Professional Documents
Culture Documents
Commissioning and
Configuration Guide-CLI
Version: D
Code: MN000001947
August 2018
Thank you for choosing our products.
Related Documentation
Document Description
CiTRANS R8000 Series Multi- Introduces the product’s functions and features, software
Service High-End Router Product and hardware structures, networking applications, and
Description technical specifications.
I
Document Description
CiTRANS R8000-3 Multi-Service Details how to install the CiTRANS R8000-3, connect and
High-End Router Quick lay out its wires and cables, and the requirements of the
Installation Guide installation environment.
CiTRANS R8000-5 Multi-Service Details how to install the CiTRANS R8000-5, connect and
High-End Router Quick lay out its wires and cables, and the requirements of the
Installation Guide installation environment.
CiTRANS R8000-10 Multi- Details how to install the CiTRANS R8000-10, connect and
Service High-End Router Quick lay out its wires and cables, and the requirements of the
Installation Guide installation environment.
Details how to install the CiTRANS R8000-10E, connect
CiTRANS R8000-10E Core
and lay out its wires and cables, and the requirements of
Router Quick Installation Guide
the installation environment.
Details how to install the CiTRANS R8000-20E, connect
CiTRANS R8000-20E Core
and lay out its wires and cables, and the requirements of
Router Quick Installation Guide
the installation environment.
Includes manuals such as product description, operation
guide, routine maintenance, and installation guide. All of
e-Fim OTNM2000 Element
them aim at introducing common and fundamental
Management System Manual Set
contents of the OTNM2000 for a better understanding and
proficient use of the network management system.
II
Version
Version Description
Initial version.
Product version CiTRANS R8000 V3R1
A
Corresponds to the OTNM2000 version V2.0R5 (Build04.
20.05.56SP2).
Intended Readers
u Commissioning engineers
u Ethernet technology
III
Conventions
Terminology Conventions
Terminology Convention
IV
Terminology Convention
Symbol Conventions
Cascading
→ Connects multi-level menu options.
menu
Bidirectional
↔ The service signal is bidirectional.
service
Unidirectional
→ The service signal is unidirectional.
service
V
Contents
Preface...................................................................................................................I
Version ..........................................................................................................III
Conventions ................................................................................................. IV
6 Configuring a Tunnel.....................................................................................66
10 Other Configuration.....................................................................................145
You need to perform the initialization operations such as power-on test and logging
into main control protocol stack before service configuration. The following
introduces the items and configuration method of initializing the CiTRANS R8000.
Power-on Testing
Version: D 1
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Test the equipment after it is powered on to eliminate the silent failure during the
equipment commissioning so as to reduce the subsequent work load for repairing.
1. Before the power-on, check whether the power supply polarity is correct and
whether the card components (especially the optical modules) are loosened.
2. After the power-on, check whether cards are electrified normally, and whether
the indicator RUN on each card blinks quickly.
3. Use a fiber pigtail to loopback each optical interface. Observe for five minutes
and if no error occurs, the circuit is normal.
4. Long press the SW/OFL button on the active switch & router & clock unit to
switch over to the standby unit, and ensure that the cards are in normal hot
standby status.
5. Test the optical power of each receiving line and compare it with the theoretical
calculating value, and analyze whether the line attenuation is normal.
Note:
u The difference between the optical power of a receiving line and the
theoretical calculating value should be within 4 dB.
6. Connect a laptop to the equipment to check the received optical power reported
by the card (see Checking Interface Optical Power). The difference between
the received optical power reported by the card and the tested line optical
power should be within 2 dB.
7. Check that the fiber pigtails at the ODF side are normal, and their connections
are correct.
8. Only after being confirmed by the operator on site can users insert fibers to or
remove fibers from the ODF. This avoids removing the wrong fibers and
interrupting user services.
2 Version: D
1 Initializing the CiTRANS R8000
9. Ensure that the east-west fiber connections are correct referring to the project
planning. Avoid reverse connections or misconnections.
10. Ensure that the link status at both ends of the optical path is correct and the
connection is normal by checking the link status indicator corresponding to the
optical interface on the service card.
11. Perform emergency troubleshooting for some simple faults such as loosening
of BCTs and optical transceivers or falling off of shorting jumpers which may be
caused by vibration during transportation.
4 Login method:
¡ For project in normal use: Log into the main control protocol stack
directly.
4 Common operations: Check the version, log and packet capture of the
operating system.
4 Login method: If you have logged into the operating system of the core
switch card, switch to the card operating system through the ssh root@IP
command.
u File system
Version: D 3
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
4 Login method: You can call the file system by logging into the main control
protocol stack or operating system.
As shown in Figure 1-1, Figure 1-2 and Figure 1-3, the examples will introduce how
to log into the operating system GUI of the core switch card, the main control
protocol stack (initial username and password: fiberhome) and card operating
system GUI (initial username and password: root).
Note:
After logging into the operating system of the core switch card, you can
choose to log into the card operating system, log into the main control
protocol stack or upgrade the equipment.
Figure 1-1 Logging into Operating System GUI of Core Switch Card
Figure 1-2 Logging into the Main Control Protocol Stack GUI
4 Version: D
1 Initializing the CiTRANS R8000
As shown in Figure 1-4, if you have logged into the main control protocol stack, you
can switch to the operating system of the core switch card through the ostelnet
127.0.0.1 command (initial username and password are both "fiberhome").
Prerequisite
u Ethernet cables
u The terminal login emulation software (taking the SecureCRT software for
example)
u The file transfer protocol client software (taking the WinSCP software for
example)
u First login: Log in through the ETH1 interface of the SRC card in SSH mode.
Version: D 5
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
1) Log in through the default IP address of the ETH1 interface in SSH mode.
u Subsequent login: It is advised to log in through the MGMT interface of the SRC
card in Telnet or SSH mode.
4 If using the IP address of the mgmt interface, you need to enter the
username and password to log into the main control protocol stack in
Telnet mode.
4 If using the IP address of ETH1.4088, you need to log into the operating
system of the core switch card in SSH mode.
Note:
In actual projects, you are advised to use the IP address of the mgmt
interface to log into the main control protocol stack and operate on the
equipment.
First Login
2. Set the IP address of the PC's network card and the default IP address of the
ETH1 interface to be in the same network segment (see Table 1-1). For
example, set the IP address of the PC to 10.22.12.99.
Default IP Address of
CiTRANS R8000-10 CiTRANS R8000-5 CiTRANS R8000-3
ETH1 Interface
10.22.12.(100+slot
SCR card in slot 12 SCR card in slot 6 SCR card in slot 4
number)
10.22.13.(100+slot
SCR card in slot 13 SCR card in slot 7 SCR card in slot 5
number)
6 Version: D
1 Initializing the CiTRANS R8000
Note:
3. Log into the operating system GUI of the core switch card through the ETH1
interface.
2) Click File (F)→Quick Connect (Q)... in the main menu to bring up the
Quick Connect dialog box.
3) Set the relevant parameters of the quick connection and click Connect.
Version: D 7
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Note:
Select Save Session. When logging into the main control command line
GUI next time, click File (F)→Connect (C)... in the main menu, and you
can select this session in the dialog box that appears.
4) In the Enter Secure Shell Password dialog box that appears, enter the
password fiberhome and click OK to log into the operating system of the
core switch card.
fiberhome@CR8000-1:/root>
8 Version: D
1 Initializing the CiTRANS R8000
4 WinSCP mode:
• Password: fiberhome.
Version: D 9
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
1) In the operating system GUI of the core switch card, enter the telnet
127.0.0.1 2650 command, and log into the main control protocol stack
(initial username and password: fiberhome).
Note:
10 Version: D
1 Initializing the CiTRANS R8000
Subsequent Login
2. Set the IP address of the PC's network card and the default IP address of the
mgmt interface or ETH1.4088 to be in the same network segment. The
following introduces how to set the IP address of the PC to 4.90.64.10, using
the IP address of the mgmt interface as an example.
Version: D 11
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
12 Version: D
1 Initializing the CiTRANS R8000
4. Click File (F)→Quick Connect (Q)... in the main menu to bring up the Quick
Connect dialog box.
Note:
Select Save Session. When you log into the NE command line GUI next
time, click File (F)→Connect (C)... in the main menu, and you can select
this session in the dialog box that appears.
6. Click Connect.
4 Use the IP address of the mgmt interface, and you can directly log into the
main control protocol stack (both the initial username and password are
"fiberhome").
Version: D 13
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Note:
If you need to log into the operating system of the card or upgrade the
equipment, you can run the ostelnet 127.0.0.1 command to switch to the
operating system GUI of the core switch card.
4 Use the IP address of ETH1.4088, and you can directly log into the
operating system of the core switch card.
In the operating system GUI of the core switch card, enter the telnet
127.0.0.1 2650 command, and log into the main control protocol stack
(initial username and password: fiberhome).
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
Note:
14 Version: D
1 Initializing the CiTRANS R8000
You can upgrade the equipment if you need to add new features, optimize the
original performance or solve the problems of the current version.
Upgrade Requirement
Precautions
u Prepare one spare for each card for the on-site upgrading.
u Obtain the required new version of system software, PAF / License file and the
corresponding supporting document from proper channels.
u Enable the log function to record all the operations during the entire upgrading.
u View the current software version information of all the modules on each card,
including the network protocol stack version, OS firmware version and
electromechanical version.
The supported upgrading modes include CLI mode, automatic mode using mobile
storage device and BootROM mode.
u CLI mode
4 The equipment operates normally. You can log into the equipment
remotely and upgrade the equipment using the FTP / TFTP.
Version: D 15
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
4 The equipment is loaded with a large system software package. You can
either log into the equipment through a serial port and set the IP address,
or log in remotely through in-band signaling.
4 In this mode, the CF card is used to load the large package of system
software. This mode is applicable to project upgrade or fault handling.
Before you start, prepare two CF cards.
4 To use this mode, replace the built-in CF cards of the active and standby
core switch cards with the prepared new CF cards (cfdisk2) which contain
the large packet of system software.
u BootROM mode
4 The equipment is going to be upgraded for the first time, but the built-in
large package of system software is faulty or does not exist.
4 After the software is reset during the system upgrading, two core switch
cards can not be registered.
4 After the system software is upgraded, the active core switch card is
registered and the standby one is not.
4 You cannot log into the equipment via the Telnet mode.
16 Version: D
2 Hardware Commissioning
This chapter introduces the items and method of hardware commissions of the
equipment.
Version: D 17
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
FH-CR8000#show date
system date:Mon Sep 5 15:17:39 CST 2016
If the current time and time zone of the equipment in the information shown above is
consistent with local time and time zone, you can proceed with the following
commissioning items.
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
2. Check the card slots and the sub-card configuration in the NE.
FH-CR8000#show device all
Slot SubSlot name Online Status UnSync Comment
5 0 SPUD OK OK 0 -
5 2 TCA17 OK OK 0 -
6 0 SRCA OK OK 0 -
18 Version: D
2 Hardware Commissioning
7 0 - Init Absent 0 -
4. Check the basic status of the card in the designated slot (taking slot 4 for
example).
FH-CR8000#show board state slot 4
Board version : WKE2200913R2C
PCB version : WKE7200708R2C
Software version : RP0100
Board temperature : 47.0
Power on time : 0 Days, 23:49:57
Active : -
Register : Registered
In the above information, users should focus on the following aspects: whether the
active / standby status of the card is normal, whether the online status is Present,
whether the registration status is Registered and whether the card Status is OK.
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
Check the interface status including the physical status, protocol status, recent
bandwidth utilization in Tx and Rx directions, and the received and sent error
packets.
Version: D 19
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
In the information shown above, users should focus on the issue whether the
physical status (PHY) of the physical port is "up".
Item Description
For all the optical interfaces connected through optical fibers, users should check
whether their optical power is normal. Abnormal optical power will affect the stable
operation of services.
20 Version: D
2 Hardware Commissioning
Prerequisite
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
Check interface optical power: Check the status of all interfaces or a designated
interface in the CLI GUI. The following introduces how to check the status of the
GE0/3/1/18 interface as an example.
Version: D 21
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
In the above information, you should focus on the following aspects: whether the Tx
/ Rx power of the card's optical interface is in a normal range (the Tx / Rx power is
displayed only for the physical main interface), and whether parameters such as
central wavelength and maximum transmission distance of the optical modules at
both ends of the link are consistent.
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
FH-CR8000#ems-show system-usage
CPU usage : 53%
MEMORY usage : 23%
You can view the value of CPU / memory utilization in the information displayed
above.
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
FH-CR8000#ems-show device
Slot Type Online Register Status Primary
01 SPUE Present Registered OK -
06 SRCA Present Registered OK -
07 - - - - -
22 Version: D
2 Hardware Commissioning
In the above information, you should focus on the following aspects: whether
"Register" is "Registered" and whether "Status" is "OK".
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
FH-CR8000#ems-show cardtemp
BoardName Addr Loc Temp TrefVal TmaxVal Tdiff
SPUE 01 50 90 83 89 12
SRCA 06 9 87 87 93 9
You should focus on the card temperature ("Temp") in the information displayed
above.
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
FH-CR8000#ems-show fanctrl
runmode: auto
runlevel: 6
You can view the fan operating mode and speed choice in the information displayed
above.
Version: D 23
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
You can view the information such as alarm level, generation date and time, alarm
name, slot and port from the data displayed above, so as to analyze and isolate the
alarm.
24 Version: D
3 Global Basic Configuration
This chapter introduces the global basic configuration of the CiTRANS R8000
Series.
Version: D 25
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Procedure
Note:
Devices differ from each other in some parameters, which are marked in
red.
Configuration Result
u After the host name of the equipment is configured, FH-CR8000 in the CLI view
prompt will become the host name.
u In the user view, use the show running-config command to check the
returned information, which should include the following contents.
HB-WH-JDK.MCN.R8000#show running-config
!
!Current configuration:
!
sysname HB-WH-JDK.MCN.R8000
Configure the system time using GMT to synchronize the time of all the current
cards of the equipment.
26 Version: D
3 Global Basic Configuration
Note:
After the system time command is issued, if a new card is added to the
equipment, users need to re-issue the command to synchronize the time
of the new card and the equipment.
Procedure
2. Configure the system time of the equipment. In the example below, the date is
set to 2016-09-05 and the system time is set to 15:13:13.
FH-CR8000(config)#device
change to device mode
FH-CR8000(device)#set system-time date 2016-09-05 time 15:13:13
FH-CR8000(device)#withdraw
Configuration Result
After the system time is configured, synchronize the time of all current cards of the
equipment with this system time.
The existence of VPN instance is the prerequisite for you to associate a protocol
process or an interface with a VPN instance. Configure a VPN instance first in the
basic configuration to facilitate subsequent operations.
u Configure the VPN instance. For bearing the 3G base station service, configure
the L3VPN-1. For bearing the 4G base station service, configure the L3VPN-2.
Version: D 27
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Procedure
2. Set the VPN Router-ID of the equipment. The example below illustrates how to
set the VPN Router ID to 3.173.0.167.
Item Parameter
VRF instance name L3VPN-1
Note 1: The equipment serves as the VPN PE node configured with dual RDs, advertises
equal-cost VPNv4 routes and supports the downlink VPNv4 ECMP loading balancing
(the terminating equipment must be configured with ECMP). The RD of the active
station should be different from that of the standby one. It is advisable to set different
RDs for each station.
Note 2: The ingress RT values of the active and standby terminating devices of the 3G PS / 4G
service are a and b, while the egress RT value is b. The ingress RT value of the active /
standby convergence device is b while the egress RT value is a. a is unequal to b.
28 Version: D
3 Global Basic Configuration
Configuration Result
In the user view of convergence equipment's main control protocol stack, use the
show running-config vrf command to check the returned information, which
should include the following contents.
The global routing function is disabled by default. Users must enable the global
routing function of the equipment before configuring the routing protocol for the
equipment.
Procedure
Configuration Result
In the user view of equipment protocol stack, use the show running-config
command to check the returned information, which should include the following
contents.
FH-CR8000#show running-config
Version: D 29
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
!
!Current configuration:
!
ip routing
Enable the global MPLS switching function of the equipment. The router needs to
use the MPLS forwarding function, thus the global MPLS must be enabled.
Procedure
Configuration Result
In the user view of equipment protocol stack, use the show running-config
command to check the returned information, which should include the following
contents.
FH-CR8000#show running-config
!
!urrent configuration:
!
mpls
30 Version: D
4 Interface Configuration
Version: D 31
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in Figure 4-1, configure the loopback0 interface of NE1 to NE6. The
following illustrates the setting using the NE5 as an example.
Procedure
Item Parameter
Port name loopback 0
32 Version: D
4 Interface Configuration
Note:
Configuration Result
1. Use the "show running-config interface loopback 0" command to check the
configuration data on the equipment, which should be consistent with the
planning data.
FH-CR8000#show running-config interface loopback 0
!
interface loopback 0
ip address 3.173.0.167/32
2. Use the "show interface brief" command to check the interface status. The
items PHY and Protocol should be up.
FH-CR8000#show interface brief
Configure the interconnection interface on the device to bear service traffic between
devices.
Version: D 33
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in Figure 4-2, configure the interconnection interface of NE1 to NE6. The
following illustrates the setting using the NE5 as an example.
Procedure
34 Version: D
4 Interface Configuration
Note:
Item Parameter
Port name gigabitethernet 0/3/1/1
Item Parameter
Port name ten-gigabitethernet 0/2/1/1
MTU 9000
Enabling the port no shutdown
b) Set the sub-interfaces with the VLAN IDs 30, 31 and 32 between
convergence devices for setting up the service OSPF communication.
The following illustrates the configuration using the sub-interface with
VLAN ID 31 as an example.
Version: D 35
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Item Parameter
Port name ten-gigabitethernet 0/2/1/1.31
VLAN 31
IP address / mask length 192.168.1.29/30
Enabling the port no shutdown
Enabling MPLS enable-mpls
Item Parameter
Port name ten-gigabitethernet 0/2/1/1.101
MTU 9000
VLAN 101
IP address / mask length 192.168.2.25/30
Enabling the port no shutdown
Enabling MPLS enable-mpls
Item Parameter
Port name ten-gigabitethernet 0/1/1/1
MTU 9000
IP address / mask length 192.168.2.6/30
36 Version: D
4 Interface Configuration
Item Parameter
Enabling the port no shutdown
Enabling MPLS enable-mpls
Configuration Result
Version: D 37
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
2. Use the "show interface brief" command to check the interface status. The item
PHY should be up.
Network Requirement
As shown in Figure 4-3, the UNI interfaces of NE1 and NE2 are the LAG interfaces.
The following introduces the configuration using the LAG interface of NE1 as an
example.
Procedure
2. Configure the LAG interface using the manual load balancing mode.
Item Parameter
LAG interface name 1
LAG interface mode no l2transport
38 Version: D
4 Interface Configuration
Item Parameter
Interface switch no shutdown
Note 1: The load balancing modes include non-load balancing, manual load balancing (work-
load) and LACP load balancing (lacp-load). The work-load mode is recommended for
the NNI interface. In the interconnection scenario, select "work-load" or "lacp-load" for
the UNI interface.
Note 2: If this item is set to lacp-load, LACP should be enabled in the configuration mode.
Note 3: The MAC address is optional. When the LAG interface is used for the UNI interface
interconnection, the MAC addresses of the LAG interfaces of two connected devices
should be different. It is recommended to set the MAC address to 00-00-00-XX-YY-ZZ,
in which XX is the network block number, YY is the NE number and ZZ is the LAG
interface number.
FH-CR8000(config)#interface lag 1
FH-CR8000(if-lag1)#no l2transport
FH-CR8000(if-lag1)#lag-mode work-load
FH-CR8000(if-lag1)#lag-arithmetic source-destination-ip
FH-CR8000(if-lag1)#lag-mac-address 0000.0001.0112
FH-CR8000(if-lag1)#no shutdown
FH-CR8000(if-lag1)#exit
Note:
The NNI interface needs be enabled with the RSVP and MPLS protocols,
while the UNI interface does not need.
3. Add the member interfaces into the LAG interface in non-load balancing mode.
Item Parameter
Main member interface gigabitethernet 0/2/1/1
Version: D 39
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Note:
If the load balancing mode is " work-load" or "lacp-load", use the lag 1
member command to add the interface to the LAG.
Item Parameter
Configuring the main member Local ID 1
interface BFD Remote ID 1
Configuring the slave member Local ID 2
interface BFD Remote ID 2
Configuration Result
40 Version: D
4 Interface Configuration
lag 1 backup
bfd default-ip localdiscriminator 2
remote-discriminator 2 process-interface-status
2. Use the "show interface brief" command to check the interface status. The item
PHY should be up.
FH-CR8000#show interface brief
3. Use the "show lag 1" command to check the LAG interface status and
configuration information.
FH-CR8000#show lag 1
Interface Index :671621120
Status :up
Device priority :1
Lag mode :work-load
Lag arithmetic :-
Lag attribute :L3
Lag mac address :ace0.0001.0002
Lag return mode :enable
Lag wait recover time :5
MasterPortName :gigabitethernet 0/2/1/1
BackupPortName :gigabitethernet 0/2/1/3
ActorPort
ActorPortName :gigabitethernet 0/2/1/1
Status :Deactive
Bfd_status :-
ActorPort
ActorPortName :gigabitethernet 0/2/1/3
Status :Deactive
Bfd_status :-
Version: D 41
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
The interface monitoring group associates the interfaces at the network side with
those at the user side. If it detects that all the interfaces bound at the network side
are in "Down" status, it forces the tracing interface at the user side to turn into the
"Down" status. The interface monitoring group is mainly used for the association
between L3 and L2 in the L2 / L3 service model, and is deployed on the
convergence device. The interface bound to the network side is a horizontal NNI
interface, and the user-side tracing interface is a downlink interface connected to
the access device. Each tracing interface at the user side should be configured with
an interface monitoring group.
Network Requirement
As shown in Figure 4-4, after the uplink interfaces and parallel interfaces of NE5 are
all in "Down" status, NE5 can no longer forward service traffic, but the access
device still transmits uplink traffic to NE5, so that the uplink traffic will be interrupted.
The bound interfaces at the network side are XGE0/1/1/1 and XGE0/2/1/1, and the
tracing interfaces at the user side are GE0/3/1/1 and GE0/3/1/2.
42 Version: D
4 Interface Configuration
Note:
Procedure
2. Create a monitoring group. Add the uplink and parallel interfaces of the
convergence device into the monitoring group.
Item Parameter
Creating a monitoring group monitor-group 1
ten-gigabitethernet 0/1/1/1
Binding ports
ten-gigabitethernet 0/2/1/1
FH-CR8000(config)#monitor-group 1
FH-CR8000(monitor-group-1)#binding interface ten-gigabitethernet 0/1/1/1
FH-CR8000(monitor-group-1)#binding interface ten-gigabitethernet 0/2/1/1
FH-CR8000(monitor-group-1)#exit
3. Set the monitoring type and action type of the monitoring group interfaces of
user.
FH-CR8000(monitor-group-1)#monitorbfd
// Set the monitoring type of the monitoring group interfaces of user to bfd association.
FH-CR8000(monitor-group-1)#no monitorbfd
// Set the monitoring type of the monitoring group interfaces of user to non-bfd association.
FH-CR8000(monitor-group-1)#block action-typebfd-off
// Set the action type of the monitoring group interfaces of user to bfd blocking.
FH-CR8000(monitor-group-1)#no block action-type
// Set the action type of the monitoring group interfaces of user to laser shutdown.
Version: D 43
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(if-gigabitethernet0/3/1/1)#exit
FH-CR8000(config)#interface gigabitethernet 0/3/1/2
FH-CR8000(if-gigabitethernet0/3/1/2)#track monitor-group 1
FH-CR8000(if-gigabitethernet0/3/1/2)#withdraw
Configuration Result
Procedure
44 Version: D
5 Protocol Configuration
Configuring OSPF
Configuring BGP
Version: D 45
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Use the OSPF protocol as the access layer IGP for distributing different OSPF
process IDs for service forwarding and network management. This section
introduces the OSPF configuration related to service.
Network Requirement
As shown in Figure 5-1, configure the OSPF instances on NE5 and NE6, and set
the OSPF parameters on the equipment management Loopback interface, and the
service sub-interfaces (interconnection interfaces) between convergence devices
and between convergence device and access device. The following illustrates the
configuration using NE5 as an example.
Procedure
46 Version: D
5 Protocol Configuration
Item Parameter
Prefix list name p_into_list
Note 1
Prefix list number 5 10 200
Filter mode permit permit deny
Note 1: The list number starts from 5 and increases in the step of 5. A router checks the table
entries identified by the prefix list name in ascending order.
Note 2: The equipment management Loopback address of NE5.
Note 3: The equipment management Loopback address of NE6.
Note 4: It indicates any network address.
Item Parameter
Program number 31
Router IDNote 1 3.173.0.167
Area ID 0.0.0.0 0.0.0.1 0.0.0.2
Note 2
Area type TRANSIT TRANSIT TRANSIT
Filter type - prefix prefix
Basic configuration Filter list nameNote 3 - p_into_list p_into_list
of the OSPF protocol
Filter direction - in in
3.173.0.167/32 192.168.1.
192.168.1.24/30
Subnet joining into the domainNote 4 192.168.1. 28/30
192.168.1.12/30
20/30 192.168.1.0/30
Maximum hold-off time calculated by
10
SPF (ms)
Version: D 47
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Item Parameter
Enabling Opaque-LSA capability capability opaque
Traffic engineering
Enabling traffic engineering capability traffic-engineering
configurationNote 5
Enabling CSPF algorithm capability cspf 31Note 6
Note 1: Set this item to the IP address of the equipment management Loopback interface of NE5.
Note 2: It is a TRANSIT area by default when the area type is not configured.
Note 3: Set this item to the IP address prefix list name in Step 2.
Note 4: For the area 0, set this item to the IP address of the equipment loopback interface and the IP network
segment of the interconnection interfaces of area 0 between the convergence devices. For the non-0 area,
set this item to the IP network segment of the interconnection interfaces of the corresponding area between
the convergence devices and that of the access equipment.
Note 5: The RSVP tunnel can be set up. The Opaque-LSA capability, traffic engineering and CSPF algorithm should
be enabled for the OSPF.
Note 6: Set this item to the OSPF process ID.
FH-CR8000(config)#router ospf 31
FH-CR8000(ospf-31)#router-id 3.173.0.167
FH-CR8000(ospf-31)#timers spf exp 10
FH-CR8000(ospf-31)#network 3.173.0.167/32 area 0.0.0.0
FH-CR8000(ospf-31)#network 192.168.1.20/30 area 0.0.0.0
FH-CR8000(ospf-31)#network 192.168.1.28/30 area 0.0.0.1
FH-CR8000(ospf-31)#network 192.168.1.0/30 area 0.0.0.1
FH-CR8000(ospf-31)#area 0.0.0.1 filter-list prefix p_into_list in
FH-CR8000(ospf-31)#network 192.168.1.24/30 area 0.0.0.2
FH-CR8000(ospf-31)#network 192.168.1.12/30 area 0.0.0.2
FH-CR8000(ospf-31)#area 0.0.0.2 filter-list prefix p_into_list in
FH-CR8000(ospf-31)#capability opaque
FH-CR8000(ospf-31)#capability traffic-engineering
FH-CR8000(ospf-31)#capability cspf 31
FH-CR8000(ospf-31)#exit
4. Set the OSPF interface parameters on the equipment. The interfaces include
the sub-interfaces between the convergence device and access device, and
those between the convergence devices. The following illustrates the sub-
interface configuration between the convergence devices using the sub-
interface XGE0/2/1/1.31 as an example.
Item Parameter
gigabitethernet gigabitethernet ten-gigabitethernet
Basic configuration Port name
0/3/1/1 0/3/1/2 0/2/1/1.31
of the OSPF
Enabling IGP-LDP
interface ospf ldp-synct ospf ldp-synct ospf ldp-synct
synchronization
48 Version: D
5 Protocol Configuration
Item Parameter
Network type point-to-point point-to-point point-to-point
Cost 10 10 2000
Configuration Result
1. Use the "show running-config ospf" command to check the configuration data
on the equipment, which should be consistent with the planning data.
FH-CR8000#show running-config ospf
!
router ospf 31
router-id 3.173.0.167
capability opaque
capability traffic-engineering
network 3.173.0.167/32 area 0.0.0.0
network 192.168.1.20/30 area 0.0.0.0
network 192.168.1.28/30 area 0.0.0.1
network 192.168.1.0/30 area 0.0.0.1
network 192.168.1.24/30 area 0.0.0.2
network 192.168.1.12/30 area 0.0.0.2
area 0.0.0.1 filter-list prefix p_into_list in
area 0.0.0.2 filter-list prefix p_into_list in
capability cspf 31
timers spf exp 10
Version: D 49
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
!
interface gigabitethernet 0/3/1/1
ip ospf cost 10
!
interface gigabitethernet 0/3/1/2
ip ospf cost 10
!
interface ten-gigabitethernet 0/2/1/1.31
ip ospf cost 2000
2. Use the "show ip ospf neighbor" command to check the OSPF neighbor. The
State item of neighbor should be FULL. After the OSPF has been configured
on the access equipment, the neighbor can be established successfully.
FH-CR8000#show ip ospf neighbor
Note:
The equipment uses BFD in the OSPF network to detect faults rapidly and notify the
OSPF protocol so as to trigger fast switching of traffic flow. This section introduces
how to configure BFD for OSPF.
50 Version: D
5 Protocol Configuration
Network Requirement
As shown in Figure 5-2, configure the OSPF instances on NE1, NE2 and NE3, and
configure the OSPF protocol and BFD for OSPF-related parameters on the
equipment Loopback interfaces and service sub-interfaces. The following illustrates
the configuration using NE2 as an example.
Procedure
Version: D 51
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(config)#interface loopback 0
FH-CR8000(if-loopback0)#ip address 2.2.2.2/32
// Configure the IP address and mask of a loopback interface.
FH-CR8000(if-loopback0)#exit
FH-CR8000(config)#interface gigabitethernet 0/1/1/1
FH-CR8000(if-gigabitethernet0/1/1/1)#ip address 3.0.3.1/24
// Configure the IP address and mask of a physical interface.
FH-CR8000(if-gigabitethernet0/1/1/1)#exit
FH-CR8000(config)#interface gigabitethernet 0/1/1/2
FH-CR8000(if-gigabitethernet0/1/1/2)#ip address 6.0.3.46/24
// Configure the IP address and mask of a physical interface.
FH-CR8000(if-gigabitethernet0/1/1/2)#exit
FH-CR8000(config)#
GE 0/1/1/1 30 ms 30 ms 3
GE 0/1/1/2 30 ms 30 ms 3
52 Version: D
5 Protocol Configuration
The basic idea of the LFA algorithm to calculate the backup path is to take the
neighbor who can provide the backup path as the root node, use the SPF algorithm
to calculate the shortest distance to the destination node, and then calculate the
backup path with the minimum cost but no loop according to the inequality specified
in RFC 5286.
OSPF IP FRR uses LFA algorithm to calculate the backup next hop route in
advance, and joins the forwarding table with the primary path route. When the
network fails, OSPF IP FRR can quickly switch the traffic to the backup path before
the control plane routes are converged, and shorten the recovery time of the failure
to less than 50 ms, so as to protect traffic.
Version: D 53
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in Figure 5-3, NE4 to NE6 are the CiTRANS R8000s. Configure the
OSPF instances, LDP and OSPF of R-LFA on each device. NE5 is taken for
example.
Procedure
54 Version: D
5 Protocol Configuration
FH-CR8000(config)#interface loopback 0
FH-CR8000(if-loopback0)#ip address 5.5.5.5/32
// Set the IP address and mask of the loopback interface.
FH-CR8000(if-loopback0)#exit
FH-CR8000(config)#interface ten-gigabitethernet 0/1/1/1
FH-CR8000(if-ten-gigabitethernet0/1/1/1)#ip address 192.168.1.5/24
// Set the IP address and mask of the physical interface.
FH-CR8000(if-ten-gigabitethernet0/1/1/1)#exit
FH-CR8000(config)#interface ten-gigabitethernet 0/1/1/2
FH-CR8000(if-ten-gigabitethernet0/1/1/2)#ip address 192.168.4.5/24
FH-CR8000(if-ten-gigabitethernet0/1/1/2)#exit
FH-CR8000(config)#
5. Configure LDP.
FH-CR8000(config)#router ldp
// Enable the global LDP.
FH-CR8000(ldp)#router-id 5.5.5.5
// Set the Router-ID.
set-router-id success
FH-CR8000(ldp)#transport-address ipv4 5.5.5.5
// Set the IPv4 transmitting address.
FH-CR8000(ldp)#exit
FH-CR8000(config)#interface ten-gigabitethernet 0/1/1/1
FH-CR8000(if-ten-gigabitethernet0/1/1/1)#enable-mpls
// Enable MPLS for the interface.
FH-CR8000(if-ten-gigabitethernet0/1/1/1)#enable-ldp
// Enable the LDP for the interface.
Version: D 55
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(if-ten-gigabitethernet0/1/1/1)#exit
FH-CR8000(config)#interface ten-gigabitethernet 0/1/1/2
FH-CR8000(if-ten-gigabitethernet0/1/1/2)#enable-mpls
// Enable MPLS for the interface.
FH-CR8000(if-ten-gigabitethernet0/1/1/2)#enable-ldp
// Enable the LDP for the interface.
FH-CR8000(if-ten-gigabitethernet0/1/1/2)#exit
FH-CR8000(config)#
The Packet Based Network (PBN) of FiberHome uses the L3VPN at the
convergence layer and above to bear the backhaul service from the base station.
Currently the MP-BGP is used to set up the dynamic L3VPN between the
convergence layer and terminating layer. Two BGP deployment modes are provided
for different network scales: non-RR mode and RR mode.
56 Version: D
5 Protocol Configuration
For the local network with more than three pairs of terminating devices, the RR
deployment is recommended.
Network Requirement
As shown in Figure 5-4, the MP-BGP is used between the convergence and
terminating devices. Configure the BGP on NE1, NE2, NE5 and NE6. The following
illustrates the configuration using the NE5 as an example.
Procedure
Item Parameter
Local AS numberNote 1 65031
Note 2
Router ID 3.173.0.167
Maximum IBGP path number 2
Basic configuration of the
3.173.0.163
BGP Neighbor IP addressNote 3
3.173.0.164
Neighbor AS number 65031
Update source IP addressNote 4 3.173.0.167
VPNV4 configuration BGP address family vpnv4 unicast
Version: D 57
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Item Parameter
neighbor 3.173.0.163 activate
Enabling vpnv4 function with the neighborNote 6
neighbor 3.173.0.164 activate
Note:
The IPv4 address family is activated by the system by default and needs
no configuration.
FH-CR8000(config)#router bgp 65031
FH-CR8000(bgp-65031)#bgp router-id 3.173.0.167
FH-CR8000(bgp-65031)#max-paths ibgp 2
FH-CR8000(bgp-65031)#neighbor 3.173.0.163 remote-as 65031
FH-CR8000(bgp-65031)#neighbor 3.173.0.163 update-source 3.173.0.167
FH-CR8000(bgp-65031)#neighbor 3.173.0.164 remote-as 65031
FH-CR8000(bgp-65031)#neighbor 3.173.0.164 update-source 3.173.0.167
FH-CR8000(bgp-65031)#address-family vpnv4 unicast
Enter bgp vpnv4 address family mode
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.163 activate
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.164 activate
FH-CR8000(bgp-afv4-uc)#exit
FH-CR8000(bgp-65031)#address-family IPv4 vrf L3VPN-1
Enter bgp ipv4 address family vrf mode
FH-CR8000(bgp-af4-vrf-L3VPN-1)#redistribute connected
FH-CR8000(bgp-af4-vrf-L3VPN-1)#exit
58 Version: D
5 Protocol Configuration
Configuration Result
1. Use the "show running-config bgp" command to check the BGP configuration
data on the equipment, which should be consistent with the planning data.
FH-CR8000#show running-config bgp
!
router bgp 65031
bgp router-id 3.173.0.167
max-paths ibgp 2
neighbor 3.173.0.163 remote-as 65031
neighbor 3.173.0.163 update-source 3.173.0.167
neighbor 3.173.0.164 remote-as 65031
neighbor 3.173.0.164 update-source 3.173.0.167
!
address-family ipv4 unicast
neighbor 3.173.0.163 activate
neighbor 3.173.0.164 activate
exit-address-family
!
address-family vpnv4 unicast
neighbor 3.173.0.163 activate
neighbor 3.173.0.164 activate
exit-address-family
!
address-family ipv4 vrf L3VPN-1
redistribute connected
exit-address-family
2. Use the "show ip bgp summary" command to check the BGP neighbor setup
between the convergence and core devices. If Up/Down is not 0, the BGP
neighbor is set up successfully.
FH-CR8000#show ip bgp summary
NE5 and NE6, and NE1 and NE2 (VRR-Client) set up neighborhood with NE3 and
NE4 (VRR) respectively, advertise the base station service / management route and
the network management address route of access equipment to VRR, and receive
the VPNv4 route from the VRR.
Version: D 59
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in Figure 5-5, the MP-BGP is used between the convergence, core and
terminating devices. Configure the BGP on NE1 to NE6. The core devices (NE3 and
NE4) serve as the VRRs, and the NE1, NE2, NE5, and NE6 serve as the VRR-
Clients. The following illustrates the configuration taking the VRR device NE3 and
the VRR-Client NE5 as examples.
Note:
See Not Deploying RRs for the configuration of NE1, NE2, NE5 and NE6.
Procedure
2. Configure the BGP on the equipment. The following illustrates the configuration
of NE3.
60 Version: D
5 Protocol Configuration
Version: D 61
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Note:
The IPv4 address family is activated by the system by default and needs
no configuration.
FH-CR8000(config)#router bgp 65031
FH-CR8000(bgp-65031)#bgp router-id 3.173.0.165
FH-CR8000(bgp-65031)#max-paths ibgp 2
FH-CR8000(bgp-65031)#neighbor 3.173.0.163 remote-as 65031
FH-CR8000(bgp-65031)#neighbor 3.173.0.163 update-source 3.173.0.165
FH-CR8000(bgp-65031)#neighbor 3.173.0.164 remote-as 65031
FH-CR8000(bgp-65031)#neighbor 3.173.0.164 update-source 3.173.0.165
FH-CR8000(bgp-65031)#neighbor 3.173.0.167 remote-as 65031
FH-CR8000(bgp-65031)#neighbor 3.173.0.167 update-source 3.173.0.165
FH-CR8000(bgp-65031)#neighbor 3.173.0.168 remote-as 65031
FH-CR8000(bgp-65031)#neighbor 3.173.0.168 update-source 3.173.0.165
FH-CR8000(bgp-65031)#address-family vpnv4 unicast
Enter bgp vpnv4 address family mode
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.163 activate
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.164 activate
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.167 activate
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.168 activate
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.163 route-reflector-client
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.164 route-reflector-client
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.167 route-reflector-client
FH-CR8000(bgp-afv4-uc)#neighbor 3.173.0.168 route-reflector-client
FH-CR8000(bgp-afv4-uc)#withdraw
Configuration Result
Note:
The following only introduces the configuration result of NE3, and see
Not Deploying RRs for that of NE5.
1. Use the "show running-config bgp" command to check the BGP configuration
data on the equipment, which should be consistent with the planning data.
FH-CR8000#show running-config bgp
62 Version: D
5 Protocol Configuration
!
router bgp 65031
bgp router-id 3.173.0.165
max-paths ibgp 2
bgp cluster-id 3.173.0.165
bgp client-to-client reflection
neighbor 3.173.0.168 remote-as 65031
neighbor 3.173.0.168 update-source 3.173.0.165
neighbor 3.173.0.163 remote-as 65031
neighbor 3.173.0.163 update-source 3.173.0.165
neighbor 3.173.0.164 remote-as 65031
neighbor 3.173.0.164 update-source 3.173.0.165
neighbor 3.173.0.167 remote-as 65031
neighbor 3.173.0.167 update-source 3.173.0.165
!
address-family ipv4 unicast
neighbor 3.173.0.168 activate
neighbor 3.173.0.163 activate
neighbor 3.173.0.164 activate
neighbor 3.173.0.167 activate
exit-address-family
!
address-family vpnv4 unicast
neighbor 3.173.0.168 activate
neighbor 3.173.0.168 route-reflector-client
neighbor 3.173.0.163 activate
neighbor 3.173.0.163 route-reflector-client
neighbor 3.173.0.164 activate
neighbor 3.173.0.164 route-reflector-client
neighbor 3.173.0.167 activate
neighbor 3.173.0.167 route-reflector-client
exit-address-family
2. Use the "show ip bgp summary" command to check the BGP neighbor setup
between the convergence and core devices. If Up/Down is not 0, the BGP
neighbor is set up successfully.
FH-CR8000#show ip bgp summary
Version: D 63
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Routing policy is a method used to change the path of network traffic. It is realized
by applying routing attributes (including reachability). The router applies the policy
when distributing and receiving routes. Currently, the route policy is applied by
filtering routes.
A routing protocol may need to induct the routes discovered by other routing
protocols to enrich its routing knowledge. Only a part of routes satisfying the
conditions need to be inducted, and some properties of the inducted routes should
be set to meet the requirements of this protocol.
To apply the routing policy, first define the characteristics of the desired routes, that
is, define a set of matching rules and set them, and then apply them to the routing
policy in the process of route distributing, receiving and inducting.
Network Requirement
As shown in Figure 5-6, NE1 and NE2 are the CiTRANS R8000s, and NE3 and NE4
are the CiTRANS R800 series devices. Configure the routing policy on NE2.
Prerequisite
64 Version: D
5 Protocol Configuration
Procedure
Item Value
Prefix list name lo0
Sequence number of the matching entry in the IP prefix list 1
IP address and mask 3.173.0.170/32
Routing policy name lo0
Sequence number of the routing policy list 1
2. Configure the prefix list, allowing the local loopback port IP addresses to pass
only.
FH-CR8000(config)#ip prefix lo0 seq 1 permit 3.173.0.170/32
Version: D 65
6 Configuring a Tunnel
This chapter introduces the configuration methods of the static Tunnel, dynamic
RSVP Tunnel, LDP LSP and LDP FRR.
66 Version: D
6 Configuring a Tunnel
The LSP tunnel can be classified into static Tunnel and dynamic Tunnel according
to its application.
u Static Tunnel: The port is designated manually. The egress and ingress label
values are manually designated or automatically assigned by the OTNM2000.
The static tunnel is applicable to the small-scale stable network with simple
topology architecture.
u Dynamic Tunnel: created dynamically via the RSVP and LDP. The manual
setting of egress and ingress labels and ports is not needed.
Deployment Principles
u The dynamic Tunnel label is assigned by RSVP. Ensure the basic configuration
is normal before configuring Tunnels.
u Tunnel sharing principles: When the source nodes and sink nodes for Tunnels
are the same, all services, even of different service types, can share one
Tunnel. That is, share a Tunnel within as many services as possible.
Version: D 67
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
In some scenarios, the static tunnel and LSP 1:1 protection will be used. For
example, in the bypass protection scenario, a static tunnel can be configured as the
tunnel corresponding to the bypass PW and the protection should be loaded to
ensure the stability and reliability of the bypass service.
68 Version: D
6 Configuring a Tunnel
Network Requirement
As shown in the figure above, it is required to configure a static tunnel between NE1
and NE2 to bear the bypass PW. The planning data of the working and protection
LSPs are shown in the figure.
Prerequisite
The loopback interfaces and interconnection interfaces of all the NEs, and the basic
routing protocols between NEs have been configured.
Configuration Analysis
2. Configure the tunnels on NE1 and NE2 and bind them to LSPs.
3. Bind the working and protection LSPs of NE1 and NE2 to the BFD template.
Procedure
Version: D 69
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
2. Configure the working and protection LSPs on NE1 to NE4 respectively via the
commands listed in the tables below. The configuration commands for each
node in both positive and inverse directions of the LSPs are illustrated.
Bidirectional interconnection can be achieved only when the LSPs are
configured in both directions. In practice, you can complete the configurations
for one NE via all the related commands and then move on to the next one.
NE Command
NE Command
FH-CR8000(config)#static-lsp ingress tunnel-name 1-2.1-1 from
NE2 3.173.0.164 to 3.173.0.163 outgoing-interface ten-gigabitethernet 0/2/1/
1 out-label 33334 nexthop 192.168.2.21
NE Command
FH-CR8000(config)#static-lsp ingress secondary tunnel-name 1-1.1-2
NE1 outgoing-interface ten-gigabitethernet 0/1/1/1 out-label 33335 nexthop
192.168.2.2 1to1 Note
FH-CR8000(config)#static-lsp transit tunnel-name 1-1.1-2 from
3.173.0.163 to 3.173.0.164 incoming-interface ten-gigabitethernet 0/5/1/
NE3
1 in-label 33335 outgoing-interface ten-gigabitethernet 0/3/1/1 out-label
33335 nexthop 192.168.2.18
70 Version: D
6 Configuring a Tunnel
NE Command
FH-CR8000(config)#static-lsp transit tunnel-name 1-1.1-2 from
3.173.0.163 to 3.173.0.164 incoming-interface ten-gigabitethernet 0/3/1/
NE4
1 in-label 33335 outgoing-interface ten-gigabitethernet 0/5/1/1 out-label
33335 nexthop 192.168.2.9
Note 1: secondary distinguishes the protection LSP command from the working LSP command.
1to1 indicates that the LSP1:1 protection has been configured.
Note 2: NE3 and NE4 serve as the intermediate nodes. transit distinguishes this command
from the source / sink node command.
Note 3: The in-label of the current NE should be consistent with the out-label of the previous
one. For example, the in-label of NE3 should be consistent with the out-label of NE1,
and the in-label of NE4 should be consistent with the out-label of NE3.
NE Command
static-lsp ingress secondary tunnel-name 1-2.1-1 outgoing-interface
NE2
ten-gigabitethernet 0/1/1/1 out-label 33336 nexthop 192.168.2.10 1to1
3. Configure the tunnels on NE1 and NE2 and bind them to LSPs.
NE Command
FH-CR8000(config)#interface tunnel 4
NE1
FH-CR8000(if-tunnel4)#lsp-binding 1-1.1-2 Note
FH-CR8000(config)#interface tunnel 4
NE2
FH-CR8000(if-tunnel4)#lsp-binding 1-2.1-1
Note 1: Only the tunnel names of the working LSPs need to be bound.
Version: D 71
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Item Parameter
Template name LSP_BFD
Configuration Result
1. Use the command "show bfd session all" to view the bfd set up on the
equipment. If Sess-State is UP, the session is set up successfully.
FH-CR8000#show bfd session all
72 Version: D
6 Configuring a Tunnel
This section introduces the LSP creation method via LDP. The following uses the
scenario of neighbor devices as an example.
Network Requirement
As shown in the figure above, it is required to configure an LSP between NE1 and
NE2 using LDP. The planning data of interfaces are shown in the figure.
Prerequisite
The routing protocols of NE1 and NE2 have been configured to ensure that the
routes between two NEs are unimpeded. See Protocol Configuration for the detailed
configuration.
Configuration Analysis
1. Configure interfaces on NE1 and NE2, including the loopback interfaces and
their IP addresses, and the IP addresses and LDP of the Ethernet interfaces.
2. Set the LDP basic parameters and peer attributes on NE1 and NE2.
Procedure
Version: D 73
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(if-ten–gigabitethernet 0/2/1/1)#exit
2. Set the LDP basic parameters and peer attributes on NE1 and NE2. The
following illustrates the configuration using the NE1 as an example.
FH-CR8000(config)#router ldp
FH-CR8000(ldp)#router-id 3.173.0.163
FH-CR8000(ldp)#transport-address ipv4 3.173.0.163
FH-CR8000(ldp)#targeted-peer ipv4 3.173.0.164
Enter targeted peer mode
FH-CR8000(targeted-peer-3.173.0.164)#exit
FH-CR8000(ldp)#exit
FH-CR8000(config)#exit
FH-CR8000#save
3. Run the "show ldp session" command to query the LDP session information. If
the LDP session between NE1 and NE2 has been set up, "State" is
"OPERATIONAL".
LDP FRR includes Manual LDP FRR and Auto LDP FRR. Compared with manual
LDP FRR, Auto LDP FRR does not require specifying a next-hop address. When
LDP Auto FRR is configured, a backup LSP is automatically created based on IGP
routes. LDP Auto FRR simplifies the configuration process and avoids loops that
may occur in manual LDP FRR. It applies to complex and large networks.
This section introduces how to configure the LDP FRR, using the Manual LDP FRR
as an example.
74 Version: D
6 Configuring a Tunnel
Network Requirement
As shown in the figure above, working and protection LSPs exist between NE1 and
NE2. The LSP between NE1↔NE2 is the working LSP and that between
NE1↔NE3↔NE2 is the protection LSP. It is required that the traffic can be switched
to the protection LSP quickly when the working LSP fails. In this case, the Manual
LDP FRR function should be configured on NE1 and NE2 and the protection LSP
should be enabled to implement the fast switching, so as to reduce the traffic lost.
Prerequisite
The ISIS protocols of NE1 to NE3 have been configured to ensure that the routes
between NEs are unimpeded.
Configuration Proposal
2. Configure the IP addresses and LDP of the standby Ethernet interfaces of NE1
to NE3.
4. Set the LDP basic parameters and the LDP peer attributes on NE1 to NE3,
including the Router-ID, IPv4 transmitting address and peer IPv4 address.
Version: D 75
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Procedure
2. Configure the IP addresses and LDP of the standby Ethernet interfaces of NE1
to NE3.
3. Configure the LFA function on NE1 to NE3. The following illustrates the detailed
configuration.
FH-CR8000(config)#router isis 101
FH-CR8000((isis-101))#frr enable
FH-CR8000((isis-101))#fast-reroute per-prefix remote-lfa level-2 tunnel ldp
FH-CR8000((isis-101))#fast-reroute max-delay 500000
76 Version: D
6 Configuring a Tunnel
FH-CR8000((isis-101))#exit
4. Set the LDP basic parameters, the LDP peer attributes and the FRR function
on NE1 to NE3.
Version: D 77
7 Configuring L2VPN / L3VPN
Configuring VPWS
Configuring VPLS
78 Version: D
7 Configuring L2VPN / L3VPN
VPWS is a technology that bears Layer 2 services. VPWS emulates services such
as ATM, FR, Ethernet, and low-speed TDM circuit in a PSN. It provides the point-to-
point L2VPN service in the public network.
This section introduces how to configure VPWS using a static single-segment PW.
Network Requirement
As shown in the figure above, create a static single-segment PW between NE1 and
NE2 and use it to bear the L2VPN service.
Prerequisite
u The routing protocols of NE1 and NE2 have been configured to ensure that the
routes between two NEs are unimpeded. See Protocol Configuration for the
detailed configuration.
Configuration Analysis
1. Configure the UNI interfaces on NE1 and NE2, including the UNI sub-interface
creation, L2 mode setting and SVLAN ID setting.
Version: D 79
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Procedure
1. Create UNI sub-interfaces on NE1 and NE2, set them to L2 mode and set the
SVLAN IDs. The following uses the configuration on NE1 as an example.
FH-CR8000(config)#interface gigabitethernet 0/1/1/1.10
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#l2transport
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#vlan-type dot1q 10
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#exit
VC ID 1 1
Remote IP address 3.173.0.164 3.173.0.163
Bound tunnel tunnel12 tunnel12
Incoming label 500 501
Outgoing label 501 500
3. Modify the PW mode to "Tagged" on NE1 and NE2. The following illustrates the
configuration using NE1 as an example.
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#no mpls l2-circuit pw1vpws
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#mpls l2-circuit pw1vpws 1 3.173.0.164
tunnelif-name tunnel12 static in-label 500 out-label 501 control-word encapsulation tagged
tagtype type8100 vlan-id 100
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#exit
4. Modify "tpid" on NE1 and NE2. The following illustrates the configuration using
NE1 as an example.
FH-CR8000(if-gigabitethernet 0/1/1/1.10)#no mpls l2-circuit pw1vpws
80 Version: D
7 Configuring L2VPN / L3VPN
5. Run the "show mpls l2vc" command on the equipment to view the VPWS
service status. If "State" is "active", the VPWS service is normal.
Network Requirement
As shown in the figure above, first create static MS-PWs between NE1↔NE3↔NE2,
among which NE3 serves as the intermediate node. And then use the static MS-
PWs to bear the L2VPN service.
Prerequisite
u The routing protocols of NE1 to NE3 have been configured to ensure that the
routes between NEs are unimpeded. See Protocol Configuration for the
detailed configuration.
u Two static tunnels (tunnel31 and tunnel32) between NE3 and NE1, and
between NE3 and NE2 have been created respectively.
Configuration Analysis
1. Configure the UNI interfaces on NE1 and NE2, including the UNI sub-interface
creation, L2 mode setting and SVLAN ID setting.
Version: D 81
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Procedure
1. Create UNI sub-interfaces on NE1 and NE2, set them to L2 mode and set the
SVLAN IDs. The following uses the configuration on NE1 as an example.
FH-CR8000(config)#interface gigabitethernet 0/1/1/1.20
FH-CR8000(if-gigabitethernet 0/1/1/1.20)#l2transport
FH-CR8000(if-gigabitethernet 0/1/1/1.20)#vlan-type dot1q 20
FH-CR8000(if-gigabitethernet 0/1/1/1.20)#exit
The table below lists the planning data of two segments of PWs.
Item NE1 NE2
Interface GE 0/1/1/1.20 GE 0/1/1/1.20
Segmented VC name VC_NE3_NE1 VC_NE3_NE2
VC ID 1 2
Remote IP address of segmented PW 3.173.0.165 3.173.0.165
Tunnel policy bound to segmented PW tunnel31 tunnel32
Incoming label 401 403
Outgoing label 400 402
82 Version: D
7 Configuring L2VPN / L3VPN
Item NE3
Segmented VC name VC_NE3_NE1 VC_NE3_NE2
VC ID 1 2
Remote IP address of segmented PW 3.173.0.163 3.173.0.164
Tunnel policy bound to segmented PW tunnel31 tunnel32
Incoming label 400 402
Outgoing label 401 403
Item NE3
MS-PW name VC_NE1_NE3_NE2
4. Run the "show mpls l2vc" command to view the VPWS service status. If "State"
is "active", the VPWS service is normal.
Version: D 83
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in the figure above, set up PW redundancy protection between NE3 and
NE1, and between NE3 and NE2. Create an active PW between NE3↔NE2 and a
standby one between NE3↔NE1, and use the static PW redundancy to bear the
L2VPN service.
Prerequisite
u The routing protocols of NE1 to NE3 have been configured to ensure that the
routes between NEs are unimpeded. See Protocol Configuration for the
detailed configuration.
u Two static tunnels (tunnel31 and tunnel32) between NE3 and NE1, and
between NE3 and NE2 have been created respectively.
Configuration Analysis
1. Configure the UNI sub-interfaces on NE1 to NE3, including the UNI sub-
interface creation, L2 mode setting and SVLAN ID setting.
2. Create an active PW between NE3 and NE2 and a standby one between NE3
and NE1.
3. Configure static BFD templates on NE1 to NE3 and bind them to the PWs.
84 Version: D
7 Configuring L2VPN / L3VPN
Procedure
1. Create UNI sub-interfaces on NE1 to NE3, set them to L2 mode and set the
SVLAN IDs.
The planning data of the UNI sub-interfaces on NE1 to NE3 are as follows.
Item NE1 NE2 NE3
UNI sub-interface GE 0/2/1/1.10 GE 0/2/1/1.10 GE 0/1/1/1.10
The following takes NE1 for example to illustrate the configuration method.
FH-CR8000(config)#interface gigabitethernet 0/2/1/1.10
FH-CR8000(if-gigabitethernet 0/2/1/1.10)#l2transport
FH-CR8000(if-gigabitethernet 0/2/1/1.10)#vlan-type dot1q 10
FH-CR8000(if-gigabitethernet 0/2/1/1.10)#exit
2. Create an active PW between NE3 and NE2 and a standby one between NE3
and NE1. The active PW is VC_NE3_NE2 (NE3↔NE2) and the standby PW is
VC_NE3_NE1 (NE3↔NE1).
The table below lists the planning data of the active and standby PWs.
Item NE1 NE2 NE3
Interface GE 0/2/1/1.10 GE 0/2/1/1.10 GE 0/1/1/1.10
VC name VC_NE3_NE1 VC_NE3_NE2 VC_NE3_NE1 VC_NE3_NE2
VC ID 1 2 1 2
Remote IP address of PW 3.173.0.165 3.173.0.165 3.173.0.163 3.173.0.164
Tunnel policy bound to PW tunnel31 tunnel32 tunnel31 tunnel32
Incoming label 401 403 400 402
Outgoing label 400 402 401 403
Version: D 85
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
3. Configure static BFD templates on NE1 to NE3 and bind them to the PWs.
The table below lists the planning data of the static BFD template.
Item NE1 NE2 NE3
Template name PW_BFD PW_BFD PW_BFD
BFD time
Minimum transmitting time 30 30 30
parameter
Minimum receiving interval 30 30 30
template name
Test multiple 5 5 5
4. Run the "show mpls l2vc" command to view the VPWS service status. If "State"
is "active", the VPWS service is normal.
86 Version: D
7 Configuring L2VPN / L3VPN
This section introduces how to configure VPWS using dynamic single-segment PW.
Network Requirement
Prerequisite
u The LDP basic configuration (including Router-ID setting and IPv4 address
setting) of NE1 and NE2 has been completed.
u The loopback interfaces and their IP addresses, and the IP addresses and LDP
of NNI interfaces of NE1 and NE2 have been configured.
Configuration Analysis
3. Configure the OSPF protocol on NE1 and NE2 to implement the inter-
communication within the mpls domain.
Procedure
1. Configure the UNI sub-interfaces on NE1 and NE2, including the UNI sub-
interface creation, L2 mode setting and SVLAN ID setting.
The planning data of the UNI sub-interfaces on NE1 and NE2 are as follows.
Item NE1 NE2
UNI sub-interface GE 0/1/1/1.20 GE 0/1/1/1.20
Version: D 87
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
The planning data of the VC configuration on NE1 and NE2 are as follows.
Item NE1 NE2
Interface GE 0/1/1/1.20 GE 0/1/1/1.20
VC name VC_NE1_NE2 VC_NE1_NE2
VC ID 20 20
Remote IP address of PW 3.173.0.164 3.173.0.163
3. Configure the OSPF protocol on NE1 and NE2, including the OSPF process
number setting, Router-ID setting and the subnetwork IP address / mask
setting within the domain, to implement the inter-communication within the mpls
domain.
The planning data of the OSPF configuration on NE1 and NE2 are as follows.
88 Version: D
7 Configuring L2VPN / L3VPN
4. Run the "show mpls l2vc" command to view the VPWS service status. If "State"
is "active", the VPWS service is normal.
This section introduces how to configure VPWS using dynamic multi-segment PW.
Network Requirement
Prerequisite
u The LDP basic configuration (including Router-ID setting and IPv4 address
setting) of NE1 to NE3 has been completed.
Version: D 89
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
u The loopback interfaces and their IP addresses, and the IP addresses and LDP
of NNI interfaces of NE1 to NE3 have been configured.
Configuration Analysis
Procedure
1. Configure the UNI sub-interfaces on NE1 and NE2, including the UNI sub-
interface creation, L2 mode setting and SVLAN ID setting.
The planning data of the UNI interfaces on NE1 and NE2 are as follows.
Item NE1 NE2
UNI sub-interface GE 0/1/1/1.10 GE 0/1/1/1.10
2. Configure VCs on NE1 and NE2, including the dynamic PW-1 (NE3↔NE1) and
PW-2 (NE3↔NE2).
The planning data of the VC configuration on NE1 and NE2 are as follows.
Item NE1 NE2
Interface GE 0/1/1/1.10 GE 0/1/1/1.10
Segmented PW name VC_NE3_NE1 VC_NE3_NE2
90 Version: D
7 Configuring L2VPN / L3VPN
VC ID 1 2
Remote IP address of segmented
3.173.0.163 3.173.0.163
PW
Item NE3
MS-PW name VC_NE1_NE3_NE2
4. Configure the OSPF protocol on NE1 to NE3, including the OSPF process
number setting, Router-ID setting and the subnetwork IP address / mask
Version: D 91
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
The planning data of the OSPF configuration on NE1 to NE3 are as follows.
Item NE1 NE2 NE3
OSPF process
31 31 31
number
Router ID 3.173.0.163 3.173.0.164 3.173.0.165
5. Run the "show mpls l2vc" command to view the VPWS service status. If "State"
is "active", the VPWS service is normal.
92 Version: D
7 Configuring L2VPN / L3VPN
Network Requirement
Prerequisite
u The LDP basic configuration (including Router-ID setting and IPv4 address
setting) of NE1 to NE3 has been completed.
u The loopback interfaces and their IP addresses, and the IP addresses and LDP
of NNI interfaces of NE1 to NE3 have been configured.
Configuration Analysis
Procedure
1. Configure the UNI sub-interfaces on NE1 to NE3, including the UNI sub-
interface creation, L2 mode setting and SVLAN ID setting.
The planning data of the UNI interfaces on NE1 to NE3 are as follows.
Version: D 93
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
The following takes NE1 for example to illustrate the configuration method.
FH-CR8000(config)#interface gigabitethernet 0/3/1/1.20
FH-CR8000(if-gigabitethernet 0/3/1/1.20)#no shutdown
FH-CR8000(if-gigabitethernet 0/3/1/1.20)#l2transport
FH-CR8000(if-gigabitethernet 0/3/1/1.20)#vlan-type dot1q 20
FH-CR8000(if-gigabitethernet 0/3/1/1.20)#exit
VC ID 1 2 1 2
Peer IP address 3.173.0.165 3.173.0.165 3.173.0.163 3.173.0.164
94 Version: D
7 Configuring L2VPN / L3VPN
3. Configure the OSPF protocol on NE1 to NE3, including the OSPF process
number setting, Router-ID setting and the subnetwork IP address / mask
setting within the domain, to implement the inter-communication within the mpls
domain.
The planning data of the OSPF configuration on NE1 to NE3 are as follows.
Item NE1 NE2 NE3
OSPF process number 31 31 31
Router ID 3.173.0.163 3.173.0.164 3.173.0.165
Version: D 95
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
4. Run the "show mpls l2vc" command to view the VPWS service status. If "State"
is "active", the VPWS service is normal.
Network Requirement
Set up an E-Tree service between NE1 and NE2, and between NE1 and NE3. The
interface planning data of each NE are shown in the figure above.
Prerequisite
u The loopback interfaces and their IP addresses, and the NNI interfaces and
their IP addresses of NE1 to NE3 have been configured, and the MPLS of the
NNI interfaces have been enabled.
u The routing protocols of NE1 to NE3 have been configured to ensure that the
routes between NEs are unimpeded. See Protocol Configuration for the
detailed configuration.
96 Version: D
7 Configuring L2VPN / L3VPN
u Four static tunnels (tunnel12, tunnel13, tunnel21, and tunnel31) have been
configured.
Configuration Analysis
2. Configure UNI interfaces on NE1 to NE3, and bind them to the VSI instances.
Procedure
Remote IP
VSI Name VSI ID Tunnel Name Outgoing Label Incoming Label
Address
3.173.0.164 tunnel12 601 600
ETree1 1
3.173.0.165 tunnel13 701 700
3.173.0.164 tunnel12 603 602
ETree2 2
3.173.0.165 tunnel13 703 702
Version: D 97
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Remote IP
VSI Name VSI ID Tunnel Name Outgoing Label Incoming Label
Address
ETree1 1 3.173.0.163 tunne21 600 601
ETree2 2 3.173.0.163 tunne21 602 603
98 Version: D
7 Configuring L2VPN / L3VPN
Remote IP
VSI Name VSI ID Tunnel Name Outgoing Label Incoming Label
Address
ETree1 1 3.173.0.163 tunnel31 700 701
ETree2 2 3.173.0.163 tunnel31 702 703
Version: D 99
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
2. Create two UNI interfaces on NE1 to NE3 respectively and bind them to VSI
instances.
4 The following lists the planning data of the UNI interfaces on NE1, as well
as the corresponding VSI instances.
4 The following lists the planning data of the UNI interfaces on NE2, as well
as the corresponding VSI instances.
100 Version: D
7 Configuring L2VPN / L3VPN
GE 0/3/1/1.10 ETree1
GE 0/3/1/1.20 ETree2
4 The following lists the planning data of the UNI interfaces on NE3, as well
as the corresponding VSI instances.
3. Run the "show mpls vsi" command on the root node NE1 to view the service
status. If "State" is "active", the VPLS service is normal.
Version: D 101
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
Set up an ELAN service between NE1, NE2 and NE3. The interface planning data
of each NE are shown in the figure above.
Prerequisite
u The loopback interfaces and their IP addresses, and the NNI interfaces and
their IP addresses of NE1 to NE3 have been configured, and the MPLS of the
NNI interfaces have been enabled.
u The routing protocols of NE1 to NE3 have been configured to ensure that the
routes between NEs are unimpeded. See Protocol Configuration for the
detailed configuration.
u Six static tunnels (tunnel12, tunnel13, tunnel21, tunnel23, tunnel31 and tunnel32)
have been configured.
Configuration Analysis
2. Configure UNI interfaces on NE1 to NE3, and bind them to the VSI instances.
102 Version: D
7 Configuring L2VPN / L3VPN
Procedure
VSI Name VSI ID Remote IP Address Tunnel Name Outgoing Label Incoming Label
Version: D 103
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Outgoing Incoming
VSI Name VSI ID Remote IP Address Tunnel Name
Label Label
3.173.0.163 tunnel21 600 601
ELAN1 1
3.173.0.165 tunnel23 801 800
3.173.0.163 tunnel21 602 603
ELAN2 2
3.173.0.165 tunnel23 803 802
Remote IP
VSI Name VSI ID Tunnel Name Outgoing Label Incoming Label
Address
3.173.0.163 tunnel31 700 701
ELAN1 1
3.173.0.164 tunnel32 800 801
104 Version: D
7 Configuring L2VPN / L3VPN
Remote IP
VSI Name VSI ID Tunnel Name Outgoing Label Incoming Label
Address
3.173.0.163 tunnel31 702 703
ELAN2 2
3.173.0.164 tunnel32 802 803
2. Create two UNI interfaces on NE1 to NE3 respectively and bind them to VSI
instances.
4 The following lists the planning data of the UNI interfaces on NE1, as well
as the corresponding VSI instances.
Version: D 105
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
4 The following lists the planning data of the UNI interfaces on NE2, as well
as the corresponding VSI instances.
GE 0/3/1/1.10 ELAN1
GE 0/3/1/1.20 ELAN2
4 The following lists the planning data of the UNI interfaces on NE3, as well
as the corresponding VSI instances.
106 Version: D
7 Configuring L2VPN / L3VPN
3. Run the "show mpls vsi" command on NE2 or NE3 to view the service status. If
"State" is "active", the VPLS service is normal.
In the EVLAN configuration, the split horizon is enabled by default. You can disable
it as required. The following introduces the disabling procedure on NE3.
This section introduces how to configure the dynamic HVPLS using the LDP.
Version: D 107
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
If there are a large number of VPLS PEs, you can adopt the Hierarchical VPLS
(HVPLS) networking scheme to reduce the performance requirements for PEs.
As shown in the figure above, the networks where NE4 to NE6 reside belong to one
VPLS. NE4 and NE5 access the VPLS full-mesh connection network via UPE (NE2),
and NE6 via common PE (NE3), forming an HVPLS network.
Prerequisite
u The loopback interfaces and their IP addresses, and the NNI interfaces and
their IP addresses of NE1 to NE3 have been configured, and the MPLS of the
NNI interfaces have been enabled.
u The LDP basic configuration (including the router ID setting and transmission
address setting) of NE1 to NE3 has been completed.
u The routing protocols of all the NEs have been configured to ensure that the
routes between NEs are unimpeded. See Protocol Configuration for the
detailed configuration.
Configuration Analysis
2. Configure the UNI interfaces on NE1 to NE3, and bind them to the VSI
instances.
108 Version: D
7 Configuring L2VPN / L3VPN
Procedure
3.173.0.164
VPLS-100 100
3.173.0.165
2. Create UNI interfaces on NE2 and NE3 and bind them to VSI instances.The
following lists the planning data of the UNI interfaces on NE2 and NE3, as well
as the corresponding VSI instances.
Version: D 109
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
3. Run the "show mpls vsi" command on the equipment to view the service status.
If "State" is "active", the VPLS service is normal.
You can view the VPLS MAC address table using the following two methods.
1. View the VPLS MAC address table based on interfaces. Run the show vpls
mac if-name [gigabitethernet A/B/C] slot X command on the equipment to
view the VPLS MAC address table, as shown in the figure below.
110 Version: D
7 Configuring L2VPN / L3VPN
2. View the VPLS MAC address table based on VSI. Run the show vpls mac vsi-
name [name] slot X command on the equipment to view the VPLS MAC
address table, as shown in the figure below.
This section introduces how to configure the L3VPN using the LDP tunnel.
Network Requirement
Set up the L3VPN service between NE1 and NE2. The interface planning data of
each NE are shown in the figure above.
Prerequisite
u The global routes and the MPLS of NE1 and NE2 have been enabled.
u The VPN router IDs of NE1 and NE2 have been set.
Version: D 111
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
u The IP addresses and masks of the loopback interfaces of NE1 and NE2 have
been set.
u The IP addresses and masks of the NNI interfaces of NE1 and NE2 have been
set, and the MPLS and LDP have been enabled.
u The UNI sub-interfaces of NE1 and NE2 have been set up. The VLAN IDs of
the UNI sub-interfaces have been set and the sub-interfaces have been bound
to the IPv4 addresses.
Configuration Analysis
1. Configure the OSPF on NE1 and NE2, including the OSPF router ID setting,
subnetwork IP address and mask setting within the domain
2. Configure the LDP on NE1 and NE2, including the LDP router ID setting and
IPv4 transmitting address setting.
3. Configure the L3VPN on NE1 and NE2, including the VRF configuration and
the UNI sub-interface configuration.
4. Configure the IBGP on NE1 and NE2, including the basic IBGP configuration,
the BGP peer configuration and the IPv4 address family setting.
5. Configure the MP-BGP on NE1 and NE2, including the VPNv4 address family
setting and the IPv4 VRF address family setting.
Procedure
1. Set the basic OSPF parameters on NE1 and NE2. Set the OSPF router ID, and
the subnetwork IP address and mask within the domainThe table below lists
the planning data of the NE.
112 Version: D
7 Configuring L2VPN / L3VPN
2. Configure the basic LDP parameters on NE1 and NE2. Set the LDP router ID,
and the IPv4 transmitting address.The table below lists the planning data of the
NE.
3. Configure the L3VPN services on NE1 and NE2. Configure the VRF and UNI
sub-interface.
1) Set the basic VRF parameters on NE1 and NE2, including the VRF setting
up, the RD value setting, ingress RT setting and egress RT setting.The
table below lists the planning data of the NEs.
2) Configure the UNI sub-interface on NE1 and NE2, including the UNI sub-
interface setting up, VRF binding and IPv4 address binding.The table
below lists the planning data of the NE.
Version: D 113
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
4. Configure the IBGP on NE1 and NE2, including the basic IBGP configuration,
BGP peer configuration and IPv4 address family setting.The table below lists
the planning data of each NE.
The following takes NE1 for example to illustrate the configuration method,
including the basic IBGP configuration and BGP peer configuration.
FH-CR8000(config)#router bgp 100
FH-CR8000(bgp-100)#bgp router-id 3.173.0.163
FH-CR8000(bgp-100)#neighbor 3.173.0.164 remote-as 100
FH-CR8000(bgp-100)#neighbor 3.173.0.164 update-source 3.173.0.163
FH-CR8000(bgp-100)#neighbor 3.173.0.164 next-hop-self
The following takes NE1 for example to illustrate the configuration method,
including the IPv4 address family configuration.
FH-CR8000(bgp-100)#address-family ipv4 unicast
FH-CR8000(bgp-af4–uc)#neighbor 3.173.0.164 activate
FH-CR8000(bgp-af4–uc)#neighbor 3.173.0.164 next-hop-self
FH-CR8000(bgp-af4–uc)#exit-address-family
5. Configure the MP-BGP on NE1 and NE2, including the VPNv4 address family
configuration and IPv4 VRF address family configuration. The configuration on
NE1 is used as an example.
114 Version: D
7 Configuring L2VPN / L3VPN
6. Run the "show ip route vrf + vrf name" command to check the L3VPN status.
This section introduces the configuration method and procedure for the inter-area
L2VPN in OptionC mode.
Network Requirement
As shown in the figure above, PE1 and ASBR1 are the CiTRANS R8000s. In the
scenario of inter-area L2VPN in OptionC mode:
u Use the OSPF as the IGP protocol to achieve the MPLS area interconnection.
u Establish OSPF, LDP and IBGP LU sessions between PE1 and ASBR1, and
between PE2 and ASBR2.
u The UNI interfaces of PE1 and PE2 are configured with the VPWS services
using the static single-segment PWs.
Version: D 115
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
The configuration procedures of PE1 and PE2 are the same, and those of ASBR1
and ASBR2 are the same, too. The following takes PE1 and ASBR1 as examples to
introduce the configuration procedure.
Prerequisite
u You have enabled the global routing and MPLS for PE1 and ASBR1.
u You have configured the VPN router IDs for PE1 and ASBR1.
u You have configured the loopback interface IP addresses and masks for PE1
and ASBR1.
u You have configured the IP addresses and masks of the NNI interfaces, and
enabled the MPLS and LDP for PE1 and ASBR1.
Configuration Proposal
5. Configure the IBGP and MP-EBGP, and enable the label routing on PE1.
6. Configure the IBGP and MP-EBGP, and enable the label routing on ASBR1.
Procedure
1. Configure the basic OSPF parameters on PE1 and ASBR1, including the
OSPF router ID setting, sub-network IP address and mask setting within the
area.
See Step 1 in Configuring L3VPN Using an LDP Tunnel for the configuration
procedure.
2. Configure the basic LDP parameters on PE1 and ASBR1. Set the LDP router
ID, and the IPv4 transmitting address.
116 Version: D
7 Configuring L2VPN / L3VPN
See Step 2 in Configuring L3VPN Using an LDP Tunnel for the configuration
procedure.
Item PE1
UNI interface GE 0/3/1/1
SVLAN ID 10
VC name pw1vpws
VC ID 1
Item PE1
Prefix list name A
Prefix list number 1
Prefix list
Filter mode permit
Version: D 117
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
5. Configure the IBGP and MP-EBGP, and enable the label routing on PE1.
Item PE1
BGP process number 100
BGP router ID 1.1.1.1
IP address of BGP peer 2.2.2.2
Number of AS where the BGP peer
100
IBGP resides
Remote IP address 2.2.2.2
Neighbor next hop address 1.1.1.1
IP address of BGP peer 4.4.4.4
Number of AS where the BGP peer
EBGP 200
resides
Maximum number of EBGP connections 10
118 Version: D
7 Configuring L2VPN / L3VPN
FH-CR8000(bgp-100)#exit
FH-CR8000(config)#exit
FH-CR8000#save
6. Configure the IBGP and MP-EBGP, and enable the label routing on ASBR1.
Item ASBR1
BGP process number 100
BGP router ID 2.2.2.2
IP address of BGP peer 1.1.1.1
Number of AS where the BGP peer
100
IBGP resides
Remote IP address 1.1.1.1
Neighbor next hop address 2.2.2.2
IP address of BGP peer 20.1.1.2
EBGP Number of AS where the BGP peer
200
resides
Version: D 119
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
This section introduces the configuration method and procedure for the inter-area
L3VPN in OptionB mode.
Network Requirement
As shown in the figure above, PE1 and ASBR1 are the CiTRANS R8000s. In the
scenario of inter-area L3VPN in OptionB mode:
u Use the OSPF as the IGP protocol to achieve the MPLS area interconnection.
u Establish OSPF, LDP and IBGP LU sessions between PE1 and ASBR1.
u Establish OSPF, LDP and IBGP LU sessions between PE2 and ASBR2.
The configuration procedures of PE1 and PE2 are the same, and those of ASBR1
and ASBR2 are the same, too. The following takes PE1 and ASBR1 as examples to
introduce the configuration procedure.
Prerequisite
u You have enabled the global routing and MPLS for PE1 and ASBR1.
u You have configured the VPN router IDs for PE1 and ASBR1.
u You have configured the loopback interface IP addresses and masks for PE1
and ASBR1.
120 Version: D
7 Configuring L2VPN / L3VPN
u You have configured the IP addresses and masks of the NNI interfaces, and
enabled the MPLS and LDP for PE1 and ASBR1.
Configuration Proposal
5. Configure the IBGP and EBGP, and enable the Option B switch on ASBR1.
Procedure
1. Configure the basic OSPF parameters on PE1 and ASBR1, including the
OSPF router ID setting, sub-network IP address and mask setting within the
area.
See Step 1 in Configuring L3VPN Using an LDP Tunnel for the configuration
procedure.
2. Configure the basic LDP parameters on PE1 and ASBR1. Set the LDP router
ID, and the IPv4 transmitting address.
See Step 2 in Configuring L3VPN Using an LDP Tunnel for the configuration
procedure.
3. Configure the L3VPN service on PE1. Configure the VRF and UNI interface.
Item PE1
VRF instance name CDMA-RAN
RD value 1001:1
Ingress RT value 1001:1
Version: D 121
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Item PE1
Egress RT value 1001:1
Bound UNI interface GE 0/3/1/1
Interface IP 100.1.1.1/24
See Step 3 in Configuring L3VPN Using an LDP Tunnel for the configuration
procedure.
4. Configure IBGP on PE1, including the basic IBGP configuration, BGP peer
configuration, VPNv4 family setting and IPv4 VRF address family setting.
Item PE1
BGP process number 100
BGP router ID 1.1.1.1
IP address of BGP peer 2.2.2.2
Number of AS where the BGP peer resides 100
Remote IP address 2.2.2.2
Neighbor next hop address 1.1.1.1
5. Configure IBGP and EBGP on ASBR1, including the basic BGP configuration,
BGP peer configuration, IPv4 address family setting, VPNv4 address family
setting. Enable the Option B switch.
122 Version: D
7 Configuring L2VPN / L3VPN
Item ASBR1
BGP process number 100
BGP router ID 2.2.2.2
IP address of BGP peer 1.1.1.1
Number of AS where the BGP peer
100
IBGP resides
Remote IP address 1.1.1.1
Neighbor next hop address 2.2.2.2
IP address of BGP peer 20.1.1.2
EBGP Number of AS where the BGP peer
200
resides
Version: D 123
8 Configuring AAA
Definition
Feature
AAA adopts the client/server model. This model has good extensibility and
facilitates concentrated management over user information.
Note:
124 Version: D
8 Configuring AAA
Version: D 125
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in the figure above, the user is located in the fiberhome domain,
accessing the network via router NE1. Configure router NE1 to authenticate and
authorize the user locally.
Planning Data
Item Parameter
Local username 123
cipher 123
Local user password A password is composed of "cipher" and
characters, or "simple" and characters.
Configuration Analysis
1. Set the parameters of the local user, including the username, password, level
and access mode.
126 Version: D
8 Configuring AAA
4. Configure the domain where the user is located, including creating a domain
and configuring the domain authentication and authorization schemes.
Procedure
Version: D 127
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in the figure above, the user is located in the fiberhome domain, and
router NE1 accesses the servers. The user visits the network via router NE1.
Configure router NE1 to authenticate the user using the RADIUS protocol.
Planning Data
Item Parameter
RADIUS server template name radius1
Note 1
VPN instance that the RADIUS server belongs to vpn1
128 Version: D
8 Configuring AAA
Configuration Analysis
1. Configure a RADIUS server template, which covers the active and standby
RADIUS authentication servers, the shared key for the servers, the time-out
duration for the RADIUS request message, the number of times that the
message is retransmitted (optional), and the user name in the message sent by
the equipment to the RADIUS server (optional).
4. Configure the domain where the user is located, including creating a domain
and configuring the domain authentication and authorization schemes.
Procedure
Version: D 129
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(aaa-domain-fiberhome)#authentication-scheme author1
FH-CR8000(aaa-domain-fiberhome)#radius-server-template radius1
FH-CR8000(aaa-domain-fiberhome)#exit
Network Requirement
Figure 8-3 Configuring AAA - Scenario of Configuring Remote TACACS Authentication and
Authorization
As shown in the figure above, the user is located in the fiberhome domain, and
router NE1 accesses the servers. The user visits the network via router NE1.
Configure router NE1 to authenticate and authorize the user by using the TACACS
protocol.
Planning Data
Item Parameter
TACACS server template name tacacs1
VPN instance that the TACACS server belongs toNote 1 vpn1
130 Version: D
8 Configuring AAA
Item Parameter
Shared key of the TACACS server wri123
Time-out duration of the TACACS request message (s) 10
Authentication scheme name authen1
Authentication mode tacacs
Authorization scheme name author1
Authorization mode none
User domain name fiberhome
Note 1: The VPN instance that the TACACS server belongs to and the local source IP address
are optional.
Configuration Analysis
4. Configure the domain where the user is located, including creating a domain
and configuring the domain authentication and authorization schemes.
Procedure
Version: D 131
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
Figure 8-4 Configuring AAA - Scenario of Configuring Remote Authentication Using CLI
132 Version: D
8 Configuring AAA
As shown in the figure above, the user is located in the fiberhome domain and
router NE1 accesses the servers. The user accesses NE1 via remote authentication
and authorization. In this example, the user is granted the authority to execute CLI
on NE1 in a remote manner.
Planning Data
Item Parameter
TACACS authentication server template name tacacs1
VPN instance that the TACACS authentication server
vpn1
belongs toNote 1
Configuration Analysis
3. Configure the domain where the user is located, including creating a domain,
configuring the domain authorization scheme, and configuring the template of
the domain's TACACS server.
Procedure
Version: D 133
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
134 Version: D
9 Configuring QoS
The QoS technology uses parameters such as bandwidth, delay, delay change,
packet loss rate to measure network resources. This can provide end-to-end service
quality guarantee for various services.
Configuring HQoS
Version: D 135
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Traffic shaping typically limits the traffic and burst of a specific connection, so that
such packets can be sent out at a uniform speed. The traffic shaping is generally
used for the egress direction of an interface. The peak of the irregular traffic in the
upstream will be cut off to fill the valley, and a flat flow will be output.
Network Requirement
As shown in Figure 9-1, the CiTRANS R8000 connects the IPTV service and data
service to the IP / MPLS network through Ethernet interfaces. Set the queue priority
of the IPTV service and data service to EF and AF1 respectively, and configure the
traffic shaping at the outgoing interface.
Prerequisite
u You have configured the physical parameters of relevant interfaces. All the
service interfaces are in the "Up" status.
u You have configured the link layer properties of relevant interfaces to ensure
their normal operation.
u You have enabled the routing protocol to ensure the route interconnection.
Procedure
136 Version: D
9 Configuring QoS
EF 40
AF1 1
FH-CR8000(config-if)#port-shaping ef pir-percent 40
FH-CR8000(config-if)#port-shaping af1 pir-percent 1
FH-CR8000(config-if)#commit
FH-CR8000(config-if)#exit
FH-CR8000(config)#
Queue scheduling divides all packets to be sent from one interface into multiple
queues and processes them according to their priorities. Through an appropriate
queue scheduling mechanism, QoS parameters of certain types of packets, such as
bandwidth, delay, jitter, etc., can be guaranteed first.
The CiTRANS R8000 series router supports two queue scheduling modes: SP and
WFQ. When congestion occurs, the CiTRANS 8000 uses different queue
scheduling policies to guarantee the QoS of services with high priorities.
Network Requirement
As shown in Figure 9-1, the CiTRANS R8000 connects the IPTV service and data
service to the IP / MPLS network through Ethernet interface. The queue priorities of
the IPTV service and data service are EF and AF1 respectively. Configure the traffic
shaping at the outgoing interface.
Prerequisite
u You have configured the physical parameters of relevant interfaces. All the
service interfaces are in the "Up" status.
Version: D 137
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
u You have configured the link layer properties of relevant interfaces to ensure
the normal operation of interfaces.
u You have enabled the routing protocol to ensure the route interconnection.
Procedure
EF WFQ 34
AF1 WFQ 20
FH-CR8000(config-if)#port-scheduling ef wfq 34
FH-CR8000(config-if)#port-scheduling af1 wfq 20
FH-CR8000(config-if)#commit
FH-CR8000(config-if)#exit
FH-CR8000(config)#
138 Version: D
9 Configuring QoS
Congestion avoidance is a flow control mechanism that monitors the use of network
resources (such as queues or memory buffers), discards packets actively when
congestion tends to increase, and relieves network overload by adjusting network
traffic. The CiTRANS R8000 supports the following two congestion policies:
u Tail drop algorithm: When the queue is filled to its maximum capacity, the newly
arriving packets are dropped until the queue has enough room to accept
incoming traffic.
u Color blind WRED: WRED algorithms are implemented based on the packet
colors (green, yellow, and red). Before the output buffer area reaches the
START threshold, no packet will be discarded; when the output buffer area
crosses the END threshold, all packets will be discarded. Between the START
and the END thresholds, all packets are probable to be dropped based on an
average-queue-length function.
Network Requirement
As shown in , the CiTRANS R8000 connects the IPTV service and data service to
the IP / MPLS network through Ethernet interface. The queue priorities of the IPTV
service and data service are EF and AF1 respectively. Configure the congestion
policy at the outgoing interface.
Prerequisite
u You have configured the physical parameters of relevant interfaces. All the
service interfaces are in the "Up" status.
u You have configured the link layer properties of relevant interfaces to ensure
the normal operation of interfaces.
u You have enabled the routing protocol to ensure the route interconnection.
Procedure
Version: D 139
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(config)#wred TIM
FH-CR8000(wred-TIM)#cfg green low-limit 50 high-limit 100 discard-percentage 100
FH-CR8000(wred-TIM)#cfg yellow low-limit 50 high-limit 100 discard-percentage 100
FH-CR8000(wred-TIM)#cfg red low-limit 30 high-limit 80 discard-percentage 30
FH-CR8000(wred-TIM)#commit
FH-CR8000(wred-TIM)#exit
FH-CR8000(config)#
140 Version: D
9 Configuring QoS
Traditional QoS adopts one-level scheduling. A port can only distinguish the service
priority rather than user priority. If the traffic with the same priority uses the same
port queue, the traffic of different users compete with each other for the same queue
resource. In this case, the single traffic of a single user on the port cannot be
differentiated. With multi-level scheduling, HQoS can distinguish the traffic of
different users and different services, and provide differentiated bandwidth
management.
Network Requirement
As shown in Figure 9-2, configure the three-level QoS scheduling based on user
group on the Ethernet outgoing interface 10GE 0/2/1/3.
Prerequisite
u You have configured the physical parameters of relevant interfaces. All the
service interfaces are in the "Up" status.
u You have configured the link layer properties of relevant interfaces to ensure
the normal operation of interfaces.
u You have enabled the routing protocol to ensure the route interconnection.
Configuration Proposal
Version: D 141
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Procedure
142 Version: D
9 Configuring QoS
Version: D 143
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
FH-CR8000(usergroup-g1)#exit
FH-CR8000(config)#
144 Version: D
10 Other Configuration
This chapter introduces other configuration, including DHCP Relay, router access
control and SNMP access control.
Configuring SNMP
Configuring LLDP
Configuring NTP
Version: D 145
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in the figure above, the NE is a CiTRANS R8000 device. Configure the
SNMP for the NE.
146 Version: D
10 Other Configuration
Procedure
Item Parameter
Version: D 147
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
The Link Layer Discovery Protocol (LLDP) is a layer-2 discovery protocol defined in
IEEE 802.1ab. By running the protocol, the network system can clearly learn about
all layer 2 information of the devices in direct connection. The mechanism facilitates
quick network management scale-up and enables the management of more
detailed network topology information and change information.
Network Requirement
As shown in the figure above, the Ethernet interfaces of NE1 and NE2 are
interconnected. Both of NE1 and NE2 have available routes to the NMS.
u NE1 and NE2 can obtain each other's status information through LLDP.
u The network management system can find NE1 and NE2 through the LLDP
management IP address to obtain topology information.
u When the LLDP management IP address changes, the global LLDP is disabled
and the neighbor information changes, NE1 is required to send LLDP alarm to
the network management system.
Configuration Proposal
2. Set the management IP addresses of NE1 and NE2 to facilitate the network
management system to manage them.
148 Version: D
10 Other Configuration
3. Enable the LLDP proxy for the interfaces of NE1 and NE2.
Procedure
The following takes NE1 for example to illustrate the configuration procedure.
Item Parameter
NE1 management IP address 10.10.10.1
FH-CR8000(config)#lldp management-address10.10.10.1
Version: D 149
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Network Requirement
As shown in the figure above, NE1 and NE2 are the CiTRANS R8000 devices, and
NE3 and NE4 are the CiTRANS R800 series devices. When NE3 and NE1 are
connected, NE1 can be used as an NTP client. When NE1 and NE2 are connected,
NE1 can be used as both an NTP client and an NTP server.
The NTP configuration includes the configuration of client and server. The following
uses NE1 as an example to introduce the configuration procedure.
Prerequisite
2. Enable NTP.
FH-CR8000(config)#ntp-service enable
150 Version: D
10 Other Configuration
FH-CR8000(config)#commit
2. Enable NTP.
FH-CR8000(config)#ntp-servive enable
u Set the corresponding access control list to the VTY port to limit the access to
the router via the VTY port. The access control list filters users according to the
user network segment.
u Modify the default value of concurrent connections to VTY, and adjust it to the
maximum value allowed by the vendor.
u The timeout for the router VTY port is configured so that the equipment will
actively disconnect a remote login when no operation is performed there in the
designated period of time. Otherwise, all the VTY ports will be occupied and
you cannot manage the equipment through remote login.
Configuration Analysis
Version: D 151
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
4. Apply the access control list in the Telnet / SSH login mode.
Procedure
Note:
In case that the authentication mode is set to local, users must enter the
set username and password when logging into the core switch protocol
stack (see Logging into Main Control Protocol Stack).
Item Parameter
User name fiberhome
Password display modeNote 1 cipher
Note 1: cipher: The password saved in the configuration file is generated from the Login
Password after being re-encrypted by the system; simple: the password is not
encrypted and displayed directly in the configuration file.
FH-CR8000(config)#aaa
FH-CR8000(config-aaa)#local-user fiberhome password cipher cr8000
FH-CR8000(config-aaa)#authentication-scheme 1
Add new authentication scheme!
FH-CR8000(aaa-authen-1)#
152 Version: D
10 Other Configuration
Item Parameter
Note 1
System authentication type local
Note 1: Configure the system authentication mode according to actual conditions. local refers
to local authentication; none refers to direct login without any authentication. For the
sake of security, the none mode is not recommended.
FH-CR8000(aaa-authen-1)#authentication-mode local
FH-CR8000(aaa-authen-1)#exit
FH-CR8000(config-aaa)#exit
Item Parameter
Enabling the telnet equipment functions in CTVPN193 telnet-server vrf CTVPN193
Enabling the ssh equipment functions in CTVPN193 ssh-server vrf CTVPN193
Note:
u ACL uses the first matching algorithm. The router checks the list one
by one from the beginning till the matched item is found. If the group
matches with a certain rule, operation will be performed according to
the key word permit or deny in the rule, and all the follow-up rules are
ignored.
u The system will automatically add an implicit deny rule which refuses
all datagrams at the end of each ACL. If the coming group does not
match with any preceding rule, this group will be discarded.
Item Parameter
Note 1
ACL number 4001
59.43.0.0/19
59.43.32.0/20
Source IP address segment allowing access 59.43.48.0/21
202.97.3.0/24
115.168.128.0/17
Version: D 153
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Item Parameter
115.168.254.0/24
Source IP address segment refusing access
115.168.255.0/24
Note 1: The ACL number that enters the ACL basic configuration view ranges from 4000 to
4999.
FH-CR8000(config)#acl 4001
FH-CR8000(acl-userdefine-4001)#rule 1 permit ip src-ip 59.43.0.0/19
FH-CR8000(acl-userdefine-4001)#rule 2 permit ip src-ip 59.43.32.0/20
FH-CR8000(acl-userdefine-4001)#rule 3 permit ip src-ip 59.43.48.0/21
FH-CR8000(acl-userdefine-4001)#rule 4 permit ip src-ip 202.97.3.0/24
FH-CR8000(acl-userdefine-4001)#rule 5 permit ip src-ip 115.168.128.0/17
FH-CR8000(acl-userdefine-4001)#rule 6 deny ip src-ip 115.168.254.0/24
FH-CR8000(acl-userdefine-4001)#rule 7 deny ip src-ip 115.168.255.0/24
FH-CR8000(acl-userdefine-4001)#exit
5. Apply the access control list in the telnet or ssh login mode. After the list is
applied, only the src-ip packets whose rule is permit can access the equipment.
4 Enable the Telnet VPN login function of the equipment, and configure the
Telnet access control list.
Item Parameter
VPN name CTVPN193
Telnet access control listNote 1 4001
Note 1: Set it to the ACL number in Step 4.
4 Enable the SSH VPN login function of the equipment, and configure the
SSH access control list.
Item Parameter
VPN name CTVPN193
Note 1
SSH access control list 4001
Note 1: Set it to the ACL number in Step 4.
154 Version: D
10 Other Configuration
Item Parameter
User quantity of Telnet 5
User quantity of SSH 5
Item Parameter
Login timeout exit time (minute) 5
Configuration Result
1. Use the "show running-config" command to check the configuration data on the
equipment, which should be consistent with the planning data.
FH-CR8000#show running-config
!
aaa
local-user fiberhome password cipher W$xSDITQDa4A
local-user fiberhome privilege 12
!
authentication-scheme 1
authentication-mode local
exit
!
line vty timeout 5
line vty telnet max-user 5
line vty ssh max-user 5
!
acl 4001
rule 1 permit ip src-ip 59.43.0.0/19
rule 2 permit ip src-ip 59.43.32.0/20
rule 3 permit ip src-ip 59.43.48.0/21
rule 4 permit ip src-ip 202.97.3.0/24
rule 5 permit ip src-ip 115.168.128.0/17
rule 6 deny ip src-ip 115.168.254.0/24
Version: D 155
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
u The system logs include alarm logs and operation logs, which are saved in the
equipment and in the log server. The level of the logs saved in the log server is
Warnings and above.
u It is required that all the system logs on the equipment should be preset and
sent to the log server in the network management center. The system log
should be checked every day so as to find any abnormality and process it in a
timely manner. The logs should be kept in the log server for at least three
months.
u Configure the alarm logs and operation logs of all levels for the system and
save them locally.
Configuration Analysis
Procedure
Item Parameter
Enabling printing the alarm information of all
info-center default log source all
modules
Outputting the logs with levels higher than
info-center source default channel 4 log level
"warning" of all the modules to the syslog
warnings state on
buffer area.
156 Version: D
10 Other Configuration
Item Parameter
info-center source default channel 5 trap level
Outputting the traps with levels higher than
warnings state on
"warning" of all the modules to the snmp.
info-center snmp
Saving the logs with levels higher than info-center source default channel 9 log level
"warning" of all the modules to the syslog. warnings stateon
Saving the traps with levels higher than info-center source default channel 9 trap level
"warning" of all the modules to the traplog. warnings state on
Configuration Result
Use the "show run infoc" command to check the configuration data on the
equipment, which should be consistent with the planning data.
Version: D 157
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
Note:
You can run the show channel or show info-center command to view
the channel status.
Default Output Destination of Channel Parameter
158 Version: D
11 Saving Configuration Files
Save the configuration data to files in a timely manner: After the configuration
command of a group of data is executed, use the save command to save the
configuration data.
Version: D 159
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
After logging into the main control protocol stack, you can use commands to back
up the current configuration files in the CF card of the router.
Prerequisite
Users have logged into the main control protocol stack (see Logging into Main
Control Protocol Stack for operation procedures).
Procedure
1. Use the show current config file command to view the current configuration
files.
FH-CR8000#show current config file
current startup config file:userdir/ZEBOS.CFG
In the FTP backup mode, after the OTNM2000 is installed, it serves as the FTP
server and the equipment serves as the FTP Client. Upload the configuration files of
client to the FTP server for backup.
Prerequisite
Checking method: Use "cmd" on the server to enter the command prompt and
enter ftp 127.0.0.1. The default username and password are both 1.
160 Version: D
11 Saving Configuration Files
C:\Users\wjun>ftp 127.0.0.1
Connect to 127.0.0.1.
220-FileZilla Server version 3.46 final
220-written by Tim Kosse (Tim.Kosse@gmx.de)
220 Please visit http://sourceforge.net/projects/filezilla/
User(127.0.0.1:(none)): 1
331 Password required for 1
Password:
230 Logged on
ftp>
The root directory of the OTNM2000 serving as the FTP server is D:\OTNM\md
\ftproot.
Procedure
1. Log into the FTP server using the FTP command in the CLI GUI. As shown
below, 10.18.26.106 is the IP address of the OTNM2000 server, that is, the IP
address of the network card of the OTNM2000 connected to the equipment.
FH-CR8000#ftp 10.18.26.106 user 1 password 1 vrf FHNMVPN
2. Back up the "config.CFG" file under the directory /mnt/cfdisk2 of the equipment
to the FTP server using the "put" command.
FH-CR8000(FTP-10.18.26.106)#put /mnt/cfdisk2/config.CFG config_backup2.CFG
Version: D 161
12 Common Verification Commands
See Table 12-1 for the common verification commands used by the CiTRANS
R8000 Series.
Command Description
Shows the configuration information of all ports. Users can add port name to
show running-config interface
check the information of a designated port.
show mpls l2vpn Shows the FEC statistical information of all VCs.
show bfd session ip
Shows the session information of bfd.
show bfd session al
show ip ospf neighbor Shows the neighbor information of OSPF.
show clns is-neighbors Shows the adjacency information of all ISIS neighbors.
Shows all sessions established between the current LSR and other LSRs.
show ldp session
The IP parameter can be used to designate the opposite end LSR address.
162 Version: D
Appendix A Abbreviations
BC Boundary Clock
DM Delay Measurement
DR Designated Router
FC Fiber Channel
FCS Frame Check Sequence
FE Fast Ethernet
FIB Forwarding Information Base
IP Internet Protocol
IPTV Internet Protocol Television
Version: D 163
CiTRANS R8000 Series Multi-Service High-End Router Commissioning and Configuration Guide-CLI
ME Maintenance Entity
OC Ordinary Clock
PM Performance Monitoring
PQ Priority Queue
TE Traffic Engineering
164 Version: D
Appendix A Abbreviations
Version: D 165
Product Documentation Customer Satisfaction Survey
Thank you for reading and using the product documentation provided by FiberHome. Please take a moment to
complete this survey. Your answers will help us to improve the documentation and better suit your needs. Your
responses will be confidential and given serious consideration. The personal information requested is used for
no other purposes than to respond to your feedback.
Name
Phone Number
Email Address
Company
To help us better understand your needs, please focus your answers on a single documentation or a complete
documentation set.
Documentation Name
Code and Version
12. Additional comments about our documentation or suggestions on how we can improve:
Thank you for your assistance. Please fax or send the completed survey to us at the contact information
included in the documentation. If you have any questions or concerns about this survey please email at
edit@fiberhome.com