600_A(config-explicit-path-1b2)#next hop 10.1.1.2 include strict
MA5600_A(config-explicit-path-1b2)#next hop 10.1.4.2 include loose
MA5600_A(config-explicit-path-1b2)#quit
2. On MA5600_B, configure its explicit path to MA5600_A.

MA5600_B(config)#explicit-path 1b2 enable
MA5600_B(config-explicit-path-2b1)#next hop 10.1.4.1 include strict
MA5600_B(config-explicit-path-2b1)#next hop 10.1.1.1 include loose
MA5600_B(config-explicit-path-2b1)#quit
Step 5 Configure the MPLS TE tunnel.

1. Configure the active tunnel from MA5600_A to MA5600_B. The intermediate node is
Router A.
MA5600_A(config-if-tunnel2)#mpls te path explicit-path 1a2
2. Configure the standby tunnel from MA5600_A to MA5600_B. The intermediate node is
Router B.
MA5600_A(config-if-tunnel10)#mpls te path explicit-path 1b2
3. Configure the revertive tunnel from MA5600_B to MA5600_A. The intermediate node is
Router B.
MA5600_B(config)#interface tunnel 10
MA5600_B(config-if-tunnel10)#tunnel-protocol mpls te
MA5600_B(config-if-tunnel10)#destination 1.1.1.1
MA5600_B(config-if-tunnel10)#mpls te tunnel-id 10
MA5600_B(config-if-tunnel10)#mpls te path explicit-path 2b1
MA5600_B(config-if-tunnel10)#mpls te signal-protocol rsvp-te
MA5600_B(config-if-tunnel10)#mpls te bandwidth bc0 1500
MA5600_B(config-if-tunnel10)#mpls te commit
MA5600_B(config-if-tunnel10)#quit
Step 6 Configure the tunnel protection group.

MA5600_A(config-if-tunnel20)#mpls te protection tunnel 10 mode
revertive wtr 30
Step 7 Configure the MPLS OAM function.

1. On MA5600_A, configure the MPLS OAM function of the ingress.
MA5600_A(config-mpls)#mpls oam
MA5600_A(config)#mpls oam ingress tunnel 20 type ffd frequency 100
MA5600_A(config)#mpls oam ingress enable all
2. On MA5600_B, configure the MPLS OAM function of the egress.

MA5600_B(config)#mpls
MA5600_B(config-mpls)#mpls oam
MA5600_B(config-mpls)#mpls oam egress lsr-id 1.1.1.1 tunnel-id 20 type
ffd frequency 100 backward-lsp tunnel 10 private
MA5600_B(config-mpls)#mpls oam egress enable all
MA5600_B(config-mpls)#quit

----End

Result
After the configuration, run the shutdown command on Router A to disable the port connected
to MA5600_B to simulate the link fault. Run the display mpls oam egress all command on
MA5600_B, and you can find that MA5600_B detects the fault and implements protection based
on the configuration.
34.4 Configuring the MPLS OAM Function of the Ingress

This operation enables you to configure the MPLS OAM function of the ingress.
Context
l By default, the MPLS OAM function is disabled globally. Therefore, you must enable it
before configuring the MPLS OAM function of the ingress.
l After the MPLS OAM function is enabled globally, you can configure the MPLS OAM
instance.
l For a same LSP, the parameters of the MPLS OAM of the egress must be the same as those
of the ingress.
l After the MPLS OAM parameters are set, enable the OAM function of the ingress first.
Otherwise, the egress generates alarms.
Procedure
Step 1 Run the mpls command to switch over to MPLS mode.
Step 2 In MPLS mode, run the mpls oam command to enable the MPLS OAM function globally.
Step 3 In global config mode, run the mpls oam ingress command to set the MPLS OAM parameters
of the ingress.
Step 4 In global config mode, run the mpls oam ingress enable command to enable the MPLS OAM
function of the ingress.
Step 5 In global config mode, run the display mpls oam ingress command to query the instance of the
source MPLS OAM of the LSP.
----End
Example
Assume that the detection type is FFD, the detection frequency is 100 ms, the LSR ID of the
reverse tunnel is 80.80.80.80, the ID of the reverse tunnel is 20, the sources of all MPLS OAM
are enabled, to enable the MPLS OAM protection function for LSP tunnel 10, do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls oam
huawei(config-mpls)#mpls oam ingress tunnel 10 type ffd frequency 100
huawei(config)#mpls oam ingress enable all
huawei(config)#display mpls oam ingress
{ all<K>|Tunnel<K> }:all
{ <cr>|verbose<K>|slot<K> }:
Command:
display mpls oam ingress all

--------------------------------------------------------------------------------
No. Tunnel-name Ttsi Type Frequency Status
--------------------------------------------------------------------------------
1 tunnel10 -- FFD 100 ms Non-defect
2 tunnel20 -- FFD 10 ms Stop
--------------------------------------------------------------------------------
Total Oam Num: 1
Total Start Oam Num: 0
Total Defect Oam Num: 0
Related Operation
Table 34-3 lists the related operations for configuring the MPLS OAM function of the ingress.
Table 34-3 Related operations for configuring the MPLS OAM function of the ingress
Disable the MPLS OAM function undo mpls oam

globally
Set the parameters of the MPLS OAM of mpls oam egress

the ingress
34.5 Configuring the MPLS OAM Function of the Egress

This operation enables you to configure the MPLS OAM function of the egress.
Context
l By default, the MPLS OAM function is disabled globally. Therefore, you must enable it
before configuring the MPLS OAM function of the egress.
l After the MPLS OAM function is enabled globally, you can configure the MPLS OAM
instance.
l For a same LSP, the parameters of the MPLS OAM of the egress must be the same as those
of the ingress.
l After the MPLS OAM parameters are set, enable the OAM function of the ingress first.
Otherwise, the egress generates alarms.
Procedure
Step 1 Run the mpls command to switch over to MPLS mode.
Step 2 In MPLS mode, run the mpls oam command to enable the MPLS OAM function globally.
Step 3 In global config mode, run the mpls oam egress command to set the MPLS OAM parameters
of the egress.
Step 4 In global config mode, run the mpls oam egress enable command to enable the MPLS OAM
function of the egress.
Step 5 In global config mode, run the display mpls oam egress command to query the instance of the
source MPLS OAM of the LSP.
----End

Example
Assume that the detection type is FFD, the detection frequency is 100 ms, and the ID of the
reverse tunnel is 20, to enable the MPLS OAM protection function for LSP named tunnel 10,
do as follows:
huawei(config)#mpls
huawei(config-mpls)#mpls oam
huawei(config-mpls)#mpls oam egress lsr-id 100.100.100.100 tunnel-id 10
type ffd frequency 100 backward-lsp tunnel 20 private
huawei(config)#mpls oam engress enable all
huawei(config)#display mpls oam egress
{ all<K>|lsp-name<K>|lsr-id<K> }:all
{ <cr>|verbose<K>|slot<K> }:
Command:
display mpls oam egress all
Related Operation
Table 34-4 lists the related operations for configuring the MPLS OAM function of the egress.
Table 34-4 Related operations for configuring the MPLS OAM function of the egress
Disable the MPLS OAM function undo mpls oam

globally
Set the parameters of the MPLS OAM of mpls oam ingress

the egress
34.6 Configuring the Tunnel Protection Group

This operation enables you to configure the tunnel protection group.
Context
l The following section lists the default settings of the parameters for configuring the tunnel
protection group.
– Revertive: It is enabled.
– Wait to Restore (WTR): It is 720s. The value ranges from 0 to 60, with the step of 30s.

l Before configuring the protection group, you must set the protocol for the tunnel interface
as mpls te, and set the Tunnel-ID and peer address.
l After configuring or deleting the protection group, you must run the mpls te commit
command to make it take effect.
NOTE
In protection group revertive mode, the traffic reverts from the standby tunnel to the active tunnel. After
the traffic reverts from the active tunnel to the standby tunnel, if the active tunnel restores to the normal
state, the traffic reverts to the active tunnel for transmission when the WTR times out.

Procedure
Step 2 Run the tunnel-protocol mpls te command to enable the encapsulation protocol of the tunnel
interface.
Step 3 Run the mpls te protection tunnel command to configure the tunnel protection group.
Step 4 Run the mpls te commit command to deliver the configuration of the tunnel interface.
Step 5 In privilege mode, run the display mpls te protection tunnel command to query the state of the
tunnel protection group.
----End
Example
Assume that tunnel ID is 10, revertive mode is enabled and WTR is 900s, to configure a standby
tunnel for tunnel 20, do as follows:
huawei(config-if-tunnel20)#mpls te protection tunnel 10 mode revertive wtr 30
huawei(config)#display mpls te protection tunnel 20
Related Operation
Table 34-5 lists the related operations for configuring the tunnel protection group.
Table 34-5 Related operations for configuring the tunnel protection group
Delete a tunnel protection group undo mpls te protection tunnel
Switch over the tunnel protection group mpls te protect-switch

manually
34.7 Switching Over Protection Group Manually

This operation enables you to switch over the protection group manually. In this case, the traffic
in the protection group can be switched over to the related channel.
Context
The parameters for protection group switchover are clear, lock, force, manual work-lsp and
manual protect-lsp. Their switchover has priority restriction. The priorities in descending order
are clear, lock, force, and manual. The manual work-lsp and manual protect-lsp have the
same priority.

Procedure
Step 2 Run the tunnel-protocol mpls te command to enable the encapsulation protocol of the tunnel
interface.
Step 3 Run the mpls te protect-switch command to switch over the protection group manually.
Step 4 Run the mpls te commit command to deliver the configuration of the tunnel interface.
Step 5 In global config mode, run the display mpls te protection tunnel command to query the state
of the tunnel protection group.
----End
Example
To switch over the traffic from the standby channel to the active channel, do as follows:
huawei(config-if-tunnel20)#mpls te protect-switch manual work-lsp
huawei(config)#display mpls te protection tunnel 20
Related Operation
Table 34-6 lists the related operation for switching over the protection group manually.
Table 34-6 Related operation for switching over the protection group manually
Configure the tunnel protection group mpls te protection tunnel
34.8 Enabling the Protection Group to Output the

Debugging Information
This operation enables the protection group to output the debugging information.
Context
Before enabling the protection group to output the debugging information, you must enable the
terminal to send the debugging information, log and alarm, and enable its debugging information
output.
Procedure
In privilege mode, run the debugging mpls te protect-switch command to enable the protection
group to output the debugging information.
----End

Example
To enable the protection group to output the debugging information, do as follows:
huawei(config)#debugging mpls te protect-switch
{ all<K>|error<K>|process<K>|timer<K>|inter<K> }:all
Command:
debugging mpls te protect-switch all
Related Operation
Table 34-7 lists the related operations for enabling the protection group to output the debugging
information.
Table 34-7 Related operations for enabling the protection group to output the debugging
information
Disable the protection group to output undo debugging mpls te protect-switch

the debugging information
Enable the terminal to send debugging terminal monitor

information, log and alarm
Enable the terminal to output the terminal debugging

debugging information

Configuration Guide 35 Configuring the Environment Monitoring
35 Configuring the Environment

Monitoring
About This Chapter
This chapter describes the environment monitoring unit (EMU) supported by the MA5600 and
how to configure the EMU.
35.1 Overview
This chapter describes environment monitoring configuration on the MA5600.
35.2 Configuration Example of an EMU
This operation enables you to Configure an EMU.
35.3 Adding an EMU
This operation enables you to add an EMU.
35.4 Configuring the H303ESC/H304ESC EMU
This operation enables you to configure the H303ESC/H304ESC EMU.
35.5 Configuring an H561ESC EMU
This operation enables you to configure an H561ESC EMU.
35.6 Configuring a POWER4845 EMU
This operation enables you to configure a POWER4845 EMU.
35.7 Configuring the FAN Alarm Report
This operation enables the report of the FAN running alarms to the EMU.
35.8 Setting the FAN Speed Adjustment Mode
This operation enables you to set the fan speed adjustment mode.
35.9 Configuring the FAN Speed
This operation enables you to configure the FAN speed.

35 Configuring the Environment Monitoring Configuration Guide
35.1 Overview
This chapter describes environment monitoring configuration on the MA5600.
Service Description
The MA5600 provides an environment monitor serial port to connect the serial port on a
monitored device. By running master-slave node protocol or access network protocol between
the two serial ports, you can monitor the environment of the device from a remote end.
The environment parameters such as temperature, humidity, and power supply can be monitored
to guarantee that the MA5600 can work reliably in a suitable environment.
To perform environment monitoring on a device, the environment monitoring functional

modules must be provided, such as H303ESC. Some devices to be monitored has a built-in
monitoring unit, such as POWER4845. These functional modules are referred to as environment
monitor unit (EMU), no matter whether they are built in or not.
Monitoring the environment of a device involves two aspects:
l Environment parameters:
Environment parameters refer to factors that may cause failure or even damage to the
device. The parameters include: temperature, humidity, door-status switch, smoke, water,
MDF, and door status sensor.
l Power supply status:
Power supply status covers the status of the mains input, the DC distribution, the rectifier
module, and the battery.
The environment monitor module of the MA5600 comprises multiple EMUs, such as:
l AC power module EMU (POWER4845): It monitors the environmental parameters such

as temperature, humidity, voltage, and power.
l Environment monitoring board (ESC, including H303ESC, H304ESC and H561ESC)
l FAN EMU (FAN): It monitors the running of the fans, and adjusts the running speed of
the fans.
Hardware Connection
NOTE
Before the delivery, the EMU has been connected with the shelf. Do not change the connection. To install
the EMU into other shelves or to connect EMU again, refer to the following description.
Connecting the EMU with the shelf:
l The POWER4845, and ESC boards are connected almost in the same way to the
MA5600. Connect the environment monitoring cable from the EMU to the environment
monitoring port (MON) on the SCU board of the MA5600. EMUs report their states to the
SCU board through the MON port, and receive commands from the SCU board.

l The FAN EMU is connected to the backplane through the interface on the rear panel, and
communicates with the MA5600 through the backplane.
EMUs communicate with the MA5600 in master/slave node mode. Ensure the sub node numbers
of the EMUs are consistent with the settings of their DIP switches.
l The slave node number of the H303ESC/H304ESC/H561ESC is always 30.

l The slave node number of the FAN/POWER4845/DIS is 0 by default. You can set the slave
node as required. Ensure that the slave node number is consistent with the setting of the
DIP switches.
Table 35-1 shows the correspondence between the POWER4845 DIP switch and the slave node
number. ON means 1 and OFF means 0.
Table 35-1 Correspondence between the POWER4845 DIP switch and the slave node number
DIP Switch Setting Meaning (Slave

node number)
S1-4 S1-3 S1-2 S1-1 -
OFF OFF OFF OFF 0
OFF OFF OFF ON 1
OFF OFF ON OFF 2
…… …… …… …… ……
ON ON ON ON 15
Table 35-2 shows the correspondence between the H801ESC DIP switch and the slave node
number. ON means 0 and OFF means 1.
Table 35-2 Correspondence between the H801ESC DIP switch and the slave node number

node number)
S1-5 S1-4 S1-3 S1-2 S1-1 -
ON ON ON ON ON 0
ON ON ON ON OFF 1
ON ON ON OFF ON 2
…… …… …… …… …… ……
OFF OFF OFF OFF OFF 31
Table 35-3 shows the correspondence between the FAN DIP switch and the slave node number.
ON means 0 and OFF means 1.

Table 35-3 Correspondence between the FAN DIP switch and the slave node number

node number)
SW101-4 SW101-3 SW101-2 SW101-1 -
ON ON ON ON 0
ON ON ON OFF 1
ON ON OFF ON 2
…… …… …… …… ……
OFF OFF OFF OFF 15
35.2 Configuration Example of an EMU

This operation enables you to Configure an EMU.
35.2.1 Data Plan
35.2.2 Configuration Flowchart
35.2.3 Procedure for Configuring an H303ESC
35.2.4 Verification for Configuring an H303ESC
35.2.5 Procedure for Configuring a DIS EMU
35.2.6 Procedure for Configuring POWER4845 EMU
35.2.1 Data Plan

Table 35-4 shows the data plan for EMU configuration.
Table 35-4 Data plan for EMU configuration
Item Data Remarks
H303ESC Serial number: 0 -
Slave node: 30 -
Name: mdesc -
Analogue parameter Temperature threshold (upper -

limit): 55°C
Temperature threshold (lower For other analogue

limit): 5°C parameters, use the default
settings.
Digital parameter Level of the door state sensor: high For other digital parameters,
use the default settings.

Item Data Remarks
FAN Fan speed adjustment mode: -

manual
Speed level: 4 The fan speed level can be

set under the condition that
the fan speed adjustment
mode is set as manual.
Fan blocking alarm: forbid For other alarms, use the

default settings.
35.2.2 Configuration Flowchart

Figure 35-1 shows the flowchart for configuring an EMU.
Figure 35-1 Flowchart for configuring an EMU
Start
H303/304ESC H561ESC Power EMU
FAN EMU
End
Three procedures are used to configure the EMU for the MA5600:
l With DC power supply, Start > H303ESC/H304ESC > DIS EMU > FAN EMU > End.
l With DC power supply, Start > H561ESC > FAN EMU > End.
l With AC power supply, Start > POWER4845 EMU > FAN EMU > End.
35.2.3 Procedure for Configuring an H303ESC
Procedure
Step 1 Add an H303ESC EMU.
huawei(config)#emu add 0 H303ESC 0 30 fore mdesc
NOTE
The slave node number of H303ESC EMU is always 30.

Step 2 Set the upper and lower limits of temperature alarm.

huawei(config)#interface emu 0
huawei(config-if-h303esc-0)#esc analog 0 alarm-upper-limit 55 alarm-lower-limit 5
Step 3 Set the level of the door status sensor.

huawei(config-if-h303esc-0)#esc digital 1 available-level high-level
Step 4 Add an EMU, with the type of FAN.

huawei(config-if-h303esc-0)#quit
huawei(config)#emu add 1 FAN 0 6 hwfan
Step 5 Set the FAN speed adjustment mode.

huawei(config-if-fan-1)#fan speed mode manual
Step 6 Set the speed level of the FAN.

huawei(config-if-fan-1)#fan speed adjust 4
Step 7 Set the FAN alarm report.

huawei(config-if-fan-1)#fan alarmset block forbid

huawei(config-if-fan-1)#quit
huawei(config)#quit
huawei#save
----End
35.2.4 Verification for Configuring an H303ESC

Result
Run the display esc environment info command to query the environment information about
the H303ESC.
huawei(config-if-h303esc-0)#display esc environment info
EMU ID: 0 H303ESC environment state
Fan control mode :Auto Fan run state: Open
------------------Analog Environment Info--------------------------
ID Name State Value AlmUpper AlmLower Unit
0 Temperature Normal 34.26 55 5 ℃
1 Humidity Normal 31.37 80 0 %R.H.

2 - Normal -128.00 127 -128 -
3 - Normal -128.00 127 -128 -
4 - Normal -128.00 127 -128 -
5 - Normal -128.00 127 -128 -
6 - Normal -128.00 127 -128 -
7 - Normal -128.00 127 -128 -
---------------Digital Environment Info---------------------------
ID Name State Value |ID Name State Value
0 Wring Normal 1 |1 Door1 Normal 1
2 Door2 Normal 1 |3 Fire_Alarm Normal 1
4 Theft_Alarm Normal 1 |5 Fog Normal 1
6 Water_Alarm Normal 1 |7 Peculiar_Smell Normal 1
8 Window_Broken Normal 1 |9 - Normal 1
10 - Normal 1 |11 - Normal 1


--------------------------------------------------------------------
Query the configuration of the FAN.

huawei(config-if-fan-1)#display fan system parameter
EMU ID: 1
FAN configration parameter:
--------------------------------------------------------------------
FAN timing mode: Manual timing
FAN speed level: 4
--------------------------------------------------------------------
Alarm_name Permit/Forbid
Read temperature fault Permit
Fan block Forbid
Temperature high Permit
Power fault Permit
--------------------------------------------------------------------
35.2.5 Procedure for Configuring a DIS EMU

Procedure
Step 1 Add an EMU.
huawei(config)#emu add 1 dis 0 0 fore
Step 2 Query the DIS state.

huawei(config)#display emu 1
EMU ID: 1
----------------------------------------------------------------------------
EMU name : -
EMU type : DIS
Used or not : Used
EMU state : Fault
Frame ID : 0
Subnode : 0
COM port : Fore
---------------------------------------------------------------------------
NOTE
If the EMU state is fault, following these steps to check the configuration:
l Make sure that the physical connection is correct.
l Make sure that the DC distribution module is connected properly to the MA5600.
l Make sure that the DIP switches S1-1 to S1-5 on the environment monitor board of the module are set
to ON.
l Make sure that the EMU type, shelf ID, subnode number and serial port are correct.
Step 3 Query the environment information.

huawei(config-if-dis-1)#display distribution environment info
EMU ID: 1 distribution environment info
------------------Analog Environment Info--------------------------
ID Name State Value AlmUpper AlmLower Unit
0 input -48V 1 Normal 52.00 60 42 volt
1 input -48V 2 Normal 53.00 60 42 volt
2 temperature Normal 30.00 55 5 ℃
3 humidity Normal 36.00 80 0 %R.H.

4 out_analog1(out_analog1) Normal -128.00 127 -128 -

5 out_analog2(out_analog2) Normal -128.00 127 -128 -
----------------Digital Environment Info---------------------------
ID Name State Value |ID Name State Value
0 output ctrl digital 1Normal - |1 output ctrl digital 2Normal
2 output ctrl digital 3Normal - |3 output ctrl digital 4Normal
4 board +12V Normal - |5 board +24V Normal -
6 LightningproofBoard1Normal - |7 LightningproofBoard2Normal -
8 out_digital 1 Normal 0 |9 out_digital 2 Normal 0
--------------------------------------------------------------------
You can configure the environment parameters of the DC distribution module according to the
display.
Step 4 Set the upper and lower limit for temperature alarm.
Run the distribution temperature command to set the temperature alarm thresholds.
Step 5 Re-query the environment information.
Run the display distribution environment info command to query the DIS environment
information.
----End
35.2.6 Procedure for Configuring POWER4845 EMU
Procedure
Step 1 Add a POWER4845 EMU.
huawei(config)#emu add 0 POWER4845 0 10 fore
Step 2 Query the power running state.
In ESC mode, run the display power run info command to query the running state of the
POWER4845 module.
Step 3 Query the environment information.
In ESC mode, run the display power environment info command to query the environment
information about the POWER4845 module.
You can configure the environment parameters of the AC power module according to the display.
NOTE
Procedures for configuring all these types of EMUs are similar. Refer to the above examples to configure
the EMUs. Note that the key words used in the commands are different.
----End
35.3 Adding an EMU

This operation enables you to add an EMU.

Context
l There are several EMU types, including FAN, POWER4845, H303ESC, H304ESC and
H561ESC.
l The slave nodes of the H303ESC, H304ESC and H561ESC are always 30.
l By default, the slave nodes of the FAN and the POWER4845 are 0. You can set the slave
node. Make sure that the setting is consistent with that of the DIP switch. In this case, the
EMU can communicate with the control board correctly.
l When the system monitors several EMUs at a time, make sure that their slave nodes are
different.
l For the communication serial port, select back mode for FAN, select fore mode for the
control board. For other EMUs, select the mode according to the requirements.
Procedure
Step 1 Run the emu add command to add an EMU.
Step 2 Run the display emu command to query the EMU state.
----End
Example
To add an H303ESC, do as follows:
huawei(config)#emu add 0 H303ESC 0 30 fore mdpower
huawei(config)#dispaly emu 0
EMU ID: 0
--------------------------------------------------------------------
EMU name : mdpower
EMU type : H303ESC
Used or not : Used
EMU state : Normal
Frame ID : 0
Subnode : 30
COM Port : Fore
Related Operation
Table 35-5 lists the related operations for adding an EMU.
Table 35-5 Related operations for adding an EMU
Delete an EMU emu del l The EMU type cannot be changed

after you configure it. If you need to
change the EMU type, first delete
the EMU, and then add a new one.
l If an EMU in the shelf is replaced,
delete the EMU, and then add a new
EMU.

35.4 Configuring the H303ESC/H304ESC EMU

This operation enables you to configure the H303ESC/H304ESC EMU.
Context
NOTE
Compared with the H303ESC, the H304ESC provides management function on batteries, but does not
provide the humidity monitor function.
Table 35-6 lists the commands for configuring the H303ESC/H304ESC EMU.
Table 35-6 Commands for configuring the H303ESC/H304ESC EMU.

Set the fan control esc fan l The status of the fan tray can be
parameters opened, closed or auto.
l The default control status of the fan tray
is auto. It means that you need to set the
temperatures at which the fans start and
stop working.
l By default, the fans start to work at 45°
C, and stop working at 30°C.
Set the analog esc analog This command is used to set the upper and
parameters lower alarm thresholds of analog
parameters, such as temperature and
humidity.
Set the digital esc digital l This command is used to set the digital
parameters parameters, such as MDF state and door
status sensor, and normal state of the
digital parameters.
l The state of a digital parameter can be in
a high level or low level. If an alarm is
reported but the system is normal, you
can run the esc digital command to
change the level of the digital parameter
in order to eliminate the alarm. For
example, if the digital parameter is at a
high level (1) when an alarm is reported,
you can run the command to set the high
level as normal state.

Set the extended esc com This command is used to set the serial port
serial port parameters, including the port ID, key
parameters word, baud rate, data bit, stop bit, and
parity check methods.
When you set the baud rate, make sure the
setting is consistent with the DIP switch
setting of S7-4 at the lower right side of the
board. If S7-4=ON, the serial port rate is
19200 bit/s; if S7-4=OFF, the rate is 9600
bit/s. The default DIP setting is ON.
Specify the power esc power This command is used to add a power
module monitored module before setting the parameters. The
by the H303ESC/ power module supported at present is
304ESC power4810.
Set 4810 power esc 810 This command is used to set power-off
parameters voltages for transmission unit or subscriber
lines, as well as whether to limit the current.
Reset the reset -

H303/304ESC
environment
monitor board
Set battery esc battery This command is used to set the battery
parameters capacity, allowed power-off state, power-
(H304ESC only) off voltage, and timed even charging
duration. The settings shall cover battery
groups 0 and 1.
Procedure
Run the esc analog command to configure the H303ESC/H304ESC EMU.
----End
Example
To set the upper and lower limits of the temperature of the H303ESC EMU, do as follows:
huawei(config-if-h303esc-0)#esc analog 0 alarm-upper-limit 60 alarm-lower-limit 5
Related Operation
Table 35-7 lists the related operations for configuring the H303ESC/H304ESC EMU.

Table 35-7 Related operations for configuring the H303ESC/H304ESC EMU
Query the user defined display outside-digital -

digital alarms private-alarm
Query the user defined display outside-analog -

analogue alarms private-alarm
Query the H303/304ESC display esc system -

system parameters parameter
Query the environment display esc environment Environment information

information info comprises the analog parameters
and digital parameters.
l Analog parameters are obtained
through analog parameter
sensors such as the built-in
temperature and humidity
sensors on the H303/H304ESC.
Analog quantities have a value
range and can fluctuate.
l Digital parameters are obtained
through digital parameter
sensors, such as door status
sensor and fire alarms.
Query the alarms display esc alarm -
Reset the EMU reset -
Query the EMU version display version -

number
35.5 Configuring an H561ESC EMU

This operation enables you to configure an H561ESC EMU.
Context
Table 35-8 lists the commands for configuring an H561ESC EMU.
Table 35-8 Commands for configuring an H561ESC EMU
Set the analogue esc analog The analog parameters include

parameters alarm thresholds for temperature,
humidity, voltage, and current, or
user defined alarms.

Set the digital parameters esc digital The digital parameters include the
MDF and cabinet door status
sensor, or user defined alarms.
Reset the H561ESC reset -

environment monitor
board
Procedure
Run the mapping command to configure an H561ESC EMU.
----End
Example
To run the esc digital command to set the level of the MDF, do as follows:
huawei(config-if-h561esc-0)#esc digital 1 available-level high-level
Related Operation
Table 35-9 lists the related operations for configuring an H561ESC EMU.
Table 35-9 Related operations for configuring an H561ESC EMU
Query the H561ESC system display esc system parameter

parameters
Query the environment information display esc environment info
Query the alarms display esc alarm
Query the user defined digital alarms display outside-digital private-alarm
Query the user defined analogue display outside-analog private-alarm

alarms
Query the H561ESC version number display version
35.6 Configuring a POWER4845 EMU

This operation enables you to configure a POWER4845 EMU.
Context
Table 35-10 lists the commands for configuring a POWER4845 EMU.

Table 35-10 Commands for configuring a POWER4845 EMU

Set the POWER4845 power battery parameter This command is used to set the
battery parameters battery charging current-limit
coefficient, equalized-charging
time, the number of the battery
group and the battery capacity.
Set the POWER4845 power environment This command is used to set the
environment parameters upper/lower alarm thresholds and
upper/lower test limits for the
environment humidity or
temperature, to ensure the power
to generate an alarm when it
works in an environment that
does not match the set conditions.
Set the number of the power module-num Power 4845 supports up to 3

POWER4845 modules rectifier modules.
Set the POWER4845 power module-parameter This command is used to set the
module parameters switch-on and switch-off control
of the POWER4845 module. By
default, the power modules are
switched on, which means the
modules supply power for the
system.
Set the POWER4845 power off Power off occurs in two cases:
power-off parameters load power off and battery power
off.
l When the mains input stops
working, the batteries provide
power for the system.
l When the output voltage from
the batteries drops below the
load power off voltage, the
power supply for service load
will be disconnected.
l When the output voltage from
the batteries drops below the
battery power off voltage, the
batteries will stop working.

Set the POWER4845 power supply-parameter This command is used to set the
supply parameters AC over-voltage, AC under-
voltage, DC over-voltage and DC
under-voltage alarm thresholds
for a power, to enable the rectifier
module to power off
automatically when the AC
voltage or DC voltage is
abnormal.
Set the backup power outside_digital This command is used to set such
parameters of the extended digital parameters as
POWER4845 valid level, name to identify the
digit and self-defined alarm to
monitor the device digits timely.
Set the battery charging power charge This command is used to set the
parameters charging mode and charging
voltage for batteries connected
with POWER4845.
Set the power4845 test power battery-test This command is used to set the
parameters battery auto-test period
parameters and the discharging
end-voltage to implement the
battery auto-discharging test.
Set the high temperature power temperature-off This command is used to set the
power-off parameter load or battery high temperature
power-off parameters and then to
protect the load or battery.
Make sure that these conditions are met in the configuration:

l DC overvoltage > battery even charging voltage > battery float charging voltage > DC
undervoltage > loading power-off voltage > battery power-off voltage.
l DC overvoltage > (float charging voltage + 2 V).
l Float charging voltage > (DC undervoltage + 2 V).
NOTE
You can run the following commands to configure the parameters:

l Run the power charge command to set the battery equalized-charging voltage or the battery float
charging voltage.
l Run the power battery parameter command to set the DC undervoltage or the DC overvoltage.
l Run the power temperature-off command to set the battery power-off voltage or the battery group
power-off voltage.

Procedure
Run the command in Table 35-10 to configure a POWER4845 EMU.
----End
Example
To set the POWER4845 battery parameters, do as follows:
huawei(config-if-power4845-3)#power battery parameter 0.2 60 1 130
Related Operation
Table 35-11 lists the related operations for configuring a POWER4845 EMU.
Table 35-11 Related operations for configuring a POWER4845 EMU
Query the POWER4845 alarms display power alarm
Query the POWER4845 environment display power environment info

information
Query the POWER4845 environment display power environment parameter

configuration
Query the POWER4845 running display power run info

information
Query the POWER4845 configuration display power system parameter
Query the POWER4845 battery test display power battery-test info

parameters
35.7 Configuring the FAN Alarm Report

This operation enables the report of the FAN running alarms to the EMU.
Prerequisite
The FAN EMU has existed and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter FAN mode.
Step 2 Run the fan alarmset command to configure the FAN alarm report.
Step 3 Run the display fan system parameter command to query information about FAN alarm.
----End

Example
To disable the report of FAN block alarm, do as follows:
huawei(config-if-fan-1)#fan alarmset block forbid
EMU ID: 0
--------------------------------------------------------
FAN speed level: 4
--------------------------------------------------------
Fan block Forbid
Power fault Permit
--------------------------------------------------------
Related Operation
Table 35-12 lists the related operations for configuring the FAN alarm report.
Table 35-12 Related operations for configuring the FAN alarm report
Query the running information display fan environment FAN environment monitor
about the fans info mode
Query the alarm information display fan alarm FAN environment monitor
about the fans mode
35.8 Setting the FAN Speed Adjustment Mode

This operation enables you to set the fan speed adjustment mode.
Prerequisite
Context
There are two fan speed adjustment modes:
l Automatic
l Manual
By default, the mode is manual with the fan speed level of 5. It is recommended that you change
the mode to automatic.
If the mode is not set to automatic, the air flow increases in case of low or normal temperature.

Procedure
Step 2 Run the fan speed command to set the fan speed adjustment mode.
Step 3 Run the display fan system parameter command to query the parameter setting.
----End
Example
To set the fan speed adjustment mode as automatic, do as follows:
huawei(config-if-fan-0)#fan speed mode automatic
EMU ID: 0
--------------------------------------------------------
FAN timing mode: Auto timing
FAN speed level: 4
--------------------------------------------------------
Fan block Forbid
Power fault Permit
--------------------------------------------------------
Related Operation
Table 35-13 lists the related operations for setting the fan speed adjustment mode.
Table 35-13 Related operations for setting the fan speed adjustment mode
To... Run the command... Remarks
Set the fan speed fan speed adjust Set the fan speed in manual
mode, use this command.
Set the fan alarm report to fan alarmset -

EMU
Query the alarm information display fan alarm -

about fans
35.9 Configuring the FAN Speed

This operation enables you to configure the FAN speed.
Prerequisite

Context
FAN speed level ranges from 0 to 5. Level 0 refers to the lowest and level 5 refers to the highest
fan speed level.
l The nominated fan speed is enough for heat dissipation when the system works in the
permitted highest temperature.
l Low-speed running of fans can prolong the lifetime of the fans.
l When abnormality occurs or one of the fans fails, other fans can run at high speed to
compensate the air flow.
l Low-speed running of fans can reduce dust concentration in the air filter.
l Set the fan speed in manual mode.
Procedure
Step 2 Run the fan speed command to configure the FAN speed.
Step 3 Run the display fan system parameter command to query the setting of the FAN speed.
----End
Example
To set the FAN speed as 3, do as follows:
huawei(config-if-fan-0)#fan speed adjust 3
EMU ID: 0
--------------------------------------------------------
FAN speed level: 3
--------------------------------------------------------
Fan block Forbid
Power fault Permit
-------------------------------------------------------
Related Operation
Table 35-14 lists the related operations for setting the FAN speed.
Table 35-14 Related operations for setting the FAN speed
Set the fan speed adjustment mode fan speed mode
Set the fan alarm report to EMU fan alarmset
Query the alarm information about fans display fan alarm


Configuration Guide 36 MSTP Networking Example
36 MSTP Networking Example
About This Chapter
This chapter describes the MSTP networking example supported by the MA5600.
36.1 Networking
The section describes the typical networking in MSTP mode.
36.2 Data Plan
This section describes the data plan for the sample MSTP network.
36.3 Configuring MA5600-1
The following shows how to configure MA5600-1.
36.8 Verification
All services configured on all DSLAMs run in the normal state.

36 MSTP Networking Example Configuration Guide
36.1 Networking
The section describes the typical networking in MSTP mode.
Three MA5600s (MA5600-1, MA5600-2, and MA5600-3) form an MSTP ring network.
l The MA5600-1 is connected to the IP network.
l The MA5600-3, through its GE port, is subtended with the MA5600-4.
l The MA5600-1 works together with the MA5600-5 to provide QinQ service through IP
network.
Figure 36-1 shows a sample MSTP network of the MA5600.

Figure 36-1 Sample MSTP network of the MA5600
SoftSwitch Multicast ISP1 ISP2 ISP3 DHCP iManager N2000

server server
IP
LAN switch
BRAS
2 3 5 7 5 7
0
A A S 0 S
D D H H
G G E 1 E
E E A A
2
SCU SCU MA5600-5

MA5600-1
2 3 5 7 1 5 7
0 0
A A S A S
D D H D H 1
G G E 1 G E
2
E E A E A
SCU MA5600-2 SCU MA5600-3

2 3 5 7
0
A A S
HG
D D H
G G E
E E A
STB
SCU MA5600-4
ADSL2+ modem
Ephone TV PC
PC
36.2 Data Plan

This section describes the data plan for the sample MSTP network.
Table 36-1 lists the service and data plan for the sample network of MA5600 in the Figure
36-1.

Table 36-1 Data plan for the sample MSTP network

Item MA5600-1 MA5600-2 MA5600-3 MA5600-4 MA5600-5
Service l ADSL2+ l ADSL2+ l ADSL2+ ADSL2+ QinQ leased

service service service service line service
l SHDSL l SHDSL l SHDSL SHDSL (interoperate
service service service service with the
leased line
l QinQ l Stacking Multicast service of
leased line Wholesale service MA5600-1)
service service
(interopera l Triple Play
te with service
MA5600
-5)
l Multicast
service
Inband 10.8.176.2 10.8.176.3 10.8.176.4 10.8.176.5 10.8.176.6

NMS 255.255.255. 255.255.255.0 255.255.255. 255.255.255. 255.255.255.
address 0 0 0 0
Gateway:
Gateway: 10.8.176.1/24 Gateway: Gateway: Gateway:
10.8.176.1/24 10.8.176.1/2 10.8.176.1/2 10.8.176.1/2
4 4 4
GE port Upstream: Upstream: Upstream: Upstream: Upstream:

of the 0/7/0 0/7/0-0/7/1 0/7/0-0/7/1 0/7/0 0/7/0
SCU RSTP: RSTP: 0/7/2
board 0/7/1-0/7/2
VLAN NMS: 10 NMS: 10 NMS: 10 NMS: 10 NMS: 10

QinQ: 50 Stacking: 60-62 ADSL2+: Multicast: QinQ: 50
Multicast: (inner stacking: 1000-1063 100
100 111-113) (adopt ADSL2+:
Triple Play: VLAN 1000 (adopt
ADSL2+: authenticatio
1000-1063 100-102 PPPoE
n) authenticatio
(adopt VLAN ADSL2+: 1000
authenticatio (adopt PPPoE SHDSL: n)
n) authentication) 1300-1330 SHDSL:
(adopt 1300 (adopt
SHDSL: SHDSL: 1300 VLAN
1300-1331 (adopt PPPoE PPPoE
authenticatio authenticatio
(adopt VLAN authentication) n)
authenticatio n)
n)

Item MA5600-1 MA5600-2 MA5600-3 MA5600-4 MA5600-5
Slot ADSL2+: 0/3 ADSL2+: 0/3 ADSL2+: ADSL2+: 0/3 QinQ: 0/5/31
SHDSL: 0/5 SHDSL: 0/5 0/3 SHDSL: 0/5
QinQ: 0/5/31 Stacking: SHDSL: 0/5 Multicast:
Multicast: 0/2/0-10 (map 0/2/2, 0/2/3
0/2/2, 0/2/3 VLAN 60, ISP1)
0/2/11-20 (map
VLAN 61, ISP2)
0/2/21-30 (map
VLAN 62, ISP3)
Triple Play:
0/2/31
User PVC VPI/ VPI/VCI of PVC VPI/ PVC VPI/ PVC VPI/
PVC VCI of all triple play: VCI of all VCI of all VCI of all
users: 0/35 l Video service: users: 0/35 users: 0/35 users: 0/35
0/35
l Internet
service: 0/36
l Voice service:
0/37
NMS 195.71.131.38 and 195.71.131.39

host
Log 217.188.56.40 and 217.188.57.40

host
Time 193.189.251.38 and 193.189.251.42

server
EMU AC PS4845 power monitoring, fan monitoring
DHCP DHCP server1: 10.1.1.2 (Active) 10.1.1.3 (Standby)

server Gateway: 10.1.1.1/24
DHCP server2: 10.4.4.2 (Active) 10.4.4.3 (Standby)
Gateway: 10.4.4.1/24
Upper The upper layer device supports the DHCP option82 function.
layer The BRAS supports the PITP, Stacking VLAN and QinQ VLAN function.
device
The BRAS supports inner and outer VLAN Tags.
The VLAN ID of the traffic flow sent from the IP network to the DSLAM is 100.
The upper layer device classifies the downstream traffic. Different service carries
different 802.1p labels.
The VLAN mapping to the DSLAN is configured in the upper layer IP network.
The IP address of LAN switch at the MA5600 side is 10.10.10.1/24.


Procedure
Step 1 Confirm the board.
huawei>enable
huawei#config
huawei(config)#board confirm 0
Step 2 Configure NMS.

1. Configure the IP address of the inband NMS interface.
l Create the NMS VLAN.
l Add the upstream port.

l Enter NMS VLAN interface mode.

l Configure the IP address of the NMS VLAN interface.

2. Add the route.

l Configure the route destined to the NMS (Trap destination host).
preference 1
l Configure the route destined to the time server.

preference 1
l Configure the route destined to the log host.

preference 1
preference 1
3. Add the ACL rule.

huawei(config-acl-adv-3010)#rule permit ip source any destination any
huawei(config-acl-adv-3010)#rule deny ip source any destination 10.8.176.2
0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 195.71.131.38 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
4. Configure the SNMP.

l Configure the community name and access authority.


l Configure the contact information.

l Configure the device local information.

l Configure the SNMP version.
Here, the SNMP version must be the same as that of NMS. In this example, the NMS
version is set as SNMP V2C.
huawei(config)#snmp-agent sys-info version v2c
5. Enable trap sending.

6. Set the trap destination address.

huawei(config)#snmp-agent target-host trap address 195.71.131.38
securityname public
securityname public
7. Set the trap source address.

Step 3 Configure the time server.

huawei(config)#ntp-service unicast-server 193.189.251.38 source-interface vlanif
10
10
Step 4 Configure the log host.

huawei(config)#loghost add 217.188.56.40 syslog-1
huawei(config)#loghost activate ip 217.188.56.40
Step 5 Configure the EMU.

This section takes the fan and PS4845 power supply as examples to show how to configure the
environment monitoring unit (EMU).
By default, both the primary and secondary node addresses of the fan EMU are 0. In this example,
suppose they are 1. In this case, you need to set the DIP switch of the node address on the fan
monitoring unit as 1.
huawei(config)#emu add 0 power 4845 0 0 fore
huawei(config)#emu add 1 fan 0 1 back
huawei(config-if-power4845-0)#power module-num 2 1 2
huawei(config-if-power4845-0)#quit
Step 6 Configure SCU subtending

MA5600-1 is subtended with MA5600-2, MA5600-3 and MA5600-4. Therefore, subtending
shall be configured.
huawei(config)#port vlan 60 to 62 0/7 0-2
Step 7 Enable MSTP.

1. Enable the MSTP function.

2. Set the MSTP region name.

3. Configure MSTP instance 1.

huawei(stp-region-configuration)#instance 1 vlan 1 to 4094
4. Activate the configuration of the MSTP region.

STP actives region configuration, it may take several minutes,are you sure
to
active region configuration? [Y/N][N]y
5. Set the priority of MA5600_1 in the instance.

huawei(stp-region-configuration)#quit
Step 8 Configure ADSL2+ service.

The MA5600 supports the ADSL2+ service of multiple encapsulation modes, such as IPoA,
PPPoA, IPoE, and PPPoE. This section takes the PPPoE mode as an example to describe how
to configure the ADSL2+ service. For other encapsulation modes, see the chapter "21
Configuring the ADSL2+ Service."
1. Configure the ADSL2+ line profile.
You can configure the ADSL2+ line profile based on your needs.
huawei(config)#adsl line-profile add 10
neglected
>Do you want to name the profile (y/n) [n]:n
> Will you set basic configuration for modem? (y/n)[n]:n
> Will you set interleaved delay? (y/n)[n]:n
>Please select form of transmit rate adaptation in downstream:
> Will you set SNR margin for modem? (y/n)[n]:n
> Minimum transmit rate in downstream (32~32000 Kbps) [32]:
> Maximum transmit rate in downstream (32~32000 Kbps) [24544]:8000
> Maximum transmit rate in upstream (32~3000 Kbps) [1024]:
2. Configure the ADSL2+ alarm profile.

You can configure the ADSL2+ alarm profile based on your needs.
huawei(config)#adsl alarm-profile add 10
neglected
<ATU-C >
> The number of Loss of Frame Seconds (0~900) [0]:
> The number of Loss of Signal Seconds (0~900) [0]:
> The number of Errored Seconds (0~900) [0]
> Enable and disable the initial failure trap 0-disable 1-enable (0~1)[0]:1
> The number of failed fast retrain seconds (0~900) [0]:
rate in fast mode (0~31968kbps) [0]:

rate in interleaved mode (0~31968kbps) [0]:

<ATU-R >
3. Configure the ADSL2+ traffic profile.

You can configure the ADSL2+ traffic profile by running the traffic table command based
on your needs.
In this example, the default profile (profile 6) is used.
4. Activate the ADSL2+ port.
huawei(config-if-adsl-0/3)#deactivate all
huawei(config-if-adsl-0/3)#alarm-config all profile-index 10
5. Configure the upstream port.

l Configure the SCU board.
The configuration of the upstream port of the SCU board shall be the same as that
of the peer end.
Run the auto-neg command to set the port to work in auto negotiation mode.
If the port works in non auto negotiation mode, change to the SCU config mode and
run the speed command to change the port rate, and run the duplex command duplex
to change the port duplex mode.
l Configure the VLAN.
The ADSL2+ users of MA5600-1 adopt the VLAN authentication. In this case, the
MUX VLAN is used to identify the users.
huawei(config)#vlan 1000 to 1063 mux
6. Add the service port.

All ports of the 0/3 board provide ADSL2+ service. To add the service ports in batches,
run the multi-service-port command.
huawei(config)#multi-service-port from-vlan 1000 port 0/3 0-63 vpi 0 vci 35 rx-
cttr 6 tx-cttr 6
Step 9 Configure the SHDSL service.
The MA5600 supports the SHDSL service of multiple encapsulation modes, such as IPoA,

to configure the SHDSL service. For other encapsulation modes, see the chapter "22
Configuring the SHDSL Service."
1. Configure the SHDSL line profile.
To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile
quickadd command.
huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd
symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr
10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03
2. Configure the SHDSL alarm profile.

To configure the SHDSL alarm profile, run the shdsl alarm-profile add command.
3. Activate the SHDSL port.
huawei(config)#interface shdsl 0/5
huawei(config-if-shdsl-0/5)#deactivate all
huawei(config-if-shdsl-0/5)#alarm-config all 1
huawei(config-if-shdsl-0/5)#activate all profile-index 10
huawei(config-if-shdsl-0/5)#quit

The SHDSL users of MA5600-1 adopt the VLAN authentication. In this case, the MUX
VLAN is used to identify the users.

Ports 0-31 of board 0/5 provide the SHDSL service. To activate the ports in batches, run
the multi-service-port command.
cttr 6 tx-cttr 6
Step 10 Configure the QinQ leased line service.

MA5600-1 and MA5600-5 serve two branches of a company to provide the QinQ leased line
service.
1. Create VLAN 50.
2. Set VLAN 50 as QinQ VLAN.

3. Add the upstream port.


To add the service port, run the service-port command. Note that the VPI and VCI values
of the service port must be the same as those on the modem.
The QinQ VLAN supports the PVC-priority scheduling policy only. In this case, select the
profile that supports PVC-priority policy.
huawei(config)#traffic table index 7 ip car off priority 0 priority-policy pvc-
Setting
huawei(config)#service-port vlan 50 shdsl 0/5/31 vpi 0 vci 35 rx-cttr 7 tx-cttr
7

After the configuration, the following results shall be achieved:

l Users of port 0/2/2 must be authenticated, and have rights to watch two programs and to
preview one program.
l Users of port 0/2/3 do not need authenticating.
1. Configure the xDSL.
In this example, it is unnecessary to configure the xDSL. The default line profile (profile
1002) is used.
l Create a VLAN.
l Add the upstream port to the VLAN.

l Configure the native VLAN.

l Create the traffic profile.

pvc-Setting
l Add ADSL2+ port 0/2/2 and 0/2/3 to VLAN 100.

tx-cttr 8
tx-cttr 8

l Enable the multicast proxy.
huawei(config)#btv

l Set the upstream port to work in program mode.

l Configure the program library.

bind 0/7/0
bind 0/7/0
bind 0/7/0
l Configure the authority profile.

watch
program2
watch
program3
preview
l Configure the preview parameters.
In this example, set the preview duration for program 3 as 150s, the number of
preview attempts as 6 each day and the preview interval as 60s.
huawei(config-btv)#igmp preview program name program3 preview-duration 150
huawei(config-btv)#igmp preview program name program3 preview-interval 60

To set the time to clear the previous preview attempts, run the igmp preview auto-
reset-time command. In this example, set the time to 00:00:00.
l Configure the user data.

Step 12 Configure the subtending multicast service.
In the MSTP ring network, MA5600-1 is subtended with MA5600-3, and MA5600-3 is
subtended with MA5600-4. According to the data plan, MA5600-4 provides the multicast
service. In this way, it is necessary to configure the multicast subtending on MA5600-1 first.

The upstream port is already added in 11.3. It is unnecessary to configure it again.
2. Configure the IGMP proxy.
The IGMP proxy is already configured in 11.3. It is unnecessary to configure it again.
The program library is already configured in 11.3. It is unnecessary to configure it again.
4. Configure the multicast for the subtending port.
l Specify a subtending port.
huawei(config-btv)#igmp cascade-port 0/7/1
l Modify the subtending port.

huawei(config-btv)#igmp cascade-port modify 0/7/1 static enable
l Add programs for the static subtending port.

huawei(config-btv)#igmp static-join cascade-port 0/7/1 ip 224.1.1.1

huawei(config)#save
----End

Procedure
huawei>enable
huawei#config
Step 2 Configure the NMS.






2. Add the route.

preference 1

preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0






securityname public
securityname public


10
huawei(config)#ntp-service unicast-server 193.189.251.42 source-interface vlanif 10


EMU.
huawei(config)#emu add 0 power4845 0 0 fore

Step 7 Configure MSTP.

2. Set the MSTP region name.



to
Step 8 Enable PITP.

huawei(config)#pitp enable pmode



neglected

on your needs.

of the peer end.
The ADSL2+ users of MA5600-2 adopt the PPPoE authentication. In this case, the
smart VLAN is used to identify the users.

All ports of ADSL2+ board 0/3 provides ADSL2+ service. To add the service port in
batches, run the multi-service-port command.
huawei(config)#multi-service-port vlan 1000 adsl 0/3 0-63 vpi 0 vci 35 rx-cttr
6 tx-cttr 6

quickadd command.

3. Configure the SHDSL traffic profile.
To configure the SHDSL traffic profile, run the traffic table command.

The SHDSL users of MA5600-2 adopt the PPPoE authentication. In this case, the smart

l Ports 0-30 of SHDSL board 0/5 provide the SHDSL service.
l To add the service ports in batches, run the multi-service-port command.
huawei(config)#multi-service-port vlan 1300 shdsl 0/5 0-31 vpi 0 vci 35 rx-cttr
6 tx-cttr 6
Step 11 Configure the stacking multi-ISPs wholesale service.

ISP1 provides users of ports 0/2/0 to 0/2/10 on board with the multi-ISP wholesale service. ISP2
provides users of ports 11-20 to with the multi-ISP wholesale service. ISP3 provides users of
port 21-30 with the multi-ISP wholesale service.
1. Create a VLAN and set its attribute as stacking.
huawei(config)#vlan 60 to 62 smart
huawei(config)#vlan attrib 60 to 62 stacking


6
tx-cttr 6
6
tx-cttr 6

6
tx-cttr 6
4. Configure the inner label.

huawei(config)#stacking label vlan 60 baselabel 111
Step 12 Configure the triple play service.

After the configuration, the following results shall be achieved: Users of ports 0/2/31 can watch
the programs stored on servers 224.1.1.1 and 224.1.1.2, and can preview the programs stored
on server 224.1.1.3.
1. Configure the upstream port and VLAN.
2. Configure the traffic table.

The voice service has the highest priority, and the network access service has the lowest
priority.
Presume that the network access service uses traffic table 6, with the priority of 0. The
following shows how to create the new traffic tables for the voice service and video service
respectively.
huawei(config)#traffic table index 7 ip car 1024 priority 7 priority-policy
Pvc-Setting
huawei(config)#traffic table index 8 ip car off priority 5 priority-policy Pvc-
Setting

tx-cttr 8
tx-cttr 6
tx-cttr 7
4. Configure DHCP relay mode for video service.

l Enable DHCP mode.
l Configure the DHCP server.

l Configure the gateway mapped to the DHCP domain.

l Enable the DHCP option82 function.

huawei(config)#raio-mode xdsl-port-rate
5. Configure DHCP relay mode for voice service.



6. Configure the video service.

huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode mstp


watch
watch
preview

In the MSTP ring network, MA5600-1 is subtended with MA5600-3, and MA5600-3 is
subtended with MA5600-4. According to the data plan, MA5600-4 provides the multicast
service. In this way, it is necessary to configure the multicast subtending on MA5600-2 first.
1. Set the upstream port.

The upstream port is already added in 12.6. It is unnecessary to configure it again.
The IGMP proxy is already configured in 12.6. It is unnecessary to configure it again.
The program library is already configured in 12.6. It is unnecessary to configure it again.
l Modify a subtending port.



huawei(config)#save
----End


Procedure
huawei>enable
huawei#config




2. Add the route.

preference 1

preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0







securityname public
securityname public


huawei(config)#ntp-service unicast-server 193.189.251.38 source-interface
vlanif 10
huawei(config)#ntp-service unicast-server 193.189.251.42 source-interface
vlanif 10



Step 7 Enable MSTP.


2. set the MSTP region name.



to

neglected

neglected
<ATU-C >


<ATU-R >

on your needs.

of the peer end.

cttr 6 tx-cttr 6



quickadd command.



Ports 0-31 of board 0/5 provide the SHDSL service. To add the service ports in batches,
run the multi-service-port command.
cttr 6 tx-cttr 6

l Enable the multicast proxy.

huawei(config)#btv
l Configure the upstream port to work in the program mode.

huawei(config-btv)#igmp uplink-port-mode mstp

2. Configure the subtending multicast.

l Specify the subtending port.
l Modify the subtending port.


l Add programs to the static subtending port.


huawei(config)#save
----End

Procedure
huawei>enable
huawei#config




2. Add the route.

preference 1

preference 1

preference 1
preference 1


0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0





securityname public
securityname public


10



Step 6 Enable PITP.

huawei(config)#pitp enable pmode

neglected

neglected
<ATU-C >
<ATU-R >



on your needs.

of the peer end.
The ADSL2+ users of MA5600-4 adopt the PPPoE authentication. In this case, the
smart VLAN is used to identify the users.

huawei(config)#multi-service-port vlan 1000 adsl 0/3 0-3163 vpi 0 vci 35 rx-
cttr 6 tx-cttr 6

quickadd command.




Ports 0-30 of SHDSL board 0/5 provides the SHDSL service. To add the service ports in
batches, run the multi-service-portcommand.
6 tx-cttr 6

l Users of port 0/2/2 must be authenticated, and have rights to watch two programs and to
l Users of port 0/2/3 do not need authenticating.

1002) is used.
l Create a smart VLAN.
l Set the VLAN upstream port.


l Create a traffic profile.

Pvc-Setting
l Add ADSL2+ ports 0/2/2 and 0/2/3 to VLAN 100.

tx-cttr 8
tx-cttr 8

l Enable the multicast proxy function.

huawei(config)#btv
l Set the upstream port.



bind 0/7/0
bind 0/7/0
bind 0/7/0

program1
watch
program2
watch
program3
preview
preview attempts as 6 each day and the preview interval as 60s.


huawei(config)#save
----End

Procedure
huawei>enable
huawei#config






2. Add the route.

preference 1

preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0






securityname public
securityname public


10


EMU.
huawei(config-if-powe4845-0)#power module-num 2 1 2
service.
1. Create VLAN 50.

2. Set VLAN50 as QinQ VLAN.



To add the service port, run the service-port command. Note that the VPI and VCI values
of the service port must be the same as those on the modem.
Setting
7

huawei(config)#save
----End

36.8 Verification

Configuration Guide 37 Subtending Networking Example
37 Subtending Networking Example
About This Chapter
This chapter describes the subtending networking example supported by the MA5600.
37.1 Networking
The section describes a sample subtended network.
37.2 Data Plan
The section describes the data plan for the sample subtended network.
The section describes how to configure the MA5600-1.
37.7 Verification

37 Subtending Networking Example Configuration Guide
37.1 Networking
The section describes a sample subtended network.
As shown in Figure 37-1:
l The MA5600-1 is subtended with MA5600-2 through the GE port on the SCU board.
l The MA5600-2 is subtended with MA5600-3 through the GE port on the SCU board.
Figure 37-1 shows a sample subtended network of the MA5600.

Figure 37-1 Sample subtended network of the MA5600
SoftSwitch Multicast ISP1 ISP2 ISP3 DHCP iManager N2000

server server
IP
LAN switch
BRAS
2 3 5 6 7 5 7
0 0
A A S A S
1
D D H I H
G G E U E
E E A G A
SCU MA5600-1 SCU

MA5600-4
6 7 14 2 3 5 7
0 0
A A A A S
1 1
I D D D H
U L G G E
A A E E A
MMX ATM-DSLAM SCU MA5600-2
2 3 5 7
HG 0
A A S
D D H
G G E
STB
E E A
SCU MA5600-3
Ephone TV PC
ADSL2+ modem
PC
37.2 Data Plan

The section describes the data plan for the sample subtended network.
Table 37-1 lists the service and data plan of MA5600 for the sample subtended network in
Figure 37-1.

Table 37-1 Data plan for the sample subtended network

MA5600-1 MA5600-2 MA5600-3 MA5600-4 ATM-
DSLAM
Service l ADSL2+ l ADSL2+ l ADSL2+ QinQ leased ADSL

service service service line service
l SHDSL l SHDSL l SHDSL (for leased
service service service line
interconnectio
l VDSL l Stacking l Multicast n between
service wholesale service MA5600-4
l QinQ service and
leased line l Triple Play MA5600-1)
service (for service
leased line
interconne
ction
between
MA5600
and
MA5600
-4)
l Multicast
service
Inband 10.8.176.2 10.8.176.3 10.8.176.4 10.8.176.5 10.8.176.6

NMS 255.255.255. 255.255.255. 255.255.255. 255.255.255. 255.255.255.
address 0 0 0 0 0
Gateway: Gateway: Gateway: Gateway: Gateway:
10.8.176.1/24 10.8.176.1/24 10.8.176.1/24 10.8.176.1/24 10.8.176.1/24
GE port Upstream: Upstream: Upstream: Upstream: -

of the 0/7/0 0/7/0 0/7/0 0/7/0
SCU Subtending: Subtending:
board 0/7/1 0/7/1

MA5600-1 MA5600-2 MA5600-3 MA5600-4 ATM-

DSLAM
VLAN NMS: 10 NMS: 10 NMS: 10 NMS: 10 -

QinQ: 50 Stacking: Multicast: 100 QinQ: 50
Multicast: 60-62 (inner ADSL2+:
100 label: 1000 (adopt
111-113) PPPoE
ADSL2+:
1000-1063 Triple Play: authentication
(adopt VLAN 100-102 )
authenticatio ADSL2+: SHDSL: 1300
n) 1000 (adopt (adopt PPPoE
SHDSL: PPPoE authentication
1300-1330 authentication )
(adopt VLAN )
authenticatio SHDSL: 1300
n) (adopt PPPoE
authentication
)
Slot ADSL2+: 0/3 ADSL2+: 0/3 ADSL2+: 0/3 QinQ: 0/5/31 ADSL: 0/14
and SHDSL: 0/5 SHDSL: 0/5 SHDSL: 0/5
port
QinQ: 0/5/31 Stacking:
Multicast: 0/2/0-10 (map
0/2/2, 0/2/3 VLAN 60,
ISP1)
0/2/11-20
(map VLAN
61, ISP2)
0/2/21-30
(map VLAN
62, ISP3)
Triple Play:
0/2/31
NMS 195.71.131.38 and 195.71.131.39

host
Log 217.188.56.40 and 217.188.57.40

host
Time 193.189.251.38 and 193.189.251.42

server
EMU DC DIS monitoring, fan monitoring
DHCP DHCP server1: 10.1.1.2 (active), 10.1.1.3 (standby)

server Gateway: 10.1.1.1/24
DHCP server2: 10.4.4.2 (active), 10.4.4.3 (standby)
Gateway: 10.4.4.1/24

MA5600-1 MA5600-2 MA5600-3 MA5600-4 ATM-

DSLAM
Upper The upper layer device supports the DHCP Option82 function.
layer The BRAS supports the PITP, Stacking, and QinQ function.
device
The BRAS supports inner and outer VLAN tags.
The VLAN ID of the traffic flow sent from the IP network to the DSLAM is 100.
The upper layer device classifies the downstream traffic. Different services carry
different 802.1p labels.
The VLAN mapping to the DSLAM is configured at the upper layer device.
The IP address of the LAN switch at the MA5600 side is 10.10.10.1/24.
NOTE
l In this networking, MA5600-1 can be replaced with a GE switch or a BRAS.

l The upstream port of theThe MA5600 supports the port aggregation function. In the actual network
planning, you can aggregate multiple upstream ports for use.

Procedure
huawei>enable
huawei#config



l Configure the IP address of the NMS interface.

2. Add the route.

l Configure the route destined to the NMS (Trap destination address).
preference 1
preference 1

preference 1


preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0

l Set the community name and access authority.
l Set the SysContact.

l Set the SysLocation.

Here, the SNMP version must be the same as that of the NMS. In this example, the
SNMP version is set as SNMP V2C.

6. Set trap destination address.

securityname public
securityname public


10
10




This section uses the fan and DC DIS monitoring as an example to show how to configure the
EMU.
huawei(config-if-dis-0)#distribution humidity 95 10
huawei(config-if-dis-0)#distribution temperature 50 0
huawei(config-if-dis-0)#quit
Step 6 Configure the SCU subtending.

MA5600-1 is subtended with MA5600-2 andMA5600-3. Therefore subtending shall be
configured.
Step 7 Configure the ADSL2+ service.

You can configure it based on your actual needs.
neglected

neglected
<ATU-C >


<ATU-R >

To configure the ADSL2+ traffic profile, run the traffic table command.

By default, the GE optical port of the GIU board works in full duplex mode with the
rate of 1000 Mbit/s.
To change the port working mode and the port rate, run the speed and duplex
command in SCU board config mode.
The settings must be the same as those of the peer end.
huawei(config)#port vlan 1001 to 1063 0/7 0

All ports of ADSL2+ board 0/3 provide the ADSL2+ service. To add the virtual ports in


cttr 6 tx-cttr 6
to configure the SHDSL service. For other encapsulation modes, see the chapter 22 Configuring
the SHDSL Service.

quickadd command.



cttr 6 tx-cttr 6
Step 9 Configuring the QinQ leased line service.
service.
1. Create VLAN 50.




To add the virtual port, run the service-port command. Note that the VPI and VCI values
of the virtual port must be the same as those on the modem.
Setting
huawei(config)#service-port vlan 50 shdsl 0/5/31 vpi 0 vci 35 rx-cttr 7
tx-cttr 7
l Users of port 0/2/2 need to be authenticated, and have rights to watch two programs and to
l Users of port 0/2/3 do not need to be authenticated.
1002) is used.
l Create a VLAN.
l Configure the VLAN upstream port.


NOTE
When the VLAN ID of the tag packet is the same as that of the native VLAN of the egress, the
egress will remove the tag of the packet. That is, the tagged packet becomes to the untagged
packet (without VLAN ID) after the tagged packet passes through the egress.
huawei(config-if-giu-0/7)#native-vlan 0 vlan 100
huawei(config-if-giu-0/7)#native-vlan 1 vlan 100

Pvc-Setting
l Add ADSL2+ ports 0/0/2 and 0/0/3 to VLAN 100.

cttr 8
cttr 8

huawei(config)#btv
l Set the upstream port.



bind 0/7/0
bind 0/7/0


bind 0/7/0

watch
watch
preview
l Set the preview parameters.
preview attempts as 6 each day, and the preview interval as 60s.
l Configure the multicast user.

huawei(config-btv)#igmp user add port 0/2/3 no-auth
huawei(config-btv)#igmp user add port 0/2/2 auth

1. Set the upstream port.
The upstream port is already configured in 10.3.
The IGMP proxy is already configured in 10.3.
The program library is already configured in 10.3.



huawei(config)#save
----End


Procedure
huawei>enable
huawei#config




2. Add the route.

preference 1
preference 1

preference 1
preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0





securityname public
securityname public
7. Set trap source address.


10

Step 5 Configure EMU.

EMU.

MA5600-2 is subtended with MA5600-3. Therefore subtending shall be configured
transparently transmit the VLAN data of MA5600-3. There are four VLANs configured on
MA5600-3, with the VLAN ID of 10, 100, 1000 and 1300.
These VLAN are already configured with subtending, and it is unnecessary to configure them
again.
to configure the ADSL2+ service. For other encapsulation modes, see the chapter 21
Configuring the ADSL2+ Service.


neglected

neglected
<ATU-C >
<ATU-R >





All ports of ADSL2+ board 0/3 provide the ADSL2+ service. To add the virtual ports in
6 tx-cttr 6

quickadd command.

huawei(config-if-shdsl-0/5)#activate all 10



6 tx-cttr 6
Step 9 Configure the stacking multi-ISP wholesale service.

l ISP1 provides users of ports 0/0/0 to 0/1/10 with the multi-ISP wholesale service.
1. Create a stacking VLAN.
huawei(config)#vlan 60 to 62 smart
huawei(config)#vlan attrib 60 to 62 stacking
huawei(config)#stacking outer-ethertype 0x8000


huawei(config)#multi-service-port vlan 60 adsl 0/2 0-10 vpi 0 vci 35
rx-cttr 6 tx-cttr 6
rx-cttr 6 tx-cttr 6
rx-cttr 6 tx-cttr 6
4. Configure the inner label.

Step 10 Configure the triple play service.

After the configuration, the following results shall be achieved: Uses of port 0/2/31 can watch
the programs stored on servers 224.1.1.1 and 224.1.1.2, and can preview the programs stored
on server 224.1.1.3.
1. Configure the upstream port and the VLAN.
2. Configure the traffic table.

The voice service has the highest priority, and the network access service has the lowest
priority.
Presume that the network access service uses traffic table 6, with the priority of 0. The
following shows how to create the new traffic tables for the voice service and video service
respectively.
huawei(config)#traffic table index 7 ip car 1024 priority 7 priority-policy
Pvc-Setting

huawei(config)#traffic table index 8 ip car off priority 5 priority-policy Pvc-

Setting

tx-cttr 8
tx-cttr 6
tx-cttr 7
4. Configure DHCP relay mode for video service.

l Enable DHCP mode.


l Enable DHCP Option82.

5. Configure DHCP relay mode for voice service.


l Enable the DHCP option82.

6. Configure the video service.

huawei(config)#btv

0/7/0
0/7/0
0/7/0

watch
watch
preview



The upstream port is already configured in 10.6.
The IGMP proxy is already configured in 10.6.
The program library is already configured in 10.6



huawei(config)#save
----End

Procedure
huawei>enable
huawei#config




2. Add the route.

preference 1
preference 1

preference 1


preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0





securityname public
securityname public


10
10




EMU.

to configure the ADSL2+ service. For other encapsulation modes, see the chapter 21
Configuring the ADSL2+ Service.
neglected
2. Configuring the ADSL2+ alarm profile.

neglected
<ATU-C >


<ATU-R >



All ports of ADSL2+ board 0/3 provides the ADSL2+ service. To add the virtual ports in
6 tx-cttr 6
to configure the SHDSL service. For other encapsulation modes, see the chapter 22 Configuring
the SHDSL Service.


quickadd command.

huawei(config-if-shdsl-0/5)#activate all 10


6 tx-cttr 6
l Users of port 0/2/2 need to be authenticated, and have rights to watch two programs and to
l Users of port 0/2 do not need to be authenticated.
1002) is used.
l Create a smart VLAN.
l Set the VLAN upstream port.



pvc-Setting

l Add ADSL2+ port 2 and 3 to VLAN 100.

cttr 8
cttr 8
3. Configure the multicast service

huawei(config)#btv
l Configure the upstream port.

l Configure the upstream port to work in program mode.


bind 0/7/0
bind 0/7/0
bind 0/7/0

program1
watch
program2
watch
program3
preview
preview attempts as 6 each day, and the preview interval as 60s.

huawei(config-btv)#igmp user add port 0/2/3 no-auth

huawei(config)#save
----End


Procedure
huawei>enable
huawei#config




2. Add the route.

preference 1
preference 1

preference 1
preference 1

preference 1
preference 1

0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0
destination 10.8.176.2 0.0.0.0





securityname public
securityname public


10


EMU.

service.
1. Create VLAN 50.



To add the virtual port, run the service-port command. Note that the VPI and VCI values
of the virtual port must be the same as those on the modem.

Setting
7

huawei(config)#save
----End
37.7 Verification

Configuration Guide A Acronyms and Abbreviations
A Acronyms and Abbreviations
A
AAA Authentication, Authorization and Accounting
ABR Area Border Router
ACL Access Control List
B
BDR Backup Designated Router
BMS HUAWEI iManager N2000 broadband integrated network management
system
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
BTV Broadband TV
C
CAR Committed Access Rate
CC Connection Confirm
CFM Connectivity Fault Management
CIDR Classless Inter-Domain Routing
CLI Command Line Interface
COS Class of Service
CPE Customer Premises Equipment
Issue 04 (2007-11-30) Huawei Technologies Proprietary A-1

A Acronyms and Abbreviations Configuration Guide
CRC Cyclic Redundancy Code
D
DHCP Dynamic Host Configuration Protocol
DHCP
DHCP relay agent option 82
option82
DoD Downstream on Demand
DoS Denial of Service
DR Designated Router
DSLAM Digital Subscriber Line Access Multiplexer
DU Downstream Unsolicited
D-V Distance Vector Routing Algorithm
E
EMU Environment Monitoring Unit
F
FE Fast Ethernet
FEC Forward Error Correction
FTP File Transfer Protocol
FIFO First In First Out
G
GE Gigabit Ethernet
I
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IMA Inverse Multiplexing for ATM
IP Internet Protocol
IPoA Internet Protocol Over ATM
IPoE IP over Ethernet
A-2 Huawei Technologies Proprietary Issue 04 (2007-11-30)

ISP Internet Service Provider
L
LAN Local Area Network
LSA Link State Advertisement
LSDB Link State DataBase
LSP Label Switched Path
M
MA Maintenance Association
MAC Medium Access Control
MBS Maximum Burst Size
MD Maintenance Domain
MDU Multi-dwelling Unit
MEP Maintenance association End Point
MIB Management Information Base
MIP Maintenance association Interspace Point
MRU Maximum Receive Unit
MSTP Multiple Spanning Tree Protocol
MTU Maximum Transmission Unit
N
NBMA Non Broadcast Multiple Access
NHLFE Next Hop Label Forwarding Entry
NIC Network Information Center
NMS Network Management System
O
OSPF Open Shortest Path First
P
PITP Policy Information Transfer Protocol

A Acronyms and Abbreviations Configuration Guide
PPPoA Point-to-Point Protocol over ATM

PPPoE Point-to-Point Protocol over Ethernet
PQ Priority Queuing
PPP Peer-Peer Protocol
PSN Packet Switched Network
PSTN Public Switched Telephone Network
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RARP Reverse Address Resolution Protocol
RFC Remote Feature Control
RIP Routing Information Protocol
RMON Remote Network Monitoring
S
SNMP Simple Network Management Protocol
SSH Secure Shell
STB Set Top Box
STP Spanning Tree Protocol
T
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP Trivial File Transfer Protocol
TOS Type of Service
TTL Time To Live
U
UDP User Datagram Protocol
A-4 Huawei Technologies Proprietary Issue 04 (2007-11-30)

V
VLAN Virtual LAN
VOD Video On Demand
VT Virtual Terminal
VTP VLAN Trunk Protocol
VTY Virtual Type Terminal
W
WRR Weighted Round Robin

Configuration Guide Index
Index
A definition, 4-3
anti DoS attack, enabling, 20-3
AAA, 8-2 anti ICMP attack, enabling, 20-5
advantage, 8-3 anti IP attack, enabling, 20-4
configuring authentication scheme, 8-16 anti IP spoofing, enabling, 19-11
creating domain, 8-17 anti MAC spoofing, enabling, 19-10
AAA, configuring, 8-16 apply cause of route policy, defining, 12-63
accessible address segment, configuring, 20-11 ARP, 11-2
ACL, 17-3 ARP proxy
activating, 17-25 configuring, 11-2
advanced ACL, 17-11 enabling, 11-6
basic ACL, 17-10 ARP, static ARP entry, 11-5
categories, 17-3 ATM-DSLAM, configuring, 26-3
configuring time range, 17-18 authentication scheme
creating, 17-16 configuring, 8-16
customized ACL, 17-15 specifying, 8-19
layer 2 ACL, 17-13 authority mode, setting, 31-52
ACL rule authority of program, granting, 31-60
advanced ACL rule, 17-21 authority profile
basic ACL rule, 17-20 binding with a user, 31-58
customized ACL rule, 17-23 modifying, 31-53
layer 2 ACL rule, 17-22 renaming, 31-54
setting step, 17-19 unbinding from a user, 31-59
adding user, 6-5 authority profile configuration
ADSL2+ modifying authority profile, 31-53
activating ADSL2+ port, 21-33 renaming authority profile, 31-54
adding alarm profile, 21-28 setting authority mode, 31-52
adding extended line profile, 21-25
adding line profile, 21-18 B
ADSL2+ port rate threshold, configuring, 21-35
configuring IPoA/IPoE conversion, 21-36 backup root bridge, specifying, 13-14
configuring port rate measurement threshold, 21-35 bandwidth management
enabling IPoA conversion, 21-36 disabling, 31-50
querying port information, 21-43 enabling, 31-48
ADSL2+ alarm profile,adding, 21-28 enabling bandwidth management, 31-48
ADSL2+ line profile, adding, 21-18 setting upstream port bandwidth, 31-50
ADSL2+ port, activating, 21-33 setting user bandwidth, 31-50
ADSL2+, definition, 21-3 basic ACL
advanced ACL configuring, 17-10
configuring, 17-11 basic ACL rule, creating, 17-20
advanced ACL rule, creating, 17-21 basic MPLS TE capability, configuring, 28-5
advanced RSVP-TE feature, configuring, 28-16 binding
agent SHDSL EFM multi-port, 22-29
configuration, 4-8 SHDSL multi-Pair, 22-28
Issue 04 (2007-11-30) Huawei Technologies Proprietary i-1

Index Configuration Guide
black list, configuring, 20-8 CPU usage, showing, 3-19

board status, 7-2 CR-LSP establishment, tuning, 28-25
BTV user customized ACL
adding, 31-55 configuring, 17-15
binding with authority profile, 31-58 customized ACL rule, creating, 17-23
blocking, 31-57
deleting, 31-56 D
disabling the monitoring function, 31-61
granting with program authority, 31-60 default logging interval (2 hours), 31-67
modifying, 31-56 default matching sequence, 17-5
monitoring, 31-60 default route
unblocking, 31-58 setting cost, 12-21
default routing metric, specifying, 12-23
C default setting
handshake interval, 4-19
CBR, 17-6 read-only community name, 4-10
CFM designated bridge
enabling, 33-10 setting parameter, 13-20
enabling alarm, 33-11 designated port
CLI characteristic, 3-2 setting parameter, 13-26
display characteristic, 3-8 device protection, configuring, 13-33
edit characteristic, 3-6 device subtending, configuring, 25-5
error prompt, 3-10 DHCP, 10-3
intelligent matching, 3-5 setting working mode, 10-14
interaction characteristic, 3-7 DHCP configuration
parameter prompt, 3-7 MAC address segment mode, 10-9
saving history command, 3-9 option60 mode, 10-6
CLI display characteristic, 3-8 standard mode, 10-4
CLI error prompt, 3-10 DHCP MAC address segment
CLI operation creating, 10-18
clearing terminal screen, 3-18 gateway, 10-21
enabling interactive command execution, 3-13 range, 10-19
enabling trap reporting, 3-13 DHCP MAC address segment mode, configuring, 10-9
locking terminal, 3-18 DHCP option60 domain
obtaining online help information, 3-11 creating, 10-16
setting system name, 3-16 gateway, 10-18
setting system time, 3-15 DHCP option60 mode, configuring, 10-6
setting terminal type, 3-16 DHCP relay, 10-3
setting timeout exit time, 3-17 DHCP see also DHCP relay, 10-3
showing CPU usage, 3-19 DHCP server
showing memory usage, 3-20 setting working mode, 10-13
showing version, 3-19 DHCP server group
switching terminal language, 3-14 binding MAC address segment, 10-20
testing network state, 3-20 binding VLAN interface, 10-15
CLI trap reporting, enabling, 3-13 binding with option60 domain, 10-17
command line interface (CLI), 2-2 creating, 10-12
community name, setting, 4-10 DHCP standard mode, configuring, 10-4
configuration example DR priority, configuring, 12-40
remote user authentication, 8-4 dynamic MAC address
configuring terminal aging time, 15-4
through inband management channel, 2-15
through local serial port, 2-3 E
through outband management channel, 2-12
through remote serial port, 2-7 edit characteristic, 3-6
through SSH, 2-19 egress
Connectivity Fault Management (CFM), 33-3 configuring MPLS OAM, 34-12
contact information on system, setting, 4-13 EMU, configuring, 35-4
control board, resetting, 7-3 enabling MPLS, 27-11
i-2 Huawei Technologies Proprietary Issue 04 (2007-11-30)

Encapsulation Type, 32-20 unsolicited report interval, 31-37

engine ID user action report function, 31-41
configuring for local SNMP entity, 4-17 IGMP snooping parameters, 31-42, 31-43
related operations, 4-17 IGMP user
Ethernet OAM, configuring, 33-3 adding, 31-55
Ethernet port binding with authority profile, 31-58
configuring physical attribute, 25-10 blocking, 31-57
enabling aggregation, 25-16 disabling the monitoring function, 31-61
enabling flow control, 25-13 granting with program authority, 31-60
setting native VLAN, 25-20 modifying, 31-56
Ethernet port aggregation, enabling, 25-16 monitoring, 31-60
Ethernet port, mirroring, 25-17 inaccessible address segment, configuring, 20-12
extended ADSL2+ line profile, adding, 21-25 inband NMS
routes, 2-18
F ingress
configuring MPLS OAM, 34-11
finwait timer, 16-2 intelligent matching, 3-5
configuring, 16-3 interaction characteristic, 3-7
firewall, configuring, 20-9 interactive command execution
format of user name enabling, 3-13
setting, 8-14 interface
enabling packet transmit/receive, 12-32
G interval for
general query
general query restoring to default value (125s), 31-32
interval, setting, 31-31 setting, 31-31
maximum response time to, 31-32 logging, 31-67
restoring to default interval (125s), 31-32 specific query
restoring to default value (1s), 31-36
H setting, 31-35
unsolicited report
handshake function, enabling, 4-18 restoring to default value (10s), 31-38
handshake interval setting, 31-37
default setting, 4-19 interval for sending Hello packet, setting, 12-52
long handshake interval, 4-19, 4-19 IP address
related operation, 4-19 inband NMS interface, 4-22
setting, 4-19 outband NMS interface, 4-20
short handshake interval, 4-19, 4-19 IP address of peer router, configuring, 12-31
Hello packet poll interval, setting, 12-53 IP address, binding, 19-8
history command IP connection
saving, 3-9 enabling IP packet debugging, 16-5
Huawei Group Management Protocol see also PITP, IP packet debugging,enabling, 16-5
19-3
L
I
layer 2 ACL
if-match clause of route policy, defining, 12-62 configuring, 17-13
IGMP global parameters layer 2 ACL rule, creating, 17-22
general query interval, 31-31 leave proxy switch see proxy of IGMP leave packet,
maximum response time to general query, 31-32 31-43
maximum response time to specific query, 31-36 License function
number of specific queries, 31-33 license application, 1-3
preview recognition time, 31-39 license ESN, 1-7
proxy authorization License Server, 1-6
, 31-28 linktrace function, configuring, 33-20
robustness variable, 31-30 local RSA key pair, configuring, 8-21
specific query interval, 31-35 local serial port terminal
TTL for V1 router, 31-38 define type, 2-5

network topology, 2-3 modem parameter setting

setting parameter, 2-4 called modem, 2-9
starting HyperTerminal, 2-4 calling modem, 2-9
local SNMP engine ID, configuring, 4-17 MPLS
location of system, setting, 4-13 basic configuration, 27-10
log configuring LDP, 27-15
querying, 5-6 configuring PW, 27-28
log host configuring static LSP, 27-12
configuring, 5-3 definition, 27-2
deactivating, 5-5 enabling, 27-11
deleting, 5-4 MPLS OAM, 34-2
logging detection of static LSP connectivity, 34-2
collecting statistics, 31-70 protection switchover, 34-6
disabling, 31-67 MPLS OAM of egress, configuring, 34-12
enabling, 31-66 MPLS OAM of ingress, configuricfg_cli_0639, 34-11
reporting, 31-69 MPLS TE, 28-2
restoring default logging interval, 31-69 MPLS TE tunnel configuration
setting interval, 31-67 using dynamic signaling, 28-8
stopping reporting, 31-70 MPLS TE tunnel establishment, tuning, 28-31
logging configuration MSTP, 13-3
collecting log statistics, 31-70 activating MSTR, 13-13
configuring log reporting, 31-69 clearing statistic, 13-37
enabling logging, 31-66 configuring device protection, 13-33
setting logging interval, 31-67 MSTR parameter, setting, 13-6
loop detection function, configuring, 33-19 setting MSTR parameter, 13-6
LSA retransmit interval setting network diameter, 13-18
between adjacent router, 12-55 setting parameter of designated bridge, 13-20
LSA transmit delay, setting, 12-54 setting parameter of designated port, 13-26
LSP type, 27-12 setting priority, 13-15
LTM setting working mode, 13-5
configuring, 33-20 MSTP, enabling, 13-3
MSTR, activating, 13-13
M MSTRsetting maximum hop
, 13-17
MA multicast bandwidth management
interval for transmitting CC, 33-17 enabling bandwidth management, 31-48
MA, configuring, 33-7 setting upstream port bandwidth, 31-50
MAC address setting user bandwidth, 31-50
maximum count, 15-3 multicast base address, configuring, 33-18
MAC address filtering, configuring, 15-5, 20-6 multicast preview
MAC address pool, configuring, 15-6 clearing logout time records, 31-65
MAC address, binding, 15-5, 19-9 disabling, 31-62
manager, definition, 4-2 enabling, 31-61
maximum hop of MST region, setting, 13-17 restoring default auto-reset time, 31-64
maximum OSPF route count, configuring, 12-46 setting auto-reset time, 31-63
maximum response time to general query setting parameters, 31-62
restoring to default value (10s), 31-33 multicast user
setting, 31-32 adding, 31-55
maximum response time to specific query binding with authority profile, 31-58
restoring to default value (0.8s), 31-37 blocking, 31-57
setting, 31-36 deleting, 31-56
MD, creating, 33-6 disabling the monitoring function, 31-61
memory usage granting with program authority, 31-60
showing , 3-20 IGMP user
MEP deleting, 31-56
creating, 33-8 unblocking, 31-58
enabling, 33-12 modifying, 31-56
enabling CC transmission, 33-13 monitoring, 31-60

unblocking, 31-58 MTU field, 12-50

MUX VLAN, configuring, 9-7 packet authentication, 12-50
OSPF route import
N from other protocol, 12-58
setting default parameter, 12-59
NBMA adjacent router, configuring, 12-43 OSPF router ID, setting, 12-40
network diameter, setting, 13-18 OSPF routes
network management station see manager, 4-3 network type, 12-48
network state OSPF stub area, configuring, 12-43
testing, 3-20 OSPF timer
Network Time Protocol (NTP), 14-3 dead time between adjacent router, 12-53
NMS route, configuring, 4-21 Hello packet poll interval, 12-53
nrt-VBR, 17-6 interval for sending Hello packet, 12-52
NTP LSA retransmit interval, 12-55
broadcast mode, 14-3, 14-19 LSA transmit delay, 12-54
client, 14-20 subnet for area, 12-42
server, 14-19 OSPF, configuring, 12-9
configuring access authority, 14-25 outband NMS
configuring master clock, 14-18 routes, 2-14
configuring NTP ID authentication, 14-16
multicast mode, 14-6 P
peer mode, 14-13
server/client mode, 14-9 parameter prompt, 3-7
NTP broadcast mode, configuring, 14-3, 14-19 path cost
NTP ID authentication, configuring, 14-16 setting calculation standard, 13-19
NTP master clock, configuring, 14-18 permitted reenter number, modifying, 6-10
NTP mode, 14-3 poison reverse, enabling, 12-34
NTP multicast mode, configuring, 14-6 Policy Information Transfer Protocol (PITP), 19-3
NTP peer mode, configuring, 14-13 present timeout, see TTL, 31-38
NTP server/client mode, configuring, 14-9 preview
number of specific queries clearing logout time records, 31-65
restoring to default value (2), 31-34 disabling, 31-62
setting, 31-33 enabling, 31-61
restoring default auto-reset time, 31-64
O setting auto-reset time, 31-63
setting parameters, 31-62
online help information, obtaining, 3-11 preview configuration
OSPF clearing logout time records, 31-65
cost, 12-49 enabling preview, 31-61
disabling packet transmission, 12-45 setting preview auto-reset time, 31-63
enabling logging, 12-47 setting preview parameters, 31-62
enabling process, 12-39 preview recognition time
entering OSPF area config mode, 12-41 restoring to default value (30s), 31-40
maximum route count, 12-46 setting, 31-39
NBMA adjacent router, 12-43 priority for transmitting CCM/LTM, configuring,
router ID, 12-40 33-16
setting preference, 12-44 program authority, granting, 31-60
SPF calculation interval, 12-55 protection group
stub area, 12-43 configuring tunnel protection group, 34-13
Transparent transmission, 12-47 debugging information output, 34-15
OSPF area config mode, entering, 12-41 manual switchover, 34-14
OSPF cost, configuring, 12-49 proxy authorization (IGMP), enabling, 31-28
OSPF logging, enabling, 12-47 proxy of IGMP leave packet, 31-43
OSPF packet authentication, configuring, 12-50 disabling, 31-44
OSPF packet transmission, disabling, 12-45 enabling, 31-43
OSPF preference, setting, 12-44 proxy of IGMP report packet, 31-42
OSPF process, enabling, 12-39 disabling, 31-43
OSPF route enabling, 31-42

PVC and PW template, binding, 27-30 disabling receiving host route, 12-25
disabling RIP packet transmission, 12-30
Q enabling packet receive/transmit , 12-32
enabling poison reverse, 12-34
QoS enabling process, 12-18
traffic entry, 18-2 enabling split horizon, 12-33
importing route of other protocol, 12-24
R resetting, 12-29
setting version, 12-19
RADIUS summary route IP address, 12-32
ANS port, 8-14 RIP packet transmission, disabling, 12-30
introduction, 8-3 RIP preference, configuring, 12-26
maximum retransmit count of RADIUS request, RIP process statistic, clearing, 12-30
8-12 RIP process, enabling, 12-18
RADIUS request RIP timer, configuring, 12-36
maximum retransmit count, 8-12 RIP version, setting, 12-19
specifying server template, 8-8 RIP-2 authentication mode, configuring, 12-35
RADIUS server RMEP
IP address & port number, 8-9 creating, 33-9
shared key, 8-10 enabling detection, 33-15
type, 8-13 robustness variable
user name format, 8-14 restoring to default value, 31-31
RADIUS server template setting, 31-30
specifying, 8-18 root bridge, specifying, 13-14
RADIUS serverresponse timeout interva of RADIUS route additional metric, configuring, 12-35
server route filtering policy, configuring, 12-27
response timeout interval, 8-11 route of other protocol, importing, 12-24
setting, 8-11 route policy
RADIUS, configuring, 8-7 defining, 12-60
read/write authorities, setting, 4-10 defining apply clause, 12-63
receiving host route, disabling, 12-25 defining if-match clause, 12-62
recognition time of preview route policy, configuring, 12-13
restoring to default value (30s), 31-40 route summarization
setting, 31-39 between areas, 12-56
remote serial port terminal routes imported by OSPF, 12-57
network topology, 2-8 rt-VBR, 17-6
setting parameter, 2-9
remote serial port terminalmodem requirement
, 2-7
S
remote serial portstarting HyperTerminal service board
, 2-10 confirming, 7-6
remote user authentication deleting, 7-6
configuring, 8-1 prohibiting, 7-7
report proxy switch see proxy of IGMP report packet, resetting, 7-7
31-42 service port
response time to general query adding to VLAN, 9-18
restoring to default value (10s), 31-33 adding to VLAN in batches, 9-20
setting, 31-32 setting description, 9-22
response time to specific query shared key of RADIUS server
restoring to default value (0.8s), 31-37 setting, 8-10
setting, 31-36 SHDSL
RIP activating SHDSL port, 22-30
clearing process statistic, 12-30 adding alarm profile, 22-24
configuring additional metric, 12-35 adding line profile, 22-21
configuring preference, 12-26 binding alarm profile, 22-27
configuring RIP-2 authentication mode, 12-35 configuring clock mode, 22-32
configuring timer, 12-36 querying port information, 22-31
configuring zero field check, 12-20 SHDSL alarm profile, adding, 22-24

SHDSL alarm profile, binding, 22-27 setting time, 3-15

SHDSL EFM multi-port showing version, 3-19
binding, 22-29
SHDSL line profile, adding, 22-21 T
SHDSL multi-Pair, 22-28
SHDSL port, activating, 22-30 TCP connection
shelf description, setting, 7-3 configuring socket buffer, 16-4
smart VALN, configuring, 9-5 enabling TCP debugging, 16-4
SNMP TCP debugging, enabling, 16-4
configuring MIB view, 4-16 telnet
configuring V3 group, 4-15 inband NMS, 2-15
configuring V3 user, 4-14 LAN, 2-12
definition, 4-2 logging in, 2-15
setting version, 4-9 outband NMS, 2-12
SNMP agent see agent, 4-8 running, 2-15
SNMP MIB view, configuring, 4-16 WAN, 2-13
SNMP V3 group, configuring, 4-15 template of RADIUS server
SNMP V3 user, configuring, 4-14 specifying, 8-18
SNMP version, setting, 4-9 template of RADIUS server, specifying, 8-8
socket buffer, configuring, 16-4 terminal
source interface for sending traps, 4-12 clearing screen, 3-18
source route filtering, enabling, 20-5 locking, 3-18
specific query setting type, 3-16
interval, setting, 31-35 switching language, 3-14
maximum response time to, 31-36 time range
times, setting, 31-33 configuring, 17-18
SPF calculation interval, setting, 12-55 timeout exit time, setting, 3-17
split horizon, enabling, 12-33 traffic entry
SSH configuring, 18-2
advantage, 8-4 traffic suppression mode, 25-14
configuring local RSA key pair, 8-21 traffic suppression, enabling, 25-14
configuring public key, 8-22 transparent transmission of RIP packet, enabling,
configuring user, 8-24 12-37
definition, 8-3 trap
LAN definition, 4-3
inband, 2-20 sending, 4-11
outband, 2-19 source interface, setting, 4-12
version, 8-4 Triple play, 32-20
WAN triple play service, 32-2
inband, 2-21 configuring (802.1p-based), 32-15
outband, 2-20 configuring (multi-PVC), 32-3
SSH, configuring, 8-21 configuring (single PVC), 32-9
standard VLAN, configuring, 9-5 TTL (time to live), 31-38
static ARP entry, adding, 11-5 TTL for V1 router
static MAC address, adding, 15-2 restoring to default value (400s), 31-39
static route setting, 31-38
adding, 12-16 type of RADIUS server
static route, configuring, 12-3 setting, 8-13
step of ACL rule, setting, 17-19
subboard, managing, 7-8 U
summary route IP address, configuring, 12-32
super VALN, configuring, 9-9 UBR, 17-6
synwait timer, 16-2 unsolicited report interval
configuring, 16-2 restoring to default value (10s), 31-38
system setting, 31-37
setting contact information, 4-13 upstream port
setting location information, 4-13 adding to VLAN, 9-17
setting name, 3-16 upstream port bandwidth, setting, 31-50

user creating, 9-13

adding, 6-5 type, 9-3
deleting, 6-13 VLAN and PW template, binding, 27-31
disconnecting online user, 6-12 VLAN attribute, configuring, 9-15
modifying bound profile, 6-7
user action report W
disabling, 31-42
enabling, 31-41 working mode of DHCP server, setting, 10-13
user attribute, 6-7 working mode of DHCP, setting, 10-14
modifying appended information, 6-11 working mode of MSTP, setting, 13-5
modifying level, 6-8
modifying permitted reenter number, 6-10
user authority, 6-2
user bandwidth, setting, 31-50
user level, modifying, 6-8
user management
adding a BTV user, 31-55
binding authority profile, 31-58
blocking a BTV user, 31-57
granting with program authority, 31-60
modifying a BTV user, 31-56
monitoring BTV user, 31-60
user password, changing, 6-9
user profile
modifying, 6-7
related operation, 6-5
user profile, adding, 6-2
V
VDSL
adding line profile, 23-24
VDSL2
activating port, 23-46
adding alarm template, 23-43
adding channel alarm profile, 23-40
adding channel profile, 23-31
adding line alarm profile, 23-37
adding line template, 23-35
binding alarm template, 23-45
definition, 23-3
querying port information, 23-47
VDSL2 alarm template, adding, 23-43
VDSL2 alarm template, binding, 23-45
VDSL2 channel alarm profile, adding, 23-40
VDSL2 channel profile, adding, 23-31
VDSL2 line alarm profile,adding, 23-37
VDSL2 line profile
adding, 23-24
VDSL2 line template,adding, 23-35
VDSL2 port activating, 23-46
VDSL2 port information, querying, 23-47
VLAN, 9-3
adding service port, 9-18
adding service port in batches, 9-20
adding upstream port, 9-17
attribute, 9-4
configuring attribute, 9-15

Manual Dslam Huawei PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual Dslam Huawei PDF

Uploaded by

Copyright:

Available Formats

SmartAX MA5600/MA5603 Multi-service Access Module

Huawei Technologies Proprietary

Huawei Technologies Co., Ltd.

Copyright © 2007 Huawei Technologies Co., Ltd. All rights reserved.

Trademarks and Permissions

Huawei Technologies Proprietary

About This Document.....................................................................................................................1

2 Configuring the Maintenance Terminal ...............................................................................2-1

3 Getting Started With CLI..........................................................................................................3-1

Issue 04 (2007-11-30) Huawei Technologies Proprietary i

3.3.7 Setting Terminal Type..........................................................................................................................3-16

4 Configuring the Network Management................................................................................4-1

5 Configuring the Log Host.........................................................................................................5-1

ii Huawei Technologies Proprietary Issue 04 (2007-11-30)

6.4 Modifying the User Attributes........................................................................................................................6-7

7 Managing the Device.................................................................................................................7-1

8 Configuring the Remote User Authentication.....................................................................8-1

Issue 04 (2007-11-30) Huawei Technologies Proprietary iii

8.6.2 Configuring the SSH User Public Key.................................................................................................8-22

9 Configuring the VLAN ............................................................................................................9-1

10 Configuring the DHCP Relay..............................................................................................10-1

11 Configuring the ARP & ARP Proxy....................................................................................11-1

12 Configuring the Routing Protocol......................................................................................12-1

iv Huawei Technologies Proprietary Issue 04 (2007-11-30)

12.4 Configuration Example of OSPF................................................................................................................12-9

Issue 04 (2007-11-30) Huawei Technologies Proprietary v

12.9.2 Configuring OSPF Cost...................................................................................................................12-49

vi Huawei Technologies Proprietary Issue 04 (2007-11-30)

13.12 Setting the Parameters of the Specified Port...........................................................................................13-26

15 Configuring MAC Address..................................................................................................15-1

16 Configuring TCP/IP Connection.........................................................................................16-1

Issue 04 (2007-11-30) Huawei Technologies Proprietary vii

16.5 Configuring the Socket Buffer....................................................................................................................16-3

18 Configuring the QoS.............................................................................................................18-1

19 Configuring User Security....................................................................................................19-1

viii Huawei Technologies Proprietary Issue 04 (2007-11-30)

20 Configuring System Security...............................................................................................20-1

21 Configuring the ADSL2+ Service.......................................................................................21-1

22 Configuring the SHDSL Service.........................................................................................22-1

Issue 04 (2007-11-30) Huawei Technologies Proprietary ix

22.9 Configuring the SHDSL EFM Multi-port Binding...................................................................................22-29

23 Configuring the VDSL2 Service..........................................................................................23-1

24 Configuring Protection for Upstream Link.......................................................................24-1

25 Configuring Device Subtending.........................................................................................25-1

x Huawei Technologies Proprietary Issue 04 (2007-11-30)

26 Configuring ATM-DSLAM Access....................................................................................26-1

27 Configuring MPLS Access....................................................................................................27-1

28 Configuring MPLS RSVP-TE..............................................................................................28-1

Issue 04 (2007-11-30) Huawei Technologies Proprietary xi

29 Configuring the VLAN Stacking Wholesale Service......................................................29-1

30 Configuring the QinQ VLAN Leased Line Service.........................................................30-1

31 Configuring the Multicast Service......................................................................................31-1

xii Huawei Technologies Proprietary Issue 04 (2007-11-30)

31.4 Configuration Example of Multicast Service in Subtending Mode..........................................................31-10

Issue 04 (2007-11-30) Huawei Technologies Proprietary xiii

31.15.4 Clearing the Preview Records Manually........................................................................................31-65

32 Configuring the Triple Play Service...................................................................................32-1

33 Configuring the Ethernet OAM..........................................................................................33-1

34 Configuring the MPLS OAM...............................................................................................34-1

35 Configuring the Environment Monitoring.......................................................................35-1

xiv Huawei Technologies Proprietary Issue 04 (2007-11-30)

35.2 Configuration Example of an EMU............................................................................................................35-4

36 MSTP Networking Example................................................................................................36-1